Redspin, Inc., profile picture
Uploaded byRedspin, Inc.
PDF, PPTX588 views

Financial institution security top it security risk

The document outlines the top IT security risks for financial institutions in 2011, highlighting issues such as mobile devices, wireless security, social media risks, and vendor management. It emphasizes the importance of systematic risk management and cites examples of recent breaches to illustrate vulnerabilities. Additionally, it stresses the need for robust mobile device security policies and effective testing programs.

Technology
Related topics:
IT Security

Embed presentation

Download as PDF, PPTX
Financial Institution Security Top IT Security Risk April 13, 2011 - John Abraham
Issue 1: Systematic Risk Management Focus, focus, focus
Source: ISO 27001, NIST SP 800-39, PCI DSS, FFIEC, COBIT, 3 HIPAA - Administrative Safeguards (§164.308), ...
4
Issue 2: Mobile Devices in the Enterprise
Issue 3: Wireless
Issue 4: Social Media Information Disclosure
Issue 5: Virtualization Sprawl
Issue 6: rd 3 -Party Mobile Applications Patch Management + Mobile Applications = Danger!
Issue 7: Vendor Management The days of “Oops, it was the vendor” being a valid excuse for a data breach are long over.
Issue 8: SQL Injection Never trust the user!
Issue 9: Inadequate Testing Programs Existence does not equal Effective
14
PIX Version 6.3(5) interface ethernet0 auto interface ethernet1 auto interface ethernet2 auto nameif ethernet0 outside security0 nameif ethernet1 inside security100 nameif ethernet2 dmz security50 ... access-list out permit tcp any host 10.0.0.15 eq smtp access-list out permit tcp any host 10.0.0.15 eq www access-list dmz permit ip host 192.168.0.13 172.16.0.0 255.255.255.0 access-list dmz deny ip 192.168.0.0 255.255.255.0 172.16.0.0 255.255.255.0 access-list dmz permit tcp host 192.168.0.13 172.16.0.0 255.255.255.0 eq smtp access-list in deny tcp host 172.16.0.2 host 192.168.0.13 eq ftp access-list in permit tcp 172.16.0.0 255.255.255.0 any eq www access-list in permit tcp 172.16.0.0 255.255.255.0 any eq https access-list in permit tcp 172.16.0.0 255.255.255.0 any eq 37 access-list in permit udp 172.16.0.0 255.255.255.0 any eq time access-list in permit udp 172.16.0.0 255.255.255.0 any eq domain access-list in permit udp 172.16.0.0 255.255.255.0 any eq telnet access-list in permit tcp 172.16.0.0 255.255.255.0 any eq ssh access-list in permit tcp 172.16.0.0 255.255.255.0 any eq daytime access-list in permit tcp 172.16.0.0 255.255.255.0 host 192.168.0.13 eq www access-list in permit tcp 172.16.0.0 255.255.255.0 host 192.168.0.13 eq https ... ip address outside 10.0.0.2 255.255.255.0 ip address inside 172.16.0.2 255.255.255.0 ip address dmz 192.168.0.1 255.255.255.0 ip audit info action alarm ip audit attack action alarm pdm history enable arp timeout 14400 global (outside) 1 10.0.0.3 nat (inside) 1 172.16.0.0 255.255.255.0 0 0 static (dmz,outside) 10.0.0.15 192.168.0.13 netmask 255.255.255.255 0 0 access-group out in interface outside access-group in in interface inside access-group dmz in interface dmz ... 15
PIX Version 6.3(5) interface ethernet0 auto interface ethernet1 auto interface ethernet2 auto nameif ethernet0 outside security0 nameif ethernet1 inside security100 nameif ethernet2 dmz security50 ... access-list out permit tcp any host 10.0.0.15 eq smtp access-list out permit tcp any host 10.0.0.15 eq www access-list dmz permit ip host 192.168.0.13 172.16.0.0 255.255.255.0 access-list dmz deny ip 192.168.0.0 255.255.255.0 172.16.0.0 255.255.255.0 access-list dmz permit tcp host 192.168.0.13 172.16.0.0 255.255.255.0 eq smtp access-list in deny tcp host 172.16.0.2 host 192.168.0.13 eq ftp access-list in permit tcp 172.16.0.0 255.255.255.0 any eq www access-list in permit tcp 172.16.0.0 255.255.255.0 any eq https access-list in permit tcp 172.16.0.0 255.255.255.0 any eq 37 access-list in permit udp 172.16.0.0 255.255.255.0 any eq time access-list in permit udp 172.16.0.0 255.255.255.0 any eq domain access-list in permit udp 172.16.0.0 255.255.255.0 any eq telnet access-list in permit tcp 172.16.0.0 255.255.255.0 any eq ssh access-list in permit tcp 172.16.0.0 255.255.255.0 any eq daytime access-list in permit tcp 172.16.0.0 255.255.255.0 host 192.168.0.13 eq www access-list in permit tcp 172.16.0.0 255.255.255.0 host 192.168.0.13 eq https ... ip address outside 10.0.0.2 255.255.255.0 ip address inside 172.16.0.2 255.255.255.0 ip address dmz 192.168.0.1 255.255.255.0 ip audit info action alarm ip audit attack action alarm pdm history enable arp timeout 14400 global (outside) 1 10.0.0.3 nat (inside) 1 172.16.0.0 255.255.255.0 0 0 static (dmz,outside) 10.0.0.15 192.168.0.13 netmask 255.255.255.255 0 0 access-group out in interface outside access-group in in interface inside access-group dmz in interface dmz ... 16
+ + Free USB Drives
Issue 10: Social Engineering... phishing Our testing shows:  30% failure rate Recent news:  Epsilon breach  RSA Security breach
Issue 10.5: Lack of Mobile Device Security Policy Policy components:  Access control  Authentication  Encryption  Incident response  Training & awareness  Vulnerability management
{ Thanks! } John Abraham jabraham@redspin.com 805-705-8040 (mobile)
Summary: Top Security Risks for 2011  Risk Management  Mobile Devices in the Enterprise  Wireless  Social Media Information Disclosure  Virtualization Sprawl  3rd-Party Mobile Applications  Vendor Management  SQL Injection  Inadequate Testing Programs  Social Engineering  Mobile Device Security Policy
And from last year: Don't forget about....  Faulty DMZs  Virus protection  Encryption
Financial institution security top it security risk
Financial institution security top it security risk

