SlideShare a Scribd company logo

A CISO's Guide to Cyber Liability Insurance

Download as PPTX, PDF
SecureAuth
SecureAuth

Cyber insurance is not new, in fact it has been around for more than 10 years. Still it remains a complicated issue with confusion about what’s covered and what isn’t. And with incidentals of data breaches rising, so are cyber insurance premiums themselves. One thing is clear: Companies will be breached at some point, if they haven’t been breached already and protecting your organization to minimize financial loss is critical. This SlideShare by SecureAuth and SC Magazine, will discuss what security professionals need to know to ensure they are protected, including: The current state of cyber insurance from a business operations perspective – what is covered and what isn’t What insurance companies look for (ie. people, process, system) regarding your ability to response to an attack How financial reimbursement does not address the real impact of a data breach How adaptive access control can help minimize the potential loss of breached data, reduce CI premiums and keep you ahead of the game

Software
1 of 29
A CISOs Guide to Cyber Liability Insurance July 21, 2016
2Copyright SecureAuth Corporation 2016 Today’s Speakers Dawn-Marie Hutchinson Executive Director, Office of the CISO Optiv Security Tim Arvanites Vice President, Technical Services SecureAuth
3Copyright SecureAuth Corporation 2016 Agenda + Creating Confidence; Reducing Risk: Navigating Cyber Liability Insurance – Dawn-Marie Hutchinson, Optiv + Mitigating Risk with Adaptive Access Control – Tim Arvanites, SecureAuth + Q&A
Proprietary and Confidential. Do Not Distribute. © 2016 Optiv Inc. All Rights Reserved. Creating Confidence; Reducing Risk Navigating Cyber Liability Insurance
5Copyright SecureAuth Corporation 2016 Are you Insurable?
6Copyright SecureAuth Corporation 2016 Premiums at a premium
7Copyright SecureAuth Corporation 2016 Economics Lesson “One of the most important simple truths in this technological war is that you simply cannot AFFORD to prevent a successful attack.” –Tyler Wrightson
8Copyright SecureAuth Corporation 2016 AD HOCINFRASTRUCTURE BASED COMPLIA NCE BASED THREAT BASED RISK BASED/ DATA CENTRIC BUSINESS ALIGNEDX Shortcut = Failure to Pass The Security Journey Business Aligned Strategy: Create a security program that enables your organization by understanding the business objectives, compliance objectives, threats and material risks. .
9Copyright SecureAuth Corporation 2016 System security Network security Endpoint security Data security Security management User security Application security Secure infrastructure
10Copyright SecureAuth Corporation 2016 The 5 Key Questions of Cyber Liability Insurance + If a breach were to occur, what quantifiable direct impact would it have on business, customers and the supply chain? + Is there an established framework the insurance provider uses to assess security readiness? + What does the provider expect you to do to qualify for a suitable policy? + Will they be satisfied with the documentation you provide or will they require a thorough audit of policies and practices? + Who will you engage in the conversation to reduce cost and manage risk?
11Copyright SecureAuth Corporation 2016 The 5 Key Post Breach Activities + If a breach were to occur, do you know what the coverage levels and limits are? + Are you following an established program for responding to an incident? + What does the provider expect you to do to upon identification of an incident? + Will they be satisfied with the documentation you provide or will they require a third party assessment? + Who will you engage to manage the incident?
12Copyright SecureAuth Corporation 2016
Mitigating Risk with Adaptive Access Control Tim Arvanites, VP of Technical Services, SecureAuth
14Copyright SecureAuth Corporation 2016 Data Breaches: A Global Epidemic 781 publicly reported data breaches in 2015 Billion+ identities compromised
15Copyright SecureAuth Corporation 2016 Anatomy of a Data Breach Initial Penetration Establish Foothold Escalate Privileges Complete Mission Lateral Movement Majority of the breaches in the enterprises start with social engineering and phishing Intruders gained access through a Citrix remote access portal set up for use by employees. {Home Depot Breach} "The hackers acquired elevated rights that allowed them to navigate portions of Home Depot's network and to deploy unique, custom built malware on its self check out systems in the U.S. and Canada.” – eWeek
16Copyright SecureAuth Corporation 2016 Why Adaptive Access Control to Mitigate Risk? + Traditional security infrastructures are routinely circumvented – Billions spent annually on Endpoint and Network security, yet breaches persist + Both the FBI & White House’s under the new Cybersecurity National Action Plan recommend the use of multi-factor authentication. + The right level of security controls can help reduce your Cyber Liability Insurance premium and strengthen your security posture.
17Copyright SecureAuth Corporation 2016 Why SecureAuth? SecureAuth acts as a central authentication point, controlling access to all on-premises and cloud-based applications: Pre-authentication capabilities protect against APT and prevent unauthorized users from gaining access to your critical networks and applications. Continuous authentication provides early detection and insight into your overall network and application traffic. Flexible workflows allow you to quickly respond to attacks by leveraging step-up authentication during a major security incident.
18Copyright SecureAuth Corporation 2016 Risk Layers Dynamic Adaptive Authentication • Layered Risk Analysis = Stronger Security • No User Experience Impact • Only present multi- factor authentication when needed Device Recognition Threat Service Directory Lookup Geo-Location Geo-Velocity Behavioral Biometrics
19Copyright SecureAuth Corporation 2016 Device Recognition + First time authentication: register the endpoint device + Subsequent authentications: validate the endpoint device + Device recognition can include: – web browser configuration – device IP address – language – screen resolution – installed fonts – browser cookies settings – browser plugin – time zone
20Copyright SecureAuth Corporation 2016 IP Reputation Data
21Copyright SecureAuth Corporation 2016 Identity Store Lookup + Compare and filter based on information in the store + Can be based on any attribute of the user
22Copyright SecureAuth Corporation 2016 Geo-Location + Compare the users current geographic location against good or bad locations
23Copyright SecureAuth Corporation 2016 Geo-Velocity + Compare current location and login history to determine whether an improbable travel event has occurred
24Copyright SecureAuth Corporation 2016 + Analyze behavior that can be used to verify a person + Gather and store characteristics about the way the user interacts with a device such as: – Keystroke dynamics – Mouse movements – Gesture patterns – Motion patterns Behavioral Biometrics
25Copyright SecureAuth Corporation 2016 Cyber Crime Hacktivism Anonymous Proxy Advanced Persistent Threat (APT) SecureAuth Threat Service Threat Intelligence Threat Information Black/White Lists Threat Service Combining Threat Intelligence & Threat Information for Best-in-Class Security
26Copyright SecureAuth Corporation 2016 Putting it all together Device Recognition IP Reputation Identity Store Lookup Geo-Location Geo-Velocity Behavioral Biometrics Threat Service Device Recognition Decision Allow Access Require MFA Redirect Deny AccessUser Pre-Auth Analysis
27Copyright SecureAuth Corporation 2016 In Summary + Cyber Liability Insurance is no substitute for good security and practices – Write and put in place a data breach response plan – Conduct an external penetration test to highlight potential areas to address – Keep all your systems and software patched up. – Have adaptive access controls in place that can reduce your Cyber Insurance premium and strengthen your security posture.
Q&A
Thank You! For more information visit www.secureauth.com

