Cyber Crime Primer A Look into Cybercrime Doomsday Preppers for the Naked and Afraid

1. A Look into Cyber Crime

2. //Cyber Security
The interconnection and reliance of physical lifeline
functions over the Internet (cyberspace) that impacts:
– National Security
– Public Health and Safety
– Economic well-being
Most people spend more time and energy going around problems than trying to solve them.
~Henry Ford
2

3. Cyber Security and Cyber Crime
The first step is to admit that there is a problem.
3

4. A computer lets you make more mistakes faster than any
invention in human history - with the possible exceptions
of handguns and tequila.
~Mitch Ratliff
With just a few keystrokes, cybercriminals around the
world can disrupt our economy.
~Ralph Basham, Director of the U.S. Secret Service
The Internet is the crime scene of the 21st Century.
~ Cyrus Vance Jr. , Manhattan District Attorney
4

5. 5

6. We are all connected
Cyber Security is like
a Public Health Issue
6
We impact
each other.
What are and
who sets safety
protocols?
Sometimes
getting a shot
only treats the
symptoms and
not the cause…

7. Why is this happening?
7

8. • Insulin pumps and pacemakers
• Automobiles
• POS and ATMs
• ORCL – MSFT – SYMC – RSA – VRSN – Bit9
• GOOG – AAPL – FB – AMZN –YHOO – LNKD – GM – NSANY
• US drone fleet
• Internet of Things
8
Vulnerable! Connected!
Cloud
Mobile
Big Data Social

9. Cyber Crime
• Global and growing industry
• Increasing in size and efficiency
• Targets everyone and every company
• Low barrier to entry
• Levels the playing field for many interests
//Are you surprised? Seriously?
9

10. We Are Only Seeing the Tip of the Iceberg
HEADLINE GRABBING ATTACKS
THOUSANDS MORE BELOW THE SURFACE
APT Attacks
Zero-Day Attacks
Polymorphic Attacks
Targeted Attacks
Source: FireEye 10

11. Who are the Cyber Crime Actors?
11

12. Basic Cybercrime Organizations
• Fluid and change members frequently
• Will form and disband on a “per project” basis
• Rife with amateurs, take a lot of risk considering the
small payoffs
• Although the most troublesome, they are considered the
bottom feeders
– Think criminal script kiddies
– This is usually who the Feds get, not the big guys
12

13. Professional Hackers
• Paid per the job, usually flat rates
• State-side hackers can earn up to $200K a year
• The work is usually writing tools for others to use,
developing/finding new exploits, and coding up
malware
• Occasionally they will do a black bag job, but
these are rare, unless they are simply looking for
“loot” on easy targets
13

14. Spammers
• They earn millions per year selling their direct mail
services
• They are not picky and do not consider the person
doing the selling is committing fraud, including the
Russia Mafia
• After years of jumping from ISP to ISP, it is much easier
to lease “capacity” from hacker botnets or develop
their own
• They are the main employer of professional hackers
14

15. Traditional Mafia
• They are currently leaving most of the “work”
to others
• Online ventures are sticking close to such
things as pr0n, online gambling, etc.
• They are taking advantage of technology,
using computers heavily, and using reliable
encryption
15

16. Organized…Crime
Different levels of participants in the underground market
Markets for Cybercrime Tools and Stolen Data (RAND, 2014)
16

17. Russian Mafia
• Cybercrime elements are considered “divisions”
– The actual hackers themselves are kept
compartmentalized
• Due to protection from a corrupt Russian
government, most “big cases” do not net the big
players, e.g. Operation Firewall
• There are thousands of organized crime gangs
operating out of Russia, although most are not
involved in cybercrime.
• When new hacking talent is needed, they will force
hackers to work for them (or kill them and/or their
families) 17

18. Former Soviet Military
• Military industrial complex in Soviet Russia was even
more corrupt than their USA counterparts
• With the collapse of communism, many upper
military personnel in Russia had few skills that paid
well
– Good at money laundering
– Good at moving goods across borders
– Connections with international crime
18

19. China - Espionage
• Mandiant’s 2013 report on the Chinese (APT1)
– Attacks on 141 organizations since 2006 (115 were in the US)
• Substantial evidence of Chinese sponsored activities
– Report includes photos, forensics, communications, and profiles
• Soon after Mandiant’s report, the US government publishes a 140
page strategy to combat the theft of US trade secrets
• The US government initially attempted to halt the attacks on US
organizations
– But soon resorted to asking China to please stop stealing our stuff
• China’s response to the Mandiant report was that it was
“unprofessional” to publish and make such claims
19

