IT and the Need for Regulation, Deepa Saldanha

957 views

Published on

During Heinz College Reunion 2009, alumni gathered for a presentation titled “Transforming Communities: IT, Civic Engagement and Economic Development.” The panel was moderated by Rick Stafford, MSPPM 1972, Heinz College Distinguished Service Professor of Public Policy. Panelists shared examples of their application of policy and technology to advance cities, government and businesses.

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
957
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
2
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

IT and the Need for Regulation, Deepa Saldanha

  1. 1. Transforming Communities: IT, Civic Engagement, and Economic Development - IT and the Need for Regulation October 31, 2009 Deepa Saldanha CISA, CISSP, QSA
  2. 2. Agenda • Technology as the Enabler – the Trust DNA • Threats and Drivers • Observation from the Frontlines • Regulatory Trends • Conclusion 2 Confidential
  3. 3. IT Security 3
  4. 4. Technology as the Enabler 4 Confidential
  5. 5. Can you Trust what you see on your screen?- Phishing In addition to being a phishing page and stealing the individual’s identity, the page automatically forces the user to download what looks to be a software package of Adobe Player. If downloaded and executed, the individual’s computer is Trojaned and joined to a botnet for use in one or more illicit actions. 5 Confidential
  6. 6. Can you Trust what you see on your screen?-More Phishing Citibank_phishing_czech-republic.bmp – Sophisticated phishing attack on Citibank Business cards. If the long URL (to the Czech Republic) doesn’t give away that it is a phishing site, there is little else that would clue in users to avoid submitting their credentials. 6
  7. 7. New Threats www.information-security-resources.com 7
  8. 8. How much is data worth? 8
  9. 9. Breaches as of Today
  10. 10. Major Breaches http://www.privacyrights.org/ar/ChronDataBreaches.htm How many data breaches have been reported in the month of October? 16 10
  11. 11. Verizon Data Breach Statistics 2009 11
  12. 12. Verizon Data Breach Statistics 2009 12
  13. 13. Regulatory Trends A Brief History of 2000- Regulatory Time Present 1970-1980  COPPA  USA Patriot Act 2001  CAN-SPAM Act 1990-2000  FISMA  Sarbanes Oxley (SOX)  CIPA 2002  Basel II  NERC 1200 (2003)  CISP  State Privacy Laws (i.e. 1980-1990  EU Data Protection California SB1386)  HIPAA  Payment Card Industry (PCI)  FDA 21CFR Part 11  FTC Red Flags Rules  C6-Canada  HITECH  GLBA  CIP  Computer Security Act of 1987 13
  14. 14. What’s your Top Priority? Do we need more regulation? 14
  15. 15. Questions? Deepa Saldanha Coalfire Systems, Inc. Senior Security Auditor Deepa.Saldanha@coalfiresystems.com Phone: 206-335-1063 15

×