SlideShare a Scribd company logo

Dell Security e book--_v.5-pg

GovCloud Network
GovCloud Network

Do your part in supporting the sprint by educating yourself about cybersecurity. The “Insight Partner Views on Cybersecurity” e-book can help. By addressing security from multiple viewpoints, the e-book reinforces the need for society to build a culture that embraces information risk management.

Technology
1 of 22
Download to read offline
Insight Partner Views on Cybersecurity A Compilation for Personal and Corporate Education
This eBook was written as part of the Dell Insight Partners program, which provides news and analysis about the evolving world of tech. Dell sponsored this article, but the opinions are my own and don’t necessarily represent Dell’s positions or strategies Contents 2 Introduction.............................................................................................3 The CISO role in cybersecurity: Solo or team sport?................................4 Security attacks and countermeasures………………………….……………………….7 Mobile device security: A new frontier for hackers.…………………………....11 U.S. Department of Defense sets its cloud security guidelines..............14 The emerging science of digital forensics……………………..……………………..17 Why fear the hackers? First invest in IT security change…………….....20 Take the next step..................................................................................22
This eBook was written as part of the Dell Insight Partners program, which provides news and analysis about the evolving world of tech. Dell sponsored this article, but the opinions are my own and don’t necessarily represent Dell’s positions or strategies Introduction Data security breaches and hacker attacks on private businesses, health organizations and government agencies in the U.S. have grabbed headlines with increasing frequency, it seems. There is zero doubt about the damage these events cause. Cybercriminals and hackers walk away with customers’ payment card information and employee data while companies and federal authorities investigate the source of the leaks and spend millions of dollars to repair the harm. Some see these breaches as a threat to national security, and, in response, government has launched a “30-day Cybersecurity Sprint” as a tactic designed to beef up cybersecurity protocols. Do your part in protecting information by educating yourself about cybersecurity. The “Insight Partner Views on Cyberecurity” e-book can help. By addressing security from multiple viewpoints, the e-book reinforces the need for society to build a culture that fully embraces information risk management. 3
This eBook was written as part of the Dell Insight Partners program, which provides news and analysis about the evolving world of tech. Dell sponsored this article, but the opinions are my own and don’t necessarily represent Dell’s positions or strategies officers. With the support of social media campaigns from Dell cybersecurity and the International Information Systems Security Certification Consortium, also known as ISC(2), NCI was able to collect a statistically significant number of responses across eight industry verticals. Although a formal analysis of the data is still being conducted, some important early revelations have already been identified. While the overall survey broadly covered the domain, one of the most interesting insights for me came from a high-level response from just three questions: The average length of time in the commercial sector between a network security breach and when the detection of that breach is more than 240 days, according to Gregory Touhill, deputy assistant secretary of Cybersecurity Operations and Programs for the Department of Homeland Security. What could happen to your company during that eight-month period? Could your company survive? This alarming statistic is just one of the reasons why the National Cybersecurity Institute at Excelsior College (NCI) undertook the task of surveying the nation’s chief information security 4 The CISO role in cybersecurity: Solo or team sport? Kevin L. Jackson, CEO, GovCloud Network
This eBook was written as part of the Dell Insight Partners program, which provides news and analysis about the evolving world of tech. Dell sponsored this article, but the opinions are my own and don’t necessarily represent Dell’s positions or strategies 5 • What are the top three items/resources you need to accomplish your job? • Which of the following are the top five sources of application security risk within your organization? • Which of the following five skill sets best prepares someone to become a chief information security officer? The survey designers worked hard not to focus just on the technical aspects of the CISO role. To that end, respondents had to choose from nine job resources, 10 security risk options and 11 specific skill sets. They also enjoyed the option of writing in a response. Although every option on each of these three questions had some takers, the most predominant answers were: • The top resource needed to accomplish the CISO job is the support of other management leaders. • The top source of application security risk is a lack of awareness of application security issues within the organization; and • The best skill set for preparing someone to become a CISO is a statistical tie between business knowledge and knowledge of IT security best practices. Some may find it surprising that neither technical knowledge, technical skills nor the technology itself is an overwhelming favorite for the surveyed professionals. So with that observation, what truths can we learn from this answer set?
This eBook was written as part of the Dell Insight Partners program, which provides news and analysis about the evolving world of tech. Dell sponsored this article, but the opinions are my own and don’t necessarily represent Dell’s positions or strategies To be sure, additional analysis and rigor are needed, but from a personal point of view this early data hints that technical knowledge is not the primary CISO skill requirement. It also tips a hat toward the need for robust internal education as well a focus for reducing application security risks. For me, it also shows that a good CISO must also be a collaborative and communicative teacher across his or her organization. Is it me or do these traits describe a team leader or coach? If you are a CISO, do these traits describe you? Are education and collaboration a core part of your company’s cybersecurity plan? Have you enabled management to give you the support needed for your own success? Can you describe yourself as the cyber team coach? 6
This eBook was written as part of the Dell Insight Partners program, which provides news and analysis about the evolving world of tech. Dell sponsored this article, but the opinions are my own and don’t necessarily represent Dell’s positions or strategies credit card records of customers from every store.[2] The Open Security Foundation’s (OSF) data loss database[3] contains information on data security breaches, including recent and large incidents. Recent breaches include 3.65 million records stolen from the United States Postal Service on November 10th and 2.7 million stolen from HSBC Bank A.S. on Nov. 12, both of this year. Cyberattacks are on the increase, with six of the top 10 largest incidents occurring in 2013 (402 million) and 2014 (469 million to date).[1] A diverse set of industries is targeted. A mid-year breach report from Risk Based Security and the OSF[4] cited that 59 percent of reported attacks were in the business sector, followed by 16.1 Cybersecurity is rapidly becoming a significant issue in the C-suite as well as the population at large. The results of Dell’s Global Technology Adoption Index (GTAI)[1] show that security is a top concern for most of the 2000 global small and medium businesses surveyed. The outcomes further noted that such concerns create barriers to the adoption of critical technologies that drive value and growth: mobility, cloud and big data. In fact, many businesses are unprepared to address their potential security issues. In addition, several large data breaches have raised the awareness of cybersecurity in the consciousness of the general population. For example, the Target security breach in December 2013 resulted in hackers accessing 40 million 7 Security Attacks and Countermeasures Sandra K. Johnson, CEO, SKJ Visioneering, LLC
This eBook was written as part of the Dell Insight Partners program, which provides news and analysis about the evolving world of tech. Dell sponsored this article, but the opinions are my own and don’t necessarily represent Dell’s positions or strategies 8 percent from the government. Other reports show a data breach focus on the Finance & Insurance and Manufacturing industries (IBM),[5] and the Electronics Manufacturing and Agriculture and Mining industries (Cisco).[6] The majority of these attacks are due to hacking, fraud and social engineering. For example, in the first half of 2014, 84.6 percent of cybersecurity incidents were due to external hacking, with an increased percentage of events exposing passwords, usernames and email.[4] The resulting breaches occur primarily through malware, including Trojan horses, adware, worms, viruses and downloaders.[6] Moreover, the overwhelming majority (95 percent) of security events evaluated by IBM include human error as a contributing factor.[5] Data breach sources Let’s examine these primary sources of data breaches and high-level methodologies for minimizing such events. Malware is malicious software created for egregious objectives. It is designed to disrupt IT and other computer operational environments and to gain access to sensitive data, such as personal records. Access is precipitated through various communication methodologies, such as email and instant message (IM) attachments, endpoints in an IT environment, applications and other vulnerabilities within such infrastructures as discovered by the attacker. Malware is intended to be quiet and hidden as it enters environments and is executed. There is a plethora of various types of existing malware; however, presented in Table 1 is a summary of the most active and effective malware[6]today. Social engineering is a methodology that enables a perpetrator to persuade or induce an individual to provide sensitive information or access to the unauthorized perpetrator. The attacker is typically able