20. China - Espionage
• According to the US Justice Department, of 20 cases of economic espionage
and trade secret criminal cases from January 2009 to January 2013, 16
involved Chinese nationals; i.e. organizations hired foreign nationals to work
on national security level projects (DuPont, NASA, Google, Intel, DoD, etc.)
• 63% of impacted organizations learn they were breached from an external
source, like law enforcement
• Organizations are being targeted by more than one attack group, sometimes in
succession
• In 2012, 38% of targets were attacked again after the original incident was
remediated, lodging more than one thousand attempts to regain entry to
former victims
• Feb 2013 report (Akamai) shows that 30% of all observed attacks came from
China and 13% originated from within the US
• March 2013 report (Solutionary) states that the majority of attacks on the US
are now originating in the US
20

21. China - Espionage
Source: FireEye 21

22. Espionage – China and Russia
Source: FireEye 22

23. Multi-Vector Analysis of Operation Beebus Attack
1
Key Attack Characteristics
SMTP / HTTP
Backdoor Backdoor
3
Multi-vectored attack
update.exe Apr 2011
UKNOWN Sept 2011
RHT_SalaryGuide_2012.pdf Dec 2011
Feb 2012
Mar 2012
Apr 2012
May 2012
Jul 2012
Aug 2012
Sept 2012
Nov 2012
Jan 2013
install_flash_player.tmp2
Conflict-Minerals-Overview-for-KPMG.doc
dodd-frank-conflict-minerals.doc
update.exe
Boeing_Current_Market_Outlook_…pdf
Understand your blood test report.pdf
RHT_SalaryGuide_2012.pdf
sensor environments.doc
FY2013_Budget_Request.doc
Dept of Defense FY12 …Boeing.pdf
April is the Cruelest Month.pdf
National Human Rights…China.pdf
Security Predictions…2013.pdf
rundll32.exe
UKNOWN
сообщить.doc
install_flash_player.ex
install_flash_player.tmp2
Global_A&D_outlook_2012.pdf
Defense Industry
UAV/UAS Manufacturers
Aerospace Industry
1 – Email/Web with weaponized malware
2 – Backdoor DLL dropped
3 – Encrypted callback over HTTP to C&C
2
C&C Server:
worldnews.alldownloads.ftpserver.biz
Encrypted callback
Timeline of attack – multiple vectors, multiple
campaigns
Weaponized Email
(RHT_SalaryGuide_2012.pdf)
1. Nation state driven attack using multiple vectors & files in campaigns spread over 2 years
2. Exploits known vulnerabilities in several Adobe products such as Reader and Flash Player
3. Targeted attacks - each campaign tried to compromise few specific individuals
4. Encrypted callback communications to hide exfiltrated data
Source: FireEye 23

24. China and the US Economy
Nov 2014
The US - China relationship is the most consequential in the world today period.
And it will do much to determine the shape of the 21st century.
That means we have to get it right.
~John Kerry, Secretary of State
US trade deficit with China is the largest in the world.
US imports more from China than from Canada, Mexico, Japan, and Germany.
US invests more in China, than China does in US.
You could say China is America's banker.
~CNN
24

25. You Should Care
Cyber Security and Cyber Crime are
Important Issues
It’s Bad Right Now
25

26. 26

27. Tyler/Savage Estimate of Global Cost of Cyber Crime
• Cost of genuine cybercrime
• $3.46 billion
• Cost of transitional cybercrime
• $46.60 billion
• Cost of cybercriminal infrastructure
• $24.84 billion
• Cost of traditional crimes going
cyber
• $150.20 billion
• Total = $225.10 billion
Based on 2007-2010 data, authors disinclined to aggregate 27

28. Cyber Crime Costs in 2014
• Cyber attacks on large US companies resulted in an
average of $12.7M in annual damages
– 9.7% Increase from 2013
– $1,601 Cost of damages for smaller companies per worker
– $427 Cost of damages for larger companies per worker
Ponemon Institute 2014 Cost of Cybercrime Survey
28

