SlideShare a Scribd company logo

IT Risk Management In The Age of Wikileaks

A
Anderson Ruysam, BBA (IS) CISSP, CRISC, DevSecOps

This presentation outlines the leaps and bounds of Cloud Computing and Risk Management in the age of enormous global data surveillance, whistle blowers, Wikileaks, data leakage and what to do to protect data.

Technology
1 of 13
Download to read offline
Public IT Risk Management in the Age of Wikileaks Anderson Ruysam, BBA (IS), CISSP, CRISC, ITIL v3 July 2011
2 Agenda • Current IT Security Issue and Concerns (non technical) • Non-technical overview of recent industry breaches “Sony, Amazon, Wikileaks, and Stephen Harper and Ontario Courts webpage defacement”. • How does it relate to us? • Solutions
3 Current Security Breaches and Concerns • Stuxnet Virus - nation-state supported, highly complex, first programmable logic controller (PLC) rootkit worm (July 2010) • Wiki leaks - 779 secret government files leaked relating to prisoners detained in Guantanamo Bay detention camp (April 2011) • Sony Playstation Network Hack - The PlayStation Network outage was the result of an "external intrusion" on Sony's PlayStation Network and Qriocity services, in which personal details from approximately 77 million accounts were stolen and prevented users of PlayStation 3 and PlayStation Portable consoles from playing online through the service. (April 2011) • RSA Hack - sophisticated spear phishing attack that exploited zero day vulnerability to steal authentication information (March 2011) • Lockheed Martin Hack - possible state sponsor complex attack on top secret military systems using stolen RSA authentication data (May 2011)
4 Current Security Breaches and Concerns • Amazon Cloud computing availability issues - Amazon's "Elastic Compute Cloud," part of the online retail company's cloud-computing service that hosts websites for start-ups, experienced latency problems and other errors. (April 2011) • Conservative Website Hack – The website of the Canadian Conservative Party was hacked, and it reported that the Prime Minister Stephen Harper was rushed to hospital. (June 2011) • Hacker groups Anonymous and LulzSec - Anonymous is a group initiating active civil disobedience, they spread through the Internet while staying hidden, representing the concept of many online community users simultaneously existing as an anarchic, digitized global brain. In 2011 they have been involved in the hack of the website of the Irish Political Party Fine Gael, websites for the Government of Tunisia, releasing emails it obtained from Bank of America, and a mass email/fax bomb to the Bay Area Rapid Transit (BART) LulzSec is a computer hacker group that claims responsibility for several high profile attacks, including the compromise of user accounts from Sony Pictures in 2011. The group also claimed responsibility for taking the CIA website offline. The group has been described as a "cyber terrorism group" by the Arizona Department of Public Safety after their systems were compromised and information leaked.
5 2011, Sony hacked 3 times • Playstation Network “PlayStation Network is a free-to-access interactive environment where you can play online games, chat to friends and family around the world and surf the web - and all for free” • The attack “Cyber-security expert Dr. Gene Spafford has told the U.S. House of Representatives that Sony allegedly ignored reports of gaping vulnerabilities on its servers.” • How did they notice it? • How they’ve noticed the impact? Sony’s Stock Drops 2.08 Billion Dollars Since PSN Outage
6 2011, Sony hacked 3 times Asset: Names, addresses, passwords, credit card info, and security answers. Threat: Unauthorized access, disclosure of personal / confidential data Agent: Hackers (Anonymous, Lulzsec Hacktivists), disgruntled employees Vulnerability: “known-vulnerability in non-specified web application server platform” Planned Safeguards: Automated software monitoring to their networks; Enhanced levels of data protection and encryption, new firewalls; Moving the data center to a different location, and Hiring a Chief Information Security Officer (CISO)
7 Today’s Sign up webpage (as of Aug 15th, 2011)
8 Harper hacked by Hash Brown Threat agent: Lulzraft "no useful credit card information was taken and our internal database was not hacked," DeLorey said “The conservatives said no contributor data was accessed..I wonder where this sample came from then!” Donors information gets published, Email to CBC news. Ontario Courts, MOF and TSB have also been hacked this year.
9 Wikileaks We provide an innovative, secure and anonymous way for independent sources around the world to leak information to our journalists
10 Amazon Cloud Incident • Security Process Document • The attack, impact, compensation... • Customer Agreement • We may change, discontinue or add SLA from time to time... • Another outage in Aug 9th. Your Responsibilities You are responsible for properly configuring and using the Service Offerings and taking your own steps to maintain appropriate security, protection and backup of Your Content, which may include the use of encryption technology to protect Your Content from unauthorized access Proprietary DDoS mitigation techniques are used.
11 How does it relate to us? • All IT systems and infrastructure are at risk – whether they are exposed publicly or to just internal users (insiders). • We are all collectively mandated to protect and secure the public’s sensitive and private information • Ontario is the financial capital of Canada, and is a high value target not only to Hackers, but also organized crime units for the purpose of identity theft
12 Solutions • Information Protection Centers – Security Operating Centers are reactive security teams working 24/7 to monitor and protect our networks and data from Hackers, Viruses, Botnets, DDoS attacks etc. • Threat and Risk Assessment (TRA) and Risk Advisory groups provide proactive risk assessments advice to protect data and infrastructures by providing security recommendations such as encryption of sensitive data in transit and in storage, software updates and security patches, proper Business Continuity and Disaster Recovery planning, least-privilege role base access controls, Vulnerability Assessments, Penetration Tests etc. • Vulnerability Assessment and Penetration Testing teams work to test and discover security vulnerabilities.
13 Questions? Anderson Ruysam, BBA (IS), CISSP, CRISC, ITIL v3

