SlideShare a Scribd company logo

Effective Cyber Security: Successful Approaches and Experiences

InnoTech
InnoTech

Presented at the 2012 InnoTech San Antonio by Phil Marasco

Technology
1 of 19
ISON Effective Cyber security: Successful approaches and experiences April 5, 2012 Presenter Phil Marasco
Agenda • Continuing Trends • New Elements • Defensive Techniques • Scaling to “X” • Questions
Recent News 60 Minutes did a story on the first known control system attack Source: CBSnews.com
Last Week’s News Rock Center did a story on a Trojan used to steal money Source: MSNBC.MSN.com
FBI says we are behind Executive Assistant Director of the FBI thinks criminals are ahead.
Identity trading is rampant Stolen credit cards are sold in large lots for prices as low as $.40 to $10 depending on interval and method used to collect the information. Personal Identity information commands $25 to $50 (depending on quality).
Unpatched exploits on sale Source: Forbes.com
Internal vs. External • Historical threats • Us vs. them • Inbound Only (except for “inside jobs”) • Advanced Persistent Threats • Blended attacks/RSA • SPAM/Phishing
New Frontiers • Small Business is expanding online • Offering Online “Experiences” • Member-Only Areas • Monetize Social Media • Group-on Discounts • Gift Cards
New Dangers • Web sites that store your data • Financial Risks • Personal Information Leakage • Internal Threats • Zombies • FBI and the DNSChanger scam • Brand Exposure (and explosion)
New SPAM Vectors US Postal Service couldn’t deliver your package American Airlines wants you to get that $19 fare to NY you left behind during your failed web session The National Check Clearing Center says you are about to bounce a check VISA Security department says your credit card has been blocked PAYPAL says you are suspected of illegal activity A gentleman in the Philippines would like you to hold his inheritance check while he travels to the US. A lawyer in Thailand wants to see if you know a guy who died and will handle his $10 million estate.
New Questions • What’s it worth to you? • What can you actually do? • What can be done for me? • How often do I look? In a corporate environment the bigger question is: X vs. 10X vs. 100X
New Personal Tools Identity Monitoring • Epic.org (Electronic Privacy Info Center) • http://www.youhavedownloaded.com/ • https://www.pwnedlist.com/ • http://www.Google.com • http://www.Pipl.com • Donttrack.us
New LEO Tools
What we do • Penetration testing • Network • Application • Physical • Security Awareness • Compliance • Security Practice • Policy lifecycle • Security team augmentation
Who is ISON? • Managed IT Services Firm • Focus on small to medium business • Extension of an organization – With IT personnel – Without IT personnel • 30+ years industry experience
Wrap up • Technical Corporate • Use a patch management process • Implement a secure baseline • Monitor your network • Manage your vulnerabilities • Be careful with remote access • Behaviors • Put security and acceptable use policies in place • Conduct security awareness training regularly • Be careful with your data
Questions?
Thank You! www.ISON.com

Recommended

Cyber security awareness
Cyber security awarenessCyber security awareness
Cyber security awarenessRobin Rafique
 
Do it Best Corp. Techapalooza 2013 Presentation
Do it Best Corp. Techapalooza 2013 PresentationDo it Best Corp. Techapalooza 2013 Presentation
Do it Best Corp. Techapalooza 2013 PresentationBrian T. O'Hara CISA, CISM, CRISC, CCSP, CISSP
 
State of Cyber Crime in Banking Sector Today: Threats and Solutions
State of Cyber Crime in Banking Sector Today: Threats and SolutionsState of Cyber Crime in Banking Sector Today: Threats and Solutions
State of Cyber Crime in Banking Sector Today: Threats and SolutionsGoutama Bachtiar
 
Insider's Journey Into The Darknet
Insider's Journey Into The DarknetInsider's Journey Into The Darknet
Insider's Journey Into The DarknetMegan Thudium
 
2015 NOLA_HHM_SE_PP_092015
2015 NOLA_HHM_SE_PP_0920152015 NOLA_HHM_SE_PP_092015
2015 NOLA_HHM_SE_PP_092015Pete Pouridis
 
Investigating & proving cybercrime
Investigating & proving cybercrimeInvestigating & proving cybercrime
Investigating & proving cybercrimeJenny Reid
 
NumaanHuq_Hackfest2015
NumaanHuq_Hackfest2015NumaanHuq_Hackfest2015
NumaanHuq_Hackfest2015Numaan Huq
 
Evil Geniuses: How organized cybercriminals could take over the world
Evil Geniuses: How organized cybercriminals could take over the worldEvil Geniuses: How organized cybercriminals could take over the world
Evil Geniuses: How organized cybercriminals could take over the worldHillary L
 

