SlideShare a Scribd company logo

CyberSecurity Newsletter_FINAL

D
djnonstp
1 of 9
Download to read offline
DECEMBER 2012 | QUARTER 3 – ISSUE 2 THE NEW CSC GLOBAL CYBERSECURITY CONSULTING GROUP As you know, Mike Lawrie and Sam Visner directed the creation of a single, global consulting force to become the leading edge of our overall Cybersecurity capabilities around the world. Our goal is to become the most trusted provider of cybersecurity consulting services to the 1000 most important enterprises in the world. To do that, we’ve created a three-prong approach -- Technical Services, Strategic Services, and Project Services-- and we are organizing globally to deliver the efficiencies necessary for success. Our Technical Services team will be comprised of our StrikeForce, and be tasked with growing those capabilities as well as leveraging new technology from VRL to build out additional capabilities to detect and defeat advanced persistent threats. If any global 1000 enterprise has an active event, or wants to understand their technical posture in advance of an event, our StrikeForce team should be their first call. Our Strategic Services team is comprised of the many top strategy consulting groups previously operating within regional or vertical constructs. By pulling them together as a single global force, we will improve the quality of delivery, the efficiency of operations, and the overall risk posture to CSC and our clients. The Strategic Services teams are charged with helping our clients understand their risk posture, and best prepare to manage that risk going forward. Our Project Services are charged with creating highly repeatable cybersecurity consulting offerings that are in direct response to our clients needs. The first of our project services will be a unified Incident Response service. This will provide a single point of contact that can provide, procure, and coordinate all aspects of an enterprise’s response and recovery to an incident. In addition to leveraging our existing forensics and disaster recovery capabilities in other groups, the new IR service will deliver privacy, regulatory, communications, and full business resumption services. Our new goal is to provide the cybersecurity consulting services that the global 1000 enterprises need to succeed, and in so doing create a long-term trusted relationship with these clients that will open the door to additional CSC services that would be appropriate. Overall, we’re working to build something great, that you’ll be proud to work for, what CSC will be proud to promote, and that clients will be proud to have contracted— and we’re just getting started. This is the second of our quarterly newsletters. Please visit Cybersecurity’s C3 site to check out the first edition: https://c3.csc.com/groups/global-cyber- security-and-privacy-consulting-collaboration- portal I encourage you to reach out and meet your global leadership team, the first of which are profiled in this issue. CONTENTS 1 The New CSC Global Cybersecurity Consulting group. 3 CSC Cybersecurity Consulting – Externally Speaking 6 Employee Spotlight 9 Contacts Tom Patterson
2 | P a g e FY13 – Q3 – ISSUE 2 MEET THE GLOBAL LEADERSHIP TEAM Tom Patterson Leads CSC’s Global Cybersecurity Consulting practice, directing team of experts focused on helping clients deploy and operate the most appropriate security countermeasures for their risk, compliance, and business environment. A proven security leader, Tom has been working for three decades on all facets of cybersecurity including: hardware, software, managed services, policy, privacy, threat mitigation, compliance, and governance. Initially trained by the intelligence community, Tom understands both the art and science of security, and is a recognized thought leader in the space with numerous keynote speeches, a well reviewed book, and regular guest expert appearances on television. Tom maintains a Top Secret security clearance with the Government, and is active in the fight to defend critical infrastructure enterprises from all threats, foreign and domestic. In addition to recently keynoting the Counter Intelligence Joint Task Force annual meeting on cyber threats and the Department of Justice’s annual cyber security conference, Tom has served as a Chief Security Officer (CSO) twice (Financial and High Tech sector’s), testified to the US Congress on security, briefed the FDIC, NCIX and US Secret Service on the latest in fraud countermeasures, briefed the White House on Healthcare privacy issues, the entertainment sector (NAB, NATPE) on protecting and monetizing their IP, as well as advising leading companies on PCI, HIPAA, HI--‐TECH, Meaningful Use, and ISO compliance and risk reduction in their business. Throughout his career, Tom has worked on security for a space shuttle launch (STS--‐37), a United Way telethon (9/11), and the launch of an aircraft carrier (CVN73), as well as developing security architectures for the use of mobile and cloud services in the payment ecosystem. Tom has also developed mobile security architectures and cloud security transitions for Fortune 500 companies. Earlier Tom served as the CSO for the team that developed the Internet’s first directory search engine, secure browsers, and certificate authority, and has served in executive security roles for KPMG, Deloitte, IBM and Dell. He currently advises Federal law enforcement on the latest threat and countermeasure activity in his field through his service on several classified Federal Government working groups. Tom is based in CSC’s California offices, and travels frequently on behalf of CSC and our clients around the world. Tom is a frequent guest security expert in the media including CNBC, CNN, and Fox News, blogs frequently on Twitter/TomTalks, and can be reached directly at Tpatterson6@CSC.com . . WHAT IS THIS? For the answer: log onto Cybersecurity Consulting’s C3 site. The first person to email Tom Patterson the correct answer wins a spiffy Joint Chiefs of Staff Pencil, cleverly exfiltrated in Tom’s jacket pocket. Security Factoid: Did you know that Aramco did everything right, and still got p0wned? The attackers realized that in practice, large organizations exempt google search traffic from their IPS/IDS/DLP interrogation, due to the overwhelming impact on performance. So they encrypted their payloads, then modified their headers to look like Google traffic and it was passed right through. Very sneaky. Do you know something cool like this? Share by sending to Michelle Randolph.
3 | P a g e FY13 – Q3 – ISSUE 2 AMERICAS STRATEGIC SERVICES As the leader of Americas Strategic Services, Jeff Fawcett is responsible for strategic project delivery and staff development across the Americas. This also includes the incubation of a US Federal strategic consulting team as well. ASIA/PAC STRATEGIC SERVICES As the leader of Asia/Pac Anthony Cox is responsible for strategic project delivery, cross-border coordination, and staff development across the Asia Pacific region. EUROPE STRATEGIC SERVICES As the leader of Europe Strategic Services, Goswin Eisen is responsible for the strategic project delivery, cross-border coordination, and staff development across Europe. GLOBAL TECHNICAL SERVICES As the leader of Global Technical Services, Stephan Brennan is responsible for global StrikeForce projects and staff (separately from Strategies above), and creation/delivery of new consulting services for Advanced Threat Detection and Advanced Differentiation. GLOBAL STRATEGY As the leader of Global Strategy, Ed Liebig is responsible for the coordination and development of Strategic intellectual property, linkages with CSC's four verticals, and for a tactical expert team that can support our most important clients regardless of geography. GLOBAL PROJECTS As the leader of Global Projects, Mark Rasch is responsible for the creation and execution of our first new project: Incident Response, with the goal of leveraging and augmenting existing resources to make CSC Cybersecurity the top global provider of full scope incident response services to the Global 1000. GLOBAL INTERNAL COMPLIANCE As the leader of Global Internal Compliance, Reg Foulkes is responsible for the ongoing CSC internal efforts to maintain the appropriate privacy and security compliance posture constantly and effectively around the world, to include projects Bluewater and Godwin. GLOBAL PRACTICE MANAGEMENT As the leader of Global Practice Management, Clinton Firth is responsible for maximizing our overall team delivery metrics including staff utilization, inter-company work orders, and regional practice management activities. Who has the most CSC air Miles this year? Log on to Cybersecurity’s C3 site to respond: https://c3.csc.com/groups/glo bal-cyber-security-and- privacy-consulting- collaboration-portal Who has the most hotel nights this year? Log on to Cybersecurity’s C3 site to respond: https://c3.csc.com/groups/glo bal-cyber-security-and- privacy-consulting- collaboration-portal
4 | P a g e FY13 – Q3 – ISSUE 2 EXECUTIVE EXCHANGE WITH THE WOZ At this year’s CSC Executive Exchange, we hosted the top executives of 32 of our most important global clients at Pebble Beach. This year’s topic was “The Age of the Small Device and the Big Cloud”, so you might wonder why Tom Patterson was chosen as CSC’s keynote speaker. The reason, as most security folks know, is that cybersecurity is the critical success factor for the successful use of mobile and cloud in an enterprise! At this year’s event, we brought in the inimitable Steve Wozniak, the creator of the Apple computer. Steve has strong views on the societal benefits of adopting new technologies, and about NOT migrating to the cloud or putting valuable information on mobile devices unless & until they can be deemed secure. After a set up like that on day one, Tom was able to explain how today’s risks are real, how they really apply to ‘normal’ enterprises, and how they can be mitigated in a cost-effective fashion. At the end of the day, a good time was had by all, and everyone (even the Woz) learned a little something that could help them going forward. Tom presented Woz with a Lucite encased Bob’s Big Boy (Google for background), as a gift from the employees of CSC. We’ve already gotten a dozen follow up requests for more security support and an invite to Woz’s house to hack into some of his toys! DATELINE VIRGINIA It's been a busy quarter in the media for cybersecurity and privacy generally, and CSC Cybersecurity Consulting was there. As banks were getting slammed by a DDoS attacks thought to originate from the Middle East and be motivated by a dislike for western brands and the banking system in general, our own Mark Rasch was called to comment on the situation by ABC World News Tonight. While these DDoS attacks were annoying, they did not rise to the histrionic levels proclaimed by some other vendors and the media. DDoS attacks are relatively easy to pull off now (all you need is a credit card), and most large enterprises now have defenses in place to ensure a successful defense (if they don't, please have them call us!) In privacy related news, Walmart recently won a victory under the provisions of the telecommunications law which prohibit sending spam communications in an unsolicited manner. In an article to be published in storefront backtalk, we addressed whether merely providing your telephone number to a Walmart pharmacist constitutes express consent to later received spam text messages from Walmart. While the more Walmart court last week ruled that this was consent, in recent cases Jiffy Lube and Papa John's pizza have been sued for tens of millions of dollars for similar conduct, with Jiffy Lube paying a settlement of over $47 million. We should be able to help our customers navigate their privacy policies to accommodate the collection of data and its use under the telecommunications law. In another article published in Storefront- Backtalk, we discussed a class-action lawsuit filed against several retailers including Apple, eHarmony, Ticketmaster when they collected personal information about customers using their service online. The California law restricts the collection of personal data for consumers who are using credit cards. The statute does not explicitly apply only to brick and mortar stores. The electronic retailers are arguing that the statute does not apply to electronic transactions, while consumers are arguing that it does. At stake here are potentially millions of dollars in fines against electronic retailers that do business in California. Again, we can work with electronic retailers to help them develop policies that comply with this particular California statute. One of the more recent trends we've been looking at is the aggregation in use of medical Mark Rasch Tom Patterson and Steve Wozniak