More Related Content

PDF
Redspin Webinar Business Associate Risk
byRedspin, Inc.
 
PDF
Redspin & Phyllis and Associates Webinar- HIPAA,HITECH,Meaninful Use,IT Security
byRedspin, Inc.
 
PDF
HIPAA Security Audits in 2012-What to Expect. Are You Ready?
byRedspin, Inc.
 
PPT
Ict Compliance (Sept 2004)
byLance Michalson
 
PDF
Aon Ransomware Response and Mitigation Strategies
byCSNP
 
DOCX
Sec440: Server Malware Protection Policy
byThomas Christopher Ty
 
PDF
BEA Presentation
byGlenn E. Davis
 
PDF
State of Security
by- Mark - Fullbright
 
Redspin Webinar Business Associate Risk
byRedspin, Inc.
 
Redspin & Phyllis and Associates Webinar- HIPAA,HITECH,Meaninful Use,IT Security
byRedspin, Inc.
 
HIPAA Security Audits in 2012-What to Expect. Are You Ready?
byRedspin, Inc.
 
Ict Compliance (Sept 2004)
byLance Michalson
 
Aon Ransomware Response and Mitigation Strategies
byCSNP
 
Sec440: Server Malware Protection Policy
byThomas Christopher Ty
 
BEA Presentation
byGlenn E. Davis
 
State of Security
by- Mark - Fullbright
 

Viewers also liked

PPT
Financial Institutions
byIsmatullah Butt
 
PPTX
Primary market
byChhitiz Shrestha
 
PDF
Mergers & Acquisitions- Arpita Mehrotra
byarpitamehrotra
 
PPT
Interest Rate Risk And Management
bycatelong
 
PPT
Risk management in financial institution
byUjjwal 'Shanu'
 
PPT
Chapter 24_Risk Management in Financial Institutions
byRusman Mukhlis
 
PDF
TEDx Manchester: AI & The Future of Work
byVolker Hirsch
 
Financial Institutions
byIsmatullah Butt
 
Primary market
byChhitiz Shrestha
 
Mergers & Acquisitions- Arpita Mehrotra
byarpitamehrotra
 
Interest Rate Risk And Management
bycatelong
 
Risk management in financial institution
byUjjwal 'Shanu'
 
