The document discusses how Heartland Payment Systems rebuilt controls and confidence after a major data breach in 2008-2009. It provides an overview of Heartland, details of the breach which involved an SQL injection that led to a network penetration, and the steps taken in response. This included notifying customers and law enforcement, regaining PCI compliance, and establishing an information sharing council. It also discusses current security threats, mitigation strategies like data encryption, and statistics on breach trends and common causes. The key points are that transparency and security improvements were central to rebuilding trust after the breach.
AscendancyFx is building an e-currency mining farm using the latest technology to become a leading player in the e-currency market. The company mines bitcoin and litecoin, exchanges them for dollars, and reinvests the profits to grow the business. E-currencies have value as a currency for transactions, equity that grows as the ecosystem grows, and as a social network. The company's process involves mining e-currencies 24/7, banking them daily, exchanging a percentage for cash weekly, and reinvesting 20% of profits into new technology.
This document provides the draft agenda for the Future-proofing your streamlined, compliant and cost-effective data strategy conference taking place on November 10-11, 2015 in London. The agenda includes keynote speeches and panel discussions on topics related to data strategy, governance, market data, client data, and regulatory compliance. Speakers listed are Chief Data Officers and leaders from banks, asset managers, regulators, and technology companies. The document outlines the schedule, with sessions split across three concurrent streams and an interactive stream on both days of the conference.
Short term business visitors managing risk and driving value for your businessKaty Bond
Grant Thornton provides solutions to help companies track and manage their short term business visitors (STBVs) in order to reduce risks related to tax, immigration, and locating employees during a crisis. Their approach involves analyzing a company's current STBV processes, designing and implementing a tracking technology solution, and establishing reporting and analysis to help make informed business decisions. Their PinPoint Travel Calendar tool allows users to view travel data, set up custom logic and alerts, and generate automatic reports.
The document discusses how four key forces - digital technologies, big data and analytics, risk management, and stakeholder demands - are transforming the finance function. It outlines seven steps for the finance function to evolve as an agent of change: 1) Re-align the operating model 2) Drive integration 3) Raise new finance talent 4) Reimagine processes 5) Automate reporting 6) Use dynamic planning 7) Leverage big data analytics. The finance function needs to rapidly adapt to these changes and leverage new technologies in order to provide value through innovation rather than just reporting.
Big Data in Financial Services: How to Improve Performance with Data-Driven D...Perficient, Inc.
Most banking and financial services organizations have only scratched the surface of leveraging customer data to transform their business, realize new revenue opportunities, manage risk and address customer loyalty. Yet a business’s digital footprint continues to evolve as automated payments, location-based purchases, and unstructured customer communications continue to influence the technology landscape for financial services.
M&A in the IT Services sector has traditionally been relatively slow and far lower values than the rest of the high flying tech sector. Today, deal flow is accelerating for the services companies with the right profile. Does your company match that profile? What are buyers looking for when it comes to acquiring an IT services company? What factor does target market play? What about geography? This Market Spotlight webcast brings together buyers, sellers, bankers and investors to answer these questions and more.
84.6% of responding C-suite and other executive feel confident in their organizations’ abilities to manage cash and liquidity, according to a Deloitte poll conducted on Oct. 15, 2020. But as uncertainty persists, it’s important for organizations to continue to improve and strengthen their cash and liquidity management abilities so as not to provide a false sense of security.
Cracking the Code: Data Science Tackles Investment ManagementSharala Axryd
The document discusses how data science can be used to enhance investment management operations. It describes how machine learning algorithms can be used to power robo advisors that provide tailored investment recommendations to clients based on their risk tolerance, behavior, and preferences. Neural networks can also be used for fraud detection by analyzing customer behavior and transactions to identify suspicious activities. Predictive analytics uses historical data to build models to analyze current data, while scenario-based analytics considers alternative future outcomes. The document also discusses how data science can help reduce cognitive biases that investors tend to have.
AscendancyFx is building an e-currency mining farm using the latest technology to become a leading player in the e-currency market. The company mines bitcoin and litecoin, exchanges them for dollars, and reinvests the profits to grow the business. E-currencies have value as a currency for transactions, equity that grows as the ecosystem grows, and as a social network. The company's process involves mining e-currencies 24/7, banking them daily, exchanging a percentage for cash weekly, and reinvesting 20% of profits into new technology.
This document provides the draft agenda for the Future-proofing your streamlined, compliant and cost-effective data strategy conference taking place on November 10-11, 2015 in London. The agenda includes keynote speeches and panel discussions on topics related to data strategy, governance, market data, client data, and regulatory compliance. Speakers listed are Chief Data Officers and leaders from banks, asset managers, regulators, and technology companies. The document outlines the schedule, with sessions split across three concurrent streams and an interactive stream on both days of the conference.
Short term business visitors managing risk and driving value for your businessKaty Bond
Grant Thornton provides solutions to help companies track and manage their short term business visitors (STBVs) in order to reduce risks related to tax, immigration, and locating employees during a crisis. Their approach involves analyzing a company's current STBV processes, designing and implementing a tracking technology solution, and establishing reporting and analysis to help make informed business decisions. Their PinPoint Travel Calendar tool allows users to view travel data, set up custom logic and alerts, and generate automatic reports.
The document discusses how four key forces - digital technologies, big data and analytics, risk management, and stakeholder demands - are transforming the finance function. It outlines seven steps for the finance function to evolve as an agent of change: 1) Re-align the operating model 2) Drive integration 3) Raise new finance talent 4) Reimagine processes 5) Automate reporting 6) Use dynamic planning 7) Leverage big data analytics. The finance function needs to rapidly adapt to these changes and leverage new technologies in order to provide value through innovation rather than just reporting.
Big Data in Financial Services: How to Improve Performance with Data-Driven D...Perficient, Inc.
Most banking and financial services organizations have only scratched the surface of leveraging customer data to transform their business, realize new revenue opportunities, manage risk and address customer loyalty. Yet a business’s digital footprint continues to evolve as automated payments, location-based purchases, and unstructured customer communications continue to influence the technology landscape for financial services.
M&A in the IT Services sector has traditionally been relatively slow and far lower values than the rest of the high flying tech sector. Today, deal flow is accelerating for the services companies with the right profile. Does your company match that profile? What are buyers looking for when it comes to acquiring an IT services company? What factor does target market play? What about geography? This Market Spotlight webcast brings together buyers, sellers, bankers and investors to answer these questions and more.