5 | P a g e FY13 – Q3 – ISSUE 2 information, particularly in the area of "big data." The US medical privacy law, HIPAA allows the use of de-identified information in appropriate circumstances. The allure of big data is that massive amounts of individualized data can be aggregated and analyzed, with information about the trends identified from this big data being shared with subscribers. Big data can help hospitals and other providers understand what is going on at their facilities, but can also be used to help them understand trends between and among other facilities as well. Again, CSC can work with hospitals, universities, researchers, and others to help balance the privacy needs under HIPAA and the genuine utility that can be achieved through big data. DATELINE MUNICH Our team here in Germany consists of about 20 Cybersecurity consultants covering the complete range and depth of Cybersecurity consulting. Mainly driven by our strength in security and project management methodology, we are often a door-opener to new Logos for other CSC teams, also in Austria and Switzerland. We are always looking for new people (experienced and graduates) because we have had very high utilization over the past few years. Therefore, we are also utilizing other CSC security units like Strikeforce, a team from the Netherlands, UK or USA as well as partnering with people from different areas (e.g. CSC India for an SAP "security" managed service). Currently, we are running a PR initiative with the Cyber Demo Center. During the last month we had 3 press events in Germany and Austria including TV interviews, which produces a lot of articles (online and print version) as well as a TV spot. Together with Strikeforce we had an interview for Spiegel (famous German newspaper). On Dec. 5th we will have a speaker slot at an hBITKOM event (an important German IT inter-trade organization) with several hundred information security students and representatives of the companies of this organization. Beside the presentation of our capabilities, we are looking for new colleagues and want to strengthen our network in BITKOM. Major projects today are: • Several security and IAM projects and managed services for Munich Re, the world largest reinsurance company • A Common Criteria evaluation for NATO • Support services for an IAM implementation at State Bank of Hesse • A source code review of a security critical application prior purchase by our client • Development of a blue print of an IAM system for all federal offices in Germany • Safety analysis of an IT system of the German Air Traffic Control Agency • Some small penetration tests together with Strikeforce India • Some small IT security audits based on ISO 27001 The next big thing is answering an RFP from Europe Central Bank regarding design, implementation, pilot and operation of a SIEM solution. Here, we need strong international support because we have no success story and just a few skilled resources in Germany. DATELINE SYDNEY Strategic Services within the Asia-Pacific region offers both a challenging landscape and exciting opportunities. The already well-established team serving Australia has expanded under the leadership of Gabriel d’Eustachio to have representation in most Australian states or What are CIOs asking about Security these days? • Do these threats I read about really relate to ME? • How do I leverage the cloud safely? • What do I do about BYOD mobile? • How do I know if I’ve been compromised? • Can you help get my board and executive team onboard with security? What are they asking you? Log on to Cybersecurity’s C3 site to respond: https://c3.csc.com/groups/glo bal-cyber-security-and- privacy-consulting- collaboration-portal Goswin Eisen Anthony Cox
6 | P a g e FY13 – Q3 – ISSUE 2 territories; so even with travel restrictions, face- to-face contact with our customers is not hindered. Now, with the planned formal expansion to include senior security architects in the team, a very experienced and practical dimension is added to our capability that allows us to take our Payment Card Industry (PCI) experience further, build on our representation of itGRC dashboarding for the broader CyberSecurity organisation and to bake SABSA into our Enterprise Security Roadmap service as a further differentiation in the market. The team boasts a dedicated project manager focused on all the delivery-support activities within engagements; ensuring that project codes have been created appropriately, planning / scheduling of engagements, co-ordinating workshops / meetings / presentations with the clients, and then most importantly ensuring that sign-off and billing takes place. Additionally, our dedicated workforce planner has been instrumental in the minute-by-minute logistics of resource (or work) requests, scheduling, training planning / authorisation, and generally keeping everyone equipped and busy with the help of our in-house Resource Tracker (sometimes a burden for the consultants, but indispensible to our efficient operation). From a business landscape perspective, the Australian market is polarised around Natural Resources, Finance, State and Federal Government and Utilities, with many such organisations having a healthy representation on the G1000. The skills that we have seen resonate with this market are ISO27K, PCI, knowledge of AMI, the federal government ISM, I-RAP, a pragmatic approach to Critical Production Systems (such as SCADA) and a knowledge of e-Health. The team has recently been involved in delivering engagements for Bank of Queensland, Motor Accident Commission in South Australia, Emmantra, BHP Billiton, Commonwealth Bank of Australia (CBA), PowerCor, and GE Finance and further prospects with CBA are looking promising. NEW CUSTOMER Chevron identified their most valuable information resources and labeled those their, “High Value Information Resources (HVIR).” We (CSC Cybersecurity Team) were contracted to support an “Accelerated Awareness Program” to educate these HVIR on how to more effectively protect Chevron’s critical information assets and to help HVIR holders have improved confidence in Chevron’s IT function as stewards of HVIRs. Our task was to draw on CSC’s existing expertise in information protection to develop content for an accelerated awareness training program. As a result, our team is designing a complete training package for Chevron consisting of three deliverables. Each deliverable is built around specific messages, such as cloud security, espionage, mobile security, advanced persistent threat, and others. Each deliverable will be a training package consisting of a PowerPoint briefing, a Camtasia video, and a PDF document to be used as flyers, handouts, door hangers, etc. Thus far these deliverables have been well received by Chevron. We are currently waiting for Chevron to complete their internal review process. We also had a second work order with Chevron. They requested we look over their "strategic plan" (which consisted of a power point deck that outlined some initiatives) and give input for enhancements. We quickly evaluated what turned out to be more of their tactical plan and supplied a document on what areas to include (with suggestions on how to execute) to make the plan more strategic and adoptable from the point of view of the business units. This document was delivered and has also been well received. The next steps were for the Chevron team to discuss the delivered document, make any clarifying distinctions and reconvene for a "round two" review and suggestions from our What are CISOs asking about Security these days? Strategic Services within Our public clients mainly think about that: • IT infrastructure for Homeland Security • Digital identities for passports: security vs. usability • Electronic border control (digital identities, Interpol requests, fingerprint scanner) • IT infrastructure of the German Federal Police in international missions (e.g. GPPT, ISAF, Atalanta) Corporations: • How to move "Cybersecurity" from CISO to CIO/CEO level? • Enterprise wide (IT)risk management, integration security into applications • Security in Social Networks • Cloud Security Mid-range clients: • USB Media Encryption, Mobile Data Protection, Endpoint Security
7 | P a g e FY13 – Q3 – ISSUE 2 team. We are currently waiting for the Chevron team to come back to talk over the original report. MEET A NEW EMPLOYEE CHRISTOPHER WARNER - AMERICAS Christopher Warner is a Business Technology Executive specializing in Information Security, Risk Management, Threat Mitigation, Public Policy and Regulatory Compliance for Fortune 500 businesses. Mr. Warner is a SCADA Systems Expert, Controls Systems Expert, Natural Gas Expert and Smart Grid Expert with several PLC, RTU and Telemetry Devices from multiple vendors. Mr. Warner has worked several multi-million dollar projects across the globe having responsibilities for providing end to end operational security. He is recognized for upgrading and replacing Critical Infrastructure including Energy to First Responder Systems ensuring the data and controls remain secure and in compliance with governing regulations. He has managed and was on the steering committee for large projects in excess of $1 Billion US. He has developed and implemented IT business solutions which reduced operating costs and maintained on-time delivery. Mr. Warner has led Utility & Corporate Roundtable Organizations for technical solutions across multiple states and throughout the world by utilizing his strong background in Solution Integration, Infrastructure Architecture, IT Telecommunications, Cyber Security, IT and Business Risk Management, Threat Mitigation, Electronic Engineering, Manufacturing, Avionics Management and Communications to projects. He holds a MBA, Cum Laude, from the University of Phoenix, Las Vegas Campus and has had to maintain a Secret SCI and other Security Clearances. Mr. Warner has furthered his post-graduate studies at MIT, University of Maryland, SANS Institute, e-Fortress and UNLV. JOE SAVINI - GLOBAL STRIKEFORCE Joe has over 8 years of professional experience in the information security field. His areas of expertise include: Penetration Testing, Social Engineering, Vulnerability Assessments, Security Briefings and Training, Compliance and Audit Preparation, Security Architecture Reviews, Security Policy Management, Environmental Risk Analysis, Incident Response and Intrusion Prevention. During his employment with CSC, Joe has demonstrated his security expertise by filling many different roles including Network Security Engineer, Threat Intelligence Team Leader and in his current role as a Penetration Tester for CSC StrikeForce consulting services team. Prior to his employment with CSC, Joe has held positions in information security for various other industries such as Healthcare and Retail companies in North America. MAX ROCKLIFF – ASIA/PAC Max has been working in the IT industry for the past 26 years, working up through the ranks of technical support, through architecture design in both network, server and desktop and in the past 13 years focusing on information and IT security governance, risk and compliance. Prior to joining CSC, he worked in a variety of industries, with the majority being in the oil and gas, resources area. Max moved from the technically focused architecture and support area to IT and information security in 1999 when he became the Information Security Coordinator at Woodside Energy, after which he spent 6 year with Shell Australia as the Information Security Manager for the Oceania region. Is there someone you would like to see profiled? Send a request to Michelle Randolph for inclusion in upcoming issues!
8 | P a g e FY13 – Q3 – ISSUE 2 Max began his career in the mid-80s after graduating with a bachelor's degree in Electronic Engineering. After transitioning to the information security discipline area, he attained his Masters in Internet Security Management. His work experience has involved developing, implementing and maintaining information security governance risk and compliance aligned with the ISO 27000 standards. Through this he has been heavily involved with risk assessment and risk management, to the point of developing and implementing a risk management methodology and tool set for a financial investment organisation. His roles involved with implementation and compliance management of information security standards has require him to leverage from his technical expertise and experience to liaise and coordinate many of the aspects of security management as well as the more administrative, people and policy focused aspects through liaison with human resources and Boards of Directors, Max also has experience with the Credit Card Industry standard, PCI-DSS (Payment Card Industry - Data Security Standard) and has successfully coordinated the gap assessment and remediation of a point of sales, payment processing company to achieve its initial PCI-DSS certification. PETER REHAEUSSER – EUROPE Peter Rehaeusser is Cybersecurity consultant in Germany and has been with CSC for twelve years. He has a Masters Degree in Information Science and a background in software development and IT infrastructure. Peter’s core competencies are in the Cybersecurity environment, focused on technology aspect, but also cover: Information Security Management, IT security concepts for and audits of complex systems based on the German IT Baseline Protection Manual or ISO 27001, the creation of blueprints, studies and standards, secure software development, security evaluations according to the Common Criteria, operating system and network security, cryptography and electronic signatures. Although Peter has knowledge of several industrial sectors, his primary focus has been in the public sector, where he has served on a variety of international projects that have provided him with a broad range of experiences. The Trustworthy Electronic Long-Term Archiving project is a personal reference for Peter, as are several projects in defense and high-security areas. Peter has designed the German Cybersecurity Demonstration Center, led the implementation and is now one of the key persons of this marketing and PR instrument. He has also developed a Business Plan in for Cybersecurity in Germany for the next three years (Consulting and Managed Security Services), which got approval by the German CEO in spring 2012. Got a topical tidbit? Send it in short form to Michelle Randolph for inclusion in upcoming issues!
9 | P a g e FY13 – Q3 – ISSUE 2 Jeff Fawcett – Americas Strategic Services 3160 Fairview Park Drive Falls Church, Virginia 22042 United States +571. 488.5622 | jfawcett3@csc.com Anthony Cox – ASIA/PAC Strategic Services Level 2B 26 Talavera Road Macquarie Park, NSW 2113 Sydney, Australia +1. 61.2.9034.3129 | acox26@csc.com Goswin Eisen – Europe Strategic Services Sandstraße 7 München, Bavaria D-80335 2 West 2 Germany +49.89.5908-6504 | geisen@csc.com Stephan Brennan – Global Technical Services Level 2B 26 Talavera Road Macquarie Park, NSW 2113 Sydney, Australia +1. 61.2.9034.3133 | sbrennan2@csc.com Ed Liebig – Global Strategy 11404 Buckskin Trail Holly, MI 48442 United States +1.248. 245.3764 | edward.liebig@csc.com Mark Rasch – Global Projects 3160 Fairview Park Drive Falls Church, Virginia 22042 United States +1.301.547.6925 | mrasch2@csc.com Reg Foulkes – Global Internal Compliance 555 Legget Drive Kanata, Ontario K2K 2X3 Suite 800, Tower A Canada +1.613.795.1269 | rfoulkes@csc.com Clinton Firth – Global Practice Management Level 2B 26 Talavera Road Macquarie Park, NSW 2113 Sydney, Australia +1.61.2.9034.2194 | cfirth@csc.com Tom Patterson 777 Mariners Island Boulevard, Suite 660 San Mateo, CA 94404 United States +650. 286.3629 | tpatterson6@csc.com Contact us: http://www.csc.com/cyber security Contact us: http://www.csc.com/cyber security