Recommended

Cyber security awareness
Cyber security awarenessCyber security awareness
Cyber security awarenessRobin Rafique
 
Do it Best Corp. Techapalooza 2013 Presentation
Do it Best Corp. Techapalooza 2013 PresentationDo it Best Corp. Techapalooza 2013 Presentation
Do it Best Corp. Techapalooza 2013 PresentationBrian T. O'Hara CISA, CISM, CRISC, CCSP, CISSP
 
State of Cyber Crime in Banking Sector Today: Threats and Solutions
State of Cyber Crime in Banking Sector Today: Threats and SolutionsState of Cyber Crime in Banking Sector Today: Threats and Solutions
State of Cyber Crime in Banking Sector Today: Threats and SolutionsGoutama Bachtiar
 
Insider's Journey Into The Darknet
Insider's Journey Into The DarknetInsider's Journey Into The Darknet
Insider's Journey Into The DarknetMegan Thudium
 
2015 NOLA_HHM_SE_PP_092015
2015 NOLA_HHM_SE_PP_0920152015 NOLA_HHM_SE_PP_092015
2015 NOLA_HHM_SE_PP_092015Pete Pouridis
 
Investigating & proving cybercrime
Investigating & proving cybercrimeInvestigating & proving cybercrime
Investigating & proving cybercrimeJenny Reid
 
NumaanHuq_Hackfest2015
NumaanHuq_Hackfest2015NumaanHuq_Hackfest2015
NumaanHuq_Hackfest2015Numaan Huq
 
Evil Geniuses: How organized cybercriminals could take over the world
Evil Geniuses: How organized cybercriminals could take over the worldEvil Geniuses: How organized cybercriminals could take over the world
Evil Geniuses: How organized cybercriminals could take over the worldHillary L
 
TalTech Luncheon Talk on Cybersecurity and Healthcare
TalTech Luncheon Talk on Cybersecurity and HealthcareTalTech Luncheon Talk on Cybersecurity and Healthcare
TalTech Luncheon Talk on Cybersecurity and HealthcareEduardo Gonzalez Loumiet, MBA, PMP, CPHIMS
 
Social Engineering 2.0
Social Engineering 2.0Social Engineering 2.0
Social Engineering 2.0Murray Security Services
 
Judgement Day - Slovakia
Judgement Day - SlovakiaJudgement Day - Slovakia
Judgement Day - SlovakiaOCTF Industry Engagement
 
Health Information Privacy and Security (October 21, 2020)
Health Information Privacy and Security (October 21, 2020)Health Information Privacy and Security (October 21, 2020)
Health Information Privacy and Security (October 21, 2020)Nawanan Theera-Ampornpunt
 
CRI "Lessons From The Front Lines" March 26th Dublin
CRI "Lessons From The Front Lines" March 26th Dublin CRI "Lessons From The Front Lines" March 26th Dublin
CRI "Lessons From The Front Lines" March 26th Dublin OCTF Industry Engagement
 
AECF: A Look into Cyber Crime - Doomsday Preppers for the Naked and Afraid
AECF: A Look into Cyber Crime - Doomsday Preppers for the Naked and AfraidAECF: A Look into Cyber Crime - Doomsday Preppers for the Naked and Afraid
AECF: A Look into Cyber Crime - Doomsday Preppers for the Naked and AfraidPhil Agcaoili
 
Digital Forensics, eDiscovery & Technology Risks for HR Executives
Digital Forensics, eDiscovery & Technology Risks for HR ExecutivesDigital Forensics, eDiscovery & Technology Risks for HR Executives
Digital Forensics, eDiscovery & Technology Risks for HR ExecutivesThe Lorenzi Group
 
Security In A Connected Society
Security In A Connected SocietySecurity In A Connected Society
Security In A Connected SocietyCentraComm
 
Digital Law Powerpoint
Digital Law PowerpointDigital Law Powerpoint
Digital Law Powerpointlydneat
 
Countering the Cyber Espionage Threat from China
Countering the Cyber Espionage Threat from ChinaCountering the Cyber Espionage Threat from China
Countering the Cyber Espionage Threat from ChinaMurray Security Services
 
CSS17: Houston - Cyber Threats Today and Tomorrow
CSS17: Houston - Cyber Threats Today and TomorrowCSS17: Houston - Cyber Threats Today and Tomorrow
CSS17: Houston - Cyber Threats Today and TomorrowAlert Logic
 
CCIAOR Cyber Security Forum
CCIAOR Cyber Security ForumCCIAOR Cyber Security Forum
CCIAOR Cyber Security ForumCCIAOR
 
Social engineering
Social engineeringSocial engineering
Social engineeringankushmohanty
 
Data Breaches. Are you next? What does the data say?
Data Breaches. Are you next? What does the data say? Data Breaches. Are you next? What does the data say?
Data Breaches. Are you next? What does the data say? Phil Agcaoili
 