84.6% of responding C-suite and other executive feel confident in their organizations’ abilities to manage cash and liquidity, according to a Deloitte poll conducted on Oct. 15, 2020. But as uncertainty persists, it’s important for organizations to continue to improve and strengthen their cash and liquidity management abilities so as not to provide a false sense of security.
Cracking the Code: Data Science Tackles Investment ManagementSharala Axryd
The document discusses how data science can be used to enhance investment management operations. It describes how machine learning algorithms can be used to power robo advisors that provide tailored investment recommendations to clients based on their risk tolerance, behavior, and preferences. Neural networks can also be used for fraud detection by analyzing customer behavior and transactions to identify suspicious activities. Predictive analytics uses historical data to build models to analyze current data, while scenario-based analytics considers alternative future outcomes. The document also discusses how data science can help reduce cognitive biases that investors tend to have.
This document describes an exclusive c-store merchant processing program offered through First Data Independent Sales (FDIS). FDIS is a wholly owned subsidiary of First Data Corporation, one of the largest payment processors worldwide. The program offers competitive rates for credit, debit, and EBT transactions. Merchants get access to online account management tools and a dedicated website. The program focuses on small and medium businesses and has high approval rates for many industries.
This presentation discusses leveraging data analysis to identify fraud patterns and issues. It provides an agenda that includes introducing current challenges, strategies for identifying fraud using analytics, data analytics concepts and sources, and examples of using analytics to identify vendor fraud, employee fraud, revenue manipulation, and foreign corrupt practices issues. Tools for analysis are also discussed.
The document discusses opportunities in fintech and focuses on invoice trading. It notes that invoice trading platforms help unlock cash from unpaid invoices. Workinvoice is an Italian invoice trading platform that has funded over €30 million in invoices. It outsources some functions like credit ratings, payments, and collections to specialized providers to increase flexibility and efficiency in a regulated environment. The document emphasizes that invoice trading addresses the large amount of commercial receivables generated in Italy that are sitting on corporate balance sheets.
Corporate Treasurers Focus on Cyber SecurityJoan Weber
Treasury departments at large U.S. companies rank IT security as their top priority for 2015 - ahead of such critical issues as cost management and regulatory/compliance challenges.
These finding come from the results Greenwich Associates 2014 U.S. Large Corporate Finance Study, for which the firm interviewed CFOs or treasury department representatives at more than 500 large U.S. companies.
The study results suggest that U.S. companies are taking action to address security concerns and other IT issues with 63% of the participants saying their treasury departments will increase technology spending in the year ahead.
Transforming wealth management customer onboarding with the power of process automation, rules based straight thru processing and data driven real time intelligence.
Innovation Around Data and AI for Fraud DetectionDataStax
This document discusses data and AI innovations for fraud detection. It provides an overview of ACI Worldwide, a company that provides universal payments solutions and uses machine learning and big data to power fraud detection across payment segments. It also discusses challenges such as sophisticated threats, mobile payments, and data breaches that companies face. Finally, it discusses how ACI addresses challenges through continuous innovation, such as research partnerships and a big data engine that analyzes transactions, profiles, and other data to power fraud detection and other services.
This document provides information on various topics related to revenue generation, information security, using data and tools, regulatory issues, and relaxing regulations. It discusses strategies for corporate account takeovers, protections against them, security best practices, using national credit and lending data to identify issues, tools for personal financial management and mobile banking, complying with new regulations, and analyzing the impact of Dodd-Frank and the Consumer Financial Protection Bureau.
Role of The Board In IT Governance & Cyber Security-Steve HowseCGTI
This document discusses I.T. strategy, risk management, and governance. It begins with an introduction of Steve Howse, the president of Millington & Associates, and his background. The document then discusses what I.T. strategy and governance entail and why they are important. It introduces the "20 questions" framework as a tool to assess I.T. strategy, risk, and governance. The questions are categorized into strategic issues, internal control issues, and risk issues. The document dives deeper into examples of risks and what organizations can do to address risks such as dedicating board members to I.T. committees and ensuring business continuity plans are tested.
This document describes an exclusive quick service restaurant (QSR) merchant processing program offered through Cardservice International, a subsidiary of First Data Corporation. The program offers competitive rates for credit card and debit card processing, including a discounted rate of 1.37% for credit card transactions over $18 and no transaction fees. It also provides additional services like online account access and statement retrieval. The program aims to provide full-service payment solutions tailored for small and medium-sized businesses.
Quantifying Cyber Risk, Insurance and The Value of Personal DataSteven Schwartz
Join Steven Schwartz and Harumi Urata-Thompson, representing Global Cyber Consultants and the International Personal Data Trade Association, as they teach the Columbia University School of International and Public Affairs about quantifying the value of cyber risk, cyber insurance and the value & policy landscape surrounding personal data.
Running with Scissors: Balance between business and InfoSec needsMichael Scheidell
This document discusses cybersecurity issues and proposes solutions. It notes that many large security breaches have occurred due to simple mistakes, lack of policies, and failure to follow best practices. It argues that good security enhances privacy, but security can exist without privacy. The core problems are identified as lack of qualified security leadership and misaligned priorities between security and other business functions. The document recommends supporting industry groups to share information, and taking a collaborative approach involving all stakeholders to balance security, privacy and business needs.
Big Data - it's the big buzz. But is it dead on arrival?
In this presentation Daragh O Brien looks at the history of information management, the challenges of data quality and governance, and the implications for big data...
The document discusses six key questions organizations should ask about data governance: 1) Do we have a government structure in place to oversee data governance? 2) How can we assess our current data governance situation? 3) What is our data governance strategy? 4) What is the value of our data? 5) What are our data vulnerabilities? 6) How can we measure progress in data governance? It provides details on each question, highlighting the importance of leadership, benchmarks, strategic planning, risk assessment, and metrics in developing an effective data governance program.
Income Tax Fraud: Awareness, Preparedness, Prevention and DetectionVivastream
This document summarizes a presentation on income tax fraud given to the Bank Information Technology Secretariat (BITS). It includes perspectives from the IRS, Comerica Bank, and Early Warning Services. The IRS discussed identity theft threats and their prevention/detection efforts, including new filters in 2013. Comerica discussed fraud scenarios they saw in 2012 and areas of collaboration. Early Warning Services analyzed 2012 tax refund transactions and found potential high-risk indicators in 8% of payments totaling $1.9 billion. They suggested their data could help identify risky refund requests.
