Raleigh ISSA, profile picture
Uploaded byRaleigh ISSA
PDF, PPTX199 views

2010-05 Real Business, Real Threats! Don't be an Unsuspecting Target

The document discusses the increasing risks posed by malware and inadequate IT security measures in light of the growing use of mobile devices and cloud applications. It emphasizes the importance of valuing data over physical assets and suggests a need for updated security approaches that account for the realities of data security in mobile and social media contexts. The author stresses the necessity of integrating security measures into business processes rather than relying solely on IT departments.

Embed presentation

Download as PDF, PPTX
Patch Upgrade Virus New Version Firewall Rulebase IDS Signatures Regulation Worm
The Growing Malware Threat
Exponential Growth in Malware and Attacks at the Endpoint Minimal Increase In IT Security Software Spending with Little Thought to Likelihood Malware growth IT spend
1. Allow the Assumption That Data is in the Data Center 2. 3. 4. 5. 6. 7.
The fleet of smart phones you have deployed to your sales staff enables them to be more productive, and to work around the clock, but it also jeopardizes your data. With the proliferation of laptops, mobile devices, and USB memory sticks, it is now likely that the majority of your data is no longer under the custody of your IT department. Consider how many copies of emails, PowerPoint presentations, business plans, and other intellectual property are now on devices that are not in your data center.
The Ponemon Institute states that each customer record lost is worth $179. If you look at total cost of loss, you can easily get to the point where you lose your business 3-4 times a day, based on risk analytics! Any risk model which ignores the lifeblood of your business, grossly underestimates your exposure. Any risk model that ignores reality, is worthless.
1. Allow the Assumption That Data is in the Data Center 2. Treating Mobile Devices Based on the Value of the Physical Asset, not the Data on the Physical Device 3. 4. 5. 6. 7.
Many IT departments make the sad mistake of considering replacement value for IT assets when developing risk models (if they have them) •What about all the late nights working on those business plans, board presentations, and patents? •The intellectual property on your laptop is worth much more than the physical device.
Example – What if a Coke bottle is only worth the CRV (recycling value)? What about the contents?
1. Allow the Assumption That Data is in the Data Center 2. Treating Mobile Devices Based on the Value of the Physical Asset, not the Data on the Physical Device 3. Treating Mobile Devices as Desktops 4. 5. 6. 7.
About those Smartphones, Have you considered that they are as powerful as your desktops of 5 years ago? Now let’s consider laptops, USB devices, etc… Can you really afford to have a myopic IT department create a single policy for internal assets as well as for mobile assets? Whether it is laptops or smart phones, sometimes different rules should apply when you change locations.
The days of the M&M Model of Perimeter Defense are behind us. Your approach to security needs to keep up.
• Email "Endpoint . . . solutions are Internet Video now a line of defense . . .” Personal Websites Charles Kolodgy Business Websites Research Director IDC Security Products Program Social Media
1. Allow the Assumption That Data is in the Data Center 2. Treating Mobile Devices based on the Value of the Physical Asset, not the Data on the Physical Device 3. Treating Mobile Devices as Desktops 4. Adoption of Social Media Without Proper Protection 5. 6. 7.
Web 2.0 has brought user interaction to a whole different level. Facebook, Twitter, and other social network platforms allow for collaboration, interaction and exchanges of ideas on a many-to-many. However, aside from being a potential drain on corporate resources, they also jeopardize the integrity of your data, encourage employees to post potentially sensitive data without thinking, and empower a new wave of identity theft based on abuse of trust.
Outside of your marketing department, and PR… WHY are employees on social networks during the day? Facebook is •Email without the controls… •450 million strong… •and zero culture. They are viruses with legs!
1. Allow the Assumption That Data is in the Data Center 2. Treating Mobile Devices based on the Value of the Physical Asset, not the Data on the Physical Device 3. Treating Mobile Devices as Desktops 4. Adoption of Social Media Without Proper Protection 5. Allowing Apple & Google to Become Your IT / QA Department 6. 7.
With the evolution of our work platforms, we rely more and more every day on web based applications, PDFs, and other cloud-based applications What that means, in reality, is that the QA of your working platforms is in the hands of Google, Adobe, Apple, and Microsoft. A breach in the foundation of these platforms means a breach in your business processes.
Intel recently had to mention on their SEC filings that they were part of the 34 companies impacted by Operation Aurora. How is THAT for security as a board level issue? And if you are considering cloud based services, or SaaS solutions, ensure that the infrastructure is secure and robust.
1. Allow the Assumption That Data is in the Data Center 2. Treating Mobile Devices based on the Value of the Physical Asset, not the Data on the Physical Device 3. Treating Mobile Devices as Desktops 4. Adoption of Social Media Without Proper Protection 5. Allowing Apple & Google to Become Your IT / QA Department 6. Focusing on Protection rather than Detection 7.
Who would you rather fight? Stevie Wonder vs. Mohammed Ali Can’t fight what you can’t see… Or Is Protection just slightly more important than Detection?
• • • 9% 2% 34% 22% 23% 4% Doors Locks Alarm Motion detector Dog Gun Windows Fence Monitoring Crime watch Police Insurance Source: “Data @ Risk” by David H. Stelzl
“We had no idea this malware was High getting through.” Probability of Likelihood Occurrence decreases with Detection and Response “We’ve got it covered.” Low Low Impact of Risk High
Only a comprehensive system allows you to take appropriate action, not merely monitor or inform. However, we need to put the decisions in the hands of the business process owner, instead of leaving it with IT.
1. Allow the Assumption that Data is in the Data Center 2. Treating mobile devices based on the value of the physical asset, not the data on the physical device 3. Treating mobile devices as Desktops 4. Adoption of Social Media without proper protection 5. Allowing Apple and Google to become your IT / QA Department 6. Focusing on Protection rather than Detection 7. Assuming everything is OK
How many times have you heard your IT team say “We’re covered… We are compliant”, only to have your expensive external audit firm come in and deliver a scathing report that enumerates thousands of missed items, erroneous configurations, and process violations?
Frankly, what your IT department is losing is credibility… With you, the business owners. But keep in mind… You still must fund the lighthouse!
“Everyone Has a Plan… Until They Get Hit” Michael Tyson Philosopher and Pugilist
•
2010-05 Real Business, Real Threats! Don't be an Unsuspecting Target
2010-05 Real Business, Real Threats! Don't be an Unsuspecting Target
2010-05 Real Business, Real Threats! Don't be an Unsuspecting Target
2010-05 Real Business, Real Threats! Don't be an Unsuspecting Target
2010-05 Real Business, Real Threats! Don't be an Unsuspecting Target
2010-05 Real Business, Real Threats! Don't be an Unsuspecting Target
2010-05 Real Business, Real Threats! Don't be an Unsuspecting Target