Social engineering The Good and Bad
Social engineering The Good and BadSocial engineering The Good and Bad
Social engineering The Good and BadTzar Umang
 
Types Of Computer Crime
Types Of Computer CrimeTypes Of Computer Crime
Types Of Computer CrimeAlexander Zhuravlev
 
Utilizing Internet for Fraud Examination and Investigation
Utilizing Internet for Fraud Examination and InvestigationUtilizing Internet for Fraud Examination and Investigation
Utilizing Internet for Fraud Examination and InvestigationGoutama Bachtiar
 
Internet of things, New Challenges in Cyber Crime
Internet of things, New Challenges in Cyber CrimeInternet of things, New Challenges in Cyber Crime
Internet of things, New Challenges in Cyber CrimeMurray Security Services
 
Unveiling the dark web. The importance of your cybersecurity posture
Unveiling the dark web. The importance of your cybersecurity postureUnveiling the dark web. The importance of your cybersecurity posture
Unveiling the dark web. The importance of your cybersecurity postureLourdes Paloma Gimenez
 
Sharon Conheady - Social engineering & social networks (4 novmber Jaarbeurs U...
Sharon Conheady - Social engineering & social networks (4 novmber Jaarbeurs U...Sharon Conheady - Social engineering & social networks (4 novmber Jaarbeurs U...
Sharon Conheady - Social engineering & social networks (4 novmber Jaarbeurs U...Infosecurity2010
 
CYBER SECURITY FOR LAW FIRMS
CYBER SECURITY FOR LAW FIRMSCYBER SECURITY FOR LAW FIRMS
CYBER SECURITY FOR LAW FIRMSScott Suhy
 
Enjoy Safer Technology and Defeat Cyber Criminals
Enjoy Safer Technology and Defeat Cyber CriminalsEnjoy Safer Technology and Defeat Cyber Criminals
Enjoy Safer Technology and Defeat Cyber CriminalsStephen Cobb
 

More Related Content

What's hot

Health Information Privacy and Security (October 21, 2020)
Health Information Privacy and Security (October 21, 2020)Health Information Privacy and Security (October 21, 2020)
Health Information Privacy and Security (October 21, 2020)Nawanan Theera-Ampornpunt
 
CRI "Lessons From The Front Lines" March 26th Dublin
CRI "Lessons From The Front Lines" March 26th Dublin CRI "Lessons From The Front Lines" March 26th Dublin
CRI "Lessons From The Front Lines" March 26th Dublin OCTF Industry Engagement
 
AECF: A Look into Cyber Crime - Doomsday Preppers for the Naked and Afraid
AECF: A Look into Cyber Crime - Doomsday Preppers for the Naked and AfraidAECF: A Look into Cyber Crime - Doomsday Preppers for the Naked and Afraid
AECF: A Look into Cyber Crime - Doomsday Preppers for the Naked and AfraidPhil Agcaoili
 
Digital Forensics, eDiscovery & Technology Risks for HR Executives
Digital Forensics, eDiscovery & Technology Risks for HR ExecutivesDigital Forensics, eDiscovery & Technology Risks for HR Executives
Digital Forensics, eDiscovery & Technology Risks for HR ExecutivesThe Lorenzi Group
 
Security In A Connected Society
Security In A Connected SocietySecurity In A Connected Society
Security In A Connected SocietyCentraComm
 
Digital Law Powerpoint
Digital Law PowerpointDigital Law Powerpoint
Digital Law Powerpointlydneat
 
Countering the Cyber Espionage Threat from China
Countering the Cyber Espionage Threat from ChinaCountering the Cyber Espionage Threat from China
Countering the Cyber Espionage Threat from ChinaMurray Security Services
 
CSS17: Houston - Cyber Threats Today and Tomorrow
CSS17: Houston - Cyber Threats Today and TomorrowCSS17: Houston - Cyber Threats Today and Tomorrow
CSS17: Houston - Cyber Threats Today and TomorrowAlert Logic
 
CCIAOR Cyber Security Forum
CCIAOR Cyber Security ForumCCIAOR Cyber Security Forum
CCIAOR Cyber Security ForumCCIAOR
 
Data Breaches. Are you next? What does the data say?
Data Breaches. Are you next? What does the data say? Data Breaches. Are you next? What does the data say?
Data Breaches. Are you next? What does the data say? Phil Agcaoili
 
Social engineering The Good and Bad
Social engineering The Good and BadSocial engineering The Good and Bad
Social engineering The Good and BadTzar Umang
 
Utilizing Internet for Fraud Examination and Investigation
Utilizing Internet for Fraud Examination and InvestigationUtilizing Internet for Fraud Examination and Investigation
Utilizing Internet for Fraud Examination and InvestigationGoutama Bachtiar
 