This eBook was written as part of the Dell Insight Partners program, which provides news and analysis about the evolving world of tech. Dell sponsored this article, but the opinions are my own and don’t necessarily represent Dell’s positions or strategies to do this by exploiting the fact that most people want to be helpful and avoid confrontation. By leveraging social media, face-to-face contact, telecommunications and other communication mechanisms, attackers are able to obtain information and access, either piecemeal or holistically, that permits their access to data, networks and other infrastructure. Minimizing or averting attacks The best protection against malware includes anti- malware and Internet security software. Such software can find and remove the overwhelming majority of the known malware prevalent today. Lists of the best antivirus and Internet security software, according to PCMag.org[7][8], are included inTable1 and Table 2, respectively, on the next page: It is important that you keep your anti-malware and Internet security current, as new malware is introduced on a regular basis. In addition, regular education is crucial for minimizing the impact of social engineering related attacks. The knowledge of how attackers can aggregate bits of information into a comprehensive 9 MALWARE DESCRIPTION Trojan Deceptive code hidden inside software that appears to be safe Adware Advertising-supported software that can collect user information when executed (also known as spyware) Worm Standalone software that replicates functional copies by exploiting vulnerabilities in targeted systems Virus Code that can corrupt or remove files, spread to other computers (e.g., via email) and attaches itself into files and other programs Downloader Software that downloads executable malicious code without the users knowledge or consent Figure 1. Most active malware today
This eBook was written as part of the Dell Insight Partners program, which provides news and analysis about the evolving world of tech. Dell sponsored this article, but the opinions are my own and don’t necessarily represent Dell’s positions or strategies collection of sensitive information is important in preventing individuals from sharing such information or providing access to ‘friendly’ people. Finally, it is paramount that users remain diligent regarding their passwords. The data shows that the majority of information obtained by attacks relates to sensitive personal information, including passwords. Also, programs that crack passwords or obtain them from other sources are readily available. Various lists of what to do, and not do, regarding passwords are readily available and is not included here. However, while it is difficult to remember all passwords for all of the authentication and access entry points used by an individual, one rule of thumb can be helpful. Make your passwords long, include digits and symbols, and use the first letter of a phrase you are most likely to remember. For example, from a line in the poem “Phenomenal Women” by Maya Angelou, who died this year, “I’m a woman Phenomenally, Phenomenal woman, That’s me”, one can create the password, “Iawp,pwtmMA14”. This includes the first letter of the words in this line, the poet’s initials and the year of death. Moving forward, cyber attacks will be more prevalent, even as infrastructure growth, including network bandwidth, applications, mobile devices and other endpoints become more prolific. It is important to always be mindful of your activities, and know that education, due diligence and the relevant anti- malware and Internet security software can address the majority of security threats. 10 ANTIVIRUS SOFTWARE Webroot Secure Anywhere Antivirus (2015) Norton AntiVirus (2014) Kaspersky AntiVirus (2015) Bitdefender Antivirus Plus (2015) F-Secure Anti-Virus 2014 INTERNET SECURITY SOFTWARE Bitdefender Total Security (2014) Norton Internet Security (2014) Webroot SecureAnywhere Internet Security (2014) Kaspersky Internet Security (2014) McAfee Internet Security (2014) Figure 2.. Top Antivirus Software [7] Figure 3. Top Internet Security Software [8].
This eBook was written as part of the Dell Insight Partners program, which provides news and analysis about the evolving world of tech. Dell sponsored this article, but the opinions are my own and don’t necessarily represent Dell’s positions or strategies While mobile device security attacks are relatively small, they are the new frontier for hackers. Listed below are highlights from several mobile device surveys: • The four top threats to mobile devices include: 1) lost and stolen phones; 2) insecure communications; 3) leveraging less- secure, third-party app stores; and 4) vulnerable development frameworks. • One in 10 U.S. smartphone owners are victims of phone theft. • Mobile malware attacks are increasing, with 2014 exhibiting a 75 percent increase in Android malware attacks on devices. • The use of mobile devices to access enterprise resources introduces significant security risks. Recent security breaches have heightened our awareness of cybersecurity issues. The Staples hack and other security breaches have resulted in unprecedented damages. However, the majority of mobile device users have yet to be sensitized to their personal and corporate security risks. For example, a security study found that 69 percent of users store sensitive personal information on their mobile devices. Examples include banking information, confidential work- related items and provocative videos and photos. In addition, 51 percent of mobile device consumers share usernames and passwords with family, friends and colleagues. This in spite of the fact that 80 percent of such devices are unprotected by security software. 11 Mobile device security: A new frontier for hackers Sandra K. Johnson, CEO, SKJ Visioneering, LLC
This eBook was written as part of the Dell Insight Partners program, which provides news and analysis about the evolving world of tech. Dell sponsored this article, but the opinions are my own and don’t necessarily represent Dell’s positions or strategies 12 Cyberattackers are typically attempting to obtain access to sensitive or personal data, and then use it to access financial accounts. Some methodologies used include social engineering, distributing and executing malware, and accessing data through public Wi-Fi networks. A recent survey found that phishing and scams for winning free stuff were the most popular SMS attacks. Unsolicited SMS messages attempted to trick users into providing detailed, sensitive information about their financial accounts at major banks. The mobile malware StealthGenie secretly monitors calls, texts and videos on mobile phones. Bitdefender has been able to break the secure communications between a Samsung watch and an Android device with ease, using brute force sniffing tools. (See “5 New Threats to Your Mobile Device Security” for more information.) These are a sampling of the numerous cybercriminal methodologies for accessing user finances and data. Listed below are some user actions for reducing or minimizing a successful attack: • Always enable password or PIN protection on your device. • Run scans using a respected security and malware program on a regular basis (see the best antivirus software for Android devices). • Subscribe to managed mobile device services such as anti-malware and mobile device locator services; also lock the device and wipe all data in the event of device theft. • Encrypt mobile device data. • Install/run the latest versions of your device OS and all mobile apps. • Upgrade to the most recent firmware for your mobile device. • Do not access secure or highly sensitive information while using public Wi-Fi networks. • Avoid clicking on ads on your mobile devices.
This eBook was written as part of the Dell Insight Partners program, which provides news and analysis about the evolving world of tech. Dell sponsored this article, but the opinions are my own and don’t necessarily represent Dell’s positions or strategies • Do not configure phones to allow the installation of apps from unknown sources, e.g., only download from well-known and trusted app stores (although they are not foolproof). • Observe all corporate bring-your-own-device (BYOD) and related policies. In addition, ISO lists some common sense advice regarding mobile devices, as included below: • Do not openly display a device — keep it in a pocket or handbag. • If possible, avoid using it in crowded areas. • Properly mark your phone with your ZIP code. • If the phone is lost or stolen, report it immediately to the police and to your service provider. • Be aware of your surroundings and the people near to you. • Do not leave it unattended – keep it with you at all times. • Make a note of your phone’s IMEI number. • Do not leave a device in view in an unattended vehicle. 13
This eBook was written as part of the Dell Insight Partners program, which provides news and analysis about the evolving world of tech. Dell sponsored this article, but the opinions are my own and don’t necessarily represent Dell’s positions or strategies (CSP). A CSP can have multiple CSOs, all with different security postures. This has always been the case. However, by making this distinction, DISA has reduced some areas of common confusion. This distinction should also make it clear that utilizing a compliant infrastructure as a service (IaaS) or platform as a service (PaaS) at a CSP does not make the resulting offering compliant. The CSO itself has to be fully evaluated for the Federal Risk and Authorization Management Program (FedRAMP) compliance. Compliance responsibility is on the prime CSP. Expanding on the last point I made: Everything you put in a CSP environment is not, Those watching federal cloud security in the defense space were pleased to learn the Defense Information Systems Agency (DISA) released the DOD Cloud Computing Security Requirements Guide (v1) (SRG) last month. This 152-page document outlines the security requirements that Department of Defense (DOD) mission owners must adhere to when procuring cloud-based services. While the document is very thorough and is required reading if you currently, or intend to provide, cloud-based services to the DOD, I wanted to cover some of the things that stood out to me. CSPs are not compliant, but their offerings can be. The requirements guide makes it clear that there is a distinction between a Cloud Service Offering (CSO) and the Cloud Service Provider 14 US Department of Defense Sets Its Cloud Security Guidelines Jodi Kohut, Government Cloud Computing Professional
This eBook was written as part of the Dell Insight Partners program, which provides news and analysis about the evolving world of tech. Dell sponsored this article, but the opinions are my own and don’t necessarily represent Dell’s positions or strategies 15 automatically compliant. The SRG states that, “While the CSP’s overall service offering may be inheriting controls and compliance from a third party, the prime CSP is ultimately responsible for complete compliance” (p. 3). This language gives me the sense that if mission owners want to work with a federal integrator (prime contractor) to move an application to a FedRAMP-compliant or soon-to-be-FedRAMP-compliant platform or infrastructure — and that integrator will be performing Operations and Maintenance (O&M) — they will also be responsible for the compliance of the solution and the underpinning platform or infrastructure services from a commercial cloud service provider. In essence, the solution enabler becomes the prime CSP. This is perhaps an important nuance that may have important ramifications for the integrator and those who provide what DISA dubs commercial cloud service providers. Keep in mind that the SRG also recognizes the existence of DOD-owned and operated CSPs. FedRAMP + controls. Because DOD systems are categorized differently from other federal government systems, the SRG lists additional security controls and enhancements that are necessary to implement for DOD systems. These controls are over and above the FedRAMP moderate baseline, and as such are called, “plus” controls. The SRG has dealt with privacy and security requirements as “overlays” to all of the FedRAMP and FedRAMP plus baseline controls. Expanded CSP roles and responsibilities. (Appendix C-1). The SRG denotes that it is the CSP’s responsibility to provide Computer Network Defense (CND) services (all tiers) for its infrastructure and service offerings. CSPs must be willing to provide their own CND services and to be able and