Recommended

OS17 Brochure
OS17 BrochureOS17 Brochure
OS17 Brochure
Dominic Vogel
 
The VOHO Campaign: An In Depth Analysis
The VOHO Campaign: An In Depth AnalysisThe VOHO Campaign: An In Depth Analysis
The VOHO Campaign: An In Depth Analysis
EMC
 
40 under 40 in cybersecurity. top cyber news magazine
40 under 40 in cybersecurity. top cyber news magazine40 under 40 in cybersecurity. top cyber news magazine
40 under 40 in cybersecurity. top cyber news magazine
Bradford Sims
 
Cyber Security small
Cyber Security smallCyber Security small
Cyber Security small
Henry Worth
 
dcb1203CyberNDI
dcb1203CyberNDIdcb1203CyberNDI
dcb1203CyberNDI
Paul Elliott
 
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)
Sarah Jarvis
 
CDS_2015_PER(1)
CDS_2015_PER(1)CDS_2015_PER(1)
CDS_2015_PER(1)
Syed Faizuddin Alim
 
IDC Best Practices in Private Sector Cyber Security
IDC Best Practices in Private Sector Cyber SecurityIDC Best Practices in Private Sector Cyber Security
IDC Best Practices in Private Sector Cyber Security
inside-BigData.com
 

Recommended

OS17 Brochure
OS17 BrochureOS17 Brochure
OS17 Brochure
Dominic Vogel
 
The VOHO Campaign: An In Depth Analysis
The VOHO Campaign: An In Depth AnalysisThe VOHO Campaign: An In Depth Analysis
The VOHO Campaign: An In Depth Analysis
EMC
 