Internet of things, New Challenges in Cyber Crime
Internet of things, New Challenges in Cyber CrimeInternet of things, New Challenges in Cyber Crime
Internet of things, New Challenges in Cyber CrimeMurray Security Services
 
Unveiling the dark web. The importance of your cybersecurity posture
Unveiling the dark web. The importance of your cybersecurity postureUnveiling the dark web. The importance of your cybersecurity posture
Unveiling the dark web. The importance of your cybersecurity postureLourdes Paloma Gimenez
 
Sharon Conheady - Social engineering & social networks (4 novmber Jaarbeurs U...
Sharon Conheady - Social engineering & social networks (4 novmber Jaarbeurs U...Sharon Conheady - Social engineering & social networks (4 novmber Jaarbeurs U...
Sharon Conheady - Social engineering & social networks (4 novmber Jaarbeurs U...Infosecurity2010
 

What's hot (20)

TalTech Luncheon Talk on Cybersecurity and Healthcare
TalTech Luncheon Talk on Cybersecurity and HealthcareTalTech Luncheon Talk on Cybersecurity and Healthcare
TalTech Luncheon Talk on Cybersecurity and Healthcare
 
Social Engineering 2.0
Social Engineering 2.0Social Engineering 2.0
Social Engineering 2.0
 
Judgement Day - Slovakia
Judgement Day - SlovakiaJudgement Day - Slovakia
Judgement Day - Slovakia
 
Health Information Privacy and Security (October 21, 2020)
Health Information Privacy and Security (October 21, 2020)Health Information Privacy and Security (October 21, 2020)
Health Information Privacy and Security (October 21, 2020)
 
CRI "Lessons From The Front Lines" March 26th Dublin
CRI "Lessons From The Front Lines" March 26th Dublin CRI "Lessons From The Front Lines" March 26th Dublin
CRI "Lessons From The Front Lines" March 26th Dublin
 
AECF: A Look into Cyber Crime - Doomsday Preppers for the Naked and Afraid
AECF: A Look into Cyber Crime - Doomsday Preppers for the Naked and AfraidAECF: A Look into Cyber Crime - Doomsday Preppers for the Naked and Afraid
AECF: A Look into Cyber Crime - Doomsday Preppers for the Naked and Afraid
 
Digital Forensics, eDiscovery & Technology Risks for HR Executives
Digital Forensics, eDiscovery & Technology Risks for HR ExecutivesDigital Forensics, eDiscovery & Technology Risks for HR Executives
Digital Forensics, eDiscovery & Technology Risks for HR Executives
 
Security In A Connected Society
Security In A Connected SocietySecurity In A Connected Society
Security In A Connected Society
 
Digital Law Powerpoint
Digital Law PowerpointDigital Law Powerpoint
Digital Law Powerpoint
 
Countering the Cyber Espionage Threat from China
Countering the Cyber Espionage Threat from ChinaCountering the Cyber Espionage Threat from China
Countering the Cyber Espionage Threat from China
 
CSS17: Houston - Cyber Threats Today and Tomorrow
CSS17: Houston - Cyber Threats Today and TomorrowCSS17: Houston - Cyber Threats Today and Tomorrow
CSS17: Houston - Cyber Threats Today and Tomorrow
 
CCIAOR Cyber Security Forum
CCIAOR Cyber Security ForumCCIAOR Cyber Security Forum
CCIAOR Cyber Security Forum
 
Social engineering
Social engineeringSocial engineering
Social engineering
 
Data Breaches. Are you next? What does the data say?
Data Breaches. Are you next? What does the data say? Data Breaches. Are you next? What does the data say?
Data Breaches. Are you next? What does the data say?
 
Social engineering The Good and Bad
Social engineering The Good and BadSocial engineering The Good and Bad
Social engineering The Good and Bad
 
Types Of Computer Crime
Types Of Computer CrimeTypes Of Computer Crime
Types Of Computer Crime
 
Utilizing Internet for Fraud Examination and Investigation
Utilizing Internet for Fraud Examination and InvestigationUtilizing Internet for Fraud Examination and Investigation
Utilizing Internet for Fraud Examination and Investigation
 
Internet of things, New Challenges in Cyber Crime
Internet of things, New Challenges in Cyber CrimeInternet of things, New Challenges in Cyber Crime
Internet of things, New Challenges in Cyber Crime
 
Unveiling the dark web. The importance of your cybersecurity posture
Unveiling the dark web. The importance of your cybersecurity postureUnveiling the dark web. The importance of your cybersecurity posture
Unveiling the dark web. The importance of your cybersecurity posture
 
Sharon Conheady - Social engineering & social networks (4 novmber Jaarbeurs U...
Sharon Conheady - Social engineering & social networks (4 novmber Jaarbeurs U...Sharon Conheady - Social engineering & social networks (4 novmber Jaarbeurs U...
Sharon Conheady - Social engineering & social networks (4 novmber Jaarbeurs U...
 