More Related Content

PPT
Edith Turuka: Cyber-Security, An Eye Opener to the Society
byHamisi Kibonde
 
PPTX
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...
byRishi Singh
 
PPTX
The Cloud Beckons, But is it Safe?
byLegal Services National Technology Assistance Project (LSNTAP)
 
PDF
State of Cyber: Views from an Industry Insider
byBen Johnson
 
PDF
Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...
bySymantec
 
PDF
Five things I learned about information security
byMajor Hayden
 
PPTX
Jason Samide - State of Security & 2016 Predictions
bycentralohioissa
 
PPTX
Ed McCabe - Putting the Intelligence back in Threat Intelligence
bycentralohioissa
 
Edith Turuka: Cyber-Security, An Eye Opener to the Society
byHamisi Kibonde
 
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...
byRishi Singh
 
The Cloud Beckons, But is it Safe?
byLegal Services National Technology Assistance Project (LSNTAP)
 
State of Cyber: Views from an Industry Insider
byBen Johnson
 
Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...
bySymantec
 
Five things I learned about information security
byMajor Hayden
 
Jason Samide - State of Security & 2016 Predictions
bycentralohioissa
 
Ed McCabe - Putting the Intelligence back in Threat Intelligence
bycentralohioissa
 

What's hot

PPTX
Top 12 Threats to Enterprise
byArgyle Executive Forum
 
PPTX
Physician Office Presentation
byfranbodh
 
PPTX
Top Cybersecurity Challenges Facing Your Business
byNicholas Davis
 
PPTX
Information security awareness training
bySandeep Taileng
 
PPTX
Attack Vectors in Biometric Recognition Systems
byClare Nelson, CISSP, CIPP-E
 
PDF
NUS-ISS Learning Day 2019-Building IoT solutions with the Pi
byNUS-ISS
 
PPT
Information security awareness
byCAS
 
PDF
Building security into the internetofthings
byPrayukth K V
 
PDF
Data-centric Security: Using Information Protection and Control (IPC) Tools t...
byChris Ross
 