40 under 40 in cybersecurity. top cyber news magazine
40 under 40 in cybersecurity. top cyber news magazine40 under 40 in cybersecurity. top cyber news magazine
40 under 40 in cybersecurity. top cyber news magazine
Bradford Sims
 
Cyber Security small
Cyber Security smallCyber Security small
Cyber Security small
Henry Worth
 
dcb1203CyberNDI
dcb1203CyberNDIdcb1203CyberNDI
dcb1203CyberNDI
Paul Elliott
 
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)
Sarah Jarvis
 
CDS_2015_PER(1)
CDS_2015_PER(1)CDS_2015_PER(1)
CDS_2015_PER(1)
Syed Faizuddin Alim
 
IDC Best Practices in Private Sector Cyber Security
IDC Best Practices in Private Sector Cyber SecurityIDC Best Practices in Private Sector Cyber Security
IDC Best Practices in Private Sector Cyber Security
inside-BigData.com
 
Adam Palmer: Managing Advanced Cyber Threats for In-House Counsel
Adam Palmer: Managing Advanced Cyber Threats for In-House CounselAdam Palmer: Managing Advanced Cyber Threats for In-House Counsel
Adam Palmer: Managing Advanced Cyber Threats for In-House Counsel
Adam Palmer
 
The ever increasing threat of cyber crime
The ever increasing threat of cyber crimeThe ever increasing threat of cyber crime
The ever increasing threat of cyber crime
Nathan Desfontaines
 
Challenging Insecurity: A Roadmap to Cyber Confidence
Challenging Insecurity: A Roadmap to Cyber ConfidenceChallenging Insecurity: A Roadmap to Cyber Confidence
Challenging Insecurity: A Roadmap to Cyber Confidence
S-RM Risk and Intelligence Consulting
 
August 2017 - Anatomy of a Cyber Attacker
August 2017 - Anatomy of a Cyber AttackerAugust 2017 - Anatomy of a Cyber Attacker
August 2017 - Anatomy of a Cyber Attacker
seadeloitte
 
The Proactive Approach to Cyber Security
The Proactive Approach to Cyber SecurityThe Proactive Approach to Cyber Security
The Proactive Approach to Cyber Security
Nathan Desfontaines
 
Cyber Risk Measurement: what 25 CISOs & CROs plan for 2020
Cyber Risk Measurement: what 25 CISOs & CROs plan for 2020Cyber Risk Measurement: what 25 CISOs & CROs plan for 2020
Cyber Risk Measurement: what 25 CISOs & CROs plan for 2020
Kevin Duffey
 
Bci italy conf 17 10 josh zaroor - black berry athoc presentation sd
Bci italy conf 17 10 josh zaroor - black berry athoc presentation sdBci italy conf 17 10 josh zaroor - black berry athoc presentation sd
Bci italy conf 17 10 josh zaroor - black berry athoc presentation sd
TheBCI
 
Cyber security money men
Cyber security money menCyber security money men
Cyber security money men
giorgiogarrido6
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
seadeloitte
 
CRI-Corporate-Profile (1)
CRI-Corporate-Profile (1)CRI-Corporate-Profile (1)
CRI-Corporate-Profile (1)
OCTF Industry Engagement
 
Cyber Security - Things you need to know
Cyber Security - Things you need to knowCyber Security - Things you need to know
Cyber Security - Things you need to know
Nathan Desfontaines
 
Ask the Experts final
Ask the Experts finalAsk the Experts final
Ask the Experts final
Daren Dunkel
 
December ISSA Meeting Executive Security Presentation
December ISSA Meeting Executive Security PresentationDecember ISSA Meeting Executive Security Presentation
December ISSA Meeting Executive Security Presentation
whmillerjr
 
Why is it getting harder to train the cybersecurity workforce? (ExtendedVersion)
Why is it getting harder to train the cybersecurity workforce? (ExtendedVersion)Why is it getting harder to train the cybersecurity workforce? (ExtendedVersion)
Why is it getting harder to train the cybersecurity workforce? (ExtendedVersion)
Seungjoo Kim
 
In the news
In the newsIn the news
In the news
Rob Wilson
 
Email Security – Everyone is a Target
Email Security – Everyone is a TargetEmail Security – Everyone is a Target
Email Security – Everyone is a Target
Prime Infoserv
 
Vruddha tarihi samruddha bestseller for sexy aging dr. shriniwas kashalikar
Vruddha tarihi samruddha bestseller for sexy aging dr. shriniwas kashalikarVruddha tarihi samruddha bestseller for sexy aging dr. shriniwas kashalikar
Vruddha tarihi samruddha bestseller for sexy aging dr. shriniwas kashalikar
shriniwas kashalikar
 
ATri Paintings
ATri PaintingsATri Paintings
ATri Paintings
trictric
 
REMAL SAHARA Company for Oil and Gas Services
REMAL SAHARA Company for Oil and Gas ServicesREMAL SAHARA Company for Oil and Gas Services
REMAL SAHARA Company for Oil and Gas Services
Mohammed Hammuda
 
Maitria Hotel Sukhumvit 18 - A Chatrium Collection Presentation
Maitria Hotel Sukhumvit 18 - A Chatrium Collection PresentationMaitria Hotel Sukhumvit 18 - A Chatrium Collection Presentation
Maitria Hotel Sukhumvit 18 - A Chatrium Collection Presentation
Chatrium Hotels & Residences
 
Cloud & Enterprise IT. Hybrid IT, Coexistence Strategies
Cloud & Enterprise IT. Hybrid IT, Coexistence StrategiesCloud & Enterprise IT. Hybrid IT, Coexistence Strategies
Cloud & Enterprise IT. Hybrid IT, Coexistence Strategies
Open Data Center Alliance
 
PROYECTO DE AULA
PROYECTO DE AULAPROYECTO DE AULA
PROYECTO DE AULA
Johana0796
 

More Related Content

What's hot

August 2017 - Anatomy of a Cyber Attacker
August 2017 - Anatomy of a Cyber AttackerAugust 2017 - Anatomy of a Cyber Attacker
August 2017 - Anatomy of a Cyber Attacker
seadeloitte
 
Bci italy conf 17 10 josh zaroor - black berry athoc presentation sd
Bci italy conf 17 10 josh zaroor - black berry athoc presentation sdBci italy conf 17 10 josh zaroor - black berry athoc presentation sd
Bci italy conf 17 10 josh zaroor - black berry athoc presentation sd
TheBCI
 
Cyber Security - Things you need to know
Cyber Security - Things you need to knowCyber Security - Things you need to know
Cyber Security - Things you need to know
Nathan Desfontaines
 
Ask the Experts final
Ask the Experts finalAsk the Experts final
Ask the Experts final
Daren Dunkel
 
Email Security – Everyone is a Target
Email Security – Everyone is a TargetEmail Security – Everyone is a Target
Email Security – Everyone is a Target
Prime Infoserv
 

What's hot (16)

Adam Palmer: Managing Advanced Cyber Threats for In-House Counsel
Adam Palmer: Managing Advanced Cyber Threats for In-House CounselAdam Palmer: Managing Advanced Cyber Threats for In-House Counsel
Adam Palmer: Managing Advanced Cyber Threats for In-House Counsel
 
The ever increasing threat of cyber crime
The ever increasing threat of cyber crimeThe ever increasing threat of cyber crime
The ever increasing threat of cyber crime
 
Challenging Insecurity: A Roadmap to Cyber Confidence
Challenging Insecurity: A Roadmap to Cyber ConfidenceChallenging Insecurity: A Roadmap to Cyber Confidence
Challenging Insecurity: A Roadmap to Cyber Confidence
 
August 2017 - Anatomy of a Cyber Attacker
August 2017 - Anatomy of a Cyber AttackerAugust 2017 - Anatomy of a Cyber Attacker
August 2017 - Anatomy of a Cyber Attacker
 
The Proactive Approach to Cyber Security
The Proactive Approach to Cyber SecurityThe Proactive Approach to Cyber Security
The Proactive Approach to Cyber Security
 
Cyber Risk Measurement: what 25 CISOs & CROs plan for 2020
Cyber Risk Measurement: what 25 CISOs & CROs plan for 2020Cyber Risk Measurement: what 25 CISOs & CROs plan for 2020
Cyber Risk Measurement: what 25 CISOs & CROs plan for 2020
 