Chapter 24_Risk Management in Financial Institutions
byRusman Mukhlis
 
TEDx Manchester: AI & The Future of Work
byVolker Hirsch
 

Similar to Financial institution security top it security risk

PDF
Information Security Risk Management
byipspat
 
PDF
CompTIA Security+ All in One Exam Guide, Fifth Edition (Exam SY0 501) 5th Edi...
byhadorngamid60
 
PPTX
Software Security and IDS.pptx
byMuhib Ahmad Sherwani
 
PDF
Issa chicago next generation tokenization ulf mattsson apr 2011
byUlf Mattsson
 
PPTX
Network Design and Security Best Practices
byMike Sherwood
 
PPT
Lec 1 apln security(4pd)
bySantosh Khadsare
 
PDF
Panel Discussion: Small Steps for USGv6 a giant leap for Internet-kind? with ...
bygogo6
 
PPTX
Check Point75 Makes3 D Security A Reality Q22011
bychaucheckpoint
 
PDF
Application Of An Operating System Security
byAmber Wheeler
 
PDF
HTLV - DSS @Vilnius 2010
byAndris Soroka
 
PPT
Audit of it infrastructure
bypramod_kmr73
 
PDF
IT infrastructure security 101
byApril Mardock CISSP
 
PPSX
3 Telecom+Network Part1
byAlfred Ouyang
 
PDF
It's 2012 and My Network Got Hacked - Omar Santos
bysantosomar
 
PPTX
PACE-IT: Common Network Security Issues
byPace IT at Edmonds Community College
 
PPTX
Access Control Models Methodology Practices
byharshadrai2
 
PDF
Data Security And The Security
byRachel Phillips
 
PDF
ISSA: Cloud data security
byUlf Mattsson
 
PPT
Module - 3 - Device Configuration ISM.ppt
byAvinashAvuthu2
 
PPT
Chapter14 -- networking security
byRaja Waseem Akhtar
 
Information Security Risk Management
byipspat
 
CompTIA Security+ All in One Exam Guide, Fifth Edition (Exam SY0 501) 5th Edi...
byhadorngamid60
 
Software Security and IDS.pptx
byMuhib Ahmad Sherwani
 
Issa chicago next generation tokenization ulf mattsson apr 2011
byUlf Mattsson
 
Network Design and Security Best Practices
byMike Sherwood
 
Lec 1 apln security(4pd)
bySantosh Khadsare
 
Panel Discussion: Small Steps for USGv6 a giant leap for Internet-kind? with ...
bygogo6
 
Check Point75 Makes3 D Security A Reality Q22011
bychaucheckpoint
 
Application Of An Operating System Security
byAmber Wheeler
 
HTLV - DSS @Vilnius 2010
byAndris Soroka
 
Audit of it infrastructure
bypramod_kmr73
 
IT infrastructure security 101
byApril Mardock CISSP
 
3 Telecom+Network Part1
byAlfred Ouyang
 
It's 2012 and My Network Got Hacked - Omar Santos
bysantosomar
 
PACE-IT: Common Network Security Issues
byPace IT at Edmonds Community College
 
Access Control Models Methodology Practices
byharshadrai2
 
Data Security And The Security
byRachel Phillips
 
ISSA: Cloud data security
byUlf Mattsson
 
Module - 3 - Device Configuration ISM.ppt
byAvinashAvuthu2
 
Chapter14 -- networking security
byRaja Waseem Akhtar
 

More from Redspin, Inc.

PPTX
HIPAA Security Risk Analysis for Business Associates
byRedspin, Inc.
 
PDF
Redspin PHI Breach Report 2012
byRedspin, Inc.
 
PDF
HIPAA Enforcement Heats Up in the Coldest State
byRedspin, Inc.
 
PDF
Official HIPAA Compliance Audit Protocol Published
byRedspin, Inc.
 
DOC
Stage 2 Meaningful Use Debuts in Las Vegas (Finally!)
byRedspin, Inc.
 
PDF
Healthcare IT Security Who's Responsible, Really?
byRedspin, Inc.
 
DOC
Healthcare IT Security - Who's responsible, really?
byRedspin, Inc.
 
PDF
Redspin Webinar - Prepare for a HIPAA Security Risk Analysis
byRedspin, Inc.
 
DOC
Redspin HIPAA Security Risk Analysis RFP Template
byRedspin, Inc.
 
DOC
Mobile Device Security Policy
byRedspin, Inc.
 
PDF
Managing Windows User Accounts via the Commandline
byRedspin, Inc.
 