The Easy WAy to Accept & Protect Credit Card DataTyler Hannan
This document discusses the consequences of data breaches for merchants, provides an overview of PCI compliance requirements, and describes tools that can help merchants protect payment data and simplify PCI compliance. It notes that data breaches are costly and common, even among small merchants, and that PCI focuses on them because they are vulnerable targets. It outlines PCI's 12 requirements and prioritized approach. It then describes tokenization, value-added services like risk management, and hosted payment pages as tools that can help merchants address PCI requirements more easily.
Hear a new approach to predicting IT and business performance. Join TeamQuest Director of Market Development Dave Wagner as he explains why old, traditional methods are failing.
Wagner will present what he calls the "Moneyball treatment" (loosely based on sabremetrics - an approach to measuring and analyzing complex, previously unappreciated data relationships, famously first applied to sports performance and played out in the movie, "Moneyball").
Learn ways to better identify relationships across widely disparate data sets. Predict IT and business performance based on these relationships combined with historical and current performance. Real predictions cannot be based on simple trending approaches because they don’t factor the ugly realities associated with resource contention.
Can Financial Institutions be the next Digital Masters? Capgemini says YESCapgemini
With Millennials coming of age it is even more important than ever for Financial Institutions to provide a strong digital experience. In order to deliver that Financial Institutions need to become Digital Masters - accelerating their digital business, turn data into insights, transform the customer experience and embrace the mobile mind shift.
Capgemini’s Trends in Transformation powered by HPE is your Jedi Master. Are you ready to become a Digital Master? Join us to start your journey.
Presented at HPE Discover Las Vegas 2016.
Speaker: Chris Sullivan, Vice-President, Finance & Operations, IDC (Canada) Ltd.
More information including webcast found on the MaRS site at: http://www.marsdd.com/Events/Event-Calendar/Ent101/2008/marketing2-20080116.html
Data breaches and security issues plague financial institutions constantly. They are important to safeguard against for the protection of confidential information housed at institutions and for the regulatory exams that expect detailed security plans in place. Douglas Jambor, Vice President and Director of Technology Consulting at Turner & Associates, provides insight into the topic of data breaches and penetration testing. He reviews these security topics, discusses how to implement a plan in the case of a security breach, and how to limit data breach risk exposures to your organization.
"So you want to raise funding and build a team?"InnoTech
Paul Lammers discussed his experience raising funding and building a team for biotech startups. He co-founded Mirna Therapeutics in 2009 and raised over $100 million in funding including $32 million from the state of Texas and $77 million from private investors. Mirna went public in 2015, raising $48 million but was later acquired through a reverse merger in 2017 after a clinical trial failure. Lammers emphasized the importance of building a strong team, traveling extensively to meet with investors, practicing pitch presentations, and having patience and perseverance through the challenges of startup funding and development.
This document discusses how advancements in areas like artificial intelligence (AI), the Internet of Things (IoT), sensors, robotics, and quantum computing could lead to breakthroughs for corporations. It notes that there have been recent progress in algorithms, big data, mobile technology, and more. While AI was first studied in 1947, the document questions if now is the time for companies to fully invest in AI. It also asks if we have reached "AI 3.0". Across multiple pages, the document then explores topics like the definition of intelligence, different approaches to AI, applications of robotics, and challenges and opportunities in developing intelligent machines.
More Related Content
Similar to How to Rebuild the Controls and Confidence after Data Exfiltration Occurs
This document describes an exclusive c-store merchant processing program offered through First Data Independent Sales (FDIS). FDIS is a wholly owned subsidiary of First Data Corporation, one of the largest payment processors worldwide. The program offers competitive rates for credit, debit, and EBT transactions. Merchants get access to online account management tools and a dedicated website. The program focuses on small and medium businesses and has high approval rates for many industries.
This presentation discusses leveraging data analysis to identify fraud patterns and issues. It provides an agenda that includes introducing current challenges, strategies for identifying fraud using analytics, data analytics concepts and sources, and examples of using analytics to identify vendor fraud, employee fraud, revenue manipulation, and foreign corrupt practices issues. Tools for analysis are also discussed.
The document discusses opportunities in fintech and focuses on invoice trading. It notes that invoice trading platforms help unlock cash from unpaid invoices. Workinvoice is an Italian invoice trading platform that has funded over €30 million in invoices. It outsources some functions like credit ratings, payments, and collections to specialized providers to increase flexibility and efficiency in a regulated environment. The document emphasizes that invoice trading addresses the large amount of commercial receivables generated in Italy that are sitting on corporate balance sheets.
Corporate Treasurers Focus on Cyber SecurityJoan Weber
Treasury departments at large U.S. companies rank IT security as their top priority for 2015 - ahead of such critical issues as cost management and regulatory/compliance challenges.
These finding come from the results Greenwich Associates 2014 U.S. Large Corporate Finance Study, for which the firm interviewed CFOs or treasury department representatives at more than 500 large U.S. companies.
The study results suggest that U.S. companies are taking action to address security concerns and other IT issues with 63% of the participants saying their treasury departments will increase technology spending in the year ahead.
Transforming wealth management customer onboarding with the power of process automation, rules based straight thru processing and data driven real time intelligence.
Innovation Around Data and AI for Fraud DetectionDataStax
This document discusses data and AI innovations for fraud detection. It provides an overview of ACI Worldwide, a company that provides universal payments solutions and uses machine learning and big data to power fraud detection across payment segments. It also discusses challenges such as sophisticated threats, mobile payments, and data breaches that companies face. Finally, it discusses how ACI addresses challenges through continuous innovation, such as research partnerships and a big data engine that analyzes transactions, profiles, and other data to power fraud detection and other services.
This document provides information on various topics related to revenue generation, information security, using data and tools, regulatory issues, and relaxing regulations. It discusses strategies for corporate account takeovers, protections against them, security best practices, using national credit and lending data to identify issues, tools for personal financial management and mobile banking, complying with new regulations, and analyzing the impact of Dodd-Frank and the Consumer Financial Protection Bureau.
Role of The Board In IT Governance & Cyber Security-Steve HowseCGTI
This document discusses I.T. strategy, risk management, and governance. It begins with an introduction of Steve Howse, the president of Millington & Associates, and his background. The document then discusses what I.T. strategy and governance entail and why they are important. It introduces the "20 questions" framework as a tool to assess I.T. strategy, risk, and governance. The questions are categorized into strategic issues, internal control issues, and risk issues. The document dives deeper into examples of risks and what organizations can do to address risks such as dedicating board members to I.T. committees and ensuring business continuity plans are tested.