29. Cost Framework for Cyber Crime
Cost Framework for Cyber Crime
Internal cost activity
centres
Detection
Investigation & escalation
Containment
Recovery
Ex-post response
External consequences
and costs
Information loss or theft
Business disruption
Equipment damage
Revenue loss
Direct, indirect and
opportunity costs
associated with
cyber crimes
10/7/14 Ponemon Institute© presentation 29

30. Average annualized cost by industry sector
$1,000,000 omitted
$10.6
$9.2
$9.0
$9.3
$8.6
$6.9
$8.3
$8.1
$9.0
$8.1
$4.2
$6.3
$5.7
$6.4
$6.8
$4.7
$5.9
$6.0
$5.9
$14.5
$12.7
$20.6
$20.6
$21.9
$20.8
$26.5
$4.2
$17.6
$- $5.0 $10.0 $15.0 $20.0 $25.0 $30.0
Energy & utilities
Defense
Financial services
Technology
Communications
Transportation
Services
Retail
Industrial
Public sector
Education & research
Consumer products
Healthcare
Hospitality
Five-year average FY 2014
10/7/14 Ponemon Institute© presentation 30

31. Average annualized cyber crime cost weighted by attack
frequency
$25,110
$20,507
$22,631
$18,915
$1,819
$1,690
$1,495
$1,166
$1,166
$933
$150,539
$121,725
$146,005
$131,254
$120,519
$207,527
$182,025
$226,449
$- $50,000 $100,000 $150,000 $200,000 $250,000
Denial of service
Malicious insiders
Malicious code
Web-based attacks
Phishing & social engineering
Stolen devices
Botnets
Viruses, worms, trojans
Malware
Five-year average FY 2014
10/7/14 Ponemon Institute© presentation 31

32. Percentage cost for external consequences
40%
38%
18%
7%
2% 2%
42%
31%
17%
4%
45%
40%
35%
30%
25%
20%
15%
10%
5%
0%
Information loss Business disruption Revenue loss Equipment damages Other costs
FY 2014 Five-year average
10/7/14 Ponemon Institute© presentation 32

33. Percentage cost by activities conducted to
resolve a cyber attack
30%
19%
16%
14% 15%
14% 15%
11%
9%
26%
21%
9%
35%
30%
25%
20%
15%
10%
5%
0%
Detection Recovery Investigation Containment Ex-post response Incident mgmt
FY 2014 Five-year average
10/7/14 Ponemon Institute© presentation 33

34. Budgeted or earmarked spending according to six
IT security layers
38%
17% 16%
13%
12% 11%
6%
40%
17%
15%
10%
5%
45%
40%
35%
30%
25%
20%
15%
10%
5%
0%
Network layer Data layer Application layer Human layer Physical layer Host layer
FY 2014 FY 2013
10/7/14 Ponemon Institute© presentation 34

35. Dollar Losses from Computer Fraud Cases
IC3 report, mainly US, mainly cases referred for investigation
35

36. Contrast with FBI non-cyber crime stats:
Fewer bank robberies, less loot
7,644 7,720
6,957 7,272
Average loot
Incidents
6,182 6,071 6,062 5,628
5,086
$10,086
$8,268
$9,254
$9,996
$11,787
$10,198
$7,585 $7,643 $7,539
14,000
12,000
10,000
8,000
6,000
4,000
2,000
-
2003 2004 2005 2006 2007 2008 2009 2010 2011
36

37. Numbers Show a Harsh Reality
2/3 of U.S. firms
report that
they have been the
victim of cyber attacks
00.01 Every second 14 adults become a
40% of all IT executives
expect a major
cybersecurity incident
115% CAGR
unique malware
since 2009
victim of cyber crime
9,000+
malicious websites
identified per day
6.5x Number of cyber
attacks since 2006
95 new vulnerabilities
discovered each week
Source: FireEye 37

38. The Attacks and Weapons
38

39. Elements of Cyber Crime Operations
• Host an exploit kit on a server
• Put malware on different server
• Send malicious email linked to exploit kit
• Find holes in visiting systems
• Use holes to infect visitors with malware
• Use console on command and control box
• To steal, DDoS, spread more malware
• Use markets to sell/rent infected systems
• Use markets to sell any data you can find
39

40. The Weapons
• Botnets
– Average size is 5000 computers, some have been as large as 500,000
computers
– New command and control software allows botnet capacity leasing of
subsections of the botnet
• Phishing
– You guys *do* know what phishing is, right?
• Targeted Viruses
– Used to create quick one-time-use botnets
– Also used when specifically targeting a single site or organization
• The usual Internet attack tools
40

