SlideShare a Scribd company logo

Nsa spying gem_2013_final

Download as PPTX, PDF
Claus Cramon Houmann
Claus Cramon Houmann

A presentation describing why companies should take the consequences of the global spying & encryption weakening into account when assessing risks

TechnologyBusiness
1 of 15
Banque Öhman The potential consequences of the NSA (and GHCQ) spying on the mobile enterprise And what you can/should do about it Claus Cramon Houmann 2013-11-14
Banque Öhman 2013-11-14 Key take aways: • The known and the ”feared” extents of the NSA spying & others who spy • Spyware exists which can take full control of any mobile device, not to mention laptops • Defend your enterprise with Defense in depth which includes devices outside the perimeter • Make sure you know which data leaves the perimeter • Do your risk assessments and protect against your REAL threats • Consider any data that leaves the perimeter lost 2 Öhman
Banque Öhman Why am I here presenting this? • June 6th • ..and since then • Truth has been coming out • That affects us all 3 Öhman 2013-11-14
Banque Öhman 2013-11-14 Initial releases from Snowden trove • PRISM, XKEYSCORE, other programs that combined SPY on our lives -> and remove much of our privacy & security – Calls being recorded in the US – private AND corporate – Metadata for all calls and Internet in the US – -> this alone is a quite a risk for companies operating in the US • But THEN started the real revelations that concern any company, worldwide.... 4 Öhman
Banque Öhman 2013-11-14 !Collect everything! • It turns out that the NSA&Partners collect everything (almost) – – – – – Your calls Your metadata Your e-mails Your google searches Your banking transactions – Your social media activity • They are intercepting, analyzing and storing almost all Internet traffic. If they cant decrypt it, it just gets stored longer until they can 5 Öhman
Banque Öhman !Tailored access! • It’s not enough to just collect and store everything • NSA actively hacks states, companies and private individuals • To make this EASIER they have also weakened an unknown amount of cryptographic standards and tools 6 Öhman 2013-11-14
Banque Öhman Red flags – special NSA target areas • • • • • Any bank with a swift code Anyone using encryption Anyone doing anything in the middle east Anything to do with oil or gas (energy) Anyone building security system / Infosec systems 7 Öhman 2013-11-14
Banque Öhman But wait...this doesnt affect my company • Raise your hand if you’re thinking this right now 8 Öhman 2013-11-14
Banque Öhman My guess • Is that around 25% of people present raised their hands • I hope for 0 • If 25% raised their hands, another 25% didnt – only due to normal classroom psychology 9 Öhman 2013-11-14
Banque Öhman 2013-11-14 Why are those raised hands wrong? • Others have the means to exploit cryptographic weaknesses – China, Russia, serious competitors? • The NSA passes information to US Government (and others?), it’s conceivable that information from NSA spying ends up in US corp hands (http://www.zerohedge.com/contributed/2013-10-21/nsabusted-conducting-industrial-espionage-france-mexico-brazilchina-and-all) – This has happened before (echelon anno 2000 in BBC report fx) - Anyone can potentially get at your data! Especially on exposed locations such as mobile devices 10 Öhman
Banque Öhman But then...what can we do? • Risk Management – mitigate the risks to acceptable levels • Defense-in-depth: Defend your data, wherever and whenever appropriate. Follow the booming market for innovative tools – eventually someone will find a way to protect smartphones /tablets acceptably. Laptops already protectable • ENCRYPT. EVERYTHING. NOW. • Manage where your data is. Control that policies are followed. • Awareness training & GRC implementation/improvement 11 Öhman 2013-11-14
Banque Öhman Defense-in-depth. Isnt is simple and beatiful? 12 Öhman 2013-11-14
Banque Öhman 2013-11-14 The future brings.... • European or Global Crypto-standards institute • Advanced malware protection tools (AMP’s), also for phones and tablets • Changes to how NSA spies on US citizens...but how about the rest of us....? • Fortress Europe? Fortress South-america? Fortress Russia? 13 Öhman
Banque Öhman 2013-11-14 About me • Claus Cramon Houmann, 38, married to Tina and I have 3 lovely kids • CISSP, ITIL Certified Expert, Prince2 practitioner • You can contact me anytime: – Skype: Claushj0707 – Twitter: @claushoumann • Sources used: – Richard Stiennon’s presentation: ”How the surveillance state is changing IT security forever” – Tidbits from @mikko’s TEDx presentation recently 14 Öhman
Banque Öhman Questions? 15 Öhman 2013-11-14