This eBook was written as part of the Dell Insight Partners program, which provides news and analysis about the evolving world of tech. Dell sponsored this article, but the opinions are my own and don’t necessarily represent Dell’s positions or strategies willing to contract for more advanced security services as required by a mission owner. Here again, a prime CSP must be willing and able to provide complete compliance, including Computer Network Defense Service Provider (CNDSP) services. A few takeaways While this is not an adequate summary of the SRG, this long-awaited guide has provided some clarification around DOD’s expectations from Integrators, CSPs, and DOD mission owners. The DOD has clearly laid out for Integrators and CSPs the expectations for inclusion into the DISA Cloud Service Catalog. It will be interesting to see how and if the definition of a prime CSP evolves and how the industry and government alike adapt to that distinction. My initial reaction to the SRG is that it limits the playing field of prime CSPs that are able to comply with these requirements today. For small integrators trying to migrate applications to the cloud on behalf of the federal government, it makes the proposition riskier. For example, if small integrators move something to an Amazon Web Services or Microsoft IaaS solution, they are now responsible for the security of the application and that underlying environment. The way this is currently written, I believe that integrators will have to decide whether or not they will take the risk to take responsibility for the application and the underlying environment. 16
This eBook was written as part of the Dell Insight Partners program, which provides news and analysis about the evolving world of tech. Dell sponsored this article, but the opinions are my own and don’t necessarily represent Dell’s positions or strategies In its SecureWorks “The Next Generation of Cybercrime” executive brief, Dell cites a study conducted by the Ponemon Institute, which found that “the average cost of a data breach was $7.2 million in 2010.” The rate of cybercrime and the impact of cyberbreaches have exponentially accelerated since then. This has resulted in the emerging science of digital forensics. Without question, the rise in cyberleaks, nation- state cyber terrorism and the beach of consumer data across multiple industry domains has led to a heightened awareness of the enterprise and personal responsibilities associated with cybersecurity. The consumerization of IT and the adoption of cloud, mobile and social media by enterprise organizations is opening a new threat landscape and new threat vectors. Everyone is affected and everyone is talking about it, from senior executives to teenagers. 17 The Emerging Science of Digital Forensics Melvin Greer, Managing Director Greer Institute
This eBook was written as part of the Dell Insight Partners program, which provides news and analysis about the evolving world of tech. Dell sponsored this article, but the opinions are my own and don’t necessarily represent Dell’s positions or strategies 18 Digital forensics can be described as the science of preserving and analyzing digital evidence useful in the development of legal cases against cyber criminals. This new and growing field includes high-tech crime investigation and computational defense across traditional IT like hardware, servers, operating systems and networks, as well as the new digital environments of social, mobile and cloud. The emerging science of digital forensics and cybercrime investigation has become very important for national security, law enforcement, and information assurance. This convergent science combines law, computer science, finance, telecommunications, data analytics, and policing disciplines. There are a number of companies that are responding with new digital forensic processes, methods tool and solutions. In its digital forensics solution, Dell cites the use of a six-step digital forensic life cycle designed to leverage cloud computing and data center operations in the processing of digital evidence. Chief information security officers are using these new frameworks to: • Improve incident response • Develop new digital forensic techniques • Drive new investigatory standards
This eBook was written as part of the Dell Insight Partners program, which provides news and analysis about the evolving world of tech. Dell sponsored this article, but the opinions are my own and don’t necessarily represent Dell’s positions or strategies The cybersecurity landscape is constantly evolving, and it’s up to business and technical leaders to evolve their cyberdefenses in response. Here are key recommendations leaders should consider: • Update and complete an enterprise-wide security risk assessment. Identify security gaps and emerging threats • Link strategic technology investments in security with robust and flexible processes for incident response • Develop real-time monitoring and automated response techniques that provide real-time threat analysis • Move from cyberdefense to cyberthreat intelligence. Develop a cyber toolkit which is more proactive than reactive Given the continued growth of cyber activity, the emerging science of digital forensics is sure to grow along with the sophisticated frameworks required to gather, analyze and investigate evidence that leads to an increased level of cybersecurity. 19
This eBook was written as part of the Dell Insight Partners program, which provides news and analysis about the evolving world of tech. Dell sponsored this article, but the opinions are my own and don’t necessarily represent Dell’s positions or strategies because when you pull back the curtain on many of the recent breaches, you’ll likely see a mirror. In a recent case, sensitive data — including passwords — seem to have been stored in the clear, which is against all recommended best practices. There also may have been significant involvement from a company insider. Focusing on application hacks, some of the most devastating have been due to a failure of the application developers to follow some basic best practices for application development. Most of these breaches were not on cloud service providers. These successful attacks were on enterprise-built and managed IT infrastructures. With all the news these days about cyberterrorism and hacking, the cloud may seem like the last place you would want to put your precious information. Pew Research has even suggested that cyber attacks are likely to increase. Some 61% of over 1,600 security expert respondents to a recent Pew Research survey said that a major attack causing widespread harm would occur by 2025. The cold hard fact, however, is that fear of the cyberterrorist and hackers, while definitely valid, is mostly misplaced. I hold this contrarian view. 20 Why Fear the Hackers? First invest in IT security culture change Kevin L. Jackson, CEO, GovCloud Network
This eBook was written as part of the Dell Insight Partners program, which provides news and analysis about the evolving world of tech. Dell sponsored this article, but the opinions are my own and don’t necessarily represent Dell’s positions or strategies 21 Our failure to protect our information and data is mostly due to our less than focused attitude toward cybersecurity. Policies, procedures and processes play an important part in preventing security incidents, but more is needed. Organizational employees must realize that they could be an entry point for hackers and be aware of their individual actions. IT professionals must follow industry standard best practices for application development, network configuration, system configuration, etc. Many of which have gone through multiple iterations over the years. Everyone must also be proactive in his or her identification and response to cyber threats. What I am describing is the need for a cultural change. Creating a risk-conscious and security-aware culture is key to protecting an organization’s information infrastructure and data assets, risk management expert John P. Pironti wrote in a 2012 ISACA Journal article. Business leaders must begin viewing information security as a benefit, rather than as an obstacle, and employ threat and vulnerability analysis – rather than fear and doubt – to drive adoption of points of view and controls.
This eBook was written as part of the Dell Insight Partners program, which provides news and analysis about the evolving world of tech. Dell sponsored this article, but the opinions are my own and don’t necessarily represent Dell’s positions or strategies Now, take the next step in enhancing your own cybersecurity posture! 22 Computer Tips • Stay up-to-date. Use a firewall as well as cybersecurity software, such as antivirus and antispyware, that will scan for computer security threats and uninstall them. • Shop with care. Before submitting credit card information online, look at the URL to ensure you're on a HTTPS (Hypertext Transfer Protocol Secure) site. • Laptop security. With the proper software installed, stolen laptops can be tracked to a physical location if they are connected to the Internet. Other software gives you remote access for computer security with the ability to erase your files or send them to a secure data center for recovery via the Web. back to top Email & Social Networking Tips • Avoid spam and scams. Always question the legitimacy of emails and social networking messages that ask for money or personal information. Spear phishing attacks mimic communications from a business to persuade you to divulge personal information. • Network below the radar. Public profiles on social networking sites put you at risk by exposing information, such as your full birth date, hometown, employment history, etc., that a criminal could use to pose as you. Use privacy settings to ensure your personal information isn't public knowledge. • Just don't. Don't open unknown attachments, don't click on unknown links, and don't share too much information online, That's a lot for don'ts but when your identity and computer could be at risk, it's better to play safe. The rewards aren't always worth the risks.