41. Exploit Toolkits & Malware
• In 2013, Exploit Toolkits cost between $40 and $4k
• The Malware that likely compromised Target’s POS system,
cost less than $3,000.
• 61% of all malware is based on pre-existing toolkits; upgrades
keep them current and provide additional capabilities
(“Value”)
• Toolkits used for Targeted Attacks can create custom Blog
entries, emails, IMs, & web site templates to entice targets
toward malicious links / content. (Blackhole >100k/day)
41

42. Exploit Toolkits & Malware
• Traditional attacks were loud, high volume attacks typically
stopped by threat monitoring tools
• Today’s sniper attacks use specific exploits to get clear shots at
the objective
• The convergence of Social Engineering, Social Profiling, and
Geo-Location improve attack success
• Rogue software (anti-virus, registry cleaner, machine speed
improvement, backup software, etc)
– Increase in MAC Malware (MAC Defender)
– +50% attacks on Social Media sites were Malware
42

43. Cyber Crime Tools are Readily Available
From a chart by DeepEnd Research
• Exploit Kits
• Buy or rent
• A few hundred dollars to
thousands
• Add new exploits over time
• Note all of the Java exploits
43

44. Proliferation and Variety of Exploit Kits Over Time
Markets for Cybercrime Tools and Stolen Data (RAND, 2014)
44

45. Attacks: Spam
2013 SPAM Results
• Spam is at 69% of all global email
• Phishing attacks are 1 in every 414
emails
• Email that contained a virus were 1 in
every 291
• Top Industries Attacked:
Manufacturing, Financial, Services,
Government, Energy
• Top Recipients Attacked: R&D, Sales,
C-Suite, Shared Mailbox
45

46. Attacks: Phishing / Spearing Phishing
46

47. Attacks: Ransomware
• Mobile Internet will continue to increase as it
eventually takes the place of desktop Internet.
• The illegal drug organizations are looking to Cyber
Crime to facilitate their business and expand their
operations. Your organization could be infiltrated by an
insider, socially engineered for identities and social
profiles, and potentially held hostage with
ransomeware.
• Localized Crypto-LNoactikone Srta fter aottmack sR oun Us.sSi. ain cirsea soen e
of the current Threats 47

48. Attacks: Botnets
48
 A botnet is a large number of compromised computers that are used to
create and send spam or viruses or flood a network with messages as a
denial of service attack.
 The compromised computers are called zombies

49. Attacks: Water Holing
Several attacks in 2013 were conducted by luring
victims to accept malware or follow a link to an
infected site. 4% of all email contained a
Malware or a link to and infected site.
There are 6 stages of the attack:
49

50. Attacks: Water Holing
50

51. Attacks: Water Holing – Facebook
• Typo-Squatting
• Fake Facebook Applications
• Hidden Camera Video Lure
• Celebrity Deaths
• Fake Offers & Gifts
• Browser Plugin Scams
• Fake Profile Creeper
• Blog Spam Attack
51

52. Search Engine Poisoning (SEP)
2013 saw an increase in malware infections as a result of
SEP.
• Hackers crawling current news headlines, creating
related malicious sites and conducting SEP
• Google Images – links to source photo
• Using web analytics to determine what people are
searching for
52

53. Attacks: Amplification DDoS
Attacker Amplifier Victim
C.Rossow – Amplification DDoS Attacks: Defenses for Vulnerable Protocols 53

54. DDOS - 14 Network Protocols Vulnerable to Amplification
54
‘87
’90
‘88
‘87
‘99 ‘83
‘83 ‘99
2003
2001
2002
C.Rossow – Amplification DDoS Attacks: Defenses for Vulnerable Protocols

55. DDOS - Amplification Attacks in Practice
55
Cloudflare Blog post, February 2014
Cloudflare Blog post, March 2013
C.Rossow – Amplification DDoS Attacks: Defenses for Vulnerable Protocols

56. November 2014 Massive Website Attack on One Company
56

57. Attacks: Remote Access Tools (RATs)
• RATs and Remote Server Administration Tools
– Avoid using remote administration tools on point-of-sale devices
• Severely lock them down with strong passwords and use other strong security
controls
– Crooks exploit vulnerabilities or use weak/default credentials
– Verizon and Trustwave findings:
• Remote access tools installed on the point-of-sale device are the leading cause of
card data breaches
• Attackers scan Internet for remote administration software and then use
automated tools to break-in
• Symantec pcAnywhere
– January 2012, Symantec acknowledged that hackers stole the source code
– Urged users to either update the software or remove the program altogether
57