Recommended

Top 10 most famous hackers of all time
Top 10 most famous hackers of all timeTop 10 most famous hackers of all time
Top 10 most famous hackers of all timePRESENTATIONSFORESL
 
hacking and its types
hacking and its typeshacking and its types
hacking and its typesBharath Reddy
 
Hacking presentation
Hacking presentationHacking presentation
Hacking presentationdineshgarhwal77
 
Computer Hacking by Rudy
Computer Hacking by RudyComputer Hacking by Rudy
Computer Hacking by RudyUdieh Moody
 
Introduction Ethical hacking by eslam hussein
Introduction Ethical hacking by eslam husseinIntroduction Ethical hacking by eslam hussein
Introduction Ethical hacking by eslam husseinEslam Hussein
 
Research Paper - Hacker Plague
Research Paper - Hacker PlagueResearch Paper - Hacker Plague
Research Paper - Hacker PlagueLuke Perrin
 
C3 Cyber
C3 CyberC3 Cyber
C3 CyberDeepak Kumar (D3)
 
Hacking
Hacking Hacking
Hacking Farkhanda Kiran
 

Recommended

Top 10 most famous hackers of all time
Top 10 most famous hackers of all timeTop 10 most famous hackers of all time
Top 10 most famous hackers of all timePRESENTATIONSFORESL
 
hacking and its types
hacking and its typeshacking and its types
hacking and its typesBharath Reddy
 
Hacking presentation
Hacking presentationHacking presentation
Hacking presentationdineshgarhwal77
 
Computer Hacking by Rudy
Computer Hacking by RudyComputer Hacking by Rudy
Computer Hacking by RudyUdieh Moody
 
Introduction Ethical hacking by eslam hussein
Introduction Ethical hacking by eslam husseinIntroduction Ethical hacking by eslam hussein
Introduction Ethical hacking by eslam husseinEslam Hussein
 
Research Paper - Hacker Plague
Research Paper - Hacker PlagueResearch Paper - Hacker Plague
Research Paper - Hacker PlagueLuke Perrin
 
C3 Cyber
C3 CyberC3 Cyber
C3 CyberDeepak Kumar (D3)
 
Hacking
Hacking Hacking
Hacking Farkhanda Kiran
 
What is Hacking? AND Types of Hackers
What is Hacking? AND Types of HackersWhat is Hacking? AND Types of Hackers
What is Hacking? AND Types of Hackersinfosavvy
 
cyber security and forensic tools
cyber security and forensic toolscyber security and forensic tools
cyber security and forensic toolsSonu Sunaliya
 
Hacking ppt
Hacking pptHacking ppt
Hacking pptgiridhar_sadasivuni
 
Hacking
HackingHacking
Hackingj naga sai
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical HackingDEEPIKA WALIA
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hackingsilambarasansam
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingvishakha bhagwat
 