Recommended

ADW#21 La Veille à l’heure des médias sociaux
ADW#21 La Veille à l’heure des médias sociauxADW#21 La Veille à l’heure des médias sociaux
ADW#21 La Veille à l’heure des médias sociauxAtlantic 2.0
 
Rapport crédit agricole erep 25012014 final
Rapport crédit agricole erep 25012014 finalRapport crédit agricole erep 25012014 final
Rapport crédit agricole erep 25012014 finalRenaud Bourasset
 
Spotter Presentation 2009 : anticipez les situations sensibles ...
Spotter Presentation 2009 : anticipez les situations sensibles ...Spotter Presentation 2009 : anticipez les situations sensibles ...
Spotter Presentation 2009 : anticipez les situations sensibles ...Arnaud VELTEN (BUSINESS COMMANDO)
 
La geolocalisation: Etat de la situation dec 2013
La geolocalisation: Etat de la situation dec 2013La geolocalisation: Etat de la situation dec 2013
La geolocalisation: Etat de la situation dec 2013Bionopsys
 
Diffuser La Veille
Diffuser La VeilleDiffuser La Veille
Diffuser La VeilleThomas Chaimbault-Petitjean
 
Rapport etonnement Gfaure
Rapport etonnement GfaureRapport etonnement Gfaure
Rapport etonnement GfaureStéphane VINCENT
 
Orangina : les retombées du buzz analysées par Dynvibe
Orangina : les retombées du buzz analysées par DynvibeOrangina : les retombées du buzz analysées par Dynvibe
Orangina : les retombées du buzz analysées par DynvibePetit Web
 
La Veille sur Internet
La Veille sur InternetLa Veille sur Internet
La Veille sur InternetSemaweb
 

Recommended

ADW#21 La Veille à l’heure des médias sociaux
ADW#21 La Veille à l’heure des médias sociauxADW#21 La Veille à l’heure des médias sociaux
ADW#21 La Veille à l’heure des médias sociauxAtlantic 2.0
 
Rapport crédit agricole erep 25012014 final
Rapport crédit agricole erep 25012014 finalRapport crédit agricole erep 25012014 final
Rapport crédit agricole erep 25012014 finalRenaud Bourasset
 
Spotter Presentation 2009 : anticipez les situations sensibles ...
Spotter Presentation 2009 : anticipez les situations sensibles ...Spotter Presentation 2009 : anticipez les situations sensibles ...
Spotter Presentation 2009 : anticipez les situations sensibles ...Arnaud VELTEN (BUSINESS COMMANDO)
 
La geolocalisation: Etat de la situation dec 2013
La geolocalisation: Etat de la situation dec 2013La geolocalisation: Etat de la situation dec 2013
La geolocalisation: Etat de la situation dec 2013Bionopsys
 
Diffuser La Veille
Diffuser La VeilleDiffuser La Veille
Diffuser La VeilleThomas Chaimbault-Petitjean
 
Rapport etonnement Gfaure
Rapport etonnement GfaureRapport etonnement Gfaure
Rapport etonnement GfaureStéphane VINCENT
 
Orangina : les retombées du buzz analysées par Dynvibe
Orangina : les retombées du buzz analysées par DynvibeOrangina : les retombées du buzz analysées par Dynvibe
Orangina : les retombées du buzz analysées par DynvibePetit Web
 
La Veille sur Internet
La Veille sur InternetLa Veille sur Internet
La Veille sur InternetSemaweb
 
La veille, c'est quoi ? Intro
La veille, c'est quoi ? IntroLa veille, c'est quoi ? Intro
La veille, c'est quoi ? Introanne.wiener
 
Introduction à la veille technologique S1E01
Introduction à la veille technologique S1E01Introduction à la veille technologique S1E01
Introduction à la veille technologique S1E01Alain Marois
 
Automatiser la diffusion de sa veille pole documentation.fr
Automatiser la diffusion de sa veille pole documentation.frAutomatiser la diffusion de sa veille pole documentation.fr
Automatiser la diffusion de sa veille pole documentation.frPoleDocumentation.fr
 
Traiter, partager, diffuser et capitaliser sa veille
Traiter, partager, diffuser et capitaliser sa veilleTraiter, partager, diffuser et capitaliser sa veille
Traiter, partager, diffuser et capitaliser sa veilleDujol Lionel
 