59. Attack: Passwords
//Passwords are the new perimeter
• Passwords are weak
• Use multi-factor authentication as much as you can
• Obey common good practices for administrative
accounts
• Do not reuse passwords on multiple sites
– Utilize a password wallet
– Utilize privileged account vault
• Obey common good practices for passwords
• Be mindful what email account resets account password
59

60. Underground Dump store - McDumpals
krebsonsecurity.com 60

61. 61

62. 62

63. 63

64. 64

65. Underground Stolen Medical Records for Sale
9/14 Medical
records being sold
in bulk for as little
as $6.40 apiece
krebsonsecurity.com 65

66. Imperial Russia:
Ad selling medical and financial records stolen
66

67. ID Theft Service - Superget.info
krebsonsecurity.com 67

68. Fraud Forum: Point-and-Click Tools for Sale
krebsonsecurity.com 68

69. Example - Internet Black Market Pricing Guide
• Exploit code for known flaw
– $100-$500 if no exploit code exists
– Price drops to $0 after exploit code is “public”
• Exploit code for unknown flaw - $1000-$5000
– Buyers include iDefense, Russian Mafia, Chinese and French governments,
etc
• List of 5000 IP addresses of computers infected with spyware/trojan
for remote control - $150-$500
• List of 1000 working credit card numbers - $500-$5000
– Price has increased since Operation Firewall
• Annual salary of a top-end skilled black hat hacker working for
spammers - $100K-$200K
69

70. Contents used with permission from FireEye.

71. ~80%
of companies are
compromised!
Contents used with permission from FireEye.

72. Value of a Hacked Email Account
krebsonsecurity.com
Crime shops charge between $1 to $3 for active accounts at dell.com, overstock.com, walmart.com, tesco.com,
bestbuy.com and target.com, to name just a few
72

73. The Scrap Value of a Hacked PC
Your life
commoditized
krebsonsecurity.com 73

74. Value of a Hacked Smart Mobile Device
74

75. Problems with Cyber Security
Executive and Business Issues:
• Under investing on Information Security
• Security needs Board and Senior Team visibility
– Boards and Senior Team need cyber education
• Use your CISO (if you have one)
• Need to think more broadly on the ecosystem
– Critical security decisions are missing in Product and
Services Teams
• Associated with revenue
• Where is cyber security thinking pre-launch?
75

76. Problems with Cyber Security
Problems with Infosec:
• The bad guys have the upper hand
– Only need to find one way in
– Mostly exploit the weakest link – People
– Security is not built-in to most products and services by default
• Security is a People, Process, and then Technology problem
– Security is not a Product
• Focus misplaced on Compliance only
– Problem is shared with Audit and Compliance teams
• Need to learn from others’ mistakes
– Lots of examples
• Breaches - Root Cause Analysis and Post Incident Review
– Information Sharing & Analysis Centers (ISACs)
76

77. Learning From Other’s Mistakes
• Target breach clean up estimated at $100M
• The Home Depot breach clean up estimated at $62M
“If I only got a fraction of that annually.”
~anonymous CISO 77

78. Learning From Other’s Mistakes
Root Cause / Post Incident Review
• How did these companies get hacked?
• What did the intruders do once in?
• Did they take anything?
//Who knows what really happened?
78

79. The REAL Big Data for Infosec, BUT need more
79

80. Percentage annualized cyber crime cost by attack type
5%
4%
4%
4%
6%
9%
8%
10%
10%
13%
14%
13%
19%
18%
24%
23%
6%
12%
0% 5% 10% 15% 20% 25% 30%
Malicious code
Denial of services
Web-based attacks
Phishing & social engineering
Stolen devices
Malicious insiders
Malware
Viruses, worms, trojans
Botnets
Five-year average FY 2014
10/7/14 Ponemon Institute© presentation 80