Course on Ehtical Hacking - Introduction
Course on Ehtical Hacking - IntroductionCourse on Ehtical Hacking - Introduction
Course on Ehtical Hacking - IntroductionBharat Thakkar
 
Computer hacking
Computer hackingComputer hacking
Computer hackingArjun Tomar
 
Protecting Your Business From Cybercrime
Protecting Your Business From CybercrimeProtecting Your Business From Cybercrime
Protecting Your Business From CybercrimeDavid J Rosenthal
 
Hacking and Hackers
Hacking and HackersHacking and Hackers
Hacking and HackersFarwa Ansari
 
Computer crimes and forensics
Computer crimes and forensics Computer crimes and forensics
Computer crimes and forensics Avinash Mavuru
 
ETHICAL HACKING
ETHICAL HACKINGETHICAL HACKING
ETHICAL HACKINGkarthickB24
 
Internet Use, Privacy and security
Internet Use, Privacy and securityInternet Use, Privacy and security
Internet Use, Privacy and securityAwais Haider
 
CYBER TERRORISM
CYBER TERRORISM CYBER TERRORISM
CYBER TERRORISM sherrysher82
 
Dark Web and Threat Intelligence
Dark Web and Threat IntelligenceDark Web and Threat Intelligence
Dark Web and Threat IntelligenceMarlabs
 
Cyber Security work shop by Kapil Mehrotra
Cyber Security work shop by Kapil MehrotraCyber Security work shop by Kapil Mehrotra
Cyber Security work shop by Kapil MehrotraKapil Mehrotra
 
Hacking (1)
Hacking (1)Hacking (1)
Hacking (1)rishirvk1995
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingRamchandraRegmi
 
All about Hacking
All about HackingAll about Hacking
All about HackingMadhusudhan G
 
Hacker risks presentation to ACFE PR Chapter
Hacker risks presentation to ACFE PR ChapterHacker risks presentation to ACFE PR Chapter
Hacker risks presentation to ACFE PR ChapterJose L. Quiñones-Borrero
 
Worst security data breaches till 2015 - SecPod
Worst security data breaches till 2015 - SecPodWorst security data breaches till 2015 - SecPod
Worst security data breaches till 2015 - SecPodSecPod Technologies
 

More Related Content

What's hot

What is Hacking? AND Types of Hackers
What is Hacking? AND Types of HackersWhat is Hacking? AND Types of Hackers
What is Hacking? AND Types of Hackersinfosavvy
 
cyber security and forensic tools
cyber security and forensic toolscyber security and forensic tools
cyber security and forensic toolsSonu Sunaliya
 
Course on Ehtical Hacking - Introduction
Course on Ehtical Hacking - IntroductionCourse on Ehtical Hacking - Introduction
Course on Ehtical Hacking - IntroductionBharat Thakkar
 
Computer hacking
Computer hackingComputer hacking
Computer hackingArjun Tomar
 
Protecting Your Business From Cybercrime
Protecting Your Business From CybercrimeProtecting Your Business From Cybercrime
Protecting Your Business From CybercrimeDavid J Rosenthal
 
Hacking and Hackers
Hacking and HackersHacking and Hackers
Hacking and HackersFarwa Ansari
 
Computer crimes and forensics
Computer crimes and forensics Computer crimes and forensics
Computer crimes and forensics Avinash Mavuru
 
Internet Use, Privacy and security
Internet Use, Privacy and securityInternet Use, Privacy and security
Internet Use, Privacy and securityAwais Haider
 
Dark Web and Threat Intelligence
Dark Web and Threat IntelligenceDark Web and Threat Intelligence
Dark Web and Threat IntelligenceMarlabs
 
Cyber Security work shop by Kapil Mehrotra
Cyber Security work shop by Kapil MehrotraCyber Security work shop by Kapil Mehrotra
Cyber Security work shop by Kapil MehrotraKapil Mehrotra
 

What's hot (20)

What is Hacking? AND Types of Hackers
What is Hacking? AND Types of HackersWhat is Hacking? AND Types of Hackers
What is Hacking? AND Types of Hackers
 
cyber security and forensic tools
cyber security and forensic toolscyber security and forensic tools
cyber security and forensic tools
 
