SlideShare a Scribd company logo

Effective Cyber Security: Successful Approaches and Experiences

InnoTech
InnoTech

Presented at the 2012 InnoTech San Antonio by Phil Marasco

Technology
1 of 19
ISON Effective Cyber security: Successful approaches and experiences April 5, 2012 Presenter Phil Marasco
Agenda • Continuing Trends • New Elements • Defensive Techniques • Scaling to “X” • Questions
Recent News 60 Minutes did a story on the first known control system attack Source: CBSnews.com
Last Week’s News Rock Center did a story on a Trojan used to steal money Source: MSNBC.MSN.com
FBI says we are behind Executive Assistant Director of the FBI thinks criminals are ahead.
Identity trading is rampant Stolen credit cards are sold in large lots for prices as low as $.40 to $10 depending on interval and method used to collect the information. Personal Identity information commands $25 to $50 (depending on quality).
Unpatched exploits on sale Source: Forbes.com
Internal vs. External • Historical threats • Us vs. them • Inbound Only (except for “inside jobs”) • Advanced Persistent Threats • Blended attacks/RSA • SPAM/Phishing
New Frontiers • Small Business is expanding online • Offering Online “Experiences” • Member-Only Areas • Monetize Social Media • Group-on Discounts • Gift Cards
New Dangers • Web sites that store your data • Financial Risks • Personal Information Leakage • Internal Threats • Zombies • FBI and the DNSChanger scam • Brand Exposure (and explosion)
New SPAM Vectors US Postal Service couldn’t deliver your package American Airlines wants you to get that $19 fare to NY you left behind during your failed web session The National Check Clearing Center says you are about to bounce a check VISA Security department says your credit card has been blocked PAYPAL says you are suspected of illegal activity A gentleman in the Philippines would like you to hold his inheritance check while he travels to the US. A lawyer in Thailand wants to see if you know a guy who died and will handle his $10 million estate.
New Questions • What’s it worth to you? • What can you actually do? • What can be done for me? • How often do I look? In a corporate environment the bigger question is: X vs. 10X vs. 100X
New Personal Tools Identity Monitoring • Epic.org (Electronic Privacy Info Center) • http://www.youhavedownloaded.com/ • https://www.pwnedlist.com/ • http://www.Google.com • http://www.Pipl.com • Donttrack.us
New LEO Tools
What we do • Penetration testing • Network • Application • Physical • Security Awareness • Compliance • Security Practice • Policy lifecycle • Security team augmentation
Who is ISON? • Managed IT Services Firm • Focus on small to medium business • Extension of an organization – With IT personnel – Without IT personnel • 30+ years industry experience
Wrap up • Technical Corporate • Use a patch management process • Implement a secure baseline • Monitor your network • Manage your vulnerabilities • Be careful with remote access • Behaviors • Put security and acceptable use policies in place • Conduct security awareness training regularly • Be careful with your data
Questions?
Thank You! www.ISON.com

Recommended

Cyber security awareness
Cyber security awarenessCyber security awareness
Cyber security awareness
Robin Rafique
 
Do it Best Corp. Techapalooza 2013 Presentation
Do it Best Corp. Techapalooza 2013 PresentationDo it Best Corp. Techapalooza 2013 Presentation
Do it Best Corp. Techapalooza 2013 Presentation
Brian T. O'Hara CISA, CISM, CRISC, CCSP, CISSP
 
State of Cyber Crime in Banking Sector Today: Threats and Solutions
State of Cyber Crime in Banking Sector Today: Threats and SolutionsState of Cyber Crime in Banking Sector Today: Threats and Solutions
State of Cyber Crime in Banking Sector Today: Threats and Solutions
Goutama Bachtiar
 
Insider's Journey Into The Darknet
Insider's Journey Into The DarknetInsider's Journey Into The Darknet
Insider's Journey Into The Darknet
Megan Thudium
 