Mailchimp : créer des lettres d'information (newsletters) alimentées automati...
Mailchimp : créer des lettres d'information (newsletters) alimentées automati...Mailchimp : créer des lettres d'information (newsletters) alimentées automati...
Mailchimp : créer des lettres d'information (newsletters) alimentées automati...Serge Courrier
 
Diffuser les résultats de la veille avec les outils de "curation" : Scoop.it,...
Diffuser les résultats de la veille avec les outils de "curation" : Scoop.it,...Diffuser les résultats de la veille avec les outils de "curation" : Scoop.it,...
Diffuser les résultats de la veille avec les outils de "curation" : Scoop.it,...URFIST de Rennes
 
RDV des Jeunes Entrepreneurs : veille concurrentielle
RDV des Jeunes Entrepreneurs : veille concurrentielle RDV des Jeunes Entrepreneurs : veille concurrentielle
RDV des Jeunes Entrepreneurs : veille concurrentielle COMPETITIC
 
Mise En Oeuvre Dune Cellule De Veille 2.0 (Linked In)
Mise En Oeuvre Dune Cellule De Veille 2.0 (Linked In)Mise En Oeuvre Dune Cellule De Veille 2.0 (Linked In)
Mise En Oeuvre Dune Cellule De Veille 2.0 (Linked In)Charbel Lahoud
 
I am the Cavalry (The Cavalry Is Us) Sourceconf September 2015
I am the Cavalry (The Cavalry Is Us) Sourceconf September 2015I am the Cavalry (The Cavalry Is Us) Sourceconf September 2015
I am the Cavalry (The Cavalry Is Us) Sourceconf September 2015Claus Cramon Houmann
 
Keynote at the Cyber Security Summit Prague 2015
Keynote at the Cyber Security Summit Prague 2015Keynote at the Cyber Security Summit Prague 2015
Keynote at the Cyber Security Summit Prague 2015Claus Cramon Houmann
 
Keynote Information Security days Luxembourg 2015
Keynote Information Security days Luxembourg 2015Keynote Information Security days Luxembourg 2015
Keynote Information Security days Luxembourg 2015Claus Cramon Houmann
 
Presentation infra and_datacentrre_dialogue_v2
Presentation infra and_datacentrre_dialogue_v2Presentation infra and_datacentrre_dialogue_v2
Presentation infra and_datacentrre_dialogue_v2Claus Cramon Houmann
 
Defending Enterprise IT - beating assymetricality
Defending Enterprise IT - beating assymetricalityDefending Enterprise IT - beating assymetricality
Defending Enterprise IT - beating assymetricalityClaus Cramon Houmann
 
The cavalry is us i tdays-luxembourg 2014.11.20 v1.0
The cavalry is us i tdays-luxembourg 2014.11.20 v1.0The cavalry is us i tdays-luxembourg 2014.11.20 v1.0
The cavalry is us i tdays-luxembourg 2014.11.20 v1.0Claus Cramon Houmann
 
Thought Leader Global 2014 Amsterdam: Taking Security seriously -> Going beyo...
Thought Leader Global 2014 Amsterdam: Taking Security seriously -> Going beyo...Thought Leader Global 2014 Amsterdam: Taking Security seriously -> Going beyo...
Thought Leader Global 2014 Amsterdam: Taking Security seriously -> Going beyo...Claus Cramon Houmann
 
The unspeakable-pitfalls of mobile security
The unspeakable-pitfalls of mobile securityThe unspeakable-pitfalls of mobile security
The unspeakable-pitfalls of mobile securityClaus Cramon Houmann
 
Defensive strategies
Defensive strategiesDefensive strategies
Defensive strategiesClaus Cramon Houmann
 
Mitigating the clicker
Mitigating the clickerMitigating the clicker
Mitigating the clickerClaus Cramon Houmann
 
Css 2013 claushoumann Building comprehensively for IT Security
Css 2013 claushoumann Building comprehensively for IT SecurityCss 2013 claushoumann Building comprehensively for IT Security
Css 2013 claushoumann Building comprehensively for IT SecurityClaus Cramon Houmann
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 

More Related Content

Viewers also liked

La veille, c'est quoi ? Intro
La veille, c'est quoi ? IntroLa veille, c'est quoi ? Intro
La veille, c'est quoi ? Introanne.wiener
 
Introduction à la veille technologique S1E01
Introduction à la veille technologique S1E01Introduction à la veille technologique S1E01
Introduction à la veille technologique S1E01Alain Marois
 