This document describes an exclusive quick service restaurant (QSR) merchant processing program offered through Cardservice International, a subsidiary of First Data Corporation. The program offers competitive rates for credit card and debit card processing, including a discounted rate of 1.37% for credit card transactions over $18 and no transaction fees. It also provides additional services like online account access and statement retrieval. The program aims to provide full-service payment solutions tailored for small and medium-sized businesses.
Quantifying Cyber Risk, Insurance and The Value of Personal DataSteven Schwartz
Join Steven Schwartz and Harumi Urata-Thompson, representing Global Cyber Consultants and the International Personal Data Trade Association, as they teach the Columbia University School of International and Public Affairs about quantifying the value of cyber risk, cyber insurance and the value & policy landscape surrounding personal data.
Running with Scissors: Balance between business and InfoSec needsMichael Scheidell
This document discusses cybersecurity issues and proposes solutions. It notes that many large security breaches have occurred due to simple mistakes, lack of policies, and failure to follow best practices. It argues that good security enhances privacy, but security can exist without privacy. The core problems are identified as lack of qualified security leadership and misaligned priorities between security and other business functions. The document recommends supporting industry groups to share information, and taking a collaborative approach involving all stakeholders to balance security, privacy and business needs.
Big Data - it's the big buzz. But is it dead on arrival?
In this presentation Daragh O Brien looks at the history of information management, the challenges of data quality and governance, and the implications for big data...
The document discusses six key questions organizations should ask about data governance: 1) Do we have a government structure in place to oversee data governance? 2) How can we assess our current data governance situation? 3) What is our data governance strategy? 4) What is the value of our data? 5) What are our data vulnerabilities? 6) How can we measure progress in data governance? It provides details on each question, highlighting the importance of leadership, benchmarks, strategic planning, risk assessment, and metrics in developing an effective data governance program.
Income Tax Fraud: Awareness, Preparedness, Prevention and DetectionVivastream
This document summarizes a presentation on income tax fraud given to the Bank Information Technology Secretariat (BITS). It includes perspectives from the IRS, Comerica Bank, and Early Warning Services. The IRS discussed identity theft threats and their prevention/detection efforts, including new filters in 2013. Comerica discussed fraud scenarios they saw in 2012 and areas of collaboration. Early Warning Services analyzed 2012 tax refund transactions and found potential high-risk indicators in 8% of payments totaling $1.9 billion. They suggested their data could help identify risky refund requests.
The Easy WAy to Accept & Protect Credit Card DataTyler Hannan
This document discusses the consequences of data breaches for merchants, provides an overview of PCI compliance requirements, and describes tools that can help merchants protect payment data and simplify PCI compliance. It notes that data breaches are costly and common, even among small merchants, and that PCI focuses on them because they are vulnerable targets. It outlines PCI's 12 requirements and prioritized approach. It then describes tokenization, value-added services like risk management, and hosted payment pages as tools that can help merchants address PCI requirements more easily.
Hear a new approach to predicting IT and business performance. Join TeamQuest Director of Market Development Dave Wagner as he explains why old, traditional methods are failing.
Wagner will present what he calls the "Moneyball treatment" (loosely based on sabremetrics - an approach to measuring and analyzing complex, previously unappreciated data relationships, famously first applied to sports performance and played out in the movie, "Moneyball").
Learn ways to better identify relationships across widely disparate data sets. Predict IT and business performance based on these relationships combined with historical and current performance. Real predictions cannot be based on simple trending approaches because they don’t factor the ugly realities associated with resource contention.
Can Financial Institutions be the next Digital Masters? Capgemini says YESCapgemini
With Millennials coming of age it is even more important than ever for Financial Institutions to provide a strong digital experience. In order to deliver that Financial Institutions need to become Digital Masters - accelerating their digital business, turn data into insights, transform the customer experience and embrace the mobile mind shift.
Capgemini’s Trends in Transformation powered by HPE is your Jedi Master. Are you ready to become a Digital Master? Join us to start your journey.
Presented at HPE Discover Las Vegas 2016.
Speaker: Chris Sullivan, Vice-President, Finance & Operations, IDC (Canada) Ltd.
More information including webcast found on the MaRS site at: http://www.marsdd.com/Events/Event-Calendar/Ent101/2008/marketing2-20080116.html
Data breaches and security issues plague financial institutions constantly. They are important to safeguard against for the protection of confidential information housed at institutions and for the regulatory exams that expect detailed security plans in place. Douglas Jambor, Vice President and Director of Technology Consulting at Turner & Associates, provides insight into the topic of data breaches and penetration testing. He reviews these security topics, discusses how to implement a plan in the case of a security breach, and how to limit data breach risk exposures to your organization.
Similar to How to Rebuild the Controls and Confidence after Data Exfiltration Occurs (20)
"So you want to raise funding and build a team?"InnoTech
Paul Lammers discussed his experience raising funding and building a team for biotech startups. He co-founded Mirna Therapeutics in 2009 and raised over $100 million in funding including $32 million from the state of Texas and $77 million from private investors. Mirna went public in 2015, raising $48 million but was later acquired through a reverse merger in 2017 after a clinical trial failure. Lammers emphasized the importance of building a strong team, traveling extensively to meet with investors, practicing pitch presentations, and having patience and perseverance through the challenges of startup funding and development.
This document discusses how advancements in areas like artificial intelligence (AI), the Internet of Things (IoT), sensors, robotics, and quantum computing could lead to breakthroughs for corporations. It notes that there have been recent progress in algorithms, big data, mobile technology, and more. While AI was first studied in 1947, the document questions if now is the time for companies to fully invest in AI. It also asks if we have reached "AI 3.0". Across multiple pages, the document then explores topics like the definition of intelligence, different approaches to AI, applications of robotics, and challenges and opportunities in developing intelligent machines.
The document discusses how data has become a central business asset and strategic advantage. It notes that the growth of data from sources like the Internet of Things means that variety, not just volume or velocity, will be important. New business processes will revolve around data, which will become more valuable over the next decade. It also provides examples of how companies like eBay and Groupon have used data for competitive advantages like identifying top sellers.
Courageous Leadership - When it Matters MostInnoTech
The presenter discussed courageous leadership, especially when change is needed. He emphasized that organizational agility is critical for business success but cultural barriers often prevent change. Successful leadership requires adapting different styles to situations, building trust through integrity and competence, and ensuring disciplined execution. The greatest role of leaders is creating other leaders to sustain long-term success through an aligned organizational culture from top to bottom.