2015 NOLA_HHM_SE_PP_092015
2015 NOLA_HHM_SE_PP_0920152015 NOLA_HHM_SE_PP_092015
2015 NOLA_HHM_SE_PP_092015
Pete Pouridis
 
Investigating & proving cybercrime
Investigating & proving cybercrimeInvestigating & proving cybercrime
Investigating & proving cybercrime
Jenny Reid
 
NumaanHuq_Hackfest2015
NumaanHuq_Hackfest2015NumaanHuq_Hackfest2015
NumaanHuq_Hackfest2015
Numaan Huq
 
Evil Geniuses: How organized cybercriminals could take over the world
Evil Geniuses: How organized cybercriminals could take over the worldEvil Geniuses: How organized cybercriminals could take over the world
Evil Geniuses: How organized cybercriminals could take over the world
Hillary L
 

Recommended

Cyber security awareness
Cyber security awarenessCyber security awareness
Cyber security awareness
Robin Rafique
 
Do it Best Corp. Techapalooza 2013 Presentation
Do it Best Corp. Techapalooza 2013 PresentationDo it Best Corp. Techapalooza 2013 Presentation
Do it Best Corp. Techapalooza 2013 Presentation
Brian T. O'Hara CISA, CISM, CRISC, CCSP, CISSP
 
State of Cyber Crime in Banking Sector Today: Threats and Solutions
State of Cyber Crime in Banking Sector Today: Threats and SolutionsState of Cyber Crime in Banking Sector Today: Threats and Solutions
State of Cyber Crime in Banking Sector Today: Threats and Solutions
Goutama Bachtiar
 
Insider's Journey Into The Darknet
Insider's Journey Into The DarknetInsider's Journey Into The Darknet
Insider's Journey Into The Darknet
Megan Thudium
 
2015 NOLA_HHM_SE_PP_092015
2015 NOLA_HHM_SE_PP_0920152015 NOLA_HHM_SE_PP_092015
2015 NOLA_HHM_SE_PP_092015
Pete Pouridis
 
Investigating & proving cybercrime
Investigating & proving cybercrimeInvestigating & proving cybercrime
Investigating & proving cybercrime
Jenny Reid
 
NumaanHuq_Hackfest2015
NumaanHuq_Hackfest2015NumaanHuq_Hackfest2015
NumaanHuq_Hackfest2015
Numaan Huq
 
Evil Geniuses: How organized cybercriminals could take over the world
Evil Geniuses: How organized cybercriminals could take over the worldEvil Geniuses: How organized cybercriminals could take over the world
Evil Geniuses: How organized cybercriminals could take over the world
Hillary L
 
TalTech Luncheon Talk on Cybersecurity and Healthcare
TalTech Luncheon Talk on Cybersecurity and HealthcareTalTech Luncheon Talk on Cybersecurity and Healthcare
TalTech Luncheon Talk on Cybersecurity and Healthcare
Eduardo Gonzalez Loumiet, MBA, PMP, CPHIMS
 
Social Engineering 2.0
Social Engineering 2.0Social Engineering 2.0
Social Engineering 2.0
Murray Security Services
 
Judgement Day - Slovakia
Judgement Day - SlovakiaJudgement Day - Slovakia
Judgement Day - Slovakia
OCTF Industry Engagement
 
Health Information Privacy and Security (October 21, 2020)
Health Information Privacy and Security (October 21, 2020)Health Information Privacy and Security (October 21, 2020)
Health Information Privacy and Security (October 21, 2020)
Nawanan Theera-Ampornpunt
 
CRI "Lessons From The Front Lines" March 26th Dublin
CRI "Lessons From The Front Lines" March 26th Dublin CRI "Lessons From The Front Lines" March 26th Dublin
CRI "Lessons From The Front Lines" March 26th Dublin
OCTF Industry Engagement
 
AECF: A Look into Cyber Crime - Doomsday Preppers for the Naked and Afraid
AECF: A Look into Cyber Crime - Doomsday Preppers for the Naked and AfraidAECF: A Look into Cyber Crime - Doomsday Preppers for the Naked and Afraid
AECF: A Look into Cyber Crime - Doomsday Preppers for the Naked and Afraid
Phil Agcaoili
 