Recommended

Digital Forensic tools - Application Specific
Digital Forensic tools - Application SpecificDigital Forensic tools - Application Specific
Digital Forensic tools - Application Specific
ideaflashed
 
Codebits 2010
Codebits 2010Codebits 2010
Codebits 2010
Tiago Henriques
 
Kush wadhwa _mining_digital_evidence_in_windows - ClubHack2009
Kush wadhwa _mining_digital_evidence_in_windows - ClubHack2009Kush wadhwa _mining_digital_evidence_in_windows - ClubHack2009
Kush wadhwa _mining_digital_evidence_in_windows - ClubHack2009
ClubHack
 
Computer Forensic
Computer ForensicComputer Forensic
Computer Forensic
Tawhidur Rahman
 
The Forensic Lab
The Forensic LabThe Forensic Lab
The Forensic Lab
primeteacher32
 
Forensic laboratory setup requirements
Forensic laboratory setup requirementsForensic laboratory setup requirements
Forensic laboratory setup requirements
Sonali Parab
 
Forensic Lab Development
Forensic Lab DevelopmentForensic Lab Development
Forensic Lab Development
amiable_indian
 
Digital Forensics
Digital ForensicsDigital Forensics
Digital Forensics
Oldsun
 

Recommended

Digital Forensic tools - Application Specific
Digital Forensic tools - Application SpecificDigital Forensic tools - Application Specific
Digital Forensic tools - Application Specific
ideaflashed
 
Codebits 2010
Codebits 2010Codebits 2010
Codebits 2010
Tiago Henriques
 
Kush wadhwa _mining_digital_evidence_in_windows - ClubHack2009
Kush wadhwa _mining_digital_evidence_in_windows - ClubHack2009Kush wadhwa _mining_digital_evidence_in_windows - ClubHack2009
Kush wadhwa _mining_digital_evidence_in_windows - ClubHack2009
ClubHack
 
Computer Forensic
Computer ForensicComputer Forensic
Computer Forensic
Tawhidur Rahman
 
The Forensic Lab
The Forensic LabThe Forensic Lab
The Forensic Lab
primeteacher32
 
Forensic laboratory setup requirements
Forensic laboratory setup requirementsForensic laboratory setup requirements
Forensic laboratory setup requirements
Sonali Parab
 
Forensic Lab Development
Forensic Lab DevelopmentForensic Lab Development
Forensic Lab Development
amiable_indian
 
Digital Forensics
Digital ForensicsDigital Forensics
Digital Forensics
Oldsun
 
Digital Forensics
Digital ForensicsDigital Forensics
Digital Forensics
Nicholas Davis
 
Digital Forensic
Digital ForensicDigital Forensic
Digital Forensic
Cleverence Kombe
 
Digital Forensics by William C. Barker (NIST)
Digital Forensics by William C. Barker (NIST)Digital Forensics by William C. Barker (NIST)
Digital Forensics by William C. Barker (NIST)
AltheimPrivacy
 
Forensic laboratory setup requirements
Forensic laboratory setup requirements Forensic laboratory setup requirements
Forensic laboratory setup requirements
Sonali Parab
 
Computer forensics
Computer forensicsComputer forensics
Computer forensics
deaneal
 
Computer +forensics
Computer +forensicsComputer +forensics
Computer +forensics
Rahul Baghla
 
Computer forensics powerpoint presentation
Computer forensics powerpoint presentationComputer forensics powerpoint presentation
Computer forensics powerpoint presentation
Somya Johri
 
Computer forensics ppt
Computer forensics pptComputer forensics ppt
Computer forensics ppt
Nikhil Mashruwala
 
IaaS Price performance-benchmark
IaaS Price performance-benchmarkIaaS Price performance-benchmark
IaaS Price performance-benchmark
GovCloud Network
 
Cloud computing training what's right for me
Cloud computing training what's right for meCloud computing training what's right for me
Cloud computing training what's right for me
GovCloud Network
 
ViON Corporation: Surviving IT Change
ViON Corporation: Surviving IT ChangeViON Corporation: Surviving IT Change
ViON Corporation: Surviving IT Change
GovCloud Network
 
Staying Safe in Cyberspace
Staying Safe in CyberspaceStaying Safe in Cyberspace
Staying Safe in Cyberspace
GovCloud Network
 
Vets 360 Services - Military Dedication - Corporate Success
Vets 360 Services - Military Dedication - Corporate SuccessVets 360 Services - Military Dedication - Corporate Success
Vets 360 Services - Military Dedication - Corporate Success
GovCloud Network
 
GovCloud Network LLC Overview - June 25, 2014
GovCloud Network LLC Overview - June 25, 2014GovCloud Network LLC Overview - June 25, 2014
GovCloud Network LLC Overview - June 25, 2014
GovCloud Network
 
Army PEO EIS Cloud Architecture
Army PEO EIS Cloud Architecture Army PEO EIS Cloud Architecture
Army PEO EIS Cloud Architecture
GovCloud Network
 
ICH Agile Cloud Session 1-Highlights /Prospective Svc Offerings Kevin Jackson
ICH Agile Cloud Session 1-Highlights /Prospective Svc Offerings Kevin JacksonICH Agile Cloud Session 1-Highlights /Prospective Svc Offerings Kevin Jackson
ICH Agile Cloud Session 1-Highlights /Prospective Svc Offerings Kevin Jackson
GovCloud Network
 
Improving Cybersecurity and Resilience Through Acquisition Emile Monette GSA
Improving Cybersecurity and Resilience Through Acquisition Emile Monette GSAImproving Cybersecurity and Resilience Through Acquisition Emile Monette GSA
Improving Cybersecurity and Resilience Through Acquisition Emile Monette GSA
GovCloud Network
 
@AgileCLoud_ICH Presentation - 20140521 US Navy OPNAV - Capt Christopher Page
@AgileCLoud_ICH Presentation - 20140521 US Navy OPNAV - Capt Christopher Page@AgileCLoud_ICH Presentation - 20140521 US Navy OPNAV - Capt Christopher Page
@AgileCLoud_ICH Presentation - 20140521 US Navy OPNAV - Capt Christopher Page
GovCloud Network
 
Agile Cloud Conference 2 Introduction - John Brennan
Agile Cloud Conference 2 Introduction - John BrennanAgile Cloud Conference 2 Introduction - John Brennan
Agile Cloud Conference 2 Introduction - John Brennan
GovCloud Network
 
DoD Business Capability Lifecycle (BCL) Guide (Draft)
DoD Business Capability Lifecycle (BCL) Guide (Draft)DoD Business Capability Lifecycle (BCL) Guide (Draft)
DoD Business Capability Lifecycle (BCL) Guide (Draft)
GovCloud Network
 
GovCloud Network Overview Presentation
GovCloud Network Overview PresentationGovCloud Network Overview Presentation
GovCloud Network Overview Presentation
GovCloud Network
 
PM ISE Information Interoperability Presentation -agile sourcing brief
PM ISE Information Interoperability Presentation -agile sourcing briefPM ISE Information Interoperability Presentation -agile sourcing brief
PM ISE Information Interoperability Presentation -agile sourcing brief
GovCloud Network
 

More Related Content

Viewers also liked

Digital Forensics by William C. Barker (NIST)
Digital Forensics by William C. Barker (NIST)Digital Forensics by William C. Barker (NIST)
Digital Forensics by William C. Barker (NIST)
AltheimPrivacy
 
Computer +forensics
Computer +forensicsComputer +forensics
Computer +forensics
Rahul Baghla
 

Viewers also liked (8)

Digital Forensics
Digital ForensicsDigital Forensics
Digital Forensics
 
Digital Forensic
Digital ForensicDigital Forensic
Digital Forensic
 
Digital Forensics by William C. Barker (NIST)
Digital Forensics by William C. Barker (NIST)Digital Forensics by William C. Barker (NIST)
Digital Forensics by William C. Barker (NIST)
 
Forensic laboratory setup requirements
Forensic laboratory setup requirements Forensic laboratory setup requirements
Forensic laboratory setup requirements
 
Computer forensics
Computer forensicsComputer forensics
Computer forensics
 
Computer +forensics
Computer +forensicsComputer +forensics
Computer +forensics
 
Computer forensics powerpoint presentation
Computer forensics powerpoint presentationComputer forensics powerpoint presentation
Computer forensics powerpoint presentation
 
Computer forensics ppt
Computer forensics pptComputer forensics ppt
Computer forensics ppt
 

More from GovCloud Network

Staying Safe in Cyberspace
Staying Safe in CyberspaceStaying Safe in Cyberspace
Staying Safe in Cyberspace
GovCloud Network
 