Bci italy conf 17 10 josh zaroor - black berry athoc presentation sd
Bci italy conf 17 10 josh zaroor - black berry athoc presentation sdBci italy conf 17 10 josh zaroor - black berry athoc presentation sd
Bci italy conf 17 10 josh zaroor - black berry athoc presentation sd
 
Cyber security money men
Cyber security money menCyber security money men
Cyber security money men
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
 
CRI-Corporate-Profile (1)
CRI-Corporate-Profile (1)CRI-Corporate-Profile (1)
CRI-Corporate-Profile (1)
 
Cyber Security - Things you need to know
Cyber Security - Things you need to knowCyber Security - Things you need to know
Cyber Security - Things you need to know
 
Ask the Experts final
Ask the Experts finalAsk the Experts final
Ask the Experts final
 
December ISSA Meeting Executive Security Presentation
December ISSA Meeting Executive Security PresentationDecember ISSA Meeting Executive Security Presentation
December ISSA Meeting Executive Security Presentation
 
Why is it getting harder to train the cybersecurity workforce? (ExtendedVersion)
Why is it getting harder to train the cybersecurity workforce? (ExtendedVersion)Why is it getting harder to train the cybersecurity workforce? (ExtendedVersion)
Why is it getting harder to train the cybersecurity workforce? (ExtendedVersion)
 
In the news
In the newsIn the news
In the news
 
Email Security – Everyone is a Target
Email Security – Everyone is a TargetEmail Security – Everyone is a Target
Email Security – Everyone is a Target
 

Viewers also liked

Vruddha tarihi samruddha bestseller for sexy aging dr. shriniwas kashalikar
Vruddha tarihi samruddha bestseller for sexy aging dr. shriniwas kashalikarVruddha tarihi samruddha bestseller for sexy aging dr. shriniwas kashalikar
Vruddha tarihi samruddha bestseller for sexy aging dr. shriniwas kashalikar
shriniwas kashalikar
 
REMAL SAHARA Company for Oil and Gas Services
REMAL SAHARA Company for Oil and Gas ServicesREMAL SAHARA Company for Oil and Gas Services
REMAL SAHARA Company for Oil and Gas Services
Mohammed Hammuda
 
Cloud & Enterprise IT. Hybrid IT, Coexistence Strategies
Cloud & Enterprise IT. Hybrid IT, Coexistence StrategiesCloud & Enterprise IT. Hybrid IT, Coexistence Strategies
Cloud & Enterprise IT. Hybrid IT, Coexistence Strategies
Open Data Center Alliance
 
PRESLEY CONSULTING Company Profile
PRESLEY CONSULTING Company ProfilePRESLEY CONSULTING Company Profile
PRESLEY CONSULTING Company Profile
shaqira hanim
 
Republic act no 7836
Republic act no 7836Republic act no 7836
Republic act no 7836
apurado
 

Viewers also liked (16)

Vruddha tarihi samruddha bestseller for sexy aging dr. shriniwas kashalikar
Vruddha tarihi samruddha bestseller for sexy aging dr. shriniwas kashalikarVruddha tarihi samruddha bestseller for sexy aging dr. shriniwas kashalikar
Vruddha tarihi samruddha bestseller for sexy aging dr. shriniwas kashalikar
 
ATri Paintings
ATri PaintingsATri Paintings
ATri Paintings
 
REMAL SAHARA Company for Oil and Gas Services
REMAL SAHARA Company for Oil and Gas ServicesREMAL SAHARA Company for Oil and Gas Services
REMAL SAHARA Company for Oil and Gas Services
 
Maitria Hotel Sukhumvit 18 - A Chatrium Collection Presentation
Maitria Hotel Sukhumvit 18 - A Chatrium Collection PresentationMaitria Hotel Sukhumvit 18 - A Chatrium Collection Presentation
Maitria Hotel Sukhumvit 18 - A Chatrium Collection Presentation
 
Cloud & Enterprise IT. Hybrid IT, Coexistence Strategies
Cloud & Enterprise IT. Hybrid IT, Coexistence StrategiesCloud & Enterprise IT. Hybrid IT, Coexistence Strategies
Cloud & Enterprise IT. Hybrid IT, Coexistence Strategies
 
PROYECTO DE AULA
PROYECTO DE AULAPROYECTO DE AULA
PROYECTO DE AULA
 
Sivajan29c
Sivajan29cSivajan29c
Sivajan29c
 
Range overview
Range overviewRange overview
Range overview
 
PRESLEY CONSULTING Company Profile
PRESLEY CONSULTING Company ProfilePRESLEY CONSULTING Company Profile
PRESLEY CONSULTING Company Profile
 
Latinski alfabet i njegovo poreklo
Latinski alfabet i njegovo porekloLatinski alfabet i njegovo poreklo
Latinski alfabet i njegovo poreklo
 
Laporan Aktivity 2014
Laporan Aktivity 2014Laporan Aktivity 2014
Laporan Aktivity 2014
 
Art deco rug
Art deco rugArt deco rug
Art deco rug
 
Why Should You Eat a Pear a Day?
Why Should You Eat a Pear a Day?Why Should You Eat a Pear a Day?
Why Should You Eat a Pear a Day?
 
Republic act no 7836
Republic act no 7836Republic act no 7836
Republic act no 7836
 
Automation Data
Automation DataAutomation Data
Automation Data
 
Arteast_catalog
Arteast_catalogArteast_catalog
Arteast_catalog
 

Similar to CyberSecurity Newsletter_FINAL

A CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk ManagementA CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk Management
Daren Dunkel
 
Cybersecurity Marketing
Cybersecurity MarketingCybersecurity Marketing
Cybersecurity Marketing
Alex Weishaupt
 
Industrial Control Cyber Security Europe 2015
Industrial Control Cyber Security Europe 2015 Industrial Control Cyber Security Europe 2015
Industrial Control Cyber Security Europe 2015
James Nesbitt
 
Cyber security basics for law firms
Cyber security basics for law firmsCyber security basics for law firms
Cyber security basics for law firms
Robert Westmacott
 
CIO Digest_July 2013 Issue
CIO Digest_July 2013 IssueCIO Digest_July 2013 Issue
CIO Digest_July 2013 Issue
Patrick Spencer
 

Similar to CyberSecurity Newsletter_FINAL (20)

Untitled document.otd
Untitled document.otdUntitled document.otd
Untitled document.otd
 
CSCSS / DEFENCE INTELLIGENCE GROUP
CSCSS / DEFENCE INTELLIGENCE GROUPCSCSS / DEFENCE INTELLIGENCE GROUP
CSCSS / DEFENCE INTELLIGENCE GROUP
 
A CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk ManagementA CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk Management
 
Cybersecurity Marketing
Cybersecurity MarketingCybersecurity Marketing
Cybersecurity Marketing
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security Governance
 
Industrial Control Cyber Security Europe 2015
Industrial Control Cyber Security Europe 2015 Industrial Control Cyber Security Europe 2015
Industrial Control Cyber Security Europe 2015
 
NUS-ISS Learning Day 2019-Architecting security in the digital age
NUS-ISS Learning Day 2019-Architecting security in the digital ageNUS-ISS Learning Day 2019-Architecting security in the digital age
NUS-ISS Learning Day 2019-Architecting security in the digital age
 
Webinar - How to Become a Cyber-threat Intelligence Analyst
Webinar - How to Become a Cyber-threat Intelligence AnalystWebinar - How to Become a Cyber-threat Intelligence Analyst
Webinar - How to Become a Cyber-threat Intelligence Analyst
 
The 10 best performing cloud solution providers 2018
The 10 best performing cloud solution providers 2018The 10 best performing cloud solution providers 2018
The 10 best performing cloud solution providers 2018
 
Industrial Control Security USA Sacramento California Oct 6/7
Industrial Control Security USA Sacramento California Oct 6/7Industrial Control Security USA Sacramento California Oct 6/7
Industrial Control Security USA Sacramento California Oct 6/7
 
Transforming Information Security: Designing a State-of-the-Art Extended Team
Transforming Information Security: Designing a State-of-the-Art Extended TeamTransforming Information Security: Designing a State-of-the-Art Extended Team
Transforming Information Security: Designing a State-of-the-Art Extended Team
 
Top Cyber News Magazine - Oct 2022
Top Cyber News Magazine - Oct 2022Top Cyber News Magazine - Oct 2022
Top Cyber News Magazine - Oct 2022
 
The 10 Most Influential People in Cyber Security, 2023.pdf
The 10 Most Influential People in Cyber Security, 2023.pdfThe 10 Most Influential People in Cyber Security, 2023.pdf
The 10 Most Influential People in Cyber Security, 2023.pdf
 
Cyber security basics for law firms
Cyber security basics for law firmsCyber security basics for law firms
Cyber security basics for law firms
 
Challenges for the Next Generation of Cybersecurity Professionals - Matthew R...
Challenges for the Next Generation of Cybersecurity Professionals - Matthew R...Challenges for the Next Generation of Cybersecurity Professionals - Matthew R...
Challenges for the Next Generation of Cybersecurity Professionals - Matthew R...
 