PDF
The Cloud Beckons, But is it Safe?
byNTEN
 
PPTX
Cloud Security - Idealware
byIdealware
 
PPTX
PCM Vision 2019 Breakout: IBM | Red Hat
byPCM
 
PPTX
Mind the gap
byRoger Hagedorn
 
PDF
FinalResearch_95752_oliver
byMadison Oliver
 
PPTX
APT & What we can do TODAY
byJames Ryan, CSyP, EA, PMP
 
PDF
Closing the gaps in enterprise data security: A model for 360 degrees protection
byFindWhitePapers
 
PDF
Information security
byVijayananda Mohire
 
PPTX
Security issues and solutions : IoT
byJinia Bhowmik
 
PDF
RSA 2010 Kevin Rowney
bySymantec
 
PDF
Is your data at risk? Why physical security is insufficient for laptop computers
byFindWhitePapers
 
Top 12 Threats to Enterprise
byArgyle Executive Forum
 
Physician Office Presentation
byfranbodh
 
Top Cybersecurity Challenges Facing Your Business
byNicholas Davis
 
Information security awareness training
bySandeep Taileng
 
Attack Vectors in Biometric Recognition Systems
byClare Nelson, CISSP, CIPP-E
 
NUS-ISS Learning Day 2019-Building IoT solutions with the Pi
byNUS-ISS
 
Information security awareness
byCAS
 
Building security into the internetofthings
byPrayukth K V
 
Data-centric Security: Using Information Protection and Control (IPC) Tools t...
byChris Ross
 
The Cloud Beckons, But is it Safe?
byNTEN
 
Cloud Security - Idealware
byIdealware
 
PCM Vision 2019 Breakout: IBM | Red Hat
byPCM
 
Mind the gap
byRoger Hagedorn
 
FinalResearch_95752_oliver
byMadison Oliver
 
APT & What we can do TODAY
byJames Ryan, CSyP, EA, PMP
 
Closing the gaps in enterprise data security: A model for 360 degrees protection
byFindWhitePapers
 
Information security
byVijayananda Mohire
 
Security issues and solutions : IoT
byJinia Bhowmik
 
RSA 2010 Kevin Rowney
bySymantec
 
Is your data at risk? Why physical security is insufficient for laptop computers
byFindWhitePapers
 

Viewers also liked

PDF
Gershwin george-rhapsody-blue-rhapsody-blue-1st-clarinet-pdf-38818
bymarisarodrimar
 
PPTX
Chapter 5
byAlisonjangu
 
PDF
5 "B"
byKarla Polyanna
 
PDF
Gentileza 5"A"
byKarla Polyanna
 
DOCX
SHAIL DESIGN RESUME
byshail shah
 
PPTX
entoprocta filum
byBianca Iqtishodly
 
PPTX
I.T. used in food traceability and food distribution.
bydaraghG
 
DOCX
Coretan2
byayunanda
 
PDF
sewage sludge treatment
bygary5theo
 
PPT
Жилищные программы
byanikey99
 
PPTX
121126 presentatie wonen welzijn zorg update woondomein
byYuen-Kwan
 
PDF
Vospitatel BulDD. Samoprezentatsia
byanikey99
 
PDF
Bileti gtn
byanikey99
 
PDF
Gentileza 4"B"
byKarla Polyanna
 
PPTX
Nina Dorobiala
byNina Dorobiala
 
PDF
Krasnoyarsk christmas070116
byanikey99
 
Gershwin george-rhapsody-blue-rhapsody-blue-1st-clarinet-pdf-38818
bymarisarodrimar
 
Chapter 5
byAlisonjangu
 
5 "B"
byKarla Polyanna
 
Gentileza 5"A"
byKarla Polyanna
 
SHAIL DESIGN RESUME
byshail shah
 
entoprocta filum
byBianca Iqtishodly
 
I.T. used in food traceability and food distribution.
bydaraghG
 
Coretan2
byayunanda
 
sewage sludge treatment
bygary5theo
 
Жилищные программы
byanikey99
 
121126 presentatie wonen welzijn zorg update woondomein
byYuen-Kwan
 
Vospitatel BulDD. Samoprezentatsia
byanikey99
 
Bileti gtn
byanikey99
 
Gentileza 4"B"
byKarla Polyanna
 
Nina Dorobiala
byNina Dorobiala
 
Krasnoyarsk christmas070116
byanikey99
 

Similar to 2010-05 Real Business, Real Threats! Don't be an Unsuspecting Target

PPTX
Data Breach from the Inside Out
byThe Lorenzi Group
 
PDF
3 guiding priciples to improve data security
byKeith Braswell
 
PPTX
Encase cybersecurity alat za proaktivnu kontrolu korporativne it sigurnosti 2
byDamir Delija
 