Digital Forensics, eDiscovery & Technology Risks for HR Executives
Digital Forensics, eDiscovery & Technology Risks for HR ExecutivesDigital Forensics, eDiscovery & Technology Risks for HR Executives
Digital Forensics, eDiscovery & Technology Risks for HR Executives
The Lorenzi Group
 
Security In A Connected Society
Security In A Connected SocietySecurity In A Connected Society
Security In A Connected Society
CentraComm
 
Digital Law Powerpoint
Digital Law PowerpointDigital Law Powerpoint
Digital Law Powerpoint
lydneat
 
Countering the Cyber Espionage Threat from China
Countering the Cyber Espionage Threat from ChinaCountering the Cyber Espionage Threat from China
Countering the Cyber Espionage Threat from China
Murray Security Services
 
CSS17: Houston - Cyber Threats Today and Tomorrow
CSS17: Houston - Cyber Threats Today and TomorrowCSS17: Houston - Cyber Threats Today and Tomorrow
CSS17: Houston - Cyber Threats Today and Tomorrow
Alert Logic
 
CCIAOR Cyber Security Forum
CCIAOR Cyber Security ForumCCIAOR Cyber Security Forum
CCIAOR Cyber Security Forum
CCIAOR
 
Social engineering
Social engineeringSocial engineering
Social engineering
ankushmohanty
 
Data Breaches. Are you next? What does the data say?
Data Breaches. Are you next? What does the data say? Data Breaches. Are you next? What does the data say?
Data Breaches. Are you next? What does the data say?
Phil Agcaoili
 
Social engineering The Good and Bad
Social engineering The Good and BadSocial engineering The Good and Bad
Social engineering The Good and Bad
Tzar Umang
 
Types Of Computer Crime
Types Of Computer CrimeTypes Of Computer Crime
Types Of Computer Crime
Alexander Zhuravlev
 
Utilizing Internet for Fraud Examination and Investigation
Utilizing Internet for Fraud Examination and InvestigationUtilizing Internet for Fraud Examination and Investigation
Utilizing Internet for Fraud Examination and Investigation
Goutama Bachtiar
 
Internet of things, New Challenges in Cyber Crime
Internet of things, New Challenges in Cyber CrimeInternet of things, New Challenges in Cyber Crime
Internet of things, New Challenges in Cyber Crime
Murray Security Services
 
Unveiling the dark web. The importance of your cybersecurity posture
Unveiling the dark web. The importance of your cybersecurity postureUnveiling the dark web. The importance of your cybersecurity posture
Unveiling the dark web. The importance of your cybersecurity posture
Lourdes Paloma Gimenez
 
Sharon Conheady - Social engineering & social networks (4 novmber Jaarbeurs U...
Sharon Conheady - Social engineering & social networks (4 novmber Jaarbeurs U...Sharon Conheady - Social engineering & social networks (4 novmber Jaarbeurs U...
Sharon Conheady - Social engineering & social networks (4 novmber Jaarbeurs U...
Infosecurity2010
 
CYBER SECURITY FOR LAW FIRMS
CYBER SECURITY FOR LAW FIRMSCYBER SECURITY FOR LAW FIRMS
CYBER SECURITY FOR LAW FIRMS
Scott Suhy
 
Enjoy Safer Technology and Defeat Cyber Criminals
Enjoy Safer Technology and Defeat Cyber CriminalsEnjoy Safer Technology and Defeat Cyber Criminals
Enjoy Safer Technology and Defeat Cyber Criminals
Stephen Cobb
 

More Related Content

What's hot

Sharon Conheady - Social engineering & social networks (4 novmber Jaarbeurs U...
Sharon Conheady - Social engineering & social networks (4 novmber Jaarbeurs U...Sharon Conheady - Social engineering & social networks (4 novmber Jaarbeurs U...
Sharon Conheady - Social engineering & social networks (4 novmber Jaarbeurs U...
Infosecurity2010
 