Recommended

The Rise of California Cybercrime
The Rise of California Cybercrime The Rise of California Cybercrime
The Rise of California Cybercrime SecureAuth
 
The Prescription for Protection - Avoid Treatment Errors To The Malware Problem
The Prescription for Protection - Avoid Treatment Errors To The Malware ProblemThe Prescription for Protection - Avoid Treatment Errors To The Malware Problem
The Prescription for Protection - Avoid Treatment Errors To The Malware ProblemEric Vanderburg
 
SEC OCIE - Cybersecurity Focus Areas, Guidance, and Best Practices
SEC OCIE - Cybersecurity Focus Areas, Guidance, and Best PracticesSEC OCIE - Cybersecurity Focus Areas, Guidance, and Best Practices
SEC OCIE - Cybersecurity Focus Areas, Guidance, and Best PracticesKroll
 
Emerging Trends in Information Security and Privacy
Emerging Trends in Information Security and PrivacyEmerging Trends in Information Security and Privacy
Emerging Trends in Information Security and Privacylgcdcpas
 
Protecting Essential Information
Protecting Essential InformationProtecting Essential Information
Protecting Essential InformationKim Jensen
 
Shaping Your Future in Banking Cybersecurity
Shaping Your Future in Banking Cybersecurity Shaping Your Future in Banking Cybersecurity
Shaping Your Future in Banking Cybersecurity Dawn Yankeelov
 
Cybersecurity & the Board of Directors
Cybersecurity & the Board of DirectorsCybersecurity & the Board of Directors
Cybersecurity & the Board of DirectorsAbdul-Hakeem Ajijola
 
Practical approach to combating cyber crimes
Practical approach to combating cyber crimesPractical approach to combating cyber crimes
Practical approach to combating cyber crimesChinatu Uzuegbu
 

Recommended

The Rise of California Cybercrime
The Rise of California Cybercrime The Rise of California Cybercrime
The Rise of California Cybercrime SecureAuth
 
The Prescription for Protection - Avoid Treatment Errors To The Malware Problem
The Prescription for Protection - Avoid Treatment Errors To The Malware ProblemThe Prescription for Protection - Avoid Treatment Errors To The Malware Problem
The Prescription for Protection - Avoid Treatment Errors To The Malware ProblemEric Vanderburg
 
SEC OCIE - Cybersecurity Focus Areas, Guidance, and Best Practices
SEC OCIE - Cybersecurity Focus Areas, Guidance, and Best PracticesSEC OCIE - Cybersecurity Focus Areas, Guidance, and Best Practices
SEC OCIE - Cybersecurity Focus Areas, Guidance, and Best PracticesKroll
 
Emerging Trends in Information Security and Privacy
Emerging Trends in Information Security and PrivacyEmerging Trends in Information Security and Privacy
Emerging Trends in Information Security and Privacylgcdcpas
 
Protecting Essential Information
Protecting Essential InformationProtecting Essential Information
Protecting Essential InformationKim Jensen
 
Shaping Your Future in Banking Cybersecurity
Shaping Your Future in Banking Cybersecurity Shaping Your Future in Banking Cybersecurity
Shaping Your Future in Banking Cybersecurity Dawn Yankeelov
 
Cybersecurity & the Board of Directors
Cybersecurity & the Board of DirectorsCybersecurity & the Board of Directors
Cybersecurity & the Board of DirectorsAbdul-Hakeem Ajijola
 
Practical approach to combating cyber crimes
Practical approach to combating cyber crimesPractical approach to combating cyber crimes
Practical approach to combating cyber crimesChinatu Uzuegbu
 
Threat Intelligence Market
Threat Intelligence MarketThreat Intelligence Market
Threat Intelligence MarketDatsun Arnold
 
Cyber risk tips for boards and executive teams
Cyber risk tips for boards and executive teamsCyber risk tips for boards and executive teams
Cyber risk tips for boards and executive teamsWynyard Group
 
Understanding Identity Management and Security.
Understanding Identity Management and Security.Understanding Identity Management and Security.
Understanding Identity Management and Security.Chinatu Uzuegbu
 
Comply or Die: Learn How to Avoid Failed Audits
Comply or Die: Learn How to Avoid Failed AuditsComply or Die: Learn How to Avoid Failed Audits
Comply or Die: Learn How to Avoid Failed AuditsThycotic
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligenceseadeloitte
 
Blockchains: Opportunities & Risks for Law Firms [RelativityFest 2018]
Blockchains: Opportunities & Risks for Law Firms [RelativityFest 2018]Blockchains: Opportunities & Risks for Law Firms [RelativityFest 2018]
Blockchains: Opportunities & Risks for Law Firms [RelativityFest 2018]Kroll
 
What CIOs Need To Tell Their Boards About Cyber Security
What CIOs Need To Tell Their Boards About Cyber SecurityWhat CIOs Need To Tell Their Boards About Cyber Security
What CIOs Need To Tell Their Boards About Cyber SecurityKaryl Scott
 
Securing Your "Crown Jewels": Do You Have What it Takes?
Securing Your "Crown Jewels": Do You Have What it Takes?Securing Your "Crown Jewels": Do You Have What it Takes?
Securing Your "Crown Jewels": Do You Have What it Takes?IBM Security
 
5 Steps to Securing Your Company's Crown Jewels
5 Steps to Securing Your Company's Crown Jewels5 Steps to Securing Your Company's Crown Jewels
5 Steps to Securing Your Company's Crown JewelsIBM Security
 
BREACHED! Implementing Incident Response for a Compromised Credential
BREACHED! Implementing Incident Response for a Compromised CredentialBREACHED! Implementing Incident Response for a Compromised Credential
BREACHED! Implementing Incident Response for a Compromised CredentialThycotic
 
What is still missed for security real life facts
What is still missed for security real life factsWhat is still missed for security real life facts
What is still missed for security real life factsAladdin Dandis
 
Role of The Board In IT Governance & Cyber Security-Steve Howse
Role of The Board In IT Governance & Cyber Security-Steve HowseRole of The Board In IT Governance & Cyber Security-Steve Howse
Role of The Board In IT Governance & Cyber Security-Steve HowseCGTI
 
Finding and Protecting Your Organizations Crown Jewels
Finding and Protecting Your Organizations Crown JewelsFinding and Protecting Your Organizations Crown Jewels
Finding and Protecting Your Organizations Crown JewelsDoug Landoll
 
The State Of Information and Cyber Security in 2016
The State Of Information and Cyber Security in 2016The State Of Information and Cyber Security in 2016
The State Of Information and Cyber Security in 2016Shannon G., MBA
 
The Board and Cyber Security
The Board and Cyber SecurityThe Board and Cyber Security
The Board and Cyber SecurityFireEye, Inc.
 