PDF
White Paper: Mobile Security
byRogers Communications
 
PPTX
SAM05_Barber PW (7-9-15)
byNorm Barber
 
PDF
InformationSecurity_11141
bysraina2
 
PPT
PCTY 2012, IBM Security and Strategy v. Fabio Panada
byIBM Danmark
 
PPTX
Securing Systems - Still Crazy After All These Years
byAdrian Sanabria
 
PDF
Fall2015SecurityShow
byAdam Heller
 
PDF
csxnewsletter
byDominic Vogel
 
PDF
Top 10 IT Security Issues 2011
byRedspin, Inc.
 
PDF
DSS ITSEC CONFERENCE - Lumension Security - Intelligent application whiteli...
byAndris Soroka
 
PDF
Cyber Security, User Interface, and You - Deloitte CIO - WSJ
bySherry Jones
 
PDF
Cyber Security, User Interface, and You - Deloitte CIO - WSJ
bySherry Jones
 
PPTX
2013 Data Protection Maturity Trends: How Do You Compare?
byLumension
 
PDF
Data Security Metricsa Value Based Approach
byFlaskdata.io
 
PDF
Selling Data Security Technology
byFlaskdata.io
 
PPTX
The Perils that PCI brings to Security
byTripwire
 
PPTX
Ulf mattsson webinar jun 7 2012 slideshare version
byUlf Mattsson
 
PDF
Protecting your application investment white paper 0908 2
byLaurie LeBlanc
 
Data Breach from the Inside Out
byThe Lorenzi Group
 
3 guiding priciples to improve data security
byKeith Braswell
 
Encase cybersecurity alat za proaktivnu kontrolu korporativne it sigurnosti 2
byDamir Delija
 
White Paper: Mobile Security
byRogers Communications
 
SAM05_Barber PW (7-9-15)
byNorm Barber
 
InformationSecurity_11141
bysraina2
 
PCTY 2012, IBM Security and Strategy v. Fabio Panada
byIBM Danmark
 
Securing Systems - Still Crazy After All These Years
byAdrian Sanabria
 
Fall2015SecurityShow
byAdam Heller
 
csxnewsletter
byDominic Vogel
 
Top 10 IT Security Issues 2011
byRedspin, Inc.
 
DSS ITSEC CONFERENCE - Lumension Security - Intelligent application whiteli...
byAndris Soroka
 
Cyber Security, User Interface, and You - Deloitte CIO - WSJ
bySherry Jones
 
Cyber Security, User Interface, and You - Deloitte CIO - WSJ
bySherry Jones
 
2013 Data Protection Maturity Trends: How Do You Compare?
byLumension
 
Data Security Metricsa Value Based Approach
byFlaskdata.io
 
Selling Data Security Technology
byFlaskdata.io
 
The Perils that PCI brings to Security
byTripwire
 
Ulf mattsson webinar jun 7 2012 slideshare version
byUlf Mattsson
 
Protecting your application investment white paper 0908 2
byLaurie LeBlanc
 

More from Raleigh ISSA

PDF
Managing privileged account security
byRaleigh ISSA
 
PDF
A10 issa d do s 5-2014
byRaleigh ISSA
 
PPTX
Growing trend of finding2013-11 Growing Trend of Finding Regulatory and Tort ...
byRaleigh ISSA
 
PDF
March 2014 B2B - Breaking into info sec
byRaleigh ISSA
 
PDF
Raleigh issa chapter april meeting - managing a security & privacy governan...
byRaleigh ISSA
 