What's hot (20)

TalTech Luncheon Talk on Cybersecurity and Healthcare
TalTech Luncheon Talk on Cybersecurity and HealthcareTalTech Luncheon Talk on Cybersecurity and Healthcare
TalTech Luncheon Talk on Cybersecurity and Healthcare
 
Social Engineering 2.0
Social Engineering 2.0Social Engineering 2.0
Social Engineering 2.0
 
Judgement Day - Slovakia
Judgement Day - SlovakiaJudgement Day - Slovakia
Judgement Day - Slovakia
 
Health Information Privacy and Security (October 21, 2020)
Health Information Privacy and Security (October 21, 2020)Health Information Privacy and Security (October 21, 2020)
Health Information Privacy and Security (October 21, 2020)
 
CRI "Lessons From The Front Lines" March 26th Dublin
CRI "Lessons From The Front Lines" March 26th Dublin CRI "Lessons From The Front Lines" March 26th Dublin
CRI "Lessons From The Front Lines" March 26th Dublin
 
AECF: A Look into Cyber Crime - Doomsday Preppers for the Naked and Afraid
AECF: A Look into Cyber Crime - Doomsday Preppers for the Naked and AfraidAECF: A Look into Cyber Crime - Doomsday Preppers for the Naked and Afraid
AECF: A Look into Cyber Crime - Doomsday Preppers for the Naked and Afraid
 
Digital Forensics, eDiscovery & Technology Risks for HR Executives
Digital Forensics, eDiscovery & Technology Risks for HR ExecutivesDigital Forensics, eDiscovery & Technology Risks for HR Executives
Digital Forensics, eDiscovery & Technology Risks for HR Executives
 
Security In A Connected Society
Security In A Connected SocietySecurity In A Connected Society
Security In A Connected Society
 
Digital Law Powerpoint
Digital Law PowerpointDigital Law Powerpoint
Digital Law Powerpoint
 
Countering the Cyber Espionage Threat from China
Countering the Cyber Espionage Threat from ChinaCountering the Cyber Espionage Threat from China
Countering the Cyber Espionage Threat from China
 
CSS17: Houston - Cyber Threats Today and Tomorrow
CSS17: Houston - Cyber Threats Today and TomorrowCSS17: Houston - Cyber Threats Today and Tomorrow
CSS17: Houston - Cyber Threats Today and Tomorrow
 
CCIAOR Cyber Security Forum
CCIAOR Cyber Security ForumCCIAOR Cyber Security Forum
CCIAOR Cyber Security Forum
 
Social engineering
Social engineeringSocial engineering
Social engineering
 
Data Breaches. Are you next? What does the data say?
Data Breaches. Are you next? What does the data say? Data Breaches. Are you next? What does the data say?
Data Breaches. Are you next? What does the data say?
 
Social engineering The Good and Bad
Social engineering The Good and BadSocial engineering The Good and Bad
Social engineering The Good and Bad
 
Types Of Computer Crime
Types Of Computer CrimeTypes Of Computer Crime
Types Of Computer Crime
 
Utilizing Internet for Fraud Examination and Investigation
Utilizing Internet for Fraud Examination and InvestigationUtilizing Internet for Fraud Examination and Investigation
Utilizing Internet for Fraud Examination and Investigation
 
Internet of things, New Challenges in Cyber Crime
Internet of things, New Challenges in Cyber CrimeInternet of things, New Challenges in Cyber Crime
Internet of things, New Challenges in Cyber Crime
 
Unveiling the dark web. The importance of your cybersecurity posture
Unveiling the dark web. The importance of your cybersecurity postureUnveiling the dark web. The importance of your cybersecurity posture
Unveiling the dark web. The importance of your cybersecurity posture
 
Sharon Conheady - Social engineering & social networks (4 novmber Jaarbeurs U...
Sharon Conheady - Social engineering & social networks (4 novmber Jaarbeurs U...Sharon Conheady - Social engineering & social networks (4 novmber Jaarbeurs U...
Sharon Conheady - Social engineering & social networks (4 novmber Jaarbeurs U...
 