PDF
Redspin February 17 2011 Webinar - Meaningful Use
byRedspin, Inc.
 
PDF
Redspin Report - Protected Health Information 2010 Breach Report
byRedspin, Inc.
 
PDF
Email hacking husband faces felony
byRedspin, Inc.
 
PDF
Meaningful use, risk analysis and protecting electronic health information
byRedspin, Inc.
 
PDF
Understanding the Experian independent third party assessment (EI3PA ) requir...
byRedspin, Inc.
 
PDF
Top 10 IT Security Issues 2011
byRedspin, Inc.
 
PDF
Beginner's Guide to the nmap Scripting Engine - Redspin Engineer, David Shaw
byRedspin, Inc.
 
PDF
Ensuring Security and Privacy in the HIE Market - Redspin Information Security
byRedspin, Inc.
 
PDF
Mapping Application Security to Business Value - Redspin Information Security
byRedspin, Inc.
 
HIPAA Security Risk Analysis for Business Associates
byRedspin, Inc.
 
Redspin PHI Breach Report 2012
byRedspin, Inc.
 
HIPAA Enforcement Heats Up in the Coldest State
byRedspin, Inc.
 
Official HIPAA Compliance Audit Protocol Published
byRedspin, Inc.
 
Stage 2 Meaningful Use Debuts in Las Vegas (Finally!)
byRedspin, Inc.
 
Healthcare IT Security Who's Responsible, Really?
byRedspin, Inc.
 
Healthcare IT Security - Who's responsible, really?
byRedspin, Inc.
 
Redspin Webinar - Prepare for a HIPAA Security Risk Analysis
byRedspin, Inc.
 
Redspin HIPAA Security Risk Analysis RFP Template
byRedspin, Inc.
 
Mobile Device Security Policy
byRedspin, Inc.
 
Managing Windows User Accounts via the Commandline
byRedspin, Inc.
 
Redspin February 17 2011 Webinar - Meaningful Use
byRedspin, Inc.
 
Redspin Report - Protected Health Information 2010 Breach Report
byRedspin, Inc.
 
Email hacking husband faces felony
byRedspin, Inc.
 
Meaningful use, risk analysis and protecting electronic health information
byRedspin, Inc.
 
Understanding the Experian independent third party assessment (EI3PA ) requir...
byRedspin, Inc.
 
Top 10 IT Security Issues 2011
byRedspin, Inc.
 
Beginner's Guide to the nmap Scripting Engine - Redspin Engineer, David Shaw
byRedspin, Inc.
 
Ensuring Security and Privacy in the HIE Market - Redspin Information Security
byRedspin, Inc.
 
Mapping Application Security to Business Value - Redspin Information Security
byRedspin, Inc.
 

Recently uploaded

PDF
How PayPal Account Verification Works – Complete Guide for Online Businesses
byjhdhj3989
 
PDF
5G Explained! A High Level Overview [Introduction]
byLuciano Motta
 
PDF
apidays Australia 2025 | The Strategic Role of APIs in Digital Transformation
byapidays
 
PDF
How the EU Ecolabel's Record Growth Creates ESG Opportunities for CRE
byWastify AI
 
PPTX
6G and Non-Terrestrial Networks (NTN) Testing.pptx
byXRComm
 
PDF
Why Are Cloud Migration Services Essential for Modern Business Growth?
byGeoPITS Global Pvt Ltd
 
PDF
Getting the Best of TrueDEM – January News & Updates
bypanagenda
 
PDF
Computer Science Conferences 2026 | Research by SAI Conference
byHealth Conference 2026
 
PDF
Router-DHCP-Printer-SharingRouter-DHCP-Printer-Sharing
byarbendi2160
 
PPTX
Strategic Shelf Planning for the New Year Turning Resolutions into Revenue .pptx
byAnoop Ashok
 
PPTX
API Gateway Architecture - Technical Report 2026
byPowersoft2026
 
PDF
What ONIX can do: Leveraging metadata to support the discoverability of First...
byBookNet Canada
 
PPTX
apidays Australia 2025 | Building AI RAG Applications with No Code.pptx
byapidays
 
PDF
CISO_2027_Playbook: Sovereign AI Resilience & Quantum-Proof Identity
bySaraDavis91
 