The top cybersecurity challenges post-lockdow
The top cybersecurity challenges post-lockdowThe top cybersecurity challenges post-lockdow
The top cybersecurity challenges post-lockdow
 
Navigating COVID's Impact on the Financial Services Industry
Navigating COVID's Impact on the Financial Services IndustryNavigating COVID's Impact on the Financial Services Industry
Navigating COVID's Impact on the Financial Services Industry
 
Laying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
Laying the Foundation: The Need for Cybersecurity in U.S. ManufacturingLaying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
Laying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
 
CIO Digest_July 2013 Issue
CIO Digest_July 2013 IssueCIO Digest_July 2013 Issue
CIO Digest_July 2013 Issue
 
CRI-Exec-Cyber-Briefings (1)
CRI-Exec-Cyber-Briefings (1)CRI-Exec-Cyber-Briefings (1)
CRI-Exec-Cyber-Briefings (1)
 

CyberSecurity Newsletter_FINAL

  • 1. DECEMBER 2012 | QUARTER 3 – ISSUE 2 THE NEW CSC GLOBAL CYBERSECURITY CONSULTING GROUP As you know, Mike Lawrie and Sam Visner directed the creation of a single, global consulting force to become the leading edge of our overall Cybersecurity capabilities around the world. Our goal is to become the most trusted provider of cybersecurity consulting services to the 1000 most important enterprises in the world. To do that, we’ve created a three-prong approach -- Technical Services, Strategic Services, and Project Services-- and we are organizing globally to deliver the efficiencies necessary for success. Our Technical Services team will be comprised of our StrikeForce, and be tasked with growing those capabilities as well as leveraging new technology from VRL to build out additional capabilities to detect and defeat advanced persistent threats. If any global 1000 enterprise has an active event, or wants to understand their technical posture in advance of an event, our StrikeForce team should be their first call. Our Strategic Services team is comprised of the many top strategy consulting groups previously operating within regional or vertical constructs. By pulling them together as a single global force, we will improve the quality of delivery, the efficiency of operations, and the overall risk posture to CSC and our clients. The Strategic Services teams are charged with helping our clients understand their risk posture, and best prepare to manage that risk going forward. Our Project Services are charged with creating highly repeatable cybersecurity consulting offerings that are in direct response to our clients needs. The first of our project services will be a unified Incident Response service. This will provide a single point of contact that can provide, procure, and coordinate all aspects of an enterprise’s response and recovery to an incident. In addition to leveraging our existing forensics and disaster recovery capabilities in other groups, the new IR service will deliver privacy, regulatory, communications, and full business resumption services. Our new goal is to provide the cybersecurity consulting services that the global 1000 enterprises need to succeed, and in so doing create a long-term trusted relationship with these clients that will open the door to additional CSC services that would be appropriate. Overall, we’re working to build something great, that you’ll be proud to work for, what CSC will be proud to promote, and that clients will be proud to have contracted— and we’re just getting started. This is the second of our quarterly newsletters. Please visit Cybersecurity’s C3 site to check out the first edition: https://c3.csc.com/groups/global-cyber- security-and-privacy-consulting-collaboration- portal I encourage you to reach out and meet your global leadership team, the first of which are profiled in this issue. CONTENTS 1 The New CSC Global Cybersecurity Consulting group. 3 CSC Cybersecurity Consulting – Externally Speaking 6 Employee Spotlight 9 Contacts Tom Patterson
  • 2. 2 | P a g e FY13 – Q3 – ISSUE 2 MEET THE GLOBAL LEADERSHIP TEAM Tom Patterson Leads CSC’s Global Cybersecurity Consulting practice, directing team of experts focused on helping clients deploy and operate the most appropriate security countermeasures for their risk, compliance, and business environment. A proven security leader, Tom has been working for three decades on all facets of cybersecurity including: hardware, software, managed services, policy, privacy, threat mitigation, compliance, and governance. Initially trained by the intelligence community, Tom understands both the art and science of security, and is a recognized thought leader in the space with numerous keynote speeches, a well reviewed book, and regular guest expert appearances on television. Tom maintains a Top Secret security clearance with the Government, and is active in the fight to defend critical infrastructure enterprises from all threats, foreign and domestic. In addition to recently keynoting the Counter Intelligence Joint Task Force annual meeting on cyber threats and the Department of Justice’s annual cyber security conference, Tom has served as a Chief Security Officer (CSO) twice (Financial and High Tech sector’s), testified to the US Congress on security, briefed the FDIC, NCIX and US Secret Service on the latest in fraud countermeasures, briefed the White House on Healthcare privacy issues, the entertainment sector (NAB, NATPE) on protecting and monetizing their IP, as well as advising leading companies on PCI, HIPAA, HI--‐TECH, Meaningful Use, and ISO compliance and risk reduction in their business. Throughout his career, Tom has worked on security for a space shuttle launch (STS--‐37), a United Way telethon (9/11), and the launch of an aircraft carrier (CVN73), as well as developing security architectures for the use of mobile and cloud services in the payment ecosystem. Tom has also developed mobile security architectures and cloud security transitions for Fortune 500 companies. Earlier Tom served as the CSO for the team that developed the Internet’s first directory search engine, secure browsers, and certificate authority, and has served in executive security roles for KPMG, Deloitte, IBM and Dell. He currently advises Federal law enforcement on the latest threat and countermeasure activity in his field through his service on several classified Federal Government working groups. Tom is based in CSC’s California offices, and travels frequently on behalf of CSC and our clients around the world. Tom is a frequent guest security expert in the media including CNBC, CNN, and Fox News, blogs frequently on Twitter/TomTalks, and can be reached directly at Tpatterson6@CSC.com . . WHAT IS THIS? For the answer: log onto Cybersecurity Consulting’s C3 site. The first person to email Tom Patterson the correct answer wins a spiffy Joint Chiefs of Staff Pencil, cleverly exfiltrated in Tom’s jacket pocket. Security Factoid: Did you know that Aramco did everything right, and still got p0wned? The attackers realized that in practice, large organizations exempt google search traffic from their IPS/IDS/DLP interrogation, due to the overwhelming impact on performance. So they encrypted their payloads, then modified their headers to look like Google traffic and it was passed right through. Very sneaky. Do you know something cool like this? Share by sending to Michelle Randolph.
  • 3. 3 | P a g e FY13 – Q3 – ISSUE 2 AMERICAS STRATEGIC SERVICES As the leader of Americas Strategic Services, Jeff Fawcett is responsible for strategic project delivery and staff development across the Americas. This also includes the incubation of a US Federal strategic consulting team as well. ASIA/PAC STRATEGIC SERVICES As the leader of Asia/Pac Anthony Cox is responsible for strategic project delivery, cross-border coordination, and staff development across the Asia Pacific region. EUROPE STRATEGIC SERVICES As the leader of Europe Strategic Services, Goswin Eisen is responsible for the strategic project delivery, cross-border coordination, and staff development across Europe. GLOBAL TECHNICAL SERVICES As the leader of Global Technical Services, Stephan Brennan is responsible for global StrikeForce projects and staff (separately from Strategies above), and creation/delivery of new consulting services for Advanced Threat Detection and Advanced Differentiation. GLOBAL STRATEGY As the leader of Global Strategy, Ed Liebig is responsible for the coordination and development of Strategic intellectual property, linkages with CSC's four verticals, and for a tactical expert team that can support our most important clients regardless of geography. GLOBAL PROJECTS As the leader of Global Projects, Mark Rasch is responsible for the creation and execution of our first new project: Incident Response, with the goal of leveraging and augmenting existing resources to make CSC Cybersecurity the top global provider of full scope incident response services to the Global 1000. GLOBAL INTERNAL COMPLIANCE As the leader of Global Internal Compliance, Reg Foulkes is responsible for the ongoing CSC internal efforts to maintain the appropriate privacy and security compliance posture constantly and effectively around the world, to include projects Bluewater and Godwin. GLOBAL PRACTICE MANAGEMENT As the leader of Global Practice Management, Clinton Firth is responsible for maximizing our overall team delivery metrics including staff utilization, inter-company work orders, and regional practice management activities. Who has the most CSC air Miles this year? Log on to Cybersecurity’s C3 site to respond: https://c3.csc.com/groups/glo bal-cyber-security-and- privacy-consulting- collaboration-portal Who has the most hotel nights this year? Log on to Cybersecurity’s C3 site to respond: https://c3.csc.com/groups/glo bal-cyber-security-and- privacy-consulting- collaboration-portal