Similar to Effective Cyber Security: Successful Approaches and Experiences

CYBER SECURITY FOR LAW FIRMS
CYBER SECURITY FOR LAW FIRMSCYBER SECURITY FOR LAW FIRMS
CYBER SECURITY FOR LAW FIRMSScott Suhy
 
Enjoy Safer Technology and Defeat Cyber Criminals
Enjoy Safer Technology and Defeat Cyber CriminalsEnjoy Safer Technology and Defeat Cyber Criminals
Enjoy Safer Technology and Defeat Cyber CriminalsStephen Cobb
 
Shining a Light on Cyber Threats from the Dark Web
Shining a Light on Cyber Threats from the Dark WebShining a Light on Cyber Threats from the Dark Web
Shining a Light on Cyber Threats from the Dark WebSurfWatch Labs
 
Digital Forensics 101 – How is it used to protect an Organization’s Data?
Digital Forensics 101 – How is it used to protect an Organization’s Data?Digital Forensics 101 – How is it used to protect an Organization’s Data?
Digital Forensics 101 – How is it used to protect an Organization’s Data?PECB
 
Data security best practices for risk awareness and mitigation
Data security best practices for risk awareness and mitigationData security best practices for risk awareness and mitigation
Data security best practices for risk awareness and mitigationNick Chandi
 
Cybersecurity for Emergency Managers
Cybersecurity for Emergency ManagersCybersecurity for Emergency Managers
Cybersecurity for Emergency ManagersSarah K Miller
 
Threat hunting - Every day is hunting season
Threat hunting - Every day is hunting seasonThreat hunting - Every day is hunting season
Threat hunting - Every day is hunting seasonBen Boyd
 
Hacker risks presentation to ACFE PR Chapter
Hacker risks presentation to ACFE PR ChapterHacker risks presentation to ACFE PR Chapter
Hacker risks presentation to ACFE PR ChapterJose L. Quiñones-Borrero
 
IT Security in a Scientific Research Environment
IT Security in a Scientific Research EnvironmentIT Security in a Scientific Research Environment
IT Security in a Scientific Research EnvironmentNicholas Davis
 
IT Security in a Scientific Research Environment
IT Security in a Scientific Research EnvironmentIT Security in a Scientific Research Environment
IT Security in a Scientific Research EnvironmentNicholas Davis
 
Corporate Intelligence: Bridging the security and intelligence community
Corporate Intelligence: Bridging the security and intelligence communityCorporate Intelligence: Bridging the security and intelligence community
Corporate Intelligence: Bridging the security and intelligence communityantitree
 
Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Stephen Cobb
 
It security in healthcare
It security in healthcareIt security in healthcare
It security in healthcareNicholas Davis
 
Managing Your Digital Footprint - 2012 National BDPA Conference Presentation
Managing Your Digital Footprint - 2012 National BDPA Conference PresentationManaging Your Digital Footprint - 2012 National BDPA Conference Presentation
Managing Your Digital Footprint - 2012 National BDPA Conference PresentationShauna_Cox
 
Working with law enforcement
Working with law enforcementWorking with law enforcement
Working with law enforcementMeg Weber
 
Using Technology and People to Improve your Threat Resistance and Cyber Security
Using Technology and People to Improve your Threat Resistance and Cyber SecurityUsing Technology and People to Improve your Threat Resistance and Cyber Security
Using Technology and People to Improve your Threat Resistance and Cyber SecurityStephen Cobb
 
Cybercrime and the Developer: How to Start Defending Against the Darker Side...
Cybercrime and the Developer: How to Start Defending Against the Darker Side... Cybercrime and the Developer: How to Start Defending Against the Darker Side...
Cybercrime and the Developer: How to Start Defending Against the Darker Side...Steve Poole
 
Perimeter Security: Why it's no longer enough, and where cybersecurity must a...
Perimeter Security: Why it's no longer enough, and where cybersecurity must a...Perimeter Security: Why it's no longer enough, and where cybersecurity must a...
Perimeter Security: Why it's no longer enough, and where cybersecurity must a...ZoneFox
 
Social Engineering - Human aspects of industrial and economic espionage
Social Engineering - Human aspects of industrial and economic espionageSocial Engineering - Human aspects of industrial and economic espionage
Social Engineering - Human aspects of industrial and economic espionageMarin Ivezic
 

Similar to Effective Cyber Security: Successful Approaches and Experiences (20)