Hacking ppt
Hacking pptHacking ppt
Hacking ppt
 
Hacking
HackingHacking
Hacking
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Course on Ehtical Hacking - Introduction
Course on Ehtical Hacking - IntroductionCourse on Ehtical Hacking - Introduction
Course on Ehtical Hacking - Introduction
 
Computer hacking
Computer hackingComputer hacking
Computer hacking
 
Protecting Your Business From Cybercrime
Protecting Your Business From CybercrimeProtecting Your Business From Cybercrime
Protecting Your Business From Cybercrime
 
Hacking and Hackers
Hacking and HackersHacking and Hackers
Hacking and Hackers
 
Computer crimes and forensics
Computer crimes and forensics Computer crimes and forensics
Computer crimes and forensics
 
ETHICAL HACKING
ETHICAL HACKINGETHICAL HACKING
ETHICAL HACKING
 
Internet Use, Privacy and security
Internet Use, Privacy and securityInternet Use, Privacy and security
Internet Use, Privacy and security
 
CYBER TERRORISM
CYBER TERRORISM CYBER TERRORISM
CYBER TERRORISM
 
Dark Web and Threat Intelligence
Dark Web and Threat IntelligenceDark Web and Threat Intelligence
Dark Web and Threat Intelligence
 
Cyber Security work shop by Kapil Mehrotra
Cyber Security work shop by Kapil MehrotraCyber Security work shop by Kapil Mehrotra
Cyber Security work shop by Kapil Mehrotra
 
Hacking (1)
Hacking (1)Hacking (1)
Hacking (1)
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
All about Hacking
All about HackingAll about Hacking
All about Hacking
 

Similar to IT Risk Management In The Age of Wikileaks

Hacker risks presentation to ACFE PR Chapter
Hacker risks presentation to ACFE PR ChapterHacker risks presentation to ACFE PR Chapter
Hacker risks presentation to ACFE PR ChapterJose L. Quiñones-Borrero
 
Worst security data breaches till 2015 - SecPod
Worst security data breaches till 2015 - SecPodWorst security data breaches till 2015 - SecPod
Worst security data breaches till 2015 - SecPodSecPod Technologies
 
Dave Mahon - CenturyLink & Cyber Security - How Modern Cyber Attacks Are Disr...
Dave Mahon - CenturyLink & Cyber Security - How Modern Cyber Attacks Are Disr...Dave Mahon - CenturyLink & Cyber Security - How Modern Cyber Attacks Are Disr...
Dave Mahon - CenturyLink & Cyber Security - How Modern Cyber Attacks Are Disr...Alisha Deboer
 
Francesca Bosco, Le nuove sfide della cyber security
Francesca Bosco, Le nuove sfide della cyber securityFrancesca Bosco, Le nuove sfide della cyber security
Francesca Bosco, Le nuove sfide della cyber securityAndrea Rossetti
 
2014 GRC Conference in West Palm Beach-Moderated by Sonia Luna
2014 GRC Conference in West Palm Beach-Moderated by Sonia Luna2014 GRC Conference in West Palm Beach-Moderated by Sonia Luna
2014 GRC Conference in West Palm Beach-Moderated by Sonia LunaAviva Spectrum™
 
Event: George Washington University -- National Security Threat Convergence: ...
Event: George Washington University -- National Security Threat Convergence: ...Event: George Washington University -- National Security Threat Convergence: ...
Event: George Washington University -- National Security Threat Convergence: ...Chuck Brooks
 
[Infographic] 7 Cyber attacks that shook the world
[Infographic] 7 Cyber attacks that shook the world[Infographic] 7 Cyber attacks that shook the world
[Infographic] 7 Cyber attacks that shook the worldSeqrite
 
Cyber crime and security
Cyber crime and securityCyber crime and security
Cyber crime and securityMuhammad Hamza
 
Jameel Nabbo Cyber Security conference
Jameel Nabbo Cyber Security conference Jameel Nabbo Cyber Security conference
Jameel Nabbo Cyber Security conference Jameel Nabbo
 
CWFI Presentation Version 1
CWFI Presentation Version 1CWFI Presentation Version 1
CWFI Presentation Version 1Brett L. Scott
 