The document discusses the need for Chief Information Security Officers (CISOs) to adopt a business mindset in order to create sustainable cybersecurity programs. As cybersecurity spending increases rapidly, CISOs must align investments with business priorities, quantify security risks and measure the financial performance of controls. The CISO of the future will assess and quantify risk, measure financial performance of security programs, collaborate across the organization and communicate effectively to senior leadership. Adopting practices like the FAIR model to quantify risk and measure return on investment of controls will help CISOs transform cybersecurity into a strategic advantage rather than just a necessary cost.
This document summarizes key points from a presentation on SQL Server tips and best practices. It discusses the importance of database performance and speed, providing tips on identifying and addressing bottlenecks. It also covers backups and disaster recovery, explaining the differences and best approaches. New features in SQL Server 2017 are highlighted, including AlwaysOn availability groups and machine learning services. The conclusion emphasizes that SQL Server can be optimized to provide a solid foundation for businesses when treated properly.
Quantum Computing and its security implicationsInnoTech
Quantum computers work with qubits that can exist in superposition and be entangled. They have enormous computational power compared to digital computers and could solve problems like prime factorization rapidly. This poses risks to current encryption methods and allows for perfectly secure quantum communication. Several types of quantum computers are being developed, from quantum annealers to analog and universal models, with the latter offering exponential speedups but being the hardest to build. Significant progress is being made, with quantum computers in the tens of qubits now and the need to transition encryption to post-quantum algorithms within the next decade.
Converged infrastructure groups multiple IT components like servers, storage, and networking equipment into a single optimized package. It provided a single support model but fell short in management, automation, orchestration, and flexibility. Hyper-converged infrastructure tightly integrated storage similar to how virtualization integrated servers, allowing simpler and denser infrastructure. However, both converged and hyper-converged infrastructure only made infrastructure marginally easier and did not support the goal of treating computing resources like utilities. True cloud-native applications that are serverless, containerized, and code-focused will require software-defined infrastructure to fully realize the fourth computing paradigm.
Making the most out of collaboration with Office 365InnoTech
Office 365 provides a universal toolkit for collaboration that addresses challenges for businesses, IT, and users. It offers a single hub for teamwork through Microsoft Teams that allows for chat, calls, meetings and access to Office apps. Additionally, it provides solutions for co-authoring documents, sharing files across organizations, and fostering discussions through Yammer to improve engagement. The tools in Office 365 help dispersed teams work more efficiently across locations through unified communication and collaboration capabilities.
This document provides an overview of blockchain technology including definitions, use cases, and case studies. It defines blockchain as an immutable distributed ledger containing cryptographically hashed blocks of transaction data. It discusses potential government uses and outlines case studies of blockchain being used for cybersecurity by Lockheed Martin, supply chain monitoring by IBM and Walmart, a sharing economy navigation system by Skoot, wholesale energy trading by Grid+, healthcare records by Patientory, document management by Attores, and a professional social network called Indorse.
Blockchain: Exploring the Fundamentals and Promising Potential InnoTech
Blockchain is an immutable distributed ledger that records transactions between parties in cryptographically hashed blocks chronologically. It uses cryptography, consensus algorithms, and a distributed network of nodes to allow transactions to be recorded in a secure, robust and transparent way without centralized control. The document outlines the key elements of blockchain including distributed ledger, cryptography, consensus and smart contracts. It also provides a brief history of blockchain from Bitcoin to Ethereum and Hyperledger and describes how blockchain provides benefits like trust, accountability, innovation and finality for applications.
Business leaders are engaging labor differently - Is your IT ready?InnoTech
This document discusses how businesses are innovating and engaging labor differently, requiring IT organizations to change. It defines innovation as implementing new ideas that create value by solving unmet needs. The document notes that innovation seeks efficiency, efficacy, and uniqueness. It discusses trends like the sharing economy, freelance economy, and Hollywood model of bringing in specialized talent temporarily for projects. The Hollywood model embraces economic specialization and outsourcing non-core functions. The document advocates that IT departments shift from being cost centers to value creators to enable this new way of working.
AI 3.0: Is it Finally Time for Artificial Intelligence and Sensor Networks to...InnoTech
Artificial intelligence and sensor networks may now be poised to disrupt various industries and jobs. Recent advances in algorithms, sensors, data collection, mobile technology, and robotics have increased concerns about the potential threats of artificial superintelligence ending humanity. The rapid changes in science and technology could significantly impact jobs in the coming decades as AI and automation replace many human roles.
Using Business Intelligence to Bring Your Data to LifeInnoTech
Using business intelligence (BI) tools allows companies to analyze and visualize their data to identify opportunities and make better business decisions. BI provides interactive dashboards and visualizations that make it easy to see patterns and trends in the data. Its easy-to-use tools allow users to convert data into charts and tables with just a few clicks to process and analyze information faster. Companies implement BI software to improve how they connect with customers, find opportunities, and give their teams insights from the data.
The document discusses how user requirements for new systems are often a fallacy. It argues we should shift away from traditional waterfall approaches to software development and instead use agile methods that allow requirements to evolve through minimum viable products and user experience. This recognizes users are integral parts of the system and development teams need partnerships with business to understand changing needs rather than seeing IT as separate customer service providers.
What I Wish I Knew Before I Signed that Contract - San Antonio InnoTech
This document discusses best practices for negotiating contracts. It emphasizes the importance of collaboration between legal and business teams when negotiating contracts. Key elements that should be addressed in contracts include payment terms, intellectual property ownership, scope of work, and termination clauses. Effective contract negotiation involves understanding what is being agreed to, negotiating undesirable terms, and maintaining the contract after it is signed. Both knowledge and leverage are important for negotiations, and legal teams can help improve business understanding. Maintaining contracts after they are signed is also important to avoid disputes down the line. The document provides examples of both successful and unsuccessful contract negotiations and collaborations between legal and business teams.
The document discusses data protection challenges facing modern IT environments and introduces Quorum as a solution. Key points include: (1) Exponential data growth and rise of virtualization are changing data protection needs; (2) Most system downtime is caused by technology failures, software failures, and human errors; (3) Ransomware attacks are a major threat, infecting thousands of systems daily; (4) Quorum provides data, server, and application recovery in minutes for physical and virtual systems on-premises and in the cloud with defense-in-depth protection against ransomware.