Automatiser la diffusion de sa veille pole documentation.fr
Automatiser la diffusion de sa veille pole documentation.frAutomatiser la diffusion de sa veille pole documentation.fr
Automatiser la diffusion de sa veille pole documentation.frPoleDocumentation.fr
 
Traiter, partager, diffuser et capitaliser sa veille
Traiter, partager, diffuser et capitaliser sa veilleTraiter, partager, diffuser et capitaliser sa veille
Traiter, partager, diffuser et capitaliser sa veilleDujol Lionel
 
Mailchimp : créer des lettres d'information (newsletters) alimentées automati...
Mailchimp : créer des lettres d'information (newsletters) alimentées automati...Mailchimp : créer des lettres d'information (newsletters) alimentées automati...
Mailchimp : créer des lettres d'information (newsletters) alimentées automati...Serge Courrier
 
Diffuser les résultats de la veille avec les outils de "curation" : Scoop.it,...
Diffuser les résultats de la veille avec les outils de "curation" : Scoop.it,...Diffuser les résultats de la veille avec les outils de "curation" : Scoop.it,...
Diffuser les résultats de la veille avec les outils de "curation" : Scoop.it,...URFIST de Rennes
 
RDV des Jeunes Entrepreneurs : veille concurrentielle
RDV des Jeunes Entrepreneurs : veille concurrentielle RDV des Jeunes Entrepreneurs : veille concurrentielle
RDV des Jeunes Entrepreneurs : veille concurrentielle COMPETITIC
 
Mise En Oeuvre Dune Cellule De Veille 2.0 (Linked In)
Mise En Oeuvre Dune Cellule De Veille 2.0 (Linked In)Mise En Oeuvre Dune Cellule De Veille 2.0 (Linked In)
Mise En Oeuvre Dune Cellule De Veille 2.0 (Linked In)Charbel Lahoud
 

Viewers also liked (8)

La veille, c'est quoi ? Intro
La veille, c'est quoi ? IntroLa veille, c'est quoi ? Intro
La veille, c'est quoi ? Intro
 
Introduction à la veille technologique S1E01
Introduction à la veille technologique S1E01Introduction à la veille technologique S1E01
Introduction à la veille technologique S1E01
 
Automatiser la diffusion de sa veille pole documentation.fr
Automatiser la diffusion de sa veille pole documentation.frAutomatiser la diffusion de sa veille pole documentation.fr
Automatiser la diffusion de sa veille pole documentation.fr
 
Traiter, partager, diffuser et capitaliser sa veille
Traiter, partager, diffuser et capitaliser sa veilleTraiter, partager, diffuser et capitaliser sa veille
Traiter, partager, diffuser et capitaliser sa veille
 
Mailchimp : créer des lettres d'information (newsletters) alimentées automati...
Mailchimp : créer des lettres d'information (newsletters) alimentées automati...Mailchimp : créer des lettres d'information (newsletters) alimentées automati...
Mailchimp : créer des lettres d'information (newsletters) alimentées automati...
 
Diffuser les résultats de la veille avec les outils de "curation" : Scoop.it,...
Diffuser les résultats de la veille avec les outils de "curation" : Scoop.it,...Diffuser les résultats de la veille avec les outils de "curation" : Scoop.it,...
Diffuser les résultats de la veille avec les outils de "curation" : Scoop.it,...
 
RDV des Jeunes Entrepreneurs : veille concurrentielle
RDV des Jeunes Entrepreneurs : veille concurrentielle RDV des Jeunes Entrepreneurs : veille concurrentielle
RDV des Jeunes Entrepreneurs : veille concurrentielle
 
Mise En Oeuvre Dune Cellule De Veille 2.0 (Linked In)
Mise En Oeuvre Dune Cellule De Veille 2.0 (Linked In)Mise En Oeuvre Dune Cellule De Veille 2.0 (Linked In)
Mise En Oeuvre Dune Cellule De Veille 2.0 (Linked In)
 

More from Claus Cramon Houmann

I am the Cavalry (The Cavalry Is Us) Sourceconf September 2015
I am the Cavalry (The Cavalry Is Us) Sourceconf September 2015I am the Cavalry (The Cavalry Is Us) Sourceconf September 2015
I am the Cavalry (The Cavalry Is Us) Sourceconf September 2015Claus Cramon Houmann
 
Keynote at the Cyber Security Summit Prague 2015
Keynote at the Cyber Security Summit Prague 2015Keynote at the Cyber Security Summit Prague 2015
Keynote at the Cyber Security Summit Prague 2015Claus Cramon Houmann
 