PPTX
Spacecraft Guidance Quick Research Guide by Arthur Morgan
byArthur Morgan
 
PDF
Deploying Windows Clients & Managing Identities
byVICTOR MAESTRE RAMIREZ
 
PDF
Teaching Robots how to Read 1/2: AI Center & Classic Document Understanding (...
byanabulhac
 
PDF
How to Build a Crypto Wallet that Excels in 2026.pdf
byimoliviabennett
 
PPTX
Single Cell Protein from Methane or Methanol - Process development research c...
byJohn Downs
 
DOCX
Best Web to Learn About Buying Verified Skrill Accounts (Los Angeles).docx
byhttps://topsellerit.com/product/buy-verified-binance-accounts/
 
How PayPal Account Verification Works – Complete Guide for Online Businesses
byjhdhj3989
 
5G Explained! A High Level Overview [Introduction]
byLuciano Motta
 
apidays Australia 2025 | The Strategic Role of APIs in Digital Transformation
byapidays
 
How the EU Ecolabel's Record Growth Creates ESG Opportunities for CRE
byWastify AI
 
6G and Non-Terrestrial Networks (NTN) Testing.pptx
byXRComm
 
Why Are Cloud Migration Services Essential for Modern Business Growth?
byGeoPITS Global Pvt Ltd
 
Getting the Best of TrueDEM – January News & Updates
bypanagenda
 
Computer Science Conferences 2026 | Research by SAI Conference
byHealth Conference 2026
 
Router-DHCP-Printer-SharingRouter-DHCP-Printer-Sharing
byarbendi2160
 
Strategic Shelf Planning for the New Year Turning Resolutions into Revenue .pptx
byAnoop Ashok
 
API Gateway Architecture - Technical Report 2026
byPowersoft2026
 
What ONIX can do: Leveraging metadata to support the discoverability of First...
byBookNet Canada
 
apidays Australia 2025 | Building AI RAG Applications with No Code.pptx
byapidays
 
CISO_2027_Playbook: Sovereign AI Resilience & Quantum-Proof Identity
bySaraDavis91
 
Spacecraft Guidance Quick Research Guide by Arthur Morgan
byArthur Morgan
 
Deploying Windows Clients & Managing Identities
byVICTOR MAESTRE RAMIREZ
 
Teaching Robots how to Read 1/2: AI Center & Classic Document Understanding (...
byanabulhac
 
How to Build a Crypto Wallet that Excels in 2026.pdf
byimoliviabennett
 
Single Cell Protein from Methane or Methanol - Process development research c...
byJohn Downs
 
Best Web to Learn About Buying Verified Skrill Accounts (Los Angeles).docx
byhttps://topsellerit.com/product/buy-verified-binance-accounts/
 