Improving Cybersecurity and Resilience Through Acquisition Emile Monette GSA
Improving Cybersecurity and Resilience Through Acquisition Emile Monette GSAImproving Cybersecurity and Resilience Through Acquisition Emile Monette GSA
Improving Cybersecurity and Resilience Through Acquisition Emile Monette GSA
GovCloud Network
 
Intrusion Detection on Public IaaS - Kevin L. Jackson
Intrusion Detection on Public IaaS - Kevin L. JacksonIntrusion Detection on Public IaaS - Kevin L. Jackson
Intrusion Detection on Public IaaS - Kevin L. Jackson
GovCloud Network
 
A Framework for Cloud Computing Adoption in South African Government
A Framework for Cloud Computing Adoption in South African GovernmentA Framework for Cloud Computing Adoption in South African Government
A Framework for Cloud Computing Adoption in South African Government
GovCloud Network
 
Paving the Way to the Cloud: Cloud Services Brokerage for Highly Secure, Dem...
Paving the Way to the Cloud: Cloud Services Brokerage for Highly Secure, Dem...Paving the Way to the Cloud: Cloud Services Brokerage for Highly Secure, Dem...
Paving the Way to the Cloud: Cloud Services Brokerage for Highly Secure, Dem...
GovCloud Network
 
Government cloud deployment lessons learned final (4 4 2013)
Government cloud deployment lessons learned final (4 4 2013)Government cloud deployment lessons learned final (4 4 2013)
Government cloud deployment lessons learned final (4 4 2013)
GovCloud Network
 

More from GovCloud Network (20)

IaaS Price performance-benchmark
IaaS Price performance-benchmarkIaaS Price performance-benchmark
IaaS Price performance-benchmark
 
Cloud computing training what's right for me
Cloud computing training what's right for meCloud computing training what's right for me
Cloud computing training what's right for me
 
ViON Corporation: Surviving IT Change
ViON Corporation: Surviving IT ChangeViON Corporation: Surviving IT Change
ViON Corporation: Surviving IT Change
 
Staying Safe in Cyberspace
Staying Safe in CyberspaceStaying Safe in Cyberspace
Staying Safe in Cyberspace
 
Vets 360 Services - Military Dedication - Corporate Success
Vets 360 Services - Military Dedication - Corporate SuccessVets 360 Services - Military Dedication - Corporate Success
Vets 360 Services - Military Dedication - Corporate Success
 
GovCloud Network LLC Overview - June 25, 2014
GovCloud Network LLC Overview - June 25, 2014GovCloud Network LLC Overview - June 25, 2014
GovCloud Network LLC Overview - June 25, 2014
 
Army PEO EIS Cloud Architecture
Army PEO EIS Cloud Architecture Army PEO EIS Cloud Architecture
Army PEO EIS Cloud Architecture
 
ICH Agile Cloud Session 1-Highlights /Prospective Svc Offerings Kevin Jackson
ICH Agile Cloud Session 1-Highlights /Prospective Svc Offerings Kevin JacksonICH Agile Cloud Session 1-Highlights /Prospective Svc Offerings Kevin Jackson
ICH Agile Cloud Session 1-Highlights /Prospective Svc Offerings Kevin Jackson
 
Improving Cybersecurity and Resilience Through Acquisition Emile Monette GSA
Improving Cybersecurity and Resilience Through Acquisition Emile Monette GSAImproving Cybersecurity and Resilience Through Acquisition Emile Monette GSA
Improving Cybersecurity and Resilience Through Acquisition Emile Monette GSA
 
@AgileCLoud_ICH Presentation - 20140521 US Navy OPNAV - Capt Christopher Page
@AgileCLoud_ICH Presentation - 20140521 US Navy OPNAV - Capt Christopher Page@AgileCLoud_ICH Presentation - 20140521 US Navy OPNAV - Capt Christopher Page
@AgileCLoud_ICH Presentation - 20140521 US Navy OPNAV - Capt Christopher Page
 
Agile Cloud Conference 2 Introduction - John Brennan
Agile Cloud Conference 2 Introduction - John BrennanAgile Cloud Conference 2 Introduction - John Brennan
Agile Cloud Conference 2 Introduction - John Brennan
 
DoD Business Capability Lifecycle (BCL) Guide (Draft)
DoD Business Capability Lifecycle (BCL) Guide (Draft)DoD Business Capability Lifecycle (BCL) Guide (Draft)
DoD Business Capability Lifecycle (BCL) Guide (Draft)
 
GovCloud Network Overview Presentation
GovCloud Network Overview PresentationGovCloud Network Overview Presentation
GovCloud Network Overview Presentation
 
PM ISE Information Interoperability Presentation -agile sourcing brief
PM ISE Information Interoperability Presentation -agile sourcing briefPM ISE Information Interoperability Presentation -agile sourcing brief
PM ISE Information Interoperability Presentation -agile sourcing brief
 
Intrusion Detection on Public IaaS - Kevin L. Jackson
Intrusion Detection on Public IaaS - Kevin L. JacksonIntrusion Detection on Public IaaS - Kevin L. Jackson
Intrusion Detection on Public IaaS - Kevin L. Jackson
 
A Framework for Cloud Computing Adoption in South African Government
A Framework for Cloud Computing Adoption in South African GovernmentA Framework for Cloud Computing Adoption in South African Government
A Framework for Cloud Computing Adoption in South African Government
 
NCOIC GCC OWS-10 presentation 10 7 2013
NCOIC GCC OWS-10 presentation 10 7 2013NCOIC GCC OWS-10 presentation 10 7 2013
NCOIC GCC OWS-10 presentation 10 7 2013
 
Tech gate kevin l jackson - 09-21-2013
Tech gate kevin l jackson - 09-21-2013Tech gate kevin l jackson - 09-21-2013
Tech gate kevin l jackson - 09-21-2013
 
Paving the Way to the Cloud: Cloud Services Brokerage for Highly Secure, Dem...
Paving the Way to the Cloud: Cloud Services Brokerage for Highly Secure, Dem...Paving the Way to the Cloud: Cloud Services Brokerage for Highly Secure, Dem...
Paving the Way to the Cloud: Cloud Services Brokerage for Highly Secure, Dem...
 
Government cloud deployment lessons learned final (4 4 2013)
Government cloud deployment lessons learned final (4 4 2013)Government cloud deployment lessons learned final (4 4 2013)
Government cloud deployment lessons learned final (4 4 2013)
 

Recently uploaded

Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
 
ChatGPT and Beyond - Elevating DevOps Productivity
ChatGPT and Beyond - Elevating DevOps ProductivityChatGPT and Beyond - Elevating DevOps Productivity
ChatGPT and Beyond - Elevating DevOps Productivity
VictorSzoltysek
 
Less Is More: Utilizing Ballerina to Architect a Cloud Data Platform
Less Is More: Utilizing Ballerina to Architect a Cloud Data PlatformLess Is More: Utilizing Ballerina to Architect a Cloud Data Platform
Less Is More: Utilizing Ballerina to Architect a Cloud Data Platform
WSO2
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
UiPathCommunity
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 

Recently uploaded (20)

Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
ChatGPT and Beyond - Elevating DevOps Productivity
ChatGPT and Beyond - Elevating DevOps ProductivityChatGPT and Beyond - Elevating DevOps Productivity
ChatGPT and Beyond - Elevating DevOps Productivity
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
 
Less Is More: Utilizing Ballerina to Architect a Cloud Data Platform
Less Is More: Utilizing Ballerina to Architect a Cloud Data PlatformLess Is More: Utilizing Ballerina to Architect a Cloud Data Platform
Less Is More: Utilizing Ballerina to Architect a Cloud Data Platform
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
JavaScript Usage Statistics 2024 - The Ultimate Guide
JavaScript Usage Statistics 2024 - The Ultimate GuideJavaScript Usage Statistics 2024 - The Ultimate Guide
JavaScript Usage Statistics 2024 - The Ultimate Guide
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Modernizing Legacy Systems Using Ballerina
Modernizing Legacy Systems Using BallerinaModernizing Legacy Systems Using Ballerina
Modernizing Legacy Systems Using Ballerina
 
Stronger Together: Developing an Organizational Strategy for Accessible Desig...
Stronger Together: Developing an Organizational Strategy for Accessible Desig...Stronger Together: Developing an Organizational Strategy for Accessible Desig...
Stronger Together: Developing an Organizational Strategy for Accessible Desig...
 