Similar to Effective Cyber Security: Successful Approaches and Experiences

Digital Forensics 101 – How is it used to protect an Organization’s Data?
Digital Forensics 101 – How is it used to protect an Organization’s Data?Digital Forensics 101 – How is it used to protect an Organization’s Data?
Digital Forensics 101 – How is it used to protect an Organization’s Data?
PECB
 
IT Security in a Scientific Research Environment
IT Security in a Scientific Research EnvironmentIT Security in a Scientific Research Environment
IT Security in a Scientific Research Environment
Nicholas Davis
 
IT Security in a Scientific Research Environment
IT Security in a Scientific Research EnvironmentIT Security in a Scientific Research Environment
IT Security in a Scientific Research Environment
Nicholas Davis
 
Working with law enforcement
Working with law enforcementWorking with law enforcement
Working with law enforcement
Meg Weber
 
Cybercrime and the Developer: How to Start Defending Against the Darker Side...
Cybercrime and the Developer: How to Start Defending Against the Darker Side... Cybercrime and the Developer: How to Start Defending Against the Darker Side...
Cybercrime and the Developer: How to Start Defending Against the Darker Side...
Steve Poole
 

Similar to Effective Cyber Security: Successful Approaches and Experiences (20)

CYBER SECURITY FOR LAW FIRMS
CYBER SECURITY FOR LAW FIRMSCYBER SECURITY FOR LAW FIRMS
CYBER SECURITY FOR LAW FIRMS
 
Enjoy Safer Technology and Defeat Cyber Criminals
Enjoy Safer Technology and Defeat Cyber CriminalsEnjoy Safer Technology and Defeat Cyber Criminals
Enjoy Safer Technology and Defeat Cyber Criminals
 
Shining a Light on Cyber Threats from the Dark Web
Shining a Light on Cyber Threats from the Dark WebShining a Light on Cyber Threats from the Dark Web
Shining a Light on Cyber Threats from the Dark Web
 
Digital Forensics 101 – How is it used to protect an Organization’s Data?
Digital Forensics 101 – How is it used to protect an Organization’s Data?Digital Forensics 101 – How is it used to protect an Organization’s Data?
Digital Forensics 101 – How is it used to protect an Organization’s Data?
 
Data security best practices for risk awareness and mitigation
Data security best practices for risk awareness and mitigationData security best practices for risk awareness and mitigation
Data security best practices for risk awareness and mitigation
 
Cybersecurity for Emergency Managers
Cybersecurity for Emergency ManagersCybersecurity for Emergency Managers
Cybersecurity for Emergency Managers
 
Threat hunting - Every day is hunting season
Threat hunting - Every day is hunting seasonThreat hunting - Every day is hunting season
Threat hunting - Every day is hunting season
 
Hacker risks presentation to ACFE PR Chapter
Hacker risks presentation to ACFE PR ChapterHacker risks presentation to ACFE PR Chapter
Hacker risks presentation to ACFE PR Chapter
 
Webinar cybersecurity presentation-6-2018 (final)
Webinar cybersecurity presentation-6-2018 (final)Webinar cybersecurity presentation-6-2018 (final)
Webinar cybersecurity presentation-6-2018 (final)
 
IT Security in a Scientific Research Environment
IT Security in a Scientific Research EnvironmentIT Security in a Scientific Research Environment
IT Security in a Scientific Research Environment
 
IT Security in a Scientific Research Environment
IT Security in a Scientific Research EnvironmentIT Security in a Scientific Research Environment
IT Security in a Scientific Research Environment
 
Corporate Intelligence: Bridging the security and intelligence community
Corporate Intelligence: Bridging the security and intelligence communityCorporate Intelligence: Bridging the security and intelligence community
Corporate Intelligence: Bridging the security and intelligence community
 
Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...
 