PDF
Raleigh issa chapter updates-slides-2014-7
byRaleigh ISSA
 
PDF
Raleigh issa chapter updates-slides-2014-9
byRaleigh ISSA
 
PDF
Raleigh issa chapter updates-slides-2014-8
byRaleigh ISSA
 
PDF
April 2014 Raleigh ISSA chapter update slides
byRaleigh ISSA
 
PDF
February 2014 Raleigh Chapter ISSA Board update slides
byRaleigh ISSA
 
PDF
March 2014 Raleigh ISSA chapter update slides
byRaleigh ISSA
 
PDF
2013-07 How to Win with Customers - Keith Pigues
byRaleigh ISSA
 
PDF
2014-01 Raleigh ISSA Chapter Updates January 2014
byRaleigh ISSA
 
PDF
Raleigh issa chapter updates-slides-2014-6
byRaleigh ISSA
 
PPTX
2013-11 Raleigh ISSA Chapter Updates November 2013
byRaleigh ISSA
 
PDF
2013-07 Raleigh ISSA Chapter Updates July 2013
byRaleigh ISSA
 
PPTX
2013-10 Raleigh ISSA Chapter Updates October 2013
byRaleigh ISSA
 
PDF
2013-06 Raleigh ISSA Chapter Updates June 2013
byRaleigh ISSA
 
PPTX
2013-08 Raleigh ISSA Chapter Updates August 2013
byRaleigh ISSA
 
PDF
2013-09 Raleigh ISSA Chapter Updates September 2013
byRaleigh ISSA
 
Managing privileged account security
byRaleigh ISSA
 
A10 issa d do s 5-2014
byRaleigh ISSA
 
Growing trend of finding2013-11 Growing Trend of Finding Regulatory and Tort ...
byRaleigh ISSA
 
March 2014 B2B - Breaking into info sec
byRaleigh ISSA
 
Raleigh issa chapter april meeting - managing a security & privacy governan...
byRaleigh ISSA
 
Raleigh issa chapter updates-slides-2014-7
byRaleigh ISSA
 
Raleigh issa chapter updates-slides-2014-9
byRaleigh ISSA
 
Raleigh issa chapter updates-slides-2014-8
byRaleigh ISSA
 
April 2014 Raleigh ISSA chapter update slides
byRaleigh ISSA
 
February 2014 Raleigh Chapter ISSA Board update slides
byRaleigh ISSA
 
March 2014 Raleigh ISSA chapter update slides
byRaleigh ISSA
 
2013-07 How to Win with Customers - Keith Pigues
byRaleigh ISSA
 
2014-01 Raleigh ISSA Chapter Updates January 2014
byRaleigh ISSA
 
Raleigh issa chapter updates-slides-2014-6
byRaleigh ISSA
 
2013-11 Raleigh ISSA Chapter Updates November 2013
byRaleigh ISSA
 
2013-07 Raleigh ISSA Chapter Updates July 2013
byRaleigh ISSA
 
2013-10 Raleigh ISSA Chapter Updates October 2013
byRaleigh ISSA
 
2013-06 Raleigh ISSA Chapter Updates June 2013
byRaleigh ISSA
 
2013-08 Raleigh ISSA Chapter Updates August 2013
byRaleigh ISSA
 
2013-09 Raleigh ISSA Chapter Updates September 2013
byRaleigh ISSA
 

Recently uploaded

PPTX
Why Most GenAI Projects Fail to Scale and How to Become One of the Success St...
byEarley Information Science
 
PDF
10 Things AI-First Apps Do Differently by iProgrammer Solutions
byiProgrammer Solutions Private Limited
 
PDF
What Is a Private LLM and Why Enterprises Need It
byAivada
 
PDF
Day 3 - Data and Application Security - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
PDF
Workshop on Sustaining & Growing Open Source Communities - GAS2025
bySammy Fung
 
PDF
Internet_of_Things_IoT_for_Next_Generation_Smart_Systems_Utilizing.pdf
byRoshanSyed12
 
PDF
Access Control 2025: From Security Silo to Software-Defined Ecosystem
byMemoori
 
PPTX
Gemini vs ChatGPT : Comparing Top AI Models
byDigicarrom
 
PPTX
Emancipatory Information Retrieval: Radically Reorienting Information Retriev...
byBhaskar Mitra
 
PPTX
From Backup to Resilience: How MSPs Are Preparing for 2026
byMSP360
 
PDF
Real-Time Data Insight Using Microsoft Forms for Business
byElevate
 
PDF
API-First Architecture in Financial Systems
bycyy111112
 
PDF
Data Virtualization in Action: Scaling APIs and Apps with FME
bySafe Software
 
PDF
Unlocking the Power of Salesforce Architecture: Frameworks for Effective Solu...
byvarsha30tiwari
 