Design and Development of a Provenance Capture Platform for Data Science
Design and Development of a Provenance Capture Platform for Data ScienceDesign and Development of a Provenance Capture Platform for Data Science
Design and Development of a Provenance Capture Platform for Data Science
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Quantum Leap in Next-Generation Computing
Quantum Leap in Next-Generation ComputingQuantum Leap in Next-Generation Computing
Quantum Leap in Next-Generation Computing
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
 

Dell Security e book--_v.5-pg

  • 1. Insight Partner Views on Cybersecurity A Compilation for Personal and Corporate Education
  • 2. This eBook was written as part of the Dell Insight Partners program, which provides news and analysis about the evolving world of tech. Dell sponsored this article, but the opinions are my own and don’t necessarily represent Dell’s positions or strategies Contents 2 Introduction.............................................................................................3 The CISO role in cybersecurity: Solo or team sport?................................4 Security attacks and countermeasures………………………….……………………….7 Mobile device security: A new frontier for hackers.…………………………....11 U.S. Department of Defense sets its cloud security guidelines..............14 The emerging science of digital forensics……………………..……………………..17 Why fear the hackers? First invest in IT security change…………….....20 Take the next step..................................................................................22
  • 3. This eBook was written as part of the Dell Insight Partners program, which provides news and analysis about the evolving world of tech. Dell sponsored this article, but the opinions are my own and don’t necessarily represent Dell’s positions or strategies Introduction Data security breaches and hacker attacks on private businesses, health organizations and government agencies in the U.S. have grabbed headlines with increasing frequency, it seems. There is zero doubt about the damage these events cause. Cybercriminals and hackers walk away with customers’ payment card information and employee data while companies and federal authorities investigate the source of the leaks and spend millions of dollars to repair the harm. Some see these breaches as a threat to national security, and, in response, government has launched a “30-day Cybersecurity Sprint” as a tactic designed to beef up cybersecurity protocols. Do your part in protecting information by educating yourself about cybersecurity. The “Insight Partner Views on Cyberecurity” e-book can help. By addressing security from multiple viewpoints, the e-book reinforces the need for society to build a culture that fully embraces information risk management. 3
  • 4. This eBook was written as part of the Dell Insight Partners program, which provides news and analysis about the evolving world of tech. Dell sponsored this article, but the opinions are my own and don’t necessarily represent Dell’s positions or strategies officers. With the support of social media campaigns from Dell cybersecurity and the International Information Systems Security Certification Consortium, also known as ISC(2), NCI was able to collect a statistically significant number of responses across eight industry verticals. Although a formal analysis of the data is still being conducted, some important early revelations have already been identified. While the overall survey broadly covered the domain, one of the most interesting insights for me came from a high-level response from just three questions: The average length of time in the commercial sector between a network security breach and when the detection of that breach is more than 240 days, according to Gregory Touhill, deputy assistant secretary of Cybersecurity Operations and Programs for the Department of Homeland Security. What could happen to your company during that eight-month period? Could your company survive? This alarming statistic is just one of the reasons why the National Cybersecurity Institute at Excelsior College (NCI) undertook the task of surveying the nation’s chief information security 4 The CISO role in cybersecurity: Solo or team sport? Kevin L. Jackson, CEO, GovCloud Network
  • 5. This eBook was written as part of the Dell Insight Partners program, which provides news and analysis about the evolving world of tech. Dell sponsored this article, but the opinions are my own and don’t necessarily represent Dell’s positions or strategies 5 • What are the top three items/resources you need to accomplish your job? • Which of the following are the top five sources of application security risk within your organization? • Which of the following five skill sets best prepares someone to become a chief information security officer? The survey designers worked hard not to focus just on the technical aspects of the CISO role. To that end, respondents had to choose from nine job resources, 10 security risk options and 11 specific skill sets. They also enjoyed the option of writing in a response. Although every option on each of these three questions had some takers, the most predominant answers were: • The top resource needed to accomplish the CISO job is the support of other management leaders. • The top source of application security risk is a lack of awareness of application security issues within the organization; and • The best skill set for preparing someone to become a CISO is a statistical tie between business knowledge and knowledge of IT security best practices. Some may find it surprising that neither technical knowledge, technical skills nor the technology itself is an overwhelming favorite for the surveyed professionals. So with that observation, what truths can we learn from this answer set?
  • 6. This eBook was written as part of the Dell Insight Partners program, which provides news and analysis about the evolving world of tech. Dell sponsored this article, but the opinions are my own and don’t necessarily represent Dell’s positions or strategies To be sure, additional analysis and rigor are needed, but from a personal point of view this early data hints that technical knowledge is not the primary CISO skill requirement. It also tips a hat toward the need for robust internal education as well a focus for reducing application security risks. For me, it also shows that a good CISO must also be a collaborative and communicative teacher across his or her organization. Is it me or do these traits describe a team leader or coach? If you are a CISO, do these traits describe you? Are education and collaboration a core part of your company’s cybersecurity plan? Have you enabled management to give you the support needed for your own success? Can you describe yourself as the cyber team coach? 6
  • 7. This eBook was written as part of the Dell Insight Partners program, which provides news and analysis about the evolving world of tech. Dell sponsored this article, but the opinions are my own and don’t necessarily represent Dell’s positions or strategies credit card records of customers from every store.[2] The Open Security Foundation’s (OSF) data loss database[3] contains information on data security breaches, including recent and large incidents. Recent breaches include 3.65 million records stolen from the United States Postal Service on November 10th and 2.7 million stolen from HSBC Bank A.S. on Nov. 12, both of this year. Cyberattacks are on the increase, with six of the top 10 largest incidents occurring in 2013 (402 million) and 2014 (469 million to date).[1] A diverse set of industries is targeted. A mid-year breach report from Risk Based Security and the OSF[4] cited that 59 percent of reported attacks were in the business sector, followed by 16.1 Cybersecurity is rapidly becoming a significant issue in the C-suite as well as the population at large. The results of Dell’s Global Technology Adoption Index (GTAI)[1] show that security is a top concern for most of the 2000 global small and medium businesses surveyed. The outcomes further noted that such concerns create barriers to the adoption of critical technologies that drive value and growth: mobility, cloud and big data. In fact, many businesses are unprepared to address their potential security issues. In addition, several large data breaches have raised the awareness of cybersecurity in the consciousness of the general population. For example, the Target security breach in December 2013 resulted in hackers accessing 40 million 7 Security Attacks and Countermeasures Sandra K. Johnson, CEO, SKJ Visioneering, LLC
  • 8. This eBook was written as part of the Dell Insight Partners program, which provides news and analysis about the evolving world of tech. Dell sponsored this article, but the opinions are my own and don’t necessarily represent Dell’s positions or strategies 8 percent from the government. Other reports show a data breach focus on the Finance & Insurance and Manufacturing industries (IBM),[5] and the Electronics Manufacturing and Agriculture and Mining industries (Cisco).[6] The majority of these attacks are due to hacking, fraud and social engineering. For example, in the first half of 2014, 84.6 percent of cybersecurity incidents were due to external hacking, with an increased percentage of events exposing passwords, usernames and email.[4] The resulting breaches occur primarily through malware, including Trojan horses, adware, worms, viruses and downloaders.[6] Moreover, the overwhelming majority (95 percent) of security events evaluated by IBM include human error as a contributing factor.[5] Data breach sources Let’s examine these primary sources of data breaches and high-level methodologies for minimizing such events. Malware is malicious software created for egregious objectives. It is designed to disrupt IT and other computer operational environments and to gain access to sensitive data, such as personal records. Access is precipitated through various communication methodologies, such as email and instant message (IM) attachments, endpoints in an IT environment, applications and other vulnerabilities within such infrastructures as discovered by the attacker. Malware is intended to be quiet and hidden as it enters environments and is executed. There is a plethora of various types of existing malware; however, presented in Table 1 is a summary of the most active and effective malware[6]today. Social engineering is a methodology that enables a perpetrator to persuade or induce an individual to provide sensitive information or access to the unauthorized perpetrator. The attacker is typically able