Share point saturday access services 2015 final 2InnoTech
This document discusses Microsoft Access Services 2013 and the benefits it provides for migrating existing Access databases. It allows centralizing data in a SQL database while giving business users independence in designing user interfaces and reports. This improves data security, governance and reliability while making solutions easier to develop and maintain. It also provides tools for deploying Access apps in SharePoint, managing permissions and distribution.
Sp tech festdallas - office 365 groups - planner sessionInnoTech
The document discusses Office 365 Groups and Planner. It provides an overview of Groups, including the experiences that come with Groups like conversations, files, calendar, and people. It also discusses how Planner allows users to create plans, organize tasks, assign people to tasks, and track progress. Finally, it outlines recent and upcoming improvements to Groups, such as dynamic membership, file quota management, and multi-domain support.
Microsoft PowerApps is a platform for building custom mobile and web apps without coding. It allows users to connect to hundreds of data sources, create interfaces with drag and drop tools, and add logic and workflows. The presentation provides an overview of PowerApps, how it works by connecting to data sources and creating formulas and logic flows, and concludes with a live demo of building an app.
Monthly Market Risk Update: June 2024 [SlideShare]Commonwealth
Markets rallied in May, with all three major U.S. equity indices up for the month, said Sam Millette, director of fixed income, in his latest Market Risk Update.
For more market updates, subscribe to The Independent Market Observer at https://blog.commonwealth.com/independent-market-observer.
Calculation of compliance cost: Veterinary and sanitary control of aquatic bi...Alexander Belyaev
Calculation of compliance cost in the fishing industry of Russia after extended SCM model (Veterinary and sanitary control of aquatic biological resources (ABR) - Preparation of documents, passing expertise)
Budgeting as a Control Tool in Government Accounting in Nigeria
Being a Paper Presented at the Nigerian Maritime Administration and Safety Agency (NIMASA) Budget Office Staff at Sojourner Hotel, GRA, Ikeja Lagos on Saturday 8th June, 2024.
Dr. Alyce Su Cover Story - China's Investment Leadermsthrill
In World Expo 2010 Shanghai – the most visited Expo in the World History
https://www.britannica.com/event/Expo-Shanghai-2010
China’s official organizer of the Expo, CCPIT (China Council for the Promotion of International Trade https://en.ccpit.org/) has chosen Dr. Alyce Su as the Cover Person with Cover Story, in the Expo’s official magazine distributed throughout the Expo, showcasing China’s New Generation of Leaders to the World.
Madhya Pradesh, the "Heart of India," boasts a rich tapestry of culture and heritage, from ancient dynasties to modern developments. Explore its land records, historical landmarks, and vibrant traditions. From agricultural expanses to urban growth, Madhya Pradesh offers a unique blend of the ancient and modern.
“Amidst Tempered Optimism” Main economic trends in May 2024 based on the results of the New Monthly Enterprises Survey, #NRES
On 12 June 2024 the Institute for Economic Research and Policy Consulting (IER) held an online event “Economic Trends from a Business Perspective (May 2024)”.
During the event, the results of the 25-th monthly survey of business executives “Ukrainian Business during the war”, which was conducted in May 2024, were presented.
The field stage of the 25-th wave lasted from May 20 to May 31, 2024. In May, 532 companies were surveyed.
The enterprise managers compared the work results in May 2024 with April, assessed the indicators at the time of the survey (May 2024), and gave forecasts for the next two, three, or six months, depending on the question. In certain issues (where indicated), the work results were compared with the pre-war period (before February 24, 2022).
✅ More survey results in the presentation.
✅ Video presentation: https://youtu.be/4ZvsSKd1MzE
In World Expo 2010 Shanghai – the most visited Expo in the World History
https://www.britannica.com/event/Expo-Shanghai-2010
China’s official organizer of the Expo, CCPIT (China Council for the Promotion of International Trade https://en.ccpit.org/) has chosen Dr. Alyce Su as the Cover Person with Cover Story, in the Expo’s official magazine distributed throughout the Expo, showcasing China’s New Generation of Leaders to the World.
How to Invest in Cryptocurrency for Beginners: A Complete GuideDaniel
Cryptocurrency is digital money that operates independently of a central authority, utilizing cryptography for security. Unlike traditional currencies issued by governments (fiat currencies), cryptocurrencies are decentralized and typically operate on a technology called blockchain. Each cryptocurrency transaction is recorded on a public ledger, ensuring transparency and security.
Cryptocurrencies can be used for various purposes, including online purchases, investment opportunities, and as a means of transferring value globally without the need for intermediaries like banks.
In World Expo 2010 Shanghai – the most visited Expo in the World History
https://www.britannica.com/event/Expo-Shanghai-2010
China’s official organizer of the Expo, CCPIT (China Council for the Promotion of International Trade https://en.ccpit.org/) has chosen Dr. Alyce Su as the Cover Person with Cover Story, in the Expo’s official magazine distributed throughout the Expo, showcasing China’s New Generation of Leaders to the World.
An accounting information system (AIS) refers to tools and systems designed for the collection and display of accounting information so accountants and executives can make informed decisions.
Fabular Frames and the Four Ratio ProblemMajid Iqbal
Digital, interactive art showing the struggle of a society in providing for its present population while also saving planetary resources for future generations. Spread across several frames, the art is actually the rendering of real and speculative data. The stereographic projections change shape in response to prompts and provocations. Visitors interact with the model through speculative statements about how to increase savings across communities, regions, ecosystems and environments. Their fabulations combined with random noise, i.e. factors beyond control, have a dramatic effect on the societal transition. Things get better. Things get worse. The aim is to give visitors a new grasp and feel of the ongoing struggles in democracies around the world.
Stunning art in the small multiples format brings out the spatiotemporal nature of societal transitions, against backdrop issues such as energy, housing, waste, farmland and forest. In each frame we see hopeful and frightful interplays between spending and saving. Problems emerge when one of the two parts of the existential anaglyph rapidly shrinks like Arctic ice, as factors cross thresholds. Ecological wealth and intergenerational equity areFour at stake. Not enough spending could mean economic stress, social unrest and political conflict. Not enough saving and there will be climate breakdown and ‘bankruptcy’. So where does speculative design start and the gambling and betting end? Behind each fabular frame is a four ratio problem. Each ratio reflects the level of sacrifice and self-restraint a society is willing to accept, against promises of prosperity and freedom. Some values seem to stabilise a frame while others cause collapse. Get the ratios right and we can have it all. Get them wrong and things get more desperate.