CYBER SECURITY FOR LAW FIRMS
CYBER SECURITY FOR LAW FIRMSCYBER SECURITY FOR LAW FIRMS
CYBER SECURITY FOR LAW FIRMS
 
Enjoy Safer Technology and Defeat Cyber Criminals
Enjoy Safer Technology and Defeat Cyber CriminalsEnjoy Safer Technology and Defeat Cyber Criminals
Enjoy Safer Technology and Defeat Cyber Criminals
 
Shining a Light on Cyber Threats from the Dark Web
Shining a Light on Cyber Threats from the Dark WebShining a Light on Cyber Threats from the Dark Web
Shining a Light on Cyber Threats from the Dark Web
 
Digital Forensics 101 – How is it used to protect an Organization’s Data?
Digital Forensics 101 – How is it used to protect an Organization’s Data?Digital Forensics 101 – How is it used to protect an Organization’s Data?
Digital Forensics 101 – How is it used to protect an Organization’s Data?
 
Data security best practices for risk awareness and mitigation
Data security best practices for risk awareness and mitigationData security best practices for risk awareness and mitigation
Data security best practices for risk awareness and mitigation
 
Cybersecurity for Emergency Managers
Cybersecurity for Emergency ManagersCybersecurity for Emergency Managers
Cybersecurity for Emergency Managers
 
Threat hunting - Every day is hunting season
Threat hunting - Every day is hunting seasonThreat hunting - Every day is hunting season
Threat hunting - Every day is hunting season
 
Hacker risks presentation to ACFE PR Chapter
Hacker risks presentation to ACFE PR ChapterHacker risks presentation to ACFE PR Chapter
Hacker risks presentation to ACFE PR Chapter
 
Webinar cybersecurity presentation-6-2018 (final)
Webinar cybersecurity presentation-6-2018 (final)Webinar cybersecurity presentation-6-2018 (final)
Webinar cybersecurity presentation-6-2018 (final)
 
IT Security in a Scientific Research Environment
IT Security in a Scientific Research EnvironmentIT Security in a Scientific Research Environment
IT Security in a Scientific Research Environment
 
IT Security in a Scientific Research Environment
IT Security in a Scientific Research EnvironmentIT Security in a Scientific Research Environment
IT Security in a Scientific Research Environment
 
Corporate Intelligence: Bridging the security and intelligence community
Corporate Intelligence: Bridging the security and intelligence communityCorporate Intelligence: Bridging the security and intelligence community
Corporate Intelligence: Bridging the security and intelligence community
 
Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...
 
It security in healthcare
It security in healthcareIt security in healthcare
It security in healthcare
 
Managing Your Digital Footprint - 2012 National BDPA Conference Presentation
Managing Your Digital Footprint - 2012 National BDPA Conference PresentationManaging Your Digital Footprint - 2012 National BDPA Conference Presentation
Managing Your Digital Footprint - 2012 National BDPA Conference Presentation
 
Working with law enforcement
Working with law enforcementWorking with law enforcement
Working with law enforcement
 
Using Technology and People to Improve your Threat Resistance and Cyber Security
Using Technology and People to Improve your Threat Resistance and Cyber SecurityUsing Technology and People to Improve your Threat Resistance and Cyber Security
Using Technology and People to Improve your Threat Resistance and Cyber Security
 
Cybercrime and the Developer: How to Start Defending Against the Darker Side...
Cybercrime and the Developer: How to Start Defending Against the Darker Side... Cybercrime and the Developer: How to Start Defending Against the Darker Side...
Cybercrime and the Developer: How to Start Defending Against the Darker Side...
 
Perimeter Security: Why it's no longer enough, and where cybersecurity must a...
Perimeter Security: Why it's no longer enough, and where cybersecurity must a...Perimeter Security: Why it's no longer enough, and where cybersecurity must a...
Perimeter Security: Why it's no longer enough, and where cybersecurity must a...
 
Social Engineering - Human aspects of industrial and economic espionage
Social Engineering - Human aspects of industrial and economic espionageSocial Engineering - Human aspects of industrial and economic espionage
Social Engineering - Human aspects of industrial and economic espionage
 

More from InnoTech

"So you want to raise funding and build a team?"
"So you want to raise funding and build a team?""So you want to raise funding and build a team?"
"So you want to raise funding and build a team?"InnoTech
 
Artificial Intelligence is Maturing
Artificial Intelligence is MaturingArtificial Intelligence is Maturing
Artificial Intelligence is MaturingInnoTech
 
What is AI without Data?
What is AI without Data?What is AI without Data?
What is AI without Data?InnoTech
 
Courageous Leadership - When it Matters Most
Courageous Leadership - When it Matters MostCourageous Leadership - When it Matters Most
Courageous Leadership - When it Matters MostInnoTech
 