  • 9. This eBook was written as part of the Dell Insight Partners program, which provides news and analysis about the evolving world of tech. Dell sponsored this article, but the opinions are my own and don’t necessarily represent Dell’s positions or strategies to do this by exploiting the fact that most people want to be helpful and avoid confrontation. By leveraging social media, face-to-face contact, telecommunications and other communication mechanisms, attackers are able to obtain information and access, either piecemeal or holistically, that permits their access to data, networks and other infrastructure. Minimizing or averting attacks The best protection against malware includes anti- malware and Internet security software. Such software can find and remove the overwhelming majority of the known malware prevalent today. Lists of the best antivirus and Internet security software, according to PCMag.org[7][8], are included inTable1 and Table 2, respectively, on the next page: It is important that you keep your anti-malware and Internet security current, as new malware is introduced on a regular basis. In addition, regular education is crucial for minimizing the impact of social engineering related attacks. The knowledge of how attackers can aggregate bits of information into a comprehensive 9 MALWARE DESCRIPTION Trojan Deceptive code hidden inside software that appears to be safe Adware Advertising-supported software that can collect user information when executed (also known as spyware) Worm Standalone software that replicates functional copies by exploiting vulnerabilities in targeted systems Virus Code that can corrupt or remove files, spread to other computers (e.g., via email) and attaches itself into files and other programs Downloader Software that downloads executable malicious code without the users knowledge or consent Figure 1. Most active malware today
  • 10. This eBook was written as part of the Dell Insight Partners program, which provides news and analysis about the evolving world of tech. Dell sponsored this article, but the opinions are my own and don’t necessarily represent Dell’s positions or strategies collection of sensitive information is important in preventing individuals from sharing such information or providing access to ‘friendly’ people. Finally, it is paramount that users remain diligent regarding their passwords. The data shows that the majority of information obtained by attacks relates to sensitive personal information, including passwords. Also, programs that crack passwords or obtain them from other sources are readily available. Various lists of what to do, and not do, regarding passwords are readily available and is not included here. However, while it is difficult to remember all passwords for all of the authentication and access entry points used by an individual, one rule of thumb can be helpful. Make your passwords long, include digits and symbols, and use the first letter of a phrase you are most likely to remember. For example, from a line in the poem “Phenomenal Women” by Maya Angelou, who died this year, “I’m a woman Phenomenally, Phenomenal woman, That’s me”, one can create the password, “Iawp,pwtmMA14”. This includes the first letter of the words in this line, the poet’s initials and the year of death. Moving forward, cyber attacks will be more prevalent, even as infrastructure growth, including network bandwidth, applications, mobile devices and other endpoints become more prolific. It is important to always be mindful of your activities, and know that education, due diligence and the relevant anti- malware and Internet security software can address the majority of security threats. 10 ANTIVIRUS SOFTWARE Webroot Secure Anywhere Antivirus (2015) Norton AntiVirus (2014) Kaspersky AntiVirus (2015) Bitdefender Antivirus Plus (2015) F-Secure Anti-Virus 2014 INTERNET SECURITY SOFTWARE Bitdefender Total Security (2014) Norton Internet Security (2014) Webroot SecureAnywhere Internet Security (2014) Kaspersky Internet Security (2014) McAfee Internet Security (2014) Figure 2.. Top Antivirus Software [7] Figure 3. Top Internet Security Software [8].
  • 11. This eBook was written as part of the Dell Insight Partners program, which provides news and analysis about the evolving world of tech. Dell sponsored this article, but the opinions are my own and don’t necessarily represent Dell’s positions or strategies While mobile device security attacks are relatively small, they are the new frontier for hackers. Listed below are highlights from several mobile device surveys: • The four top threats to mobile devices include: 1) lost and stolen phones; 2) insecure communications; 3) leveraging less- secure, third-party app stores; and 4) vulnerable development frameworks. • One in 10 U.S. smartphone owners are victims of phone theft. • Mobile malware attacks are increasing, with 2014 exhibiting a 75 percent increase in Android malware attacks on devices. • The use of mobile devices to access enterprise resources introduces significant security risks. Recent security breaches have heightened our awareness of cybersecurity issues. The Staples hack and other security breaches have resulted in unprecedented damages. However, the majority of mobile device users have yet to be sensitized to their personal and corporate security risks. For example, a security study found that 69 percent of users store sensitive personal information on their mobile devices. Examples include banking information, confidential work- related items and provocative videos and photos. In addition, 51 percent of mobile device consumers share usernames and passwords with family, friends and colleagues. This in spite of the fact that 80 percent of such devices are unprotected by security software. 11 Mobile device security: A new frontier for hackers Sandra K. Johnson, CEO, SKJ Visioneering, LLC
  • 12. This eBook was written as part of the Dell Insight Partners program, which provides news and analysis about the evolving world of tech. Dell sponsored this article, but the opinions are my own and don’t necessarily represent Dell’s positions or strategies 12 Cyberattackers are typically attempting to obtain access to sensitive or personal data, and then use it to access financial accounts. Some methodologies used include social engineering, distributing and executing malware, and accessing data through public Wi-Fi networks. A recent survey found that phishing and scams for winning free stuff were the most popular SMS attacks. Unsolicited SMS messages attempted to trick users into providing detailed, sensitive information about their financial accounts at major banks. The mobile malware StealthGenie secretly monitors calls, texts and videos on mobile phones. Bitdefender has been able to break the secure communications between a Samsung watch and an Android device with ease, using brute force sniffing tools. (See “5 New Threats to Your Mobile Device Security” for more information.) These are a sampling of the numerous cybercriminal methodologies for accessing user finances and data. Listed below are some user actions for reducing or minimizing a successful attack: • Always enable password or PIN protection on your device. • Run scans using a respected security and malware program on a regular basis (see the best antivirus software for Android devices). • Subscribe to managed mobile device services such as anti-malware and mobile device locator services; also lock the device and wipe all data in the event of device theft. • Encrypt mobile device data. • Install/run the latest versions of your device OS and all mobile apps. • Upgrade to the most recent firmware for your mobile device. • Do not access secure or highly sensitive information while using public Wi-Fi networks. • Avoid clicking on ads on your mobile devices.
  • 13. This eBook was written as part of the Dell Insight Partners program, which provides news and analysis about the evolving world of tech. Dell sponsored this article, but the opinions are my own and don’t necessarily represent Dell’s positions or strategies • Do not configure phones to allow the installation of apps from unknown sources, e.g., only download from well-known and trusted app stores (although they are not foolproof). • Observe all corporate bring-your-own-device (BYOD) and related policies. In addition, ISO lists some common sense advice regarding mobile devices, as included below: • Do not openly display a device — keep it in a pocket or handbag. • If possible, avoid using it in crowded areas. • Properly mark your phone with your ZIP code. • If the phone is lost or stolen, report it immediately to the police and to your service provider. • Be aware of your surroundings and the people near to you. • Do not leave it unattended – keep it with you at all times. • Make a note of your phone’s IMEI number. • Do not leave a device in view in an unattended vehicle. 13
  • 14. This eBook was written as part of the Dell Insight Partners program, which provides news and analysis about the evolving world of tech. Dell sponsored this article, but the opinions are my own and don’t necessarily represent Dell’s positions or strategies (CSP). A CSP can have multiple CSOs, all with different security postures. This has always been the case. However, by making this distinction, DISA has reduced some areas of common confusion. This distinction should also make it clear that utilizing a compliant infrastructure as a service (IaaS) or platform as a service (PaaS) at a CSP does not make the resulting offering compliant. The CSO itself has to be fully evaluated for the Federal Risk and Authorization Management Program (FedRAMP) compliance. Compliance responsibility is on the prime CSP. Expanding on the last point I made: Everything you put in a CSP environment is not, Those watching federal cloud security in the defense space were pleased to learn the Defense Information Systems Agency (DISA) released the DOD Cloud Computing Security Requirements Guide (v1) (SRG) last month. This 152-page document outlines the security requirements that Department of Defense (DOD) mission owners must adhere to when procuring cloud-based services. While the document is very thorough and is required reading if you currently, or intend to provide, cloud-based services to the DOD, I wanted to cover some of the things that stood out to me. CSPs are not compliant, but their offerings can be. The requirements guide makes it clear that there is a distinction between a Cloud Service Offering (CSO) and the Cloud Service Provider 14 US Department of Defense Sets Its Cloud Security Guidelines Jodi Kohut, Government Cloud Computing Professional
  • 15. This eBook was written as part of the Dell Insight Partners program, which provides news and analysis about the evolving world of tech. Dell sponsored this article, but the opinions are my own and don’t necessarily represent Dell’s positions or strategies 15 automatically compliant. The SRG states that, “While the CSP’s overall service offering may be inheriting controls and compliance from a third party, the prime CSP is ultimately responsible for complete compliance” (p. 3). This language gives me the sense that if mission owners want to work with a federal integrator (prime contractor) to move an application to a FedRAMP-compliant or soon-to-be-FedRAMP-compliant platform or infrastructure — and that integrator will be performing Operations and Maintenance (O&M) — they will also be responsible for the compliance of the solution and the underpinning platform or infrastructure services from a commercial cloud service provider. In essence, the solution enabler becomes the prime CSP. This is perhaps an important nuance that may have important ramifications for the integrator and those who provide what DISA dubs commercial cloud service providers. Keep in mind that the SRG also recognizes the existence of DOD-owned and operated CSPs. FedRAMP + controls. Because DOD systems are categorized differently from other federal government systems, the SRG lists additional security controls and enhancements that are necessary to implement for DOD systems. These controls are over and above the FedRAMP moderate baseline, and as such are called, “plus” controls. The SRG has dealt with privacy and security requirements as “overlays” to all of the FedRAMP and FedRAMP plus baseline controls. Expanded CSP roles and responsibilities. (Appendix C-1). The SRG denotes that it is the CSP’s responsibility to provide Computer Network Defense (CND) services (all tiers) for its infrastructure and service offerings. CSPs must be willing to provide their own CND services and to be able and