It security in healthcare
It security in healthcareIt security in healthcare
It security in healthcare
 
Managing Your Digital Footprint - 2012 National BDPA Conference Presentation
Managing Your Digital Footprint - 2012 National BDPA Conference PresentationManaging Your Digital Footprint - 2012 National BDPA Conference Presentation
Managing Your Digital Footprint - 2012 National BDPA Conference Presentation
 
Working with law enforcement
Working with law enforcementWorking with law enforcement
Working with law enforcement
 
Using Technology and People to Improve your Threat Resistance and Cyber Security
Using Technology and People to Improve your Threat Resistance and Cyber SecurityUsing Technology and People to Improve your Threat Resistance and Cyber Security
Using Technology and People to Improve your Threat Resistance and Cyber Security
 
Cybercrime and the Developer: How to Start Defending Against the Darker Side...
Cybercrime and the Developer: How to Start Defending Against the Darker Side... Cybercrime and the Developer: How to Start Defending Against the Darker Side...
Cybercrime and the Developer: How to Start Defending Against the Darker Side...
 
Perimeter Security: Why it's no longer enough, and where cybersecurity must a...
Perimeter Security: Why it's no longer enough, and where cybersecurity must a...Perimeter Security: Why it's no longer enough, and where cybersecurity must a...
Perimeter Security: Why it's no longer enough, and where cybersecurity must a...
 
Social Engineering - Human aspects of industrial and economic espionage
Social Engineering - Human aspects of industrial and economic espionageSocial Engineering - Human aspects of industrial and economic espionage
Social Engineering - Human aspects of industrial and economic espionage
 

More from InnoTech

More from InnoTech (20)

"So you want to raise funding and build a team?"
"So you want to raise funding and build a team?""So you want to raise funding and build a team?"
"So you want to raise funding and build a team?"
 
Artificial Intelligence is Maturing
Artificial Intelligence is MaturingArtificial Intelligence is Maturing
Artificial Intelligence is Maturing
 
What is AI without Data?
What is AI without Data?What is AI without Data?
What is AI without Data?
 
Courageous Leadership - When it Matters Most
Courageous Leadership - When it Matters MostCourageous Leadership - When it Matters Most
Courageous Leadership - When it Matters Most
 
The Gathering Storm
The Gathering StormThe Gathering Storm
The Gathering Storm
 
Sql Server tips from the field
Sql Server tips from the fieldSql Server tips from the field
Sql Server tips from the field
 
Quantum Computing and its security implications
Quantum Computing and its security implicationsQuantum Computing and its security implications
Quantum Computing and its security implications
 
Converged Infrastructure
Converged InfrastructureConverged Infrastructure
Converged Infrastructure
 
Making the most out of collaboration with Office 365
Making the most out of collaboration with Office 365Making the most out of collaboration with Office 365
Making the most out of collaboration with Office 365
 
Blockchain use cases and case studies
Blockchain use cases and case studiesBlockchain use cases and case studies
Blockchain use cases and case studies
 
Blockchain: Exploring the Fundamentals and Promising Potential
Blockchain: Exploring the Fundamentals and Promising Potential Blockchain: Exploring the Fundamentals and Promising Potential
Blockchain: Exploring the Fundamentals and Promising Potential
 
Business leaders are engaging labor differently - Is your IT ready?
Business leaders are engaging labor differently - Is your IT ready?Business leaders are engaging labor differently - Is your IT ready?
Business leaders are engaging labor differently - Is your IT ready?
 
AI 3.0: Is it Finally Time for Artificial Intelligence and Sensor Networks to...
AI 3.0: Is it Finally Time for Artificial Intelligence and Sensor Networks to...AI 3.0: Is it Finally Time for Artificial Intelligence and Sensor Networks to...
AI 3.0: Is it Finally Time for Artificial Intelligence and Sensor Networks to...
 