The Gathering Storm
The Gathering StormThe Gathering Storm
The Gathering StormInnoTech
 
Sql Server tips from the field
Sql Server tips from the fieldSql Server tips from the field
Sql Server tips from the fieldInnoTech
 
Quantum Computing and its security implications
Quantum Computing and its security implicationsQuantum Computing and its security implications
Quantum Computing and its security implicationsInnoTech
 
Converged Infrastructure
Converged InfrastructureConverged Infrastructure
Converged InfrastructureInnoTech
 
Making the most out of collaboration with Office 365
Making the most out of collaboration with Office 365Making the most out of collaboration with Office 365
Making the most out of collaboration with Office 365InnoTech
 
Blockchain use cases and case studies
Blockchain use cases and case studiesBlockchain use cases and case studies
Blockchain use cases and case studiesInnoTech
 
Blockchain: Exploring the Fundamentals and Promising Potential
Blockchain: Exploring the Fundamentals and Promising Potential Blockchain: Exploring the Fundamentals and Promising Potential
Blockchain: Exploring the Fundamentals and Promising Potential InnoTech
 
Business leaders are engaging labor differently - Is your IT ready?
Business leaders are engaging labor differently - Is your IT ready?Business leaders are engaging labor differently - Is your IT ready?
Business leaders are engaging labor differently - Is your IT ready?InnoTech
 
AI 3.0: Is it Finally Time for Artificial Intelligence and Sensor Networks to...
AI 3.0: Is it Finally Time for Artificial Intelligence and Sensor Networks to...AI 3.0: Is it Finally Time for Artificial Intelligence and Sensor Networks to...
AI 3.0: Is it Finally Time for Artificial Intelligence and Sensor Networks to...InnoTech
 
Using Business Intelligence to Bring Your Data to Life
Using Business Intelligence to Bring Your Data to LifeUsing Business Intelligence to Bring Your Data to Life
Using Business Intelligence to Bring Your Data to LifeInnoTech
 
User requirements is a fallacy
User requirements is a fallacyUser requirements is a fallacy
User requirements is a fallacyInnoTech
 
What I Wish I Knew Before I Signed that Contract - San Antonio
What I Wish I Knew Before I Signed that Contract - San Antonio What I Wish I Knew Before I Signed that Contract - San Antonio
What I Wish I Knew Before I Signed that Contract - San Antonio InnoTech
 
Disaster Recovery Plan - Quorum
Disaster Recovery Plan - QuorumDisaster Recovery Plan - Quorum
Disaster Recovery Plan - QuorumInnoTech
 
Share point saturday access services 2015 final 2
Share point saturday access services 2015 final 2Share point saturday access services 2015 final 2
Share point saturday access services 2015 final 2InnoTech
 
Sp tech festdallas - office 365 groups - planner session
Sp tech festdallas - office 365 groups - planner sessionSp tech festdallas - office 365 groups - planner session
Sp tech festdallas - office 365 groups - planner sessionInnoTech
 
Power apps presentation
Power apps presentationPower apps presentation
Power apps presentationInnoTech
 

More from InnoTech (20)

"So you want to raise funding and build a team?"
"So you want to raise funding and build a team?""So you want to raise funding and build a team?"
"So you want to raise funding and build a team?"
 
Artificial Intelligence is Maturing
Artificial Intelligence is MaturingArtificial Intelligence is Maturing
Artificial Intelligence is Maturing
 
What is AI without Data?
What is AI without Data?What is AI without Data?
What is AI without Data?
 
Courageous Leadership - When it Matters Most
Courageous Leadership - When it Matters MostCourageous Leadership - When it Matters Most
Courageous Leadership - When it Matters Most
 
The Gathering Storm
The Gathering StormThe Gathering Storm
The Gathering Storm
 
Sql Server tips from the field
Sql Server tips from the fieldSql Server tips from the field
Sql Server tips from the field
 
Quantum Computing and its security implications
Quantum Computing and its security implicationsQuantum Computing and its security implications
Quantum Computing and its security implications
 
Converged Infrastructure
Converged InfrastructureConverged Infrastructure
Converged Infrastructure
 
Making the most out of collaboration with Office 365
Making the most out of collaboration with Office 365Making the most out of collaboration with Office 365
Making the most out of collaboration with Office 365
 
Blockchain use cases and case studies
Blockchain use cases and case studiesBlockchain use cases and case studies
Blockchain use cases and case studies
 
Blockchain: Exploring the Fundamentals and Promising Potential
Blockchain: Exploring the Fundamentals and Promising Potential Blockchain: Exploring the Fundamentals and Promising Potential
Blockchain: Exploring the Fundamentals and Promising Potential
 
Business leaders are engaging labor differently - Is your IT ready?
Business leaders are engaging labor differently - Is your IT ready?Business leaders are engaging labor differently - Is your IT ready?
Business leaders are engaging labor differently - Is your IT ready?
 