How to Rebuild the Controls and Confidence after Data Exfiltration Occurs
1. How to Rebuild the Controls and
Confidence after Data Exfiltration Occurs
Brian Blankenship
Operations Information Security Officer
Heartland Payment Systems
3. Topics / Agenda
Heartland Payment Systems
– Who is Heartland Payment Systems?
– What Happened in the Heartland Breach?
– What Did We Do About It?
– What Are We Doing Now?
– Key Risk Mitigations
– Information Sharing – how it works
Is your company a target?
– Some current threats
– Breach Statistics
Information Security Perspective
4. Topics / Agenda
Heartland Payment Systems
– Who is Heartland Payment Systems?
– What Happened in the Heartland Breach?
– What Did We Do About It?
– What Are We Doing Now?
– Key Risk Mitigations
– Information Sharing – how it works
Is your company a target?
– Some current threats
– Breach Statistics
Information Security Perspective
5. Heartland – A Full Service Payments Processor
• Card Processing
• Credit/debit/prepaid cards:
• Process over 10 million transactions a day
• Process over 3.9 billion transactions annually
• Payroll Processing (PlusOne Payroll)
• Check Management (Check 21, ExpressFunds, StopLoss)
• Online Payment Processing
• MicroPayments – Vending, Laundry, Campus Solutions
• Gift Cards and Loyalty Processing
• Heartland Gives Back
5
6. Heartland – Our People
• HQ: Princeton, NJ
• IT: Plano, TX
• 300 employees
• Servicing: Louisville, KY
• 800 employees
• Heartland Cares
Foundation
7. Heartland - 15 Years Ago ... and Today
1997 (1st Trans 6/15/97) Today
• 2,350 clients 255,000 clients
• 25 employees 3000+ employees
• #62 in US #5 processor in U.S.
• $0.4 billion portfolio $68 billion portfolio
7
8. Heartland - Financials
Net Revenue Net Income EPS
1.08
41,840
0.90 383,708
35,870
0.71
28,544 294,771
0.50
245,652
0.26 19,093
186,486
137,796
8,855
2004 2005 2006 2007 2008
10. Heartland – The Recovery
• 2009
• Total Revenues $1,652 m (up 6.93%*)
• Net Income -52 m (down 224%)
• EPS -1.38 (down 223%)
• 2010
• Total Revenues $1,864 m (up 12.8%)
• Net Income 35 m (up 167%)
• EPS 0.88 (up 163%)
• 2011
• Total Revenues $1,996 m (up 7.1%)
• Net Income 44 m (up 25.7%)
• EPS 1.09 (up 23.9%)
*All percentages year-over-year 10
11. Topics / Agenda
Heartland Payment Systems
– Who is Heartland Payment Systems?
– What Happened in the Heartland Breach?
– What Did We Do About It?
– What Are We Doing Now?
– Key Risk Mitigations
– Information Sharing – how it works
Is your company a target?
– Some current threats
– Breach Statistics
Information Security Perspective
13. What Happened? – The Penetration
Very Late 2007 – SQL Injection via a customer facing web page in our
corporate (non-payments) environment. Bad guys were in our corporate
network.
Early 2008 – Hired largest approved QSA to perform penetration testing of
corporate environment
Spring 2008 – CEO learned of Sniffer Attack on Hannaford’s , Created a
Dedicated Chief Security Officer Position and filled that position
April 30, 2008 – Passed 6th Consecutive “Annual Review” by Largest QSA
Very Late 2007 – Mid-May 2008 – Unknown period but it is possible that
bad guys were studying the corporate network
Mid-May 2008 – Penetration of our Payments Network
14. What Happened?
The Investigation and The Announcement
Late October 2008 – Informed by a card brand that several issuers
suspected a potential breach of one or more processors. We received
sample fraud transactions to help us determine if there was a problem in
our payments network. Many of these transactions never touched our
payments network.
No evidence could be found of an intrusion despite vigorous efforts by HPS
employees and then two forensics companies to find a problem.
January 9, 2009 – We were told by QIRA that “no problems were found”
and that a final report reflecting that opinion would be forthcoming.
January 12, 2009 – January 20, 2009 – Learned of breach, notified card
brands, notified law enforcement and made public announcement.
15. Why I came to Heartland…
• The way the breach was handled
• High degree of transparency
• Knew that security would be #1 priority
• Heartland was changing the perception of
breaches, and how they should be handled
16. Topics / Agenda
Heartland Payment Systems
– Who is Heartland Payment Systems?
– What Happened in the Heartland Breach?
– What Did We Do About It?
– What Are We Doing Now?
– Key Risk Mitigations
– Information Sharing – how it works
Is your company a target?
– Some current threats
– Breach Statistics
Information Security Perspective
17. PANIC
DENIAL
ANGER
BARGAINING
DEPRESSION
ACCEPTANCE
FIX THE PROBLEM
18. Vectors of Trust
• After any major incident, there are multiple
vectors of trust that have to be rebuilt
– Trust from your customers
– Trust from your investors
– Trust from your own employees
– Trust from your competitors
• Heartland has worked hard to rebuild these
19. The Real Response
1/20/09 - Call to arms of all Heartland employees to visit clients and talk to
partners
HPY share price drops from $15.16 on 1/16 to $8.18 on 1/22
HPY 4Q08 Earnings Call – HPY drops to $3.43 on March 12; a 77.6% drop
since the breach announcement
3/14/09 – Delisted from Visa list of approved vendors
4/30/09 – Certified PCI compliant by VeriSign and reinstated on Visa list of
approved vendors
5/11/12 – HPY Closed at $30.41
20. Topics / Agenda
Heartland Payment Systems
– Who is Heartland Payment Systems?
– What Happened in the Heartland Breach?
– What Did We Do About It?
– What Are We Doing Now?
– Key Risk Mitigations
– Information Sharing – how it works
Is your company a target?
– Some current threats
– Breach Statistics
Information Security Perspective
21. Industry Security Advancements
• Chip & PIN (EMV)
– Helps authenticate the card
• Tokenization
– Reduces risk of storing card data
• Both help, but don’t address data
in transit
22. Heartland Approach to E3
• End to End Encryption
E3 Security • Continuous protection of the confidentiality and integrity of
Model transmitted information by encrypting at the origin and
decrypting at the destination.
• Build devices that use Tamper Resistant Security Modules
E3 Device to encrypt payment data at the point of swipe or data entry.
• Collaborate with existing device vendors and encryption
Strategy solution providers.
• Protect cardholder and merchant data wherever it
E3 Data resides on Heartland’s systems.
• Directly influence industry security standards and
Strategy practices to strengthen data protection.