81. Verizon 2014 Data Breach Investigations Report
81

82. Problems with Detection
Mandiant appears to have more solid data on nation-state attacks 82

83. Problems with Detection
Verizon 2014 DBIR 170 days to detect an attack
31 days on average to resolve cyber attacks
• $21,000 cost per day to resolve
• Insider attacks took the longest time to resolve
2014 Cost of Cybercrime Survey
Ponemon Institute
There is data is out there.
There is a lot of data that is not collected.
There is a lot of data that is not out there and stays protected.
83
Verizon appears to have more solid data on merchant/commercial attacks

84. What Can You Do About This
• Be Better Prepared
• Acknowledge You’re Not Doing Enough
• Acknowledge You Need Help
84

85. Doomsday and Naked and Afraid Criteria
0-100 Scale:
1- Food (renewable)
2- Water
3- Shelter
4- Security
5- X-Factor
0-10 Rating Scale:
Primitive Survival Rating (PSR)
Novice--Intermediate--Expert
85
5 Functions Low, Medium, and High
Notice a Pattern Forming?

86. Framework for Defensible Cyber Security
NIST Cyber Security Framework
• Highlights 5 security standards
– ISOIEC 27001, COBIT, NIST 800-53, CCS SANS 20, ISAIEC 62443
• Risk-based
– ISO 31000, ISOIEC 27005, NIST 800-39, ECS RMP
• Framework Core - 5 Functions
– Identify, Protect, Detect, Respond, Recover
– 98 Outcomes (Expectations of Security)
• Tiers and Profiles
– Partial (Tier 1) to Adaptive (Tier 4)
• Criteria for cyber success
– Used by Insurance companies
– Used in SEC cyber security examination blueprint
Security is a journey
and not a destination
86

87. Due Care and Heightened Expectations
Refers to the effort made by an ordinarily prudent or reasonable
party to avoid harm to another, taking the circumstances into
account.
Refers to the level of judgment, care, prudence, determination,
and activity that a person would reasonably be expected to do
under particular circumstances.
87

88. Cyber Security Framework of Success
Risk Management
NIST CSF
We will bankrupt ourselves in the vain search for absolute security. ~Dwight D. Eisenhower
88

89. The Defender’s Advantage
Learning from the past – Implementing Cyber Kill Chain
Should Be Your Infosec Team’s Mindset
89

90. The Attack Life Cycle – Multiple Stages
1 Exploitation of system
2 Malware executable download
3 Callbacks and control established
Compromised
Web server, or
Web 2.0 site
1
Callback Server
IPS
2 3
4 Data exfiltration
Malware spreads laterally
5
File Share 2
5
File Share 1
4
Breach detection is critical
Assume that you’ve been compromised
90

91. The Defender’s Advantage
One person's "paranoia" is another person's "engineering redundancy.“
~Marcus J. Ranum
91

92. What Defenders Need to Know
• The type of cyber crime to expect
• This is one area where we do have data
• Strategy to defend against them
• A layered defense
92

93. Our Users and Current Culture
The user's going to pick dancing pigs over security every time.
— Bruce Schneier
If you reveal your secrets to the wind, you should not blame the wind for
revealing them to the trees.
— Kahlil Gibran
93
Our Weakest Link

94. What Leaders Can Do to Help
Educate, inspire, and demand
real change towards the culture of security
Security is Everyone’s Job
94

95. </What is Needed>
• Organization visibility and agility for security
• Seek thought leadership (a CISO)
– Security needs visibility to senior team and Board
• Wisely invest in defensible security
• Follow a risk-based approach
• Follow a structured methodology like the NIST CSF
– Use the data available to fine-tune defenses
– Learn from your mistakes and other’s mistakes
– Plan and test security operations and response
• Knowledge is Power
– Getting hacked is a matter of When not If
– Security is a Journey, not a Destination
– Security is Everyone's Job
– Security is a team sport – It takes the village to be successful
– Reality-check: A child can be the adversary 95

96. Security used to be an inconvenience sometimes, but now it's a necessity all the time.
~Martina Navratilova after the stabbing of Monica Seles by a fan of Steffi Graf, 1993
Phil Agcaoili
Co-Founder & Board Member, Southern CISO Security Council
Distinguished Fellow and Fellows Chairman, Ponemon Institute
Founding Member, Cloud Security Alliance (CSA)
Inventor & Co-Author, CSA Cloud Controls Matrix,
GRC Stack, Security, Trust and Assurance Registry (STAR), and
CSA Open Certification Framework (OCF)
Contributor, NIST Cybersecurity Framework version 1
@hacksec
https://www.linkedin.com/in/philA
96