AI 3.0: Is it Finally Time for Artificial Intelligence and Sensor Networks to...
AI 3.0: Is it Finally Time for Artificial Intelligence and Sensor Networks to...AI 3.0: Is it Finally Time for Artificial Intelligence and Sensor Networks to...
AI 3.0: Is it Finally Time for Artificial Intelligence and Sensor Networks to...
 
Using Business Intelligence to Bring Your Data to Life
Using Business Intelligence to Bring Your Data to LifeUsing Business Intelligence to Bring Your Data to Life
Using Business Intelligence to Bring Your Data to Life
 
User requirements is a fallacy
User requirements is a fallacyUser requirements is a fallacy
User requirements is a fallacy
 
What I Wish I Knew Before I Signed that Contract - San Antonio
What I Wish I Knew Before I Signed that Contract - San Antonio What I Wish I Knew Before I Signed that Contract - San Antonio
What I Wish I Knew Before I Signed that Contract - San Antonio
 
Disaster Recovery Plan - Quorum
Disaster Recovery Plan - QuorumDisaster Recovery Plan - Quorum
Disaster Recovery Plan - Quorum
 
Share point saturday access services 2015 final 2
Share point saturday access services 2015 final 2Share point saturday access services 2015 final 2
Share point saturday access services 2015 final 2
 
Sp tech festdallas - office 365 groups - planner session
Sp tech festdallas - office 365 groups - planner sessionSp tech festdallas - office 365 groups - planner session
Sp tech festdallas - office 365 groups - planner session
 
Power apps presentation
Power apps presentationPower apps presentation
Power apps presentation
 

Recently uploaded

Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?XfilesPro
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 

Recently uploaded (20)

Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 

Effective Cyber Security: Successful Approaches and Experiences

  • 1. ISON Effective Cyber security: Successful approaches and experiences April 5, 2012 Presenter Phil Marasco
  • 2. Agenda • Continuing Trends • New Elements • Defensive Techniques • Scaling to “X” • Questions
  • 3. Recent News 60 Minutes did a story on the first known control system attack Source: CBSnews.com
  • 4. Last Week’s News Rock Center did a story on a Trojan used to steal money Source: MSNBC.MSN.com
  • 5. FBI says we are behind Executive Assistant Director of the FBI thinks criminals are ahead.
  • 6. Identity trading is rampant Stolen credit cards are sold in large lots for prices as low as $.40 to $10 depending on interval and method used to collect the information. Personal Identity information commands $25 to $50 (depending on quality).
  • 7. Unpatched exploits on sale Source: Forbes.com
  • 8. Internal vs. External • Historical threats • Us vs. them • Inbound Only (except for “inside jobs”) • Advanced Persistent Threats • Blended attacks/RSA • SPAM/Phishing
  • 9. New Frontiers • Small Business is expanding online • Offering Online “Experiences” • Member-Only Areas • Monetize Social Media • Group-on Discounts • Gift Cards
  • 10. New Dangers • Web sites that store your data • Financial Risks • Personal Information Leakage • Internal Threats • Zombies • FBI and the DNSChanger scam • Brand Exposure (and explosion)
  • 11. New SPAM Vectors US Postal Service couldn’t deliver your package American Airlines wants you to get that $19 fare to NY you left behind during your failed web session The National Check Clearing Center says you are about to bounce a check VISA Security department says your credit card has been blocked PAYPAL says you are suspected of illegal activity A gentleman in the Philippines would like you to hold his inheritance check while he travels to the US. A lawyer in Thailand wants to see if you know a guy who died and will handle his $10 million estate.
  • 12. New Questions • What’s it worth to you? • What can you actually do? • What can be done for me? • How often do I look? In a corporate environment the bigger question is: X vs. 10X vs. 100X
  • 13. New Personal Tools Identity Monitoring • Epic.org (Electronic Privacy Info Center) • http://www.youhavedownloaded.com/ • https://www.pwnedlist.com/ • http://www.Google.com • http://www.Pipl.com • Donttrack.us
  • 15. What we do • Penetration testing • Network • Application • Physical • Security Awareness • Compliance • Security Practice • Policy lifecycle • Security team augmentation
  • 16. Who is ISON? • Managed IT Services Firm • Focus on small to medium business • Extension of an organization – With IT personnel – Without IT personnel • 30+ years industry experience
  • 17. Wrap up • Technical Corporate • Use a patch management process • Implement a secure baseline • Monitor your network • Manage your vulnerabilities • Be careful with remote access • Behaviors • Put security and acceptable use policies in place • Conduct security awareness training regularly • Be careful with your data