Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Microsoft power point closing presentation-greenberg


Published on

  • Be the first to comment

  • Be the first to like this

Microsoft power point closing presentation-greenberg

  1. 1. Los Angeles Security Summit 7 A Great Day of Collaboration, Learning, Networking
  2. 2. ISSA LOS ANGELES  Join Our Community   Twitter: @issala  LinkedIn: ISSA Los Angeles Chapter Networking  Facebook: Information Systems Security Association (ISSA) Los Angeles Chapter  Have drinks with us
  3. 3. ISSA LOS ANGELES  Come to our monthly meetings • Next meeting is June 17 at Taix French Restaurant in Echo Park at 11:30am  We have dinner meetings: July 15 and Sept 16  Holiday Party with OWASP December 16th  Join our CISO Forum  Join us at sporting events
  4. 4. WHAT DID WE LEARN TODAY?  Breaches are Occurring Everywhere in Every Industry  Phishing Attacks are Multiplying and are Now the Preferred Method of Infiltration  How to Build Secure Application Development Environments  Breaches Are Not Discovered for 6-9 Months • Often Discovered by External Source  Some Potential Attacks of the Future
  5. 5. RECENT BREACHES  Anthem: 78.8 million records  Target: 42 million people’s credit or debit information stolen; banks file class-action lawsuit against Target  Home Depot: estimated 56 million credit and debit card numbers  JPMorgan: 76 million households and 7 million small businesses  Carbanak: $1 billion stolen from more than 100 banks in 30 countries  3.9 million users' personal details and sexual preferences
  6. 6. DATA BREACH COSTS  Average Cost of a Data Breach in US Averages $6.5 million, highest in the world  One estimate of the cost to Home Depot is $10 billion by 2020  Cost in Health Care Organizations Could be as much as $363 Per Record
  7. 7. THE TIMES THEY ARE A CHANGIN’  Every Business is Now a Target  Every Medical Device Could be a Target  Every Car Could be a Target  Every Refrigerator Could be a Target  Every Drone Could be an Attacker
  8. 8. AWARENESS OF SECURITY SEEMS TO BE EVERYWHERE!  Boardrooms Now Have Security on their Agendas 80% of the Time  Breaches are a Weekly News Item on Mainstream Media  Cousins Call Us for Advice or to Ask What We Think of the Latest Attack  Congress is Talking About Security
  9. 9. WHAT THE $%#%^%&*?  Old Vulnerabilities Are Still Everywhere • SQL Injection (in the OWASP Top 10 in 2007 and still there!) • 44%of known breaches in 2014 came from vulnerabilities that were between two and four years old1  Patching is Still Problematic  Change Management is not Happening  Configuration Management is Not Happening  Our Mission Critical Information is Not Encrypted 1 HP 2015 Cyber Risk Report
  10. 10. OUR WORKFORCE HAS GONE PHISHING!  Click That Link!  Open That Attachment!  Open That Email From the Unknown Sender  Respond to that “Too Good to be True” Email Scam!  Forward that Funny Attachment to Everyone!  We Love Port 80!!
  11. 11. WHAT’S A GOOD SECURITY LEADER TO DO?!  Go on Tour  Security Awareness Training for Everyone • Address Your Companies Vulnerability Trends • Gamify Your Training • Provide Incentives and Prizes • Please, No Death by PowerPoint  Speak at Division Meetings  Speak at General Staff Meetings
  12. 12. MEET WITH KEY PLAYERS Lunch with all Executives Meet Regularly • With CTO or Head of System Admins • Division Heads • Legal • Risk Compliance Learn to Talk “Businessese”
  13. 13. CREATE AND ENFORCE POLICIES, STANDARDS, AND PROCEDURES  Ensure Standard Image is Created • Is Regularly Updated • Is Regularly Tested • Deployed Everywhere-Especially on Admin Systems  No one Should Be Regularly Logged in with Admin Privileges  Have a Plan and Procedures for Securing Portable Devices and BYOD
  14. 14. BAKE SECURITY INTO THE SDLC  Embrace and Befriend the Head of Application Development  Utilize Static/Dynamic Web App Vulnerability Scanners  Have All Staff in AppDev Take Secure Coding Training  All Project Proposals Must be Reviewed by InfoSec  Work with the PMO
  15. 15. SECURE YOUR PHYSICAL ENVIRONMENT  Does Your Facilities Head Purchase Physical Security Solutions Without InfoSec Involvement or Knowledge?  Are Your Physical Security Access Cards Waaay too Easy to Hack? Most Are!  Do You Know Who Has Access to Your Data Center? Are You Sure?  Can People Leave Your Buildings Carrying Anything They Want?
  16. 16. MONITOR SYSTEMS REGULARLY  Are You Able to Detect Anomalies on Your Networks?  Do You Know if You Have Been Compromised? Probably Not!  Would You be able to Detect Strange Outbound Traffic to, Let’s Say, China or North Korea?  Monitor Unusual Changes in User Behavior  Do You Know if 50 Users All Had Their Accounts Locked After Unsuccessful Login Attempts?
  17. 17. CREATE AND REVIEW REPORTS  Create Remediation Plans After Reviewing Network Vulnerability Scans  Compare Reports From Various Tools: Patch Management, Vulnerability Scanning, Anti-Malware  Follow-up on Remediation Efforts  Rescan and Review Reports  Look for Patterns in Incidents in Your HelpDesk Database
  18. 18. ENFORCE ACCESS MANAGEMENT STANDARDS  Work With HR to Establish Provisioning/ Deprovisioning Procedures  Enforce Process to Approve and Grant Access to Systems  Enforce Deprovisioning Procedures  Periodically Audit Systems Access  Two Factors Required for all Admin Access to Mission Critical Systems
  19. 19. NETWORK AND COLLABORATE  Attend Networking Events  Make New Contacts  Share War Stories and Solutions  Join ISSA, OWASP, ISACA, CSA, HTCIA, etc.  Form New Groups  Look for Meetups  Leave Here Today With at Least 5 New Contacts; Follow-up with them
  20. 20. KEEP LEARNING Webcasts Classes Podcasts Books LinkedIn and Twitter Links Blogs Networking Events and Conferences
  21. 21. HELP PREPARE THE NEXT GENERATION OF SECURITY LEADERS Hire Students Train and Mentor Your Staff Speak at Schools Support Cyber Competitions Help Schools With their Curriculum Teach Security at Schools
  22. 22. MOST IMPORTANTLY!! DRINK AND EAT WITH US…NOW!!!! Food and Drink Next Door in the Vendor Expo Last Chance to Meet with Vendors Last Chance to Enter to Win Raffle Prizes Book Signing Raffle Drawing in 15 Minutes
  23. 23. THANK YOU! To All Our Speakers To All Our Volunteers To My Fellow Board Members To All of You For Joining Us To All Our Vendor Partners To Our Fellow Organizations
  24. 24. THANK YOU! Stay Safe Stay Hungry for Knowledge Believe in Yourself Live Long and Prosper! See You All At Summit 8!