PDF
WCAG Analyzer Tools and Techniques for User-Friendly Websites
byAccessibility Analyzer
 
PPTX
wob-report.pptxwob-report.pptxwob-report.pptx
byssuser0d171c
 
PDF
Cross-Cultural Agile Development -Challenges and Strategies for Overcoming Them-
byTakashi Makino
 
PDF
AI Powered Document Processing and Data Extraction
byRobert McDermott
 
PPTX
DYNAMICALLY.pptx good for the teachers or students to do seminars and for tea...
bympoorvika031
 
PPTX
Software Analysis &Design ethiopia chap-2.pptx
byAbbas484771
 
Why Most GenAI Projects Fail to Scale and How to Become One of the Success St...
byEarley Information Science
 
10 Things AI-First Apps Do Differently by iProgrammer Solutions
byiProgrammer Solutions Private Limited
 
What Is a Private LLM and Why Enterprises Need It
byAivada
 
Day 3 - Data and Application Security - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
Workshop on Sustaining & Growing Open Source Communities - GAS2025
bySammy Fung
 
Internet_of_Things_IoT_for_Next_Generation_Smart_Systems_Utilizing.pdf
byRoshanSyed12
 
Access Control 2025: From Security Silo to Software-Defined Ecosystem
byMemoori
 
Gemini vs ChatGPT : Comparing Top AI Models
byDigicarrom
 
Emancipatory Information Retrieval: Radically Reorienting Information Retriev...
byBhaskar Mitra
 
From Backup to Resilience: How MSPs Are Preparing for 2026
byMSP360
 
Real-Time Data Insight Using Microsoft Forms for Business
byElevate
 
API-First Architecture in Financial Systems
bycyy111112
 
Data Virtualization in Action: Scaling APIs and Apps with FME
bySafe Software
 
Unlocking the Power of Salesforce Architecture: Frameworks for Effective Solu...
byvarsha30tiwari
 
WCAG Analyzer Tools and Techniques for User-Friendly Websites
byAccessibility Analyzer
 
wob-report.pptxwob-report.pptxwob-report.pptx
byssuser0d171c
 
Cross-Cultural Agile Development -Challenges and Strategies for Overcoming Them-
byTakashi Makino
 
AI Powered Document Processing and Data Extraction
byRobert McDermott
 
DYNAMICALLY.pptx good for the teachers or students to do seminars and for tea...
bympoorvika031
 