23. Merchant Bill of Rights,
Sales Professional Bill of Rights, Durbin
http://www.spbor.com/
http://www.merchantbillofrights.org/
http://getyourdurbindollars.com/
24. Topics / Agenda
Heartland Payment Systems
– Who is Heartland Payment Systems?
– What Happened in the Heartland Breach?
– What Did We Do About It?
– What Are We Doing Now?
– Key Risk Mitigations
– Information Sharing – how it works
Is your company a target?
– Some current threats
– Breach Statistics
Information Security Perspective
25. Key Risk Mitigations
Data Loss Prevention
Network and Application Penetration Testing
Platform Security
Static and Dynamic Code Analysis
26. Topics / Agenda
Heartland Payment Systems
– Who is Heartland Payment Systems?
– What Happened in the Heartland Breach?
– What Did We Do About It?
– What Are We Doing Now?
– Key Risk Mitigations
– Information Sharing – how it works
Is your company a target?
– Some current threats
– Breach Statistics
Information Security Perspective
27. The New Paradigm
• During investigation of Heartland breach
• Found other processors knew of the
breach indicators
• Several had seen or know about them
• No one shared that information
• Started the PPISC (Payment Processors
Information Sharing Council) in 2009
• Charter – bring processors to table
to discuss threat indicators and tactics
• Avoid any discussion on business related topics to avoid
anti-trust
• Everyone brings to table topics that they are seeing through their
various intel sources (internal and external)
27
28. Intelligence Sharing – PPISC
Malware signatures currently being shared with input of
Secret Service and other agencies
Participation in threat exercises (CAPP – Cyber Attack
Against Payment Processes)
29. Changes in Breach Perceptions
• For Heartland, the impact was immediate and
very high
• People have come to understand that any
company can be breached
• Acceptance becoming the norm
30. Topics / Agenda
Heartland Payment Systems
– Who is Heartland Payment Systems
– What Happened in the Heartland Breach
– What Did We Do About It?
– What Are We Doing Now?
– Key Risk Mitigations
– Information Sharing – how it works
Is your company a target?
– Some current threats
– Breach Statistics
Information Security Perspective
34. Adversary Attributes
• Advanced
• Well funded adversary
• Advanced technical capabilities
• Ability to identify zero-day exploits
• Weaponize exploits
• Trained professionals
• Backing of nation state or organized crime
• Persistent
• Sustained presence with target organization
• Remains undetected
• Takes time needed reach objective and exfiltrate information
• Threat
• Covert threat or alteration of sensitive information
• Political or military advantage
• Strategic or tactical advantage
• Economic advantage or financial gain
34
35. Can a system be completely secure?
“The only secure system is one that is powered
off, cast in a block of concrete and sealed in a
lead-lined room with armed guards – and
even then I have my doubts.”
Gene Spafford – Purdue University
41. Social Engineering:
• Manipulating people into performing actions
or divulging confidential information
• Pretexting: creating an invented story to
engage a target in a way that makes them
more likely to divulge the desired information.
• Usually involves: sympathy, intimidation,
flattery, or fear
• Most companies are vulnerable to SE
42. Example SE scenario…
What would you do if…
• Receive call from your Helpdesk
• Caller ID shows correct number
• Said there is suspicious activity coming
from your computer, need you to run a
scan by visiting the following URL.
• http://onlinesecurityscanner.com
43. Example SE scenario…
• After the scan runs, you are informed that
your system checked out fine. Sorry for the
inconvenience.
For more info on Social Engineering:
http://social-engineer.org
44. Topics / Agenda
Heartland Payment Systems
– Who is Heartland Payment Systems?
– What Happened in the Heartland Breach?
– What Did We Do About It?
– What Are We Doing Now?
– Key Risk Mitigations
– Information Sharing – how it works
Is your company a target?
– Some current threats
– Breach Statistics
Information Security Perspective
45. Are attacks on the rise?
• Increased media coverage over the last year
– Much like “shark attack” coverage
• New motivations
– Political
– Limelight / Ego
– Embarrassment
– Retaliation
46. Are attacks on the rise…???
The number of incidents reported has
been increasing
• 2010 – 800 new compromise incidents
• 2004-09 - just over 900
source: 2011 Verizon DBIR
47. Records Compromised
• The total number of records
compromised annually has declined
2011 – 4 million
2010 – 144 million
2009 – 361 million
source: 2011 Verizon DBIR
48. Who is behind data breaches?
• 92% - stemmed from
external agents
(+22%)
• 17% - implicated
insiders (-31%)
• <1% - resulted from
business partners
(-10%)
source: 2011 Verizon DBIR
49. How do breaches occur?
• 50% utilized some form of hacking (+10%)
• 49% incorporated malware (+11%)
• 29% involved physical attacks (+14%)
• 17% resulted from privilege misuse (-31%)
• 11% employed social tactics (-17%)
source: 2011 Verizon DBIR
50. How do breaches occur?
83% of victims were targets of opportunity
92% of attacks were not highly difficult (+7%)
76% of all data was compromised from servers
(-22%)
86% were discovered by a third party (+25%)
96% of breaches were avoidable through simple
or intermediate controls
89% of victims subject to PCI-DSS had not
achieved compliance (+10%)
source: 2011 Verizon DBIR
51. Where should mitigations be focused?
Eliminate unnecessary data
Ensure essential controls are met
Check the above again
Assess remote access services
Test and review web applications
Audit user accounts and monitor privileged
activity
Monitor and mine event logs
Examine ATMs and other payment card input
devices for tampering
source: 2011 Verizon DBIR
52. Topics / Agenda
Heartland Payment Systems
– Who is Heartland Payment Systems?
– What Happened in the Heartland Breach?
– What Did We Do About It?
– What Are We Doing Now?
– Key Risk Mitigations
– Information Sharing – how it works
Is your company a target?
– Some current threats
– Breach Statistics
Information Security Perspective
57. Security Systems
• Purchasing a “checklist” of security
devices is not enough..!
• You need skilled personnel to manage
these devices.
• Most of these technologies require a
large amount of time to manage
effectively.
58. Summary
• Businesses can recover from a major breach
• HPS has recovered and is growing
• PCI Security Standards Council Board of Advisors
• FS-ISAC Board of Directors
• Every company is a target, make yours a hard one
• Assume you have been compromised
• Focus on detection, data elimination
• Get involved
• Information Sharing (FS-ISAC, PPISC, Infragard)
• Local security chapters
ISSA, ISACA, OWASP
58