  • 4. 4 | P a g e FY13 – Q3 – ISSUE 2 EXECUTIVE EXCHANGE WITH THE WOZ At this year’s CSC Executive Exchange, we hosted the top executives of 32 of our most important global clients at Pebble Beach. This year’s topic was “The Age of the Small Device and the Big Cloud”, so you might wonder why Tom Patterson was chosen as CSC’s keynote speaker. The reason, as most security folks know, is that cybersecurity is the critical success factor for the successful use of mobile and cloud in an enterprise! At this year’s event, we brought in the inimitable Steve Wozniak, the creator of the Apple computer. Steve has strong views on the societal benefits of adopting new technologies, and about NOT migrating to the cloud or putting valuable information on mobile devices unless & until they can be deemed secure. After a set up like that on day one, Tom was able to explain how today’s risks are real, how they really apply to ‘normal’ enterprises, and how they can be mitigated in a cost-effective fashion. At the end of the day, a good time was had by all, and everyone (even the Woz) learned a little something that could help them going forward. Tom presented Woz with a Lucite encased Bob’s Big Boy (Google for background), as a gift from the employees of CSC. We’ve already gotten a dozen follow up requests for more security support and an invite to Woz’s house to hack into some of his toys! DATELINE VIRGINIA It's been a busy quarter in the media for cybersecurity and privacy generally, and CSC Cybersecurity Consulting was there. As banks were getting slammed by a DDoS attacks thought to originate from the Middle East and be motivated by a dislike for western brands and the banking system in general, our own Mark Rasch was called to comment on the situation by ABC World News Tonight. While these DDoS attacks were annoying, they did not rise to the histrionic levels proclaimed by some other vendors and the media. DDoS attacks are relatively easy to pull off now (all you need is a credit card), and most large enterprises now have defenses in place to ensure a successful defense (if they don't, please have them call us!) In privacy related news, Walmart recently won a victory under the provisions of the telecommunications law which prohibit sending spam communications in an unsolicited manner. In an article to be published in storefront backtalk, we addressed whether merely providing your telephone number to a Walmart pharmacist constitutes express consent to later received spam text messages from Walmart. While the more Walmart court last week ruled that this was consent, in recent cases Jiffy Lube and Papa John's pizza have been sued for tens of millions of dollars for similar conduct, with Jiffy Lube paying a settlement of over $47 million. We should be able to help our customers navigate their privacy policies to accommodate the collection of data and its use under the telecommunications law. In another article published in Storefront- Backtalk, we discussed a class-action lawsuit filed against several retailers including Apple, eHarmony, Ticketmaster when they collected personal information about customers using their service online. The California law restricts the collection of personal data for consumers who are using credit cards. The statute does not explicitly apply only to brick and mortar stores. The electronic retailers are arguing that the statute does not apply to electronic transactions, while consumers are arguing that it does. At stake here are potentially millions of dollars in fines against electronic retailers that do business in California. Again, we can work with electronic retailers to help them develop policies that comply with this particular California statute. One of the more recent trends we've been looking at is the aggregation in use of medical Mark Rasch Tom Patterson and Steve Wozniak
  • 5. 5 | P a g e FY13 – Q3 – ISSUE 2 information, particularly in the area of "big data." The US medical privacy law, HIPAA allows the use of de-identified information in appropriate circumstances. The allure of big data is that massive amounts of individualized data can be aggregated and analyzed, with information about the trends identified from this big data being shared with subscribers. Big data can help hospitals and other providers understand what is going on at their facilities, but can also be used to help them understand trends between and among other facilities as well. Again, CSC can work with hospitals, universities, researchers, and others to help balance the privacy needs under HIPAA and the genuine utility that can be achieved through big data. DATELINE MUNICH Our team here in Germany consists of about 20 Cybersecurity consultants covering the complete range and depth of Cybersecurity consulting. Mainly driven by our strength in security and project management methodology, we are often a door-opener to new Logos for other CSC teams, also in Austria and Switzerland. We are always looking for new people (experienced and graduates) because we have had very high utilization over the past few years. Therefore, we are also utilizing other CSC security units like Strikeforce, a team from the Netherlands, UK or USA as well as partnering with people from different areas (e.g. CSC India for an SAP "security" managed service). Currently, we are running a PR initiative with the Cyber Demo Center. During the last month we had 3 press events in Germany and Austria including TV interviews, which produces a lot of articles (online and print version) as well as a TV spot. Together with Strikeforce we had an interview for Spiegel (famous German newspaper). On Dec. 5th we will have a speaker slot at an hBITKOM event (an important German IT inter-trade organization) with several hundred information security students and representatives of the companies of this organization. Beside the presentation of our capabilities, we are looking for new colleagues and want to strengthen our network in BITKOM. Major projects today are: • Several security and IAM projects and managed services for Munich Re, the world largest reinsurance company • A Common Criteria evaluation for NATO • Support services for an IAM implementation at State Bank of Hesse • A source code review of a security critical application prior purchase by our client • Development of a blue print of an IAM system for all federal offices in Germany • Safety analysis of an IT system of the German Air Traffic Control Agency • Some small penetration tests together with Strikeforce India • Some small IT security audits based on ISO 27001 The next big thing is answering an RFP from Europe Central Bank regarding design, implementation, pilot and operation of a SIEM solution. Here, we need strong international support because we have no success story and just a few skilled resources in Germany. DATELINE SYDNEY Strategic Services within the Asia-Pacific region offers both a challenging landscape and exciting opportunities. The already well-established team serving Australia has expanded under the leadership of Gabriel d’Eustachio to have representation in most Australian states or What are CIOs asking about Security these days? • Do these threats I read about really relate to ME? • How do I leverage the cloud safely? • What do I do about BYOD mobile? • How do I know if I’ve been compromised? • Can you help get my board and executive team onboard with security? What are they asking you? Log on to Cybersecurity’s C3 site to respond: https://c3.csc.com/groups/glo bal-cyber-security-and- privacy-consulting- collaboration-portal Goswin Eisen Anthony Cox
  • 6. 6 | P a g e FY13 – Q3 – ISSUE 2 territories; so even with travel restrictions, face- to-face contact with our customers is not hindered. Now, with the planned formal expansion to include senior security architects in the team, a very experienced and practical dimension is added to our capability that allows us to take our Payment Card Industry (PCI) experience further, build on our representation of itGRC dashboarding for the broader CyberSecurity organisation and to bake SABSA into our Enterprise Security Roadmap service as a further differentiation in the market. The team boasts a dedicated project manager focused on all the delivery-support activities within engagements; ensuring that project codes have been created appropriately, planning / scheduling of engagements, co-ordinating workshops / meetings / presentations with the clients, and then most importantly ensuring that sign-off and billing takes place. Additionally, our dedicated workforce planner has been instrumental in the minute-by-minute logistics of resource (or work) requests, scheduling, training planning / authorisation, and generally keeping everyone equipped and busy with the help of our in-house Resource Tracker (sometimes a burden for the consultants, but indispensible to our efficient operation). From a business landscape perspective, the Australian market is polarised around Natural Resources, Finance, State and Federal Government and Utilities, with many such organisations having a healthy representation on the G1000. The skills that we have seen resonate with this market are ISO27K, PCI, knowledge of AMI, the federal government ISM, I-RAP, a pragmatic approach to Critical Production Systems (such as SCADA) and a knowledge of e-Health. The team has recently been involved in delivering engagements for Bank of Queensland, Motor Accident Commission in South Australia, Emmantra, BHP Billiton, Commonwealth Bank of Australia (CBA), PowerCor, and GE Finance and further prospects with CBA are looking promising. NEW CUSTOMER Chevron identified their most valuable information resources and labeled those their, “High Value Information Resources (HVIR).” We (CSC Cybersecurity Team) were contracted to support an “Accelerated Awareness Program” to educate these HVIR on how to more effectively