Using Business Intelligence to Bring Your Data to Life
Using Business Intelligence to Bring Your Data to LifeUsing Business Intelligence to Bring Your Data to Life
Using Business Intelligence to Bring Your Data to Life
 
User requirements is a fallacy
User requirements is a fallacyUser requirements is a fallacy
User requirements is a fallacy
 
What I Wish I Knew Before I Signed that Contract - San Antonio
What I Wish I Knew Before I Signed that Contract - San Antonio What I Wish I Knew Before I Signed that Contract - San Antonio
What I Wish I Knew Before I Signed that Contract - San Antonio
 
Disaster Recovery Plan - Quorum
Disaster Recovery Plan - QuorumDisaster Recovery Plan - Quorum
Disaster Recovery Plan - Quorum
 
Share point saturday access services 2015 final 2
Share point saturday access services 2015 final 2Share point saturday access services 2015 final 2
Share point saturday access services 2015 final 2
 
Sp tech festdallas - office 365 groups - planner session
Sp tech festdallas - office 365 groups - planner sessionSp tech festdallas - office 365 groups - planner session
Sp tech festdallas - office 365 groups - planner session
 
Power apps presentation
Power apps presentationPower apps presentation
Power apps presentation
 

Recently uploaded

Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
UiPathCommunity
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Angeliki Cooney
 

Recently uploaded (20)

Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering Developers
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 

Effective Cyber Security: Successful Approaches and Experiences

  • 1. ISON Effective Cyber security: Successful approaches and experiences April 5, 2012 Presenter Phil Marasco
  • 2. Agenda • Continuing Trends • New Elements • Defensive Techniques • Scaling to “X” • Questions
  • 3. Recent News 60 Minutes did a story on the first known control system attack Source: CBSnews.com
  • 4. Last Week’s News Rock Center did a story on a Trojan used to steal money Source: MSNBC.MSN.com
  • 5. FBI says we are behind Executive Assistant Director of the FBI thinks criminals are ahead.
  • 6. Identity trading is rampant Stolen credit cards are sold in large lots for prices as low as $.40 to $10 depending on interval and method used to collect the information. Personal Identity information commands $25 to $50 (depending on quality).
  • 7. Unpatched exploits on sale Source: Forbes.com
  • 8. Internal vs. External • Historical threats • Us vs. them • Inbound Only (except for “inside jobs”) • Advanced Persistent Threats • Blended attacks/RSA • SPAM/Phishing
  • 9. New Frontiers • Small Business is expanding online • Offering Online “Experiences” • Member-Only Areas • Monetize Social Media • Group-on Discounts • Gift Cards
  • 10. New Dangers • Web sites that store your data • Financial Risks • Personal Information Leakage • Internal Threats • Zombies • FBI and the DNSChanger scam • Brand Exposure (and explosion)
  • 11. New SPAM Vectors US Postal Service couldn’t deliver your package American Airlines wants you to get that $19 fare to NY you left behind during your failed web session The National Check Clearing Center says you are about to bounce a check VISA Security department says your credit card has been blocked PAYPAL says you are suspected of illegal activity A gentleman in the Philippines would like you to hold his inheritance check while he travels to the US. A lawyer in Thailand wants to see if you know a guy who died and will handle his $10 million estate.
  • 12. New Questions • What’s it worth to you? • What can you actually do? • What can be done for me? • How often do I look? In a corporate environment the bigger question is: X vs. 10X vs. 100X
  • 13. New Personal Tools Identity Monitoring • Epic.org (Electronic Privacy Info Center) • http://www.youhavedownloaded.com/ • https://www.pwnedlist.com/ • http://www.Google.com • http://www.Pipl.com • Donttrack.us
  • 15. What we do • Penetration testing • Network • Application • Physical • Security Awareness • Compliance • Security Practice • Policy lifecycle • Security team augmentation
  • 16. Who is ISON? • Managed IT Services Firm • Focus on small to medium business • Extension of an organization – With IT personnel – Without IT personnel • 30+ years industry experience
  • 17. Wrap up • Technical Corporate • Use a patch management process • Implement a secure baseline • Monitor your network • Manage your vulnerabilities • Be careful with remote access • Behaviors • Put security and acceptable use policies in place • Conduct security awareness training regularly • Be careful with your data