Keynote Information Security days Luxembourg 2015
Keynote Information Security days Luxembourg 2015Keynote Information Security days Luxembourg 2015
Keynote Information Security days Luxembourg 2015Claus Cramon Houmann
 
Presentation infra and_datacentrre_dialogue_v2
Presentation infra and_datacentrre_dialogue_v2Presentation infra and_datacentrre_dialogue_v2
Presentation infra and_datacentrre_dialogue_v2Claus Cramon Houmann
 
Defending Enterprise IT - beating assymetricality
Defending Enterprise IT - beating assymetricalityDefending Enterprise IT - beating assymetricality
Defending Enterprise IT - beating assymetricalityClaus Cramon Houmann
 
The cavalry is us i tdays-luxembourg 2014.11.20 v1.0
The cavalry is us i tdays-luxembourg 2014.11.20 v1.0The cavalry is us i tdays-luxembourg 2014.11.20 v1.0
The cavalry is us i tdays-luxembourg 2014.11.20 v1.0Claus Cramon Houmann
 
Thought Leader Global 2014 Amsterdam: Taking Security seriously -> Going beyo...
Thought Leader Global 2014 Amsterdam: Taking Security seriously -> Going beyo...Thought Leader Global 2014 Amsterdam: Taking Security seriously -> Going beyo...
Thought Leader Global 2014 Amsterdam: Taking Security seriously -> Going beyo...Claus Cramon Houmann
 
The unspeakable-pitfalls of mobile security
The unspeakable-pitfalls of mobile securityThe unspeakable-pitfalls of mobile security
The unspeakable-pitfalls of mobile securityClaus Cramon Houmann
 
Css 2013 claushoumann Building comprehensively for IT Security
Css 2013 claushoumann Building comprehensively for IT SecurityCss 2013 claushoumann Building comprehensively for IT Security
Css 2013 claushoumann Building comprehensively for IT SecurityClaus Cramon Houmann
 

More from Claus Cramon Houmann (11)

I am the Cavalry (The Cavalry Is Us) Sourceconf September 2015
I am the Cavalry (The Cavalry Is Us) Sourceconf September 2015I am the Cavalry (The Cavalry Is Us) Sourceconf September 2015
I am the Cavalry (The Cavalry Is Us) Sourceconf September 2015
 
Keynote at the Cyber Security Summit Prague 2015
Keynote at the Cyber Security Summit Prague 2015Keynote at the Cyber Security Summit Prague 2015
Keynote at the Cyber Security Summit Prague 2015
 
Keynote Information Security days Luxembourg 2015
Keynote Information Security days Luxembourg 2015Keynote Information Security days Luxembourg 2015
Keynote Information Security days Luxembourg 2015
 
Presentation infra and_datacentrre_dialogue_v2
Presentation infra and_datacentrre_dialogue_v2Presentation infra and_datacentrre_dialogue_v2
Presentation infra and_datacentrre_dialogue_v2
 
Defending Enterprise IT - beating assymetricality
Defending Enterprise IT - beating assymetricalityDefending Enterprise IT - beating assymetricality
Defending Enterprise IT - beating assymetricality
 
The cavalry is us i tdays-luxembourg 2014.11.20 v1.0
The cavalry is us i tdays-luxembourg 2014.11.20 v1.0The cavalry is us i tdays-luxembourg 2014.11.20 v1.0
The cavalry is us i tdays-luxembourg 2014.11.20 v1.0
 
Thought Leader Global 2014 Amsterdam: Taking Security seriously -> Going beyo...
Thought Leader Global 2014 Amsterdam: Taking Security seriously -> Going beyo...Thought Leader Global 2014 Amsterdam: Taking Security seriously -> Going beyo...
Thought Leader Global 2014 Amsterdam: Taking Security seriously -> Going beyo...
 