protect Chevron’s critical information assets and to help HVIR holders have improved confidence in Chevron’s IT function as stewards of HVIRs. Our task was to draw on CSC’s existing expertise in information protection to develop content for an accelerated awareness training program. As a result, our team is designing a complete training package for Chevron consisting of three deliverables. Each deliverable is built around specific messages, such as cloud security, espionage, mobile security, advanced persistent threat, and others. Each deliverable will be a training package consisting of a PowerPoint briefing, a Camtasia video, and a PDF document to be used as flyers, handouts, door hangers, etc. Thus far these deliverables have been well received by Chevron. We are currently waiting for Chevron to complete their internal review process. We also had a second work order with Chevron. They requested we look over their "strategic plan" (which consisted of a power point deck that outlined some initiatives) and give input for enhancements. We quickly evaluated what turned out to be more of their tactical plan and supplied a document on what areas to include (with suggestions on how to execute) to make the plan more strategic and adoptable from the point of view of the business units. This document was delivered and has also been well received. The next steps were for the Chevron team to discuss the delivered document, make any clarifying distinctions and reconvene for a "round two" review and suggestions from our What are CISOs asking about Security these days? Strategic Services within Our public clients mainly think about that: • IT infrastructure for Homeland Security • Digital identities for passports: security vs. usability • Electronic border control (digital identities, Interpol requests, fingerprint scanner) • IT infrastructure of the German Federal Police in international missions (e.g. GPPT, ISAF, Atalanta) Corporations: • How to move "Cybersecurity" from CISO to CIO/CEO level? • Enterprise wide (IT)risk management, integration security into applications • Security in Social Networks • Cloud Security Mid-range clients: • USB Media Encryption, Mobile Data Protection, Endpoint Security
  • 7. 7 | P a g e FY13 – Q3 – ISSUE 2 team. We are currently waiting for the Chevron team to come back to talk over the original report. MEET A NEW EMPLOYEE CHRISTOPHER WARNER - AMERICAS Christopher Warner is a Business Technology Executive specializing in Information Security, Risk Management, Threat Mitigation, Public Policy and Regulatory Compliance for Fortune 500 businesses. Mr. Warner is a SCADA Systems Expert, Controls Systems Expert, Natural Gas Expert and Smart Grid Expert with several PLC, RTU and Telemetry Devices from multiple vendors. Mr. Warner has worked several multi-million dollar projects across the globe having responsibilities for providing end to end operational security. He is recognized for upgrading and replacing Critical Infrastructure including Energy to First Responder Systems ensuring the data and controls remain secure and in compliance with governing regulations. He has managed and was on the steering committee for large projects in excess of $1 Billion US. He has developed and implemented IT business solutions which reduced operating costs and maintained on-time delivery. Mr. Warner has led Utility & Corporate Roundtable Organizations for technical solutions across multiple states and throughout the world by utilizing his strong background in Solution Integration, Infrastructure Architecture, IT Telecommunications, Cyber Security, IT and Business Risk Management, Threat Mitigation, Electronic Engineering, Manufacturing, Avionics Management and Communications to projects. He holds a MBA, Cum Laude, from the University of Phoenix, Las Vegas Campus and has had to maintain a Secret SCI and other Security Clearances. Mr. Warner has furthered his post-graduate studies at MIT, University of Maryland, SANS Institute, e-Fortress and UNLV. JOE SAVINI - GLOBAL STRIKEFORCE Joe has over 8 years of professional experience in the information security field. His areas of expertise include: Penetration Testing, Social Engineering, Vulnerability Assessments, Security Briefings and Training, Compliance and Audit Preparation, Security Architecture Reviews, Security Policy Management, Environmental Risk Analysis, Incident Response and Intrusion Prevention. During his employment with CSC, Joe has demonstrated his security expertise by filling many different roles including Network Security Engineer, Threat Intelligence Team Leader and in his current role as a Penetration Tester for CSC StrikeForce consulting services team. Prior to his employment with CSC, Joe has held positions in information security for various other industries such as Healthcare and Retail companies in North America. MAX ROCKLIFF – ASIA/PAC Max has been working in the IT industry for the past 26 years, working up through the ranks of technical support, through architecture design in both network, server and desktop and in the past 13 years focusing on information and IT security governance, risk and compliance. Prior to joining CSC, he worked in a variety of industries, with the majority being in the oil and gas, resources area. Max moved from the technically focused architecture and support area to IT and information security in 1999 when he became the Information Security Coordinator at Woodside Energy, after which he spent 6 year with Shell Australia as the Information Security Manager for the Oceania region. Is there someone you would like to see profiled? Send a request to Michelle Randolph for inclusion in upcoming issues!
  • 8. 8 | P a g e FY13 – Q3 – ISSUE 2 Max began his career in the mid-80s after graduating with a bachelor's degree in Electronic Engineering. After transitioning to the information security discipline area, he attained his Masters in Internet Security Management. His work experience has involved developing, implementing and maintaining information security governance risk and compliance aligned with the ISO 27000 standards. Through this he has been heavily involved with risk assessment and risk management, to the point of developing and implementing a risk management methodology and tool set for a financial investment organisation. His roles involved with implementation and compliance management of information security standards has require him to leverage from his technical expertise and experience to liaise and coordinate many of the aspects of security management as well as the more administrative, people and policy focused aspects through liaison with human resources and Boards of Directors, Max also has experience with the Credit Card Industry standard, PCI-DSS (Payment Card Industry - Data Security Standard) and has successfully coordinated the gap assessment and remediation of a point of sales, payment processing company to achieve its initial PCI-DSS certification. PETER REHAEUSSER – EUROPE Peter Rehaeusser is Cybersecurity consultant in Germany and has been with CSC for twelve years. He has a Masters Degree in Information Science and a background in software development and IT infrastructure. Peter’s core competencies are in the Cybersecurity environment, focused on technology aspect, but also cover: Information Security Management, IT security concepts for and audits of complex systems based on the German IT Baseline Protection Manual or ISO 27001, the creation of blueprints, studies and standards, secure software development, security evaluations according to the Common Criteria, operating system and network security, cryptography and electronic signatures. Although Peter has knowledge of several industrial sectors, his primary focus has been in the public sector, where he has served on a variety of international projects that have provided him with a broad range of experiences. The Trustworthy Electronic Long-Term Archiving project is a personal reference for Peter, as are several projects in defense and high-security areas. Peter has designed the German Cybersecurity Demonstration Center, led the implementation and is now one of the key persons of this marketing and PR instrument. He has also developed a Business Plan in for Cybersecurity in Germany for the next three years (Consulting and Managed Security Services), which got approval by the German CEO in spring 2012. Got a topical tidbit? Send it in short form to Michelle Randolph for inclusion in upcoming issues!
  • 9. 9 | P a g e FY13 – Q3 – ISSUE 2 Jeff Fawcett – Americas Strategic Services 3160 Fairview Park Drive Falls Church, Virginia 22042 United States +571. 488.5622 | jfawcett3@csc.com Anthony Cox – ASIA/PAC Strategic Services Level 2B 26 Talavera Road Macquarie Park, NSW 2113 Sydney, Australia +1. 61.2.9034.3129 | acox26@csc.com Goswin Eisen – Europe Strategic Services Sandstraße 7 München, Bavaria D-80335 2 West 2 Germany +49.89.5908-6504 | geisen@csc.com Stephan Brennan – Global Technical Services Level 2B 26 Talavera Road Macquarie Park, NSW 2113 Sydney, Australia +1. 61.2.9034.3133 | sbrennan2@csc.com Ed Liebig – Global Strategy 11404 Buckskin Trail Holly, MI 48442 United States +1.248. 245.3764 | edward.liebig@csc.com Mark Rasch – Global Projects 3160 Fairview Park Drive Falls Church, Virginia 22042 United States +1.301.547.6925 | mrasch2@csc.com Reg Foulkes – Global Internal Compliance 555 Legget Drive Kanata, Ontario K2K 2X3 Suite 800, Tower A Canada +1.613.795.1269 | rfoulkes@csc.com Clinton Firth – Global Practice Management Level 2B 26 Talavera Road Macquarie Park, NSW 2113 Sydney, Australia +1.61.2.9034.2194 | cfirth@csc.com Tom Patterson 777 Mariners Island Boulevard, Suite 660 San Mateo, CA 94404 United States +650. 286.3629 | tpatterson6@csc.com Contact us: http://www.csc.com/cyber security Contact us: http://www.csc.com/cyber security