Refugees on Rails Berlin - #2 Tech Talk on Security
Refugees on Rails Berlin - #2 Tech Talk on SecurityRefugees on Rails Berlin - #2 Tech Talk on Security
Refugees on Rails Berlin - #2 Tech Talk on SecurityGianluca Varisco
 
Insider Attacks: Theft of Intellectual and Proprietary Data
Insider Attacks: Theft of Intellectual and Proprietary DataInsider Attacks: Theft of Intellectual and Proprietary Data
Insider Attacks: Theft of Intellectual and Proprietary DataLindsey Landolfi
 
Protect the Unexpected
Protect the UnexpectedProtect the Unexpected
Protect the UnexpectedCharles Mok
 
Cyber warfare Threat to Cyber Security by Prashant Mali
Cyber warfare Threat to Cyber Security by Prashant MaliCyber warfare Threat to Cyber Security by Prashant Mali
Cyber warfare Threat to Cyber Security by Prashant MaliAdv Prashant Mali
 
Worldwide Cyber Threats report to House Permanent Select Committee on Intelli...
Worldwide Cyber Threats report to House Permanent Select Committee on Intelli...Worldwide Cyber Threats report to House Permanent Select Committee on Intelli...
Worldwide Cyber Threats report to House Permanent Select Committee on Intelli...David Sweigert
 
The 1B Data Leak, TrickBot Gang Shift and Cyber Espionage - F5 SIRT This Week...
The 1B Data Leak, TrickBot Gang Shift and Cyber Espionage - F5 SIRT This Week...The 1B Data Leak, TrickBot Gang Shift and Cyber Espionage - F5 SIRT This Week...
The 1B Data Leak, TrickBot Gang Shift and Cyber Espionage - F5 SIRT This Week...Lior Rotkovitch
 
External threats-to-information-system
External threats-to-information-systemExternal threats-to-information-system
External threats-to-information-systemSouman Guha
 

Similar to IT Risk Management In The Age of Wikileaks (20)

Hacker risks presentation to ACFE PR Chapter
Hacker risks presentation to ACFE PR ChapterHacker risks presentation to ACFE PR Chapter
Hacker risks presentation to ACFE PR Chapter
 
Worst security data breaches till 2015 - SecPod
Worst security data breaches till 2015 - SecPodWorst security data breaches till 2015 - SecPod
Worst security data breaches till 2015 - SecPod
 
Dave Mahon - CenturyLink & Cyber Security - How Modern Cyber Attacks Are Disr...
Dave Mahon - CenturyLink & Cyber Security - How Modern Cyber Attacks Are Disr...Dave Mahon - CenturyLink & Cyber Security - How Modern Cyber Attacks Are Disr...
Dave Mahon - CenturyLink & Cyber Security - How Modern Cyber Attacks Are Disr...
 
Francesca Bosco, Le nuove sfide della cyber security
Francesca Bosco, Le nuove sfide della cyber securityFrancesca Bosco, Le nuove sfide della cyber security
Francesca Bosco, Le nuove sfide della cyber security
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
2014 GRC Conference in West Palm Beach-Moderated by Sonia Luna
2014 GRC Conference in West Palm Beach-Moderated by Sonia Luna2014 GRC Conference in West Palm Beach-Moderated by Sonia Luna
2014 GRC Conference in West Palm Beach-Moderated by Sonia Luna
 
Event: George Washington University -- National Security Threat Convergence: ...
Event: George Washington University -- National Security Threat Convergence: ...Event: George Washington University -- National Security Threat Convergence: ...
Event: George Washington University -- National Security Threat Convergence: ...
 
Do it Best Corp. Techapalooza 2013 Presentation
Do it Best Corp. Techapalooza 2013 PresentationDo it Best Corp. Techapalooza 2013 Presentation
Do it Best Corp. Techapalooza 2013 Presentation
 
[Infographic] 7 Cyber attacks that shook the world
[Infographic] 7 Cyber attacks that shook the world[Infographic] 7 Cyber attacks that shook the world
[Infographic] 7 Cyber attacks that shook the world
 
Cyber crime and security
Cyber crime and securityCyber crime and security
Cyber crime and security
 
Jameel Nabbo Cyber Security conference
Jameel Nabbo Cyber Security conference Jameel Nabbo Cyber