Software Analysis &Design ethiopia chap-2.pptx
byAbbas484771
 

2010-05 Real Business, Real Threats! Don't be an Unsuspecting Target

  • 2.
  • 6.
  • 11.
    Exponential Growth in Malware and Attacks at the Endpoint Minimal Increase In IT Security Software Spending with Little Thought to Likelihood Malware growth IT spend
  • 13.
    1. Allow theAssumption That Data is in the Data Center 2. 3. 4. 5. 6. 7.
  • 14.
    The fleet ofsmart phones you have deployed to your sales staff enables them to be more productive, and to work around the clock, but it also jeopardizes your data. With the proliferation of laptops, mobile devices, and USB memory sticks, it is now likely that the majority of your data is no longer under the custody of your IT department. Consider how many copies of emails, PowerPoint presentations, business plans, and other intellectual property are now on devices that are not in your data center.
  • 15.
    The Ponemon Institutestates that each customer record lost is worth $179. If you look at total cost of loss, you can easily get to the point where you lose your business 3-4 times a day, based on risk analytics! Any risk model which ignores the lifeblood of your business, grossly underestimates your exposure. Any risk model that ignores reality, is worthless.
  • 16.
    1. Allow theAssumption That Data is in the Data Center 2. Treating Mobile Devices Based on the Value of the Physical Asset, not the Data on the Physical Device 3. 4. 5. 6. 7.
  • 17.
    Many IT departmentsmake the sad mistake of considering replacement value for IT assets when developing risk models (if they have them) •What about all the late nights working on those business plans, board presentations, and patents? •The intellectual property on your laptop is worth much more than the physical device.
  • 18.
    Example – What ifa Coke bottle is only worth the CRV (recycling value)? What about the contents?
  • 19.
    1. Allow theAssumption That Data is in the Data Center 2. Treating Mobile Devices Based on the Value of the Physical Asset, not the Data on the Physical Device 3. Treating Mobile Devices as Desktops 4. 5. 6. 7.
  • 20.
    About those Smartphones, Haveyou considered that they are as powerful as your desktops of 5 years ago? Now let’s consider laptops, USB devices, etc… Can you really afford to have a myopic IT department create a single policy for internal assets as well as for mobile assets? Whether it is laptops or smart phones, sometimes different rules should apply when you change locations.
  • 21.
    The days ofthe M&M Model of Perimeter Defense are behind us. Your approach to security needs to keep up.
  • 22.
    Email "Endpoint . . . solutions are Internet Video now a line of defense . . .” Personal Websites Charles Kolodgy Business Websites Research Director IDC Security Products Program Social Media
  • 23.
    1. Allow theAssumption That Data is in the Data Center 2. Treating Mobile Devices based on the Value of the Physical Asset, not the Data on the Physical Device 3. Treating Mobile Devices as Desktops 4. Adoption of Social Media Without Proper Protection 5. 6. 7.
  • 24.
    Web 2.0 hasbrought user interaction to a whole different level. Facebook, Twitter, and other social network platforms allow for collaboration, interaction and exchanges of ideas on a many-to-many. However, aside from being a potential drain on corporate resources, they also jeopardize the integrity of your data, encourage employees to post potentially sensitive data without thinking, and empower a new wave of identity theft based on abuse of trust.
  • 26.
    Outside of yourmarketing department, and PR… WHY are employees on social networks during the day? Facebook is •Email without the controls… •450 million strong… •and zero culture. They are viruses with legs!
  • 27.
    1. Allow theAssumption That Data is in the Data Center 2. Treating Mobile Devices based on the Value of the Physical Asset, not the Data on the Physical Device 3. Treating Mobile Devices as Desktops 4. Adoption of Social Media Without Proper Protection 5. Allowing Apple & Google to Become Your IT / QA Department 6. 7.
  • 28.
    With the evolutionof our work platforms, we rely more and more every day on web based applications, PDFs, and other cloud-based applications What that means, in reality, is that the QA of your working platforms is in the hands of Google, Adobe, Apple, and Microsoft. A breach in the foundation of these platforms means a breach in your business processes.
  • 30.
    Intel recently hadto mention on their SEC filings that they were part of the 34 companies impacted by Operation Aurora. How is THAT for security as a board level issue? And if you are considering cloud based services, or SaaS solutions, ensure that the infrastructure is secure and robust.
  • 31.
    1. Allow theAssumption That Data is in the Data Center 2. Treating Mobile Devices based on the Value of the Physical Asset, not the Data on the Physical Device 3. Treating Mobile Devices as Desktops 4. Adoption of Social Media Without Proper Protection 5. Allowing Apple & Google to Become Your IT / QA Department 6. Focusing on Protection rather than Detection 7.
  • 32.
    Who would yourather fight? Stevie Wonder vs. Mohammed Ali Can’t fight what you can’t see… Or Is Protection just slightly more important than Detection?
  • 33.
    • • • 9% 2% 34% 22% 23% 4% Doors Locks Alarm Motion detector Dog Gun Windows Fence Monitoring Crime watch Police Insurance Source: “Data @ Risk” by David H. Stelzl
  • 34.
    “We had noidea this malware was High getting through.” Probability of Likelihood Occurrence decreases with Detection and Response “We’ve got it covered.” Low Low Impact of Risk High
  • 35.
    Only a comprehensivesystem allows you to take appropriate action, not merely monitor or inform. However, we need to put the decisions in the hands of the business process owner, instead of leaving it with IT.
  • 36.
    1. Allow theAssumption that Data is in the Data Center 2. Treating mobile devices based on the value of the physical asset, not the data on the physical device 3. Treating mobile devices as Desktops 4. Adoption of Social Media without proper protection 5. Allowing Apple and Google to become your IT / QA Department 6. Focusing on Protection rather than Detection 7. Assuming everything is OK
  • 37.
    How many timeshave you heard your IT team say “We’re covered… We are compliant”, only to have your expensive external audit firm come in and deliver a scathing report that enumerates thousands of missed items, erroneous configurations, and process violations?
  • 38.
    Frankly, what yourIT department is losing is credibility… With you, the business owners. But keep in mind… You still must fund the lighthouse!
  • 39.
    “Everyone Has aPlan… Until They Get Hit” Michael Tyson Philosopher and Pugilist
  • 41.