Financial institution security top it security risk

  • 1.
    Financial Institution Security TopIT Security Risk April 13, 2011 - John Abraham
  • 2.
    Issue 1: Systematic RiskManagement Focus, focus, focus
  • 3.
    Source: ISO 27001,NIST SP 800-39, PCI DSS, FFIEC, COBIT, 3 HIPAA - Administrative Safeguards (§164.308), ...
  • 4.
  • 5.
    Issue 2: Mobile Devicesin the Enterprise
  • 7.
  • 8.
    Issue 4: Social MediaInformation Disclosure
  • 9.
  • 10.
    Issue 6: rd 3 -Party Mobile Applications Patch Management + Mobile Applications = Danger!
  • 11.
    Issue 7: Vendor Management The days of “Oops, it was the vendor” being a valid excuse for a data breach are long over.
  • 12.
    Issue 8: SQL Injection Never trust the user!
  • 13.
    Issue 9: Inadequate TestingPrograms Existence does not equal Effective
  • 14.
  • 15.
    PIX Version 6.3(5) interfaceethernet0 auto interface ethernet1 auto interface ethernet2 auto nameif ethernet0 outside security0 nameif ethernet1 inside security100 nameif ethernet2 dmz security50 ... access-list out permit tcp any host 10.0.0.15 eq smtp access-list out permit tcp any host 10.0.0.15 eq www access-list dmz permit ip host 192.168.0.13 172.16.0.0 255.255.255.0 access-list dmz deny ip 192.168.0.0 255.255.255.0 172.16.0.0 255.255.255.0 access-list dmz permit tcp host 192.168.0.13 172.16.0.0 255.255.255.0 eq smtp access-list in deny tcp host 172.16.0.2 host 192.168.0.13 eq ftp access-list in permit tcp 172.16.0.0 255.255.255.0 any eq www access-list in permit tcp 172.16.0.0 255.255.255.0 any eq https access-list in permit tcp 172.16.0.0 255.255.255.0 any eq 37 access-list in permit udp 172.16.0.0 255.255.255.0 any eq time access-list in permit udp 172.16.0.0 255.255.255.0 any eq domain access-list in permit udp 172.16.0.0 255.255.255.0 any eq telnet access-list in permit tcp 172.16.0.0 255.255.255.0 any eq ssh access-list in permit tcp 172.16.0.0 255.255.255.0 any eq daytime access-list in permit tcp 172.16.0.0 255.255.255.0 host 192.168.0.13 eq www access-list in permit tcp 172.16.0.0 255.255.255.0 host 192.168.0.13 eq https ... ip address outside 10.0.0.2 255.255.255.0 ip address inside 172.16.0.2 255.255.255.0 ip address dmz 192.168.0.1 255.255.255.0 ip audit info action alarm ip audit attack action alarm pdm history enable arp timeout 14400 global (outside) 1 10.0.0.3 nat (inside) 1 172.16.0.0 255.255.255.0 0 0 static (dmz,outside) 10.0.0.15 192.168.0.13 netmask 255.255.255.255 0 0 access-group out in interface outside access-group in in interface inside access-group dmz in interface dmz ... 15
  • 16.
    PIX Version 6.3(5) interfaceethernet0 auto interface ethernet1 auto interface ethernet2 auto nameif ethernet0 outside security0 nameif ethernet1 inside security100 nameif ethernet2 dmz security50 ... access-list out permit tcp any host 10.0.0.15 eq smtp access-list out permit tcp any host 10.0.0.15 eq www access-list dmz permit ip host 192.168.0.13 172.16.0.0 255.255.255.0 access-list dmz deny ip 192.168.0.0 255.255.255.0 172.16.0.0 255.255.255.0 access-list dmz permit tcp host 192.168.0.13 172.16.0.0 255.255.255.0 eq smtp access-list in deny tcp host 172.16.0.2 host 192.168.0.13 eq ftp access-list in permit tcp 172.16.0.0 255.255.255.0 any eq www access-list in permit tcp 172.16.0.0 255.255.255.0 any eq https access-list in permit tcp 172.16.0.0 255.255.255.0 any eq 37 access-list in permit udp 172.16.0.0 255.255.255.0 any eq time access-list in permit udp 172.16.0.0 255.255.255.0 any eq domain access-list in permit udp 172.16.0.0 255.255.255.0 any eq telnet access-list in permit tcp 172.16.0.0 255.255.255.0 any eq ssh access-list in permit tcp 172.16.0.0 255.255.255.0 any eq daytime access-list in permit tcp 172.16.0.0 255.255.255.0 host 192.168.0.13 eq www access-list in permit tcp 172.16.0.0 255.255.255.0 host 192.168.0.13 eq https ... ip address outside 10.0.0.2 255.255.255.0 ip address inside 172.16.0.2 255.255.255.0 ip address dmz 192.168.0.1 255.255.255.0 ip audit info action alarm ip audit attack action alarm pdm history enable arp timeout 14400 global (outside) 1 10.0.0.3 nat (inside) 1 172.16.0.0 255.255.255.0 0 0 static (dmz,outside) 10.0.0.15 192.168.0.13 netmask 255.255.255.255 0 0 access-group out in interface outside access-group in in interface inside access-group dmz in interface dmz ... 16
  • 17.
    + + Free USB Drives
  • 19.
    Issue 10: Social Engineering...phishing Our testing shows:  30% failure rate Recent news:  Epsilon breach  RSA Security breach
  • 20.
    Issue 10.5: Lack ofMobile Device Security Policy Policy components:  Access control  Authentication  Encryption  Incident response  Training & awareness  Vulnerability management
  • 21.
    { Thanks! } John Abraham jabraham@redspin.com 805-705-8040 (mobile)
  • 22.
    Summary: Top Security Risksfor 2011  Risk Management  Mobile Devices in the Enterprise  Wireless  Social Media Information Disclosure  Virtualization Sprawl  3rd-Party Mobile Applications  Vendor Management  SQL Injection  Inadequate Testing Programs  Social Engineering  Mobile Device Security Policy
  • 23.
    And from lastyear: Don't forget about....  Faulty DMZs  Virus protection  Encryption