Board and Cyber Security
Board and Cyber SecurityBoard and Cyber Security
Board and Cyber SecurityLeon Fouche
 
Data Breach Response is a Team Sport
Data Breach Response is a Team SportData Breach Response is a Team Sport
Data Breach Response is a Team SportQuarles & Brady
 
WhiteHat Security Website Statistics [Full Report] (2013)
WhiteHat Security Website Statistics [Full Report] (2013)WhiteHat Security Website Statistics [Full Report] (2013)
WhiteHat Security Website Statistics [Full Report] (2013)Jeremiah Grossman
 
Cyber Security, IP Theft, and Data Breaches
Cyber Security, IP Theft, and Data BreachesCyber Security, IP Theft, and Data Breaches
Cyber Security, IP Theft, and Data BreachesEthisphere
 
M-Trends® 2013: Attack the Security Gap
M-Trends® 2013: Attack the Security GapM-Trends® 2013: Attack the Security Gap
M-Trends® 2013: Attack the Security GapFireEye, Inc.
 
AY - Adaptive Access Control
AY - Adaptive Access ControlAY - Adaptive Access Control
AY - Adaptive Access ControlAdrian Young
 
"IoT Security - Make vs Buy?" - IoT Data Analytics & Visualization Summit 2016
"IoT Security - Make vs Buy?" - IoT Data Analytics & Visualization Summit 2016"IoT Security - Make vs Buy?" - IoT Data Analytics & Visualization Summit 2016
"IoT Security - Make vs Buy?" - IoT Data Analytics & Visualization Summit 2016Verimatrix
 

More Related Content

What's hot

Threat Intelligence Market
Threat Intelligence MarketThreat Intelligence Market
Threat Intelligence MarketDatsun Arnold
 
Cyber risk tips for boards and executive teams
Cyber risk tips for boards and executive teamsCyber risk tips for boards and executive teams
Cyber risk tips for boards and executive teamsWynyard Group
 
Understanding Identity Management and Security.
Understanding Identity Management and Security.Understanding Identity Management and Security.
Understanding Identity Management and Security.Chinatu Uzuegbu
 
Comply or Die: Learn How to Avoid Failed Audits
Comply or Die: Learn How to Avoid Failed AuditsComply or Die: Learn How to Avoid Failed Audits
Comply or Die: Learn How to Avoid Failed AuditsThycotic
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligenceseadeloitte
 
Blockchains: Opportunities & Risks for Law Firms [RelativityFest 2018]
Blockchains: Opportunities & Risks for Law Firms [RelativityFest 2018]Blockchains: Opportunities & Risks for Law Firms [RelativityFest 2018]
Blockchains: Opportunities & Risks for Law Firms [RelativityFest 2018]Kroll
 
What CIOs Need To Tell Their Boards About Cyber Security
What CIOs Need To Tell Their Boards About Cyber SecurityWhat CIOs Need To Tell Their Boards About Cyber Security
What CIOs Need To Tell Their Boards About Cyber SecurityKaryl Scott
 
Securing Your "Crown Jewels": Do You Have What it Takes?
Securing Your "Crown Jewels": Do You Have What it Takes?Securing Your "Crown Jewels": Do You Have What it Takes?
Securing Your "Crown Jewels": Do You Have What it Takes?IBM Security
 
5 Steps to Securing Your Company's Crown Jewels
5 Steps to Securing Your Company's Crown Jewels5 Steps to Securing Your Company's Crown Jewels
5 Steps to Securing Your Company's Crown JewelsIBM Security
 
BREACHED! Implementing Incident Response for a Compromised Credential
BREACHED! Implementing Incident Response for a Compromised CredentialBREACHED! Implementing Incident Response for a Compromised Credential
BREACHED! Implementing Incident Response for a Compromised CredentialThycotic
 
What is still missed for security real life facts
What is still missed for security real life factsWhat is still missed for security real life facts
What is still missed for security real life factsAladdin Dandis
 
Role of The Board In IT Governance & Cyber Security-Steve Howse
Role of The Board In IT Governance & Cyber Security-Steve HowseRole of The Board In IT Governance & Cyber Security-Steve Howse
Role of The Board In IT Governance & Cyber Security-Steve HowseCGTI
 
Finding and Protecting Your Organizations Crown Jewels
Finding and Protecting Your Organizations Crown JewelsFinding and Protecting Your Organizations Crown Jewels
Finding and Protecting Your Organizations Crown JewelsDoug Landoll
 
The State Of Information and Cyber Security in 2016
The State Of Information and Cyber Security in 2016The State Of Information and Cyber Security in 2016
The State Of Information and Cyber Security in 2016Shannon G., MBA
 
The Board and Cyber Security
The Board and Cyber SecurityThe Board and Cyber Security
The Board and Cyber SecurityFireEye, Inc.
 
Board and Cyber Security
Board and Cyber SecurityBoard and Cyber Security
Board and Cyber SecurityLeon Fouche
 
Data Breach Response is a Team Sport
Data Breach Response is a Team SportData Breach Response is a Team Sport
Data Breach Response is a Team SportQuarles & Brady
 
WhiteHat Security Website Statistics [Full Report] (2013)
WhiteHat Security Website Statistics [Full Report] (2013)WhiteHat Security Website Statistics [Full Report] (2013)
WhiteHat Security Website Statistics [Full Report] (2013)Jeremiah Grossman
 
Cyber Security, IP Theft, and Data Breaches
Cyber Security, IP Theft, and Data BreachesCyber Security, IP Theft, and Data Breaches
Cyber Security, IP Theft, and Data BreachesEthisphere
 
M-Trends® 2013: Attack the Security Gap
M-Trends® 2013: Attack the Security GapM-Trends® 2013: Attack the Security Gap
M-Trends® 2013: Attack the Security GapFireEye, Inc.
 

What's hot (20)

Threat Intelligence Market
Threat Intelligence MarketThreat Intelligence Market
Threat Intelligence Market
 
Cyber risk tips for boards and executive teams
Cyber risk tips for boards and executive teamsCyber risk tips for boards and executive teams
Cyber risk tips for boards and executive teams
 
Understanding Identity Management and Security.
Understanding Identity Management and Security.Understanding Identity Management and Security.
Understanding Identity Management and Security.
 
Comply or Die: Learn How to Avoid Failed Audits
Comply or Die: Learn How to Avoid Failed AuditsComply or Die: Learn How to Avoid Failed Audits
Comply or Die: Learn How to Avoid Failed Audits
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
 
Blockchains: Opportunities & Risks for Law Firms [RelativityFest 2018]
Blockchains: Opportunities & Risks for Law Firms [RelativityFest 2018]Blockchains: Opportunities & Risks for Law Firms [RelativityFest 2018]
Blockchains: Opportunities & Risks for Law Firms [RelativityFest 2018]
 
What CIOs Need To Tell Their Boards About Cyber Security
What CIOs Need To Tell Their Boards About Cyber SecurityWhat CIOs Need To Tell Their Boards About Cyber Security
What CIOs Need To Tell Their Boards About Cyber Security
 
Securing Your "Crown Jewels": Do You Have What it Takes?
Securing Your "Crown Jewels": Do You Have What it Takes?Securing Your "Crown Jewels": Do You Have What it Takes?
Securing Your "Crown Jewels": Do You Have What it Takes?
 