  • 16. This eBook was written as part of the Dell Insight Partners program, which provides news and analysis about the evolving world of tech. Dell sponsored this article, but the opinions are my own and don’t necessarily represent Dell’s positions or strategies willing to contract for more advanced security services as required by a mission owner. Here again, a prime CSP must be willing and able to provide complete compliance, including Computer Network Defense Service Provider (CNDSP) services. A few takeaways While this is not an adequate summary of the SRG, this long-awaited guide has provided some clarification around DOD’s expectations from Integrators, CSPs, and DOD mission owners. The DOD has clearly laid out for Integrators and CSPs the expectations for inclusion into the DISA Cloud Service Catalog. It will be interesting to see how and if the definition of a prime CSP evolves and how the industry and government alike adapt to that distinction. My initial reaction to the SRG is that it limits the playing field of prime CSPs that are able to comply with these requirements today. For small integrators trying to migrate applications to the cloud on behalf of the federal government, it makes the proposition riskier. For example, if small integrators move something to an Amazon Web Services or Microsoft IaaS solution, they are now responsible for the security of the application and that underlying environment. The way this is currently written, I believe that integrators will have to decide whether or not they will take the risk to take responsibility for the application and the underlying environment. 16
  • 17. This eBook was written as part of the Dell Insight Partners program, which provides news and analysis about the evolving world of tech. Dell sponsored this article, but the opinions are my own and don’t necessarily represent Dell’s positions or strategies In its SecureWorks “The Next Generation of Cybercrime” executive brief, Dell cites a study conducted by the Ponemon Institute, which found that “the average cost of a data breach was $7.2 million in 2010.” The rate of cybercrime and the impact of cyberbreaches have exponentially accelerated since then. This has resulted in the emerging science of digital forensics. Without question, the rise in cyberleaks, nation- state cyber terrorism and the beach of consumer data across multiple industry domains has led to a heightened awareness of the enterprise and personal responsibilities associated with cybersecurity. The consumerization of IT and the adoption of cloud, mobile and social media by enterprise organizations is opening a new threat landscape and new threat vectors. Everyone is affected and everyone is talking about it, from senior executives to teenagers. 17 The Emerging Science of Digital Forensics Melvin Greer, Managing Director Greer Institute
  • 18. This eBook was written as part of the Dell Insight Partners program, which provides news and analysis about the evolving world of tech. Dell sponsored this article, but the opinions are my own and don’t necessarily represent Dell’s positions or strategies 18 Digital forensics can be described as the science of preserving and analyzing digital evidence useful in the development of legal cases against cyber criminals. This new and growing field includes high-tech crime investigation and computational defense across traditional IT like hardware, servers, operating systems and networks, as well as the new digital environments of social, mobile and cloud. The emerging science of digital forensics and cybercrime investigation has become very important for national security, law enforcement, and information assurance. This convergent science combines law, computer science, finance, telecommunications, data analytics, and policing disciplines. There are a number of companies that are responding with new digital forensic processes, methods tool and solutions. In its digital forensics solution, Dell cites the use of a six-step digital forensic life cycle designed to leverage cloud computing and data center operations in the processing of digital evidence. Chief information security officers are using these new frameworks to: • Improve incident response • Develop new digital forensic techniques • Drive new investigatory standards
  • 19. This eBook was written as part of the Dell Insight Partners program, which provides news and analysis about the evolving world of tech. Dell sponsored this article, but the opinions are my own and don’t necessarily represent Dell’s positions or strategies The cybersecurity landscape is constantly evolving, and it’s up to business and technical leaders to evolve their cyberdefenses in response. Here are key recommendations leaders should consider: • Update and complete an enterprise-wide security risk assessment. Identify security gaps and emerging threats • Link strategic technology investments in security with robust and flexible processes for incident response • Develop real-time monitoring and automated response techniques that provide real-time threat analysis • Move from cyberdefense to cyberthreat intelligence. Develop a cyber toolkit which is more proactive than reactive Given the continued growth of cyber activity, the emerging science of digital forensics is sure to grow along with the sophisticated frameworks required to gather, analyze and investigate evidence that leads to an increased level of cybersecurity. 19
  • 20. This eBook was written as part of the Dell Insight Partners program, which provides news and analysis about the evolving world of tech. Dell sponsored this article, but the opinions are my own and don’t necessarily represent Dell’s positions or strategies because when you pull back the curtain on many of the recent breaches, you’ll likely see a mirror. In a recent case, sensitive data — including passwords — seem to have been stored in the clear, which is against all recommended best practices. There also may have been significant involvement from a company insider. Focusing on application hacks, some of the most devastating have been due to a failure of the application developers to follow some basic best practices for application development. Most of these breaches were not on cloud service providers. These successful attacks were on enterprise-built and managed IT infrastructures. With all the news these days about cyberterrorism and hacking, the cloud may seem like the last place you would want to put your precious information. Pew Research has even suggested that cyber attacks are likely to increase. Some 61% of over 1,600 security expert respondents to a recent Pew Research survey said that a major attack causing widespread harm would occur by 2025. The cold hard fact, however, is that fear of the cyberterrorist and hackers, while definitely valid, is mostly misplaced. I hold this contrarian view. 20 Why Fear the Hackers? First invest in IT security culture change Kevin L. Jackson, CEO, GovCloud Network
  • 21. This eBook was written as part of the Dell Insight Partners program, which provides news and analysis about the evolving world of tech. Dell sponsored this article, but the opinions are my own and don’t necessarily represent Dell’s positions or strategies 21 Our failure to protect our information and data is mostly due to our less than focused attitude toward cybersecurity. Policies, procedures and processes play an important part in preventing security incidents, but more is needed. Organizational employees must realize that they could be an entry point for hackers and be aware of their individual actions. IT professionals must follow industry standard best practices for application development, network configuration, system configuration, etc. Many of which have gone through multiple iterations over the years. Everyone must also be proactive in his or her identification and response to cyber threats. What I am describing is the need for a cultural change. Creating a risk-conscious and security-aware culture is key to protecting an organization’s information infrastructure and data assets, risk management expert John P. Pironti wrote in a 2012 ISACA Journal article. Business leaders must begin viewing information security as a benefit, rather than as an obstacle, and employ threat and vulnerability analysis – rather than fear and doubt – to drive adoption of points of view and controls.
  • 22. This eBook was written as part of the Dell Insight Partners program, which provides news and analysis about the evolving world of tech. Dell sponsored this article, but the opinions are my own and don’t necessarily represent Dell’s positions or strategies Now, take the next step in enhancing your own cybersecurity posture! 22 Computer Tips • Stay up-to-date. Use a firewall as well as cybersecurity software, such as antivirus and antispyware, that will scan for computer security threats and uninstall them. • Shop with care. Before submitting credit card information online, look at the URL to ensure you're on a HTTPS (Hypertext Transfer Protocol Secure) site. • Laptop security. With the proper software installed, stolen laptops can be tracked to a physical location if they are connected to the Internet. Other software gives you remote access for computer security with the ability to erase your files or send them to a secure data center for recovery via the Web. back to top Email & Social Networking Tips • Avoid spam and scams. Always question the legitimacy of emails and social networking messages that ask for money or personal information. Spear phishing attacks mimic communications from a business to persuade you to divulge personal information. • Network below the radar. Public profiles on social networking sites put you at risk by exposing information, such as your full birth date, hometown, employment history, etc., that a criminal could use to pose as you. Use privacy settings to ensure your personal information isn't public knowledge. • Just don't. Don't open unknown attachments, don't click on unknown links, and don't share too much information online, That's a lot for don'ts but when your identity and computer could be at risk, it's better to play safe. The rewards aren't always worth the risks.