The unspeakable-pitfalls of mobile security
The unspeakable-pitfalls of mobile securityThe unspeakable-pitfalls of mobile security
The unspeakable-pitfalls of mobile security
 
Defensive strategies
Defensive strategiesDefensive strategies
Defensive strategies
 
Mitigating the clicker
Mitigating the clickerMitigating the clicker
Mitigating the clicker
 
Css 2013 claushoumann Building comprehensively for IT Security
Css 2013 claushoumann Building comprehensively for IT SecurityCss 2013 claushoumann Building comprehensively for IT Security
Css 2013 claushoumann Building comprehensively for IT Security
 

Recently uploaded

How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DaySri Ambati
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 

Recently uploaded (20)

How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 

Nsa spying gem_2013_final

  • 1. Banque Öhman The potential consequences of the NSA (and GHCQ) spying on the mobile enterprise And what you can/should do about it Claus Cramon Houmann 2013-11-14
  • 2. Banque Öhman 2013-11-14 Key take aways: • The known and the ”feared” extents of the NSA spying & others who spy • Spyware exists which can take full control of any mobile device, not to mention laptops • Defend your enterprise with Defense in depth which includes devices outside the perimeter • Make sure you know which data leaves the perimeter • Do your risk assessments and protect against your REAL threats • Consider any data that leaves the perimeter lost 2 Öhman
  • 3. Banque Öhman Why am I here presenting this? • June 6th • ..and since then • Truth has been coming out • That affects us all 3 Öhman 2013-11-14
  • 4. Banque Öhman 2013-11-14 Initial releases from Snowden trove • PRISM, XKEYSCORE, other programs that combined SPY on our lives -> and remove much of our privacy & security – Calls being recorded in the US – private AND corporate – Metadata for all calls and Internet in the US – -> this alone is a quite a risk for companies operating in the US • But THEN started the real revelations that concern any company, worldwide.... 4 Öhman
  • 5. Banque Öhman 2013-11-14 !Collect everything! • It turns out that the NSA&Partners collect everything (almost) – – – – – Your calls Your metadata Your e-mails Your google searches Your banking transactions – Your social media activity • They are intercepting, analyzing and storing almost all Internet traffic. If they cant decrypt it, it just gets stored longer until they can 5 Öhman
  • 6. Banque Öhman !Tailored access! • It’s not enough to just collect and store everything • NSA actively hacks states, companies and private individuals • To make this EASIER they have also weakened an unknown amount of cryptographic standards and tools 6 Öhman 2013-11-14
  • 7. Banque Öhman Red flags – special NSA target areas • • • • • Any bank with a swift code Anyone using encryption Anyone doing anything in the middle east Anything to do with oil or gas (energy) Anyone building security system / Infosec systems 7 Öhman 2013-11-14
  • 8. Banque Öhman But wait...this doesnt affect my company • Raise your hand if you’re thinking this right now 8 Öhman 2013-11-14
  • 9. Banque Öhman My guess • Is that around 25% of people present raised their hands • I hope for 0 • If 25% raised their hands, another 25% didnt – only due to normal classroom psychology 9 Öhman 2013-11-14
  • 10. Banque Öhman 2013-11-14 Why are those raised hands wrong? • Others have the means to exploit cryptographic weaknesses – China, Russia, serious competitors? • The NSA passes information to US Government (and others?), it’s conceivable that information from NSA spying ends up in US corp hands (http://www.zerohedge.com/contributed/2013-10-21/nsabusted-conducting-industrial-espionage-france-mexico-brazilchina-and-all) – This has happened before (echelon anno 2000 in BBC report fx) - Anyone can potentially get at your data! Especially on exposed locations such as mobile devices 10 Öhman
  • 11. Banque Öhman But then...what can we do? • Risk Management – mitigate the risks to acceptable levels • Defense-in-depth: Defend your data, wherever and whenever appropriate. Follow the booming market for innovative tools – eventually someone will find a way to protect smartphones /tablets acceptably. Laptops already protectable • ENCRYPT. EVERYTHING. NOW. • Manage where your data is. Control that policies are followed. • Awareness training & GRC implementation/improvement 11 Öhman 2013-11-14
  • 12. Banque Öhman Defense-in-depth. Isnt is simple and beatiful? 12 Öhman 2013-11-14
  • 13. Banque Öhman 2013-11-14 The future brings.... • European or Global Crypto-standards institute • Advanced malware protection tools (AMP’s), also for phones and tablets • Changes to how NSA spies on US citizens...but how about the rest of us....? • Fortress Europe? Fortress South-america? Fortress Russia? 13 Öhman
  • 14. Banque Öhman 2013-11-14 About me • Claus Cramon Houmann, 38, married to Tina and I have 3 lovely kids • CISSP, ITIL Certified Expert, Prince2 practitioner • You can contact me anytime: – Skype: Claushj0707 – Twitter: @claushoumann • Sources used: – Richard Stiennon’s presentation: ”How the surveillance state is changing IT security forever” – Tidbits from @mikko’s TEDx presentation recently 14 Öhman