5 Steps to Securing Your Company's Crown Jewels
5 Steps to Securing Your Company's Crown Jewels5 Steps to Securing Your Company's Crown Jewels
5 Steps to Securing Your Company's Crown Jewels
 
BREACHED! Implementing Incident Response for a Compromised Credential
BREACHED! Implementing Incident Response for a Compromised CredentialBREACHED! Implementing Incident Response for a Compromised Credential
BREACHED! Implementing Incident Response for a Compromised Credential
 
What is still missed for security real life facts
What is still missed for security real life factsWhat is still missed for security real life facts
What is still missed for security real life facts
 
Role of The Board In IT Governance & Cyber Security-Steve Howse
Role of The Board In IT Governance & Cyber Security-Steve HowseRole of The Board In IT Governance & Cyber Security-Steve Howse
Role of The Board In IT Governance & Cyber Security-Steve Howse
 
Finding and Protecting Your Organizations Crown Jewels
Finding and Protecting Your Organizations Crown JewelsFinding and Protecting Your Organizations Crown Jewels
Finding and Protecting Your Organizations Crown Jewels
 
The State Of Information and Cyber Security in 2016
The State Of Information and Cyber Security in 2016The State Of Information and Cyber Security in 2016
The State Of Information and Cyber Security in 2016
 
The Board and Cyber Security
The Board and Cyber SecurityThe Board and Cyber Security
The Board and Cyber Security
 
Board and Cyber Security
Board and Cyber SecurityBoard and Cyber Security
Board and Cyber Security
 
Data Breach Response is a Team Sport
Data Breach Response is a Team SportData Breach Response is a Team Sport
Data Breach Response is a Team Sport
 
WhiteHat Security Website Statistics [Full Report] (2013)
WhiteHat Security Website Statistics [Full Report] (2013)WhiteHat Security Website Statistics [Full Report] (2013)
WhiteHat Security Website Statistics [Full Report] (2013)
 
Cyber Security, IP Theft, and Data Breaches
Cyber Security, IP Theft, and Data BreachesCyber Security, IP Theft, and Data Breaches
Cyber Security, IP Theft, and Data Breaches
 
M-Trends® 2013: Attack the Security Gap
M-Trends® 2013: Attack the Security GapM-Trends® 2013: Attack the Security Gap
M-Trends® 2013: Attack the Security Gap
 

Similar to A CISO's Guide to Cyber Liability Insurance

AY - Adaptive Access Control
AY - Adaptive Access ControlAY - Adaptive Access Control
AY - Adaptive Access ControlAdrian Young
 
"IoT Security - Make vs Buy?" - IoT Data Analytics & Visualization Summit 2016
"IoT Security - Make vs Buy?" - IoT Data Analytics & Visualization Summit 2016"IoT Security - Make vs Buy?" - IoT Data Analytics & Visualization Summit 2016
"IoT Security - Make vs Buy?" - IoT Data Analytics & Visualization Summit 2016Verimatrix
 
WatchGuard Corporate Presentation.pptx
WatchGuard Corporate Presentation.pptxWatchGuard Corporate Presentation.pptx
WatchGuard Corporate Presentation.pptxRachatrinTongrungroj1
 
2017 Predictions: Identity and Security
2017 Predictions: Identity and Security 2017 Predictions: Identity and Security
2017 Predictions: Identity and Security SecureAuth
 
Digital Trust: How Identity Tackles the Privacy, Security and IoT Challenge
Digital Trust: How Identity Tackles the Privacy, Security and IoT ChallengeDigital Trust: How Identity Tackles the Privacy, Security and IoT Challenge
Digital Trust: How Identity Tackles the Privacy, Security and IoT ChallengeForgeRock
 
Securing the Software Defined Car™ Using Artificial Intelligence and OTA Updates
Securing the Software Defined Car™ Using Artificial Intelligence and OTA UpdatesSecuring the Software Defined Car™ Using Artificial Intelligence and OTA Updates
Securing the Software Defined Car™ Using Artificial Intelligence and OTA UpdatesMahbubul Alam
 
Ghostery Enterprise EU Security Study
Ghostery Enterprise EU Security StudyGhostery Enterprise EU Security Study
Ghostery Enterprise EU Security StudyGhostery, Inc.
 
Cyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & RecommendationsCyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & RecommendationsUlf Mattsson
 
How to Stop Cyber Attacks Using Adaptive Authentication
How to Stop Cyber Attacks Using Adaptive AuthenticationHow to Stop Cyber Attacks Using Adaptive Authentication
How to Stop Cyber Attacks Using Adaptive AuthenticationSecureAuth
 
Analytical Driven Security - Chip Copper
Analytical Driven Security - Chip CopperAnalytical Driven Security - Chip Copper
Analytical Driven Security - Chip Copperscoopnewsgroup
 
Big Iron to Big Data Analytics for Security, Compliance, and the Mainframe
Big Iron to Big Data Analytics for Security, Compliance, and the MainframeBig Iron to Big Data Analytics for Security, Compliance, and the Mainframe
Big Iron to Big Data Analytics for Security, Compliance, and the MainframePrecisely
 
Cyber Risk Management in 2017 - Challenges & Recommendations
Cyber Risk Management in 2017 - Challenges & RecommendationsCyber Risk Management in 2017 - Challenges & Recommendations
Cyber Risk Management in 2017 - Challenges & RecommendationsUlf Mattsson
 
CIO Bulletin - 10 Best Cyber Security Companies
CIO Bulletin - 10 Best Cyber Security CompaniesCIO Bulletin - 10 Best Cyber Security Companies
CIO Bulletin - 10 Best Cyber Security CompaniesCIOBulletin1
 
Tony Hodgson (Brainwaive LLC): Enterprise AR Cyber Security – Breaking Down B...
Tony Hodgson (Brainwaive LLC): Enterprise AR Cyber Security – Breaking Down B...Tony Hodgson (Brainwaive LLC): Enterprise AR Cyber Security – Breaking Down B...
Tony Hodgson (Brainwaive LLC): Enterprise AR Cyber Security – Breaking Down B...AugmentedWorldExpo
 
Ivanti Webinar - How to Win Budget and Influence Non-InfoSec Stakeholders
Ivanti Webinar - How to Win Budget and Influence Non-InfoSec StakeholdersIvanti Webinar - How to Win Budget and Influence Non-InfoSec Stakeholders
Ivanti Webinar - How to Win Budget and Influence Non-InfoSec StakeholdersIvanti
 
Identity Live Sydney: Intelligent Authentication
Identity Live Sydney: Intelligent Authentication Identity Live Sydney: Intelligent Authentication
Identity Live Sydney: Intelligent Authentication ForgeRock
 
The Legal Case for Cybersecurity
The Legal Case for CybersecurityThe Legal Case for Cybersecurity
The Legal Case for CybersecurityShawn Tuma
 
Governance of security operation centers
Governance of security operation centersGovernance of security operation centers
Governance of security operation centersBrencil Kaimba
 

Similar to A CISO's Guide to Cyber Liability Insurance (20)

AY - Adaptive Access Control
AY - Adaptive Access ControlAY - Adaptive Access Control
AY - Adaptive Access Control
 
"IoT Security - Make vs Buy?" - IoT Data Analytics & Visualization Summit 2016
"IoT Security - Make vs Buy?" - IoT Data Analytics & Visualization Summit 2016"IoT Security - Make vs Buy?" - IoT Data Analytics & Visualization Summit 2016
"IoT Security - Make vs Buy?" - IoT Data Analytics & Visualization Summit 2016
 
WatchGuard Corporate Presentation.pptx
WatchGuard Corporate Presentation.pptxWatchGuard Corporate Presentation.pptx
WatchGuard Corporate Presentation.pptx
 
2017 Predictions: Identity and Security
2017 Predictions: Identity and Security 2017 Predictions: Identity and Security
2017 Predictions: Identity and Security
 
Digital Trust: How Identity Tackles the Privacy, Security and IoT Challenge
Digital Trust: How Identity Tackles the Privacy, Security and IoT ChallengeDigital Trust: How Identity Tackles the Privacy, Security and IoT Challenge
Digital Trust: How Identity Tackles the Privacy, Security and IoT Challenge
 
Securing the Software Defined Car™ Using Artificial Intelligence and OTA Updates
Securing the Software Defined Car™ Using Artificial Intelligence and OTA UpdatesSecuring the Software Defined Car™ Using Artificial Intelligence and OTA Updates
Securing the Software Defined Car™ Using Artificial Intelligence and OTA Updates
 
Ghostery Enterprise EU Security Study
Ghostery Enterprise EU Security StudyGhostery Enterprise EU Security Study
Ghostery Enterprise EU Security Study
 
Cyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & RecommendationsCyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & Recommendations
 
How to Stop Cyber Attacks Using Adaptive Authentication
How to Stop Cyber Attacks Using Adaptive AuthenticationHow to Stop Cyber Attacks Using Adaptive Authentication
How to Stop Cyber Attacks Using Adaptive Authentication
 
Analytical Driven Security - Chip Copper
Analytical Driven Security - Chip CopperAnalytical Driven Security - Chip Copper
Analytical Driven Security - Chip Copper
 
Big Iron to Big Data Analytics for Security, Compliance, and the Mainframe
Big Iron to Big Data Analytics for Security, Compliance, and the MainframeBig Iron to Big Data Analytics for Security, Compliance, and the Mainframe
Big Iron to Big Data Analytics for Security, Compliance, and the Mainframe
 
Cyber Risk Management in 2017 - Challenges & Recommendations
Cyber Risk Management in 2017 - Challenges & RecommendationsCyber Risk Management in 2017 - Challenges & Recommendations
Cyber Risk Management in 2017 - Challenges & Recommendations
 
Cybersecurity in ME April 25 slides
Cybersecurity in ME April 25 slidesCybersecurity in ME April 25 slides
Cybersecurity in ME April 25 slides
 
Check Point Infinity
Check Point Infinity Check Point Infinity
Check Point Infinity
 
CIO Bulletin - 10 Best Cyber Security Companies
CIO Bulletin - 10 Best Cyber Security CompaniesCIO Bulletin - 10 Best Cyber Security Companies
CIO Bulletin - 10 Best Cyber Security Companies
 
Tony Hodgson (Brainwaive LLC): Enterprise AR Cyber Security – Breaking Down B...
Tony Hodgson (Brainwaive LLC): Enterprise AR Cyber Security – Breaking Down B...Tony Hodgson (Brainwaive LLC): Enterprise AR Cyber Security – Breaking Down B...
Tony Hodgson (Brainwaive LLC): Enterprise AR Cyber Security – Breaking Down B...
 
Ivanti Webinar - How to Win Budget and Influence Non-InfoSec Stakeholders
Ivanti Webinar - How to Win Budget and Influence Non-InfoSec StakeholdersIvanti Webinar - How to Win Budget and Influence Non-InfoSec Stakeholders
Ivanti Webinar - How to Win Budget and Influence Non-InfoSec Stakeholders
 
Identity Live Sydney: Intelligent Authentication
Identity Live Sydney: Intelligent Authentication Identity Live Sydney: Intelligent Authentication
Identity Live Sydney: Intelligent Authentication
 
The Legal Case for Cybersecurity
The Legal Case for CybersecurityThe Legal Case for Cybersecurity
The Legal Case for Cybersecurity
 
Governance of security operation centers
Governance of security operation centersGovernance of security operation centers
Governance of security operation centers
 

More from SecureAuth

Webinar: Goodbye RSA. Hello Modern Authentication.
Webinar: Goodbye RSA. Hello Modern Authentication.Webinar: Goodbye RSA. Hello Modern Authentication.
Webinar: Goodbye RSA. Hello Modern Authentication.SecureAuth
 
The Death of 2FA and the Birth of Modern Authentication
The Death of 2FA and the Birth of Modern AuthenticationThe Death of 2FA and the Birth of Modern Authentication
The Death of 2FA and the Birth of Modern AuthenticationSecureAuth
 
Portal Protection Using Adaptive Authentication
Portal Protection Using Adaptive AuthenticationPortal Protection Using Adaptive Authentication
Portal Protection Using Adaptive AuthenticationSecureAuth
 
SecureAuth Solution Enhancements in 2017
SecureAuth Solution Enhancements in 2017SecureAuth Solution Enhancements in 2017
SecureAuth Solution Enhancements in 2017SecureAuth
 
Passwordless is Possible - How to Remove Passwords and Improve Security
Passwordless is Possible - How to Remove Passwords and Improve Security Passwordless is Possible - How to Remove Passwords and Improve Security
Passwordless is Possible - How to Remove Passwords and Improve Security SecureAuth
 
Top 5 Reasons to Choose Adaptive SSO
Top 5 Reasons to Choose Adaptive SSOTop 5 Reasons to Choose Adaptive SSO
Top 5 Reasons to Choose Adaptive SSOSecureAuth
 
Webinar: Beyond Two-Factor: Secure Access Control for Office 365
Webinar: Beyond Two-Factor: Secure Access Control for Office 365 Webinar: Beyond Two-Factor: Secure Access Control for Office 365
Webinar: Beyond Two-Factor: Secure Access Control for Office 365SecureAuth
 
What's New in SecureAuth IdP in 2017
What's New in SecureAuth IdP in 2017What's New in SecureAuth IdP in 2017
What's New in SecureAuth IdP in 2017SecureAuth
 
Why Two-Factor Isn't Enough
Why Two-Factor Isn't EnoughWhy Two-Factor Isn't Enough
Why Two-Factor Isn't EnoughSecureAuth
 
SecureAuth & 451 Research Webinar: Connected Security - A Holistic Approach t...
SecureAuth & 451 Research Webinar: Connected Security - A Holistic Approach t...SecureAuth & 451 Research Webinar: Connected Security - A Holistic Approach t...
SecureAuth & 451 Research Webinar: Connected Security - A Holistic Approach t...SecureAuth
 
Unmask anonymous attackers with advanced threat intelligence webinar 6.29 fin...
Unmask anonymous attackers with advanced threat intelligence webinar 6.29 fin...Unmask anonymous attackers with advanced threat intelligence webinar 6.29 fin...
Unmask anonymous attackers with advanced threat intelligence webinar 6.29 fin...SecureAuth
 
What's New in IdP 9.0 Behavioral Biometrics and more…
What's New in IdP 9.0 Behavioral Biometrics and more…What's New in IdP 9.0 Behavioral Biometrics and more…
What's New in IdP 9.0 Behavioral Biometrics and more…SecureAuth
 
Stopping Breaches at the Perimeter: Strategies for Secure Access Control
Stopping Breaches at the Perimeter: Strategies for Secure Access ControlStopping Breaches at the Perimeter: Strategies for Secure Access Control
Stopping Breaches at the Perimeter: Strategies for Secure Access ControlSecureAuth
 
What’s New In SecureAuth™ IdP, 8.2
What’s New In SecureAuth™ IdP, 8.2What’s New In SecureAuth™ IdP, 8.2
What’s New In SecureAuth™ IdP, 8.2SecureAuth
 
What to Expect in 2016: Top 5 Predictions for Security and Access Control
What to Expect in 2016: Top 5 Predictions for Security and Access ControlWhat to Expect in 2016: Top 5 Predictions for Security and Access Control
What to Expect in 2016: Top 5 Predictions for Security and Access ControlSecureAuth
 
Balancing User Experience with Secure Access Control in Healthcare
Balancing User Experience with Secure Access Control in HealthcareBalancing User Experience with Secure Access Control in Healthcare
Balancing User Experience with Secure Access Control in HealthcareSecureAuth
 
Protecting the Keys to the Kingdom - The Case for Adaptive Authentication for...
Protecting the Keys to the Kingdom - The Case for Adaptive Authentication for...Protecting the Keys to the Kingdom - The Case for Adaptive Authentication for...
Protecting the Keys to the Kingdom - The Case for Adaptive Authentication for...SecureAuth
 
Advanced Authentication: Past, Present, and Future
Advanced Authentication: Past, Present, and FutureAdvanced Authentication: Past, Present, and Future
Advanced Authentication: Past, Present, and FutureSecureAuth
 
The Future of Mobile Application Security
The Future of Mobile Application SecurityThe Future of Mobile Application Security
The Future of Mobile Application SecuritySecureAuth
 
Modern Architectures
Modern ArchitecturesModern Architectures
Modern ArchitecturesSecureAuth
 

More from SecureAuth (20)

Webinar: Goodbye RSA. Hello Modern Authentication.
Webinar: Goodbye RSA. Hello Modern Authentication.Webinar: Goodbye RSA. Hello Modern Authentication.
Webinar: Goodbye RSA. Hello Modern Authentication.
 
The Death of 2FA and the Birth of Modern Authentication
The Death of 2FA and the Birth of Modern AuthenticationThe Death of 2FA and the Birth of Modern Authentication
The Death of 2FA and the Birth of Modern Authentication
 
Portal Protection Using Adaptive Authentication
Portal Protection Using Adaptive AuthenticationPortal Protection Using Adaptive Authentication
Portal Protection Using Adaptive Authentication
 
SecureAuth Solution Enhancements in 2017
SecureAuth Solution Enhancements in 2017SecureAuth Solution Enhancements in 2017
SecureAuth Solution Enhancements in 2017
 
Passwordless is Possible - How to Remove Passwords and Improve Security
Passwordless is Possible - How to Remove Passwords and Improve Security Passwordless is Possible - How to Remove Passwords and Improve Security
Passwordless is Possible - How to Remove Passwords and Improve Security
 
Top 5 Reasons to Choose Adaptive SSO
Top 5 Reasons to Choose Adaptive SSOTop 5 Reasons to Choose Adaptive SSO
Top 5 Reasons to Choose Adaptive SSO
 
Webinar: Beyond Two-Factor: Secure Access Control for Office 365
Webinar: Beyond Two-Factor: Secure Access Control for Office 365 Webinar: Beyond Two-Factor: Secure Access Control for Office 365
Webinar: Beyond Two-Factor: Secure Access Control for Office 365
 
What's New in SecureAuth IdP in 2017
What's New in SecureAuth IdP in 2017What's New in SecureAuth IdP in 2017
What's New in SecureAuth IdP in 2017
 
Why Two-Factor Isn't Enough
Why Two-Factor Isn't EnoughWhy Two-Factor Isn't Enough
Why Two-Factor Isn't Enough
 
SecureAuth & 451 Research Webinar: Connected Security - A Holistic Approach t...
SecureAuth & 451 Research Webinar: Connected Security - A Holistic Approach t...SecureAuth & 451 Research Webinar: Connected Security - A Holistic Approach t...
SecureAuth & 451 Research Webinar: Connected Security - A Holistic Approach t...
 
Unmask anonymous attackers with advanced threat intelligence webinar 6.29 fin...
Unmask anonymous attackers with advanced threat intelligence webinar 6.29 fin...Unmask anonymous attackers with advanced threat intelligence webinar 6.29 fin...
Unmask anonymous attackers with advanced threat intelligence webinar 6.29 fin...
 
What's New in IdP 9.0 Behavioral Biometrics and more…
What's New in IdP 9.0 Behavioral Biometrics and more…What's New in IdP 9.0 Behavioral Biometrics and more…
What's New in IdP 9.0 Behavioral Biometrics and more…
 
Stopping Breaches at the Perimeter: Strategies for Secure Access Control
Stopping Breaches at the Perimeter: Strategies for Secure Access ControlStopping Breaches at the Perimeter: Strategies for Secure Access Control
Stopping Breaches at the Perimeter: Strategies for Secure Access Control
 
What’s New In SecureAuth™ IdP, 8.2
What’s New In SecureAuth™ IdP, 8.2What’s New In SecureAuth™ IdP, 8.2
What’s New In SecureAuth™ IdP, 8.2
 
What to Expect in 2016: Top 5 Predictions for Security and Access Control
What to Expect in 2016: Top 5 Predictions for Security and Access ControlWhat to Expect in 2016: Top 5 Predictions for Security and Access Control
What to Expect in 2016: Top 5 Predictions for Security and Access Control
 
Balancing User Experience with Secure Access Control in Healthcare
Balancing User Experience with Secure Access Control in HealthcareBalancing User Experience with Secure Access Control in Healthcare
Balancing User Experience with Secure Access Control in Healthcare
 
Protecting the Keys to the Kingdom - The Case for Adaptive Authentication for...
Protecting the Keys to the Kingdom - The Case for Adaptive Authentication for...Protecting the Keys to the Kingdom - The Case for Adaptive Authentication for...
Protecting the Keys to the Kingdom - The Case for Adaptive Authentication for...
 
Advanced Authentication: Past, Present, and Future
Advanced Authentication: Past, Present, and FutureAdvanced Authentication: Past, Present, and Future
Advanced Authentication: Past, Present, and Future
 
The Future of Mobile Application Security
The Future of Mobile Application SecurityThe Future of Mobile Application Security
The Future of Mobile Application Security
 
Modern Architectures
Modern ArchitecturesModern Architectures
Modern Architectures
 

Recently uploaded

HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comFatema Valibhai
 
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...Christina Lin
 
Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)OPEN KNOWLEDGE GmbH
 
DNT_Corporate presentation know about us
DNT_Corporate presentation know about usDNT_Corporate presentation know about us
DNT_Corporate presentation know about usDynamic Netsoft
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfkalichargn70th171
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsAlberto González Trastoy
 
What is Binary Language? Computer Number Systems
What is Binary Language? Computer Number SystemsWhat is Binary Language? Computer Number Systems
What is Binary Language? Computer Number SystemsJheuzeDellosa
 
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxKnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxTier1 app
 
why an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfwhy an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfjoe51371421
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxbodapatigopi8531
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdfWave PLM
 
chapter--4-software-project-planning.ppt
chapter--4-software-project-planning.pptchapter--4-software-project-planning.ppt
chapter--4-software-project-planning.pptkotipi9215
 
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...stazi3110
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...MyIntelliSource, Inc.
 
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEBATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEOrtus Solutions, Corp
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...kellynguyen01
 
EY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityEY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityNeo4j
 
Engage Usergroup 2024 - The Good The Bad_The Ugly
Engage Usergroup 2024 - The Good The Bad_The UglyEngage Usergroup 2024 - The Good The Bad_The Ugly
Engage Usergroup 2024 - The Good The Bad_The UglyFrank van der Linden
 
Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...OnePlan Solutions
 

Recently uploaded (20)

HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.com
 
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
 
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
 
Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)
 
DNT_Corporate presentation know about us
DNT_Corporate presentation know about usDNT_Corporate presentation know about us
DNT_Corporate presentation know about us
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
 
What is Binary Language? Computer Number Systems
What is Binary Language? Computer Number SystemsWhat is Binary Language? Computer Number Systems
What is Binary Language? Computer Number Systems
 
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxKnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
 
why an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfwhy an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdf
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptx
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf
 
chapter--4-software-project-planning.ppt
chapter--4-software-project-planning.pptchapter--4-software-project-planning.ppt
chapter--4-software-project-planning.ppt
 
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
 
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEBATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
 
EY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityEY_Graph Database Powered Sustainability
EY_Graph Database Powered Sustainability
 
Engage Usergroup 2024 - The Good The Bad_The Ugly
Engage Usergroup 2024 - The Good The Bad_The UglyEngage Usergroup 2024 - The Good The Bad_The Ugly
Engage Usergroup 2024 - The Good The Bad_The Ugly
 
Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...
 

A CISO's Guide to Cyber Liability Insurance

  • 1. A CISOs Guide to Cyber Liability Insurance July 21, 2016
  • 2. 2Copyright SecureAuth Corporation 2016 Today’s Speakers Dawn-Marie Hutchinson Executive Director, Office of the CISO Optiv Security Tim Arvanites Vice President, Technical Services SecureAuth
  • 3. 3Copyright SecureAuth Corporation 2016 Agenda + Creating Confidence; Reducing Risk: Navigating Cyber Liability Insurance – Dawn-Marie Hutchinson, Optiv + Mitigating Risk with Adaptive Access Control – Tim Arvanites, SecureAuth + Q&A
  • 4. Proprietary and Confidential. Do Not Distribute. © 2016 Optiv Inc. All Rights Reserved. Creating Confidence; Reducing Risk Navigating Cyber Liability Insurance
  • 5. 5Copyright SecureAuth Corporation 2016 Are you Insurable?
  • 6. 6Copyright SecureAuth Corporation 2016 Premiums at a premium
  • 7. 7Copyright SecureAuth Corporation 2016 Economics Lesson “One of the most important simple truths in this technological war is that you simply cannot AFFORD to prevent a successful attack.” –Tyler Wrightson
  • 8. 8Copyright SecureAuth Corporation 2016 AD HOCINFRASTRUCTURE BASED COMPLIA NCE BASED THREAT BASED RISK BASED/ DATA CENTRIC BUSINESS ALIGNEDX Shortcut = Failure to Pass The Security Journey Business Aligned Strategy: Create a security program that enables your organization by understanding the business objectives, compliance objectives, threats and material risks. .
  • 9. 9Copyright SecureAuth Corporation 2016 System security Network security Endpoint security Data security Security management User security Application security Secure infrastructure
  • 10. 10Copyright SecureAuth Corporation 2016 The 5 Key Questions of Cyber Liability Insurance + If a breach were to occur, what quantifiable direct impact would it have on business, customers and the supply chain? + Is there an established framework the insurance provider uses to assess security readiness? + What does the provider expect you to do to qualify for a suitable policy? + Will they be satisfied with the documentation you provide or will they require a thorough audit of policies and practices? + Who will you engage in the conversation to reduce cost and manage risk?
  • 11. 11Copyright SecureAuth Corporation 2016 The 5 Key Post Breach Activities + If a breach were to occur, do you know what the coverage levels and limits are? + Are you following an established program for responding to an incident? + What does the provider expect you to do to upon identification of an incident? + Will they be satisfied with the documentation you provide or will they require a third party assessment? + Who will you engage to manage the incident?
  • 13. Mitigating Risk with Adaptive Access Control Tim Arvanites, VP of Technical Services, SecureAuth
  • 14. 14Copyright SecureAuth Corporation 2016 Data Breaches: A Global Epidemic 781 publicly reported data breaches in 2015 Billion+ identities compromised
  • 15. 15Copyright SecureAuth Corporation 2016 Anatomy of a Data Breach Initial Penetration Establish Foothold Escalate Privileges Complete Mission Lateral Movement Majority of the breaches in the enterprises start with social engineering and phishing Intruders gained access through a Citrix remote access portal set up for use by employees. {Home Depot Breach} "The hackers acquired elevated rights that allowed them to navigate portions of Home Depot's network and to deploy unique, custom built malware on its self check out systems in the U.S. and Canada.” – eWeek
  • 16. 16Copyright SecureAuth Corporation 2016 Why Adaptive Access Control to Mitigate Risk? + Traditional security infrastructures are routinely circumvented – Billions spent annually on Endpoint and Network security, yet breaches persist + Both the FBI & White House’s under the new Cybersecurity National Action Plan recommend the use of multi-factor authentication. + The right level of security controls can help reduce your Cyber Liability Insurance premium and strengthen your security posture.
  • 17. 17Copyright SecureAuth Corporation 2016 Why SecureAuth? SecureAuth acts as a central authentication point, controlling access to all on-premises and cloud-based applications: Pre-authentication capabilities protect against APT and prevent unauthorized users from gaining access to your critical networks and applications. Continuous authentication provides early detection and insight into your overall network and application traffic. Flexible workflows allow you to quickly respond to attacks by leveraging step-up authentication during a major security incident.
  • 18. 18Copyright SecureAuth Corporation 2016 Risk Layers Dynamic Adaptive Authentication • Layered Risk Analysis = Stronger Security • No User Experience Impact • Only present multi- factor authentication when needed Device Recognition Threat Service Directory Lookup Geo-Location Geo-Velocity Behavioral Biometrics
  • 19. 19Copyright SecureAuth Corporation 2016 Device Recognition + First time authentication: register the endpoint device + Subsequent authentications: validate the endpoint device + Device recognition can include: – web browser configuration – device IP address – language – screen resolution – installed fonts – browser cookies settings – browser plugin – time zone
  • 20. 20Copyright SecureAuth Corporation 2016 IP Reputation Data
  • 21. 21Copyright SecureAuth Corporation 2016 Identity Store Lookup + Compare and filter based on information in the store + Can be based on any attribute of the user
  • 22. 22Copyright SecureAuth Corporation 2016 Geo-Location + Compare the users current geographic location against good or bad locations
  • 23. 23Copyright SecureAuth Corporation 2016 Geo-Velocity + Compare current location and login history to determine whether an improbable travel event has occurred
  • 24. 24Copyright SecureAuth Corporation 2016 + Analyze behavior that can be used to verify a person + Gather and store characteristics about the way the user interacts with a device such as: – Keystroke dynamics – Mouse movements – Gesture patterns – Motion patterns Behavioral Biometrics
  • 25. 25Copyright SecureAuth Corporation 2016 Cyber Crime Hacktivism Anonymous Proxy Advanced Persistent Threat (APT) SecureAuth Threat Service Threat Intelligence Threat Information Black/White Lists Threat Service Combining Threat Intelligence & Threat Information for Best-in-Class Security
  • 26. 26Copyright SecureAuth Corporation 2016 Putting it all together Device Recognition IP Reputation Identity Store Lookup Geo-Location Geo-Velocity Behavioral Biometrics Threat Service Device Recognition Decision Allow Access Require MFA Redirect Deny AccessUser Pre-Auth Analysis
  • 27. 27Copyright SecureAuth Corporation 2016 In Summary + Cyber Liability Insurance is no substitute for good security and practices – Write and put in place a data breach response plan – Conduct an external penetration test to highlight potential areas to address – Keep all your systems and software patched up. – Have adaptive access controls in place that can reduce your Cyber Insurance premium and strengthen your security posture.
  • 28. Q&A
  • 29. Thank You! For more information visit www.secureauth.com

Editor's Notes

  1. Not a single destination, but a journey. Security leaders need to continually reevaluate org’s strengths, weakness and goals while aligning security measures appropriately to foster business growth
  2. http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/ Data breaches have reached epidemic proportions globally. 781 publicly reported data breaches in 2015 Over a billion+ identities compromised Hacking and Phising is the #1 cause at 36%.
  3. A robust cyber insurance policy can help businesses weather the storm more effectively when a data breach or network security failure has occurred.
  4. Or device fingerprint. Not to be mistaken with a biometric fingerprint Device fingerprinting is typically a two-stage process on first time authentication we register an endpoint, and on subsequent authentications we validate an endpoint against the stored device fingerprint  The actual device fingerprint, uses and relies on certain characteristics about that endpoint. Such as;   web browser configuration language installed fonts browser plugins device IP address screen resolution browser cookies settings Time zone
  5. We can take IP reputation data, e.g. IP addresses that are on black lists and deny the authentication based upon that. For example, if the IP address of the machine from which the user is trying to authentication is part of a Tor network, a known bonnet, or an IP known to be associated with known bad actors. 
  6. The ability to use geo-location and login history to determine whether an improbable travel event has occurred:
  7. Analyzing some measurable behavior that can be used to identify a person. Leading up to the auth, gathering certain characteristics about the way that the user is interacting with the device, such as; Keystroke dynamics Mouse movements Gesture, and touch Motion patterns
  8. The Problems: User name and password alone are simply not enough to protect you from a breach. Up to 60+% of attacks involve the use of valid, yet compromised/stolen, credentials. Even multi-factor authentication methods are being compromised. Additional security measures are needed to protect against today’s advanced cyber threats (Adaptive Auth) Authentication traffic is plentiful and hard to determine between legitimate employees, partners, and customers and attackers trying to infiltrate your network and resources for a variety of bad reasons (military and economic advantage, financial gain, or to deface and cause social and political unrest) Simple IP reputation services don’t provide depth or additional information with context for rapid, effective incident response and can flood SOCs with too much information to quickly digest and act  Some threat services do not have deep and wide experience globally to provide blanket coverage against all threat types, leaving buyers with a false sense of security   The Solution: Combination of multiple threat intelligence, information, and blacklisted IP addresses for the best-of-breed protection from todays threats including APT, Cyber Crime, Hacktivism as well as anonymous proxies and anonymity networks, such as Tor. Beyond just one threat service, the SecureAuth Threat Service combines multiple threat feeds to provide unprecedented coverage and protection. Not only does the SecureAuth Threat Service make customers aware of advanced threats and can deny or require MFA to access, we also provide valuable time saving intelligence and information to accelerate investigation and remediation among your SoC staff and incident responders. SecureAuth Threat Service Value/Benefits: Early warning system – able to detect when a user is attempting to authenticate from an anonymous proxy or anonymity network – a bad actor trying to conceal their true identity (Huge help when identifying bad actors who are using compromised, yet valid, credentials.) Threat intelligence & information – beyond simply providing that the IP Address is “bad”, this service provide context around the IP Address - e.g. actor type, malware family, etc. Answers burning questions - ‘Does a threat against identity exist?’, ‘Who is behind an attack?’, and ‘Why did they target us?’ 
 Identify attackers already in - Help detect bad actors that are moving laterally within your network Reduce Response Time - Customers can use this threat intelligence and information to cut through the noise and aid Security Operations Center (SoC) staff and incident responders alike, so they know what to focus on during an investigation. More is better than one - Best because it combines multiple threat services (FireEye, Neustar, Blacklists/Whitelist) and the feeds available will only increase over time to also cover threats specific to certain industry verticals. Experience Matters (FireEye) - 10 years of experience battling the world’s most advanced cyber threats, global network of 11 million advanced threat sensors. Leverage a mathematical graph database with more than 115 million nodes that dynamically models the relationships between the tools and tactics cyber threat groups use, the operations they conduct, and the sponsors who back them. Layered Approach provides greatest security - SecureAuth Threat Service used in conjunction with SecureAuth Adaptive Authentication, provide an intricate web of risk checks that make it nearly impossible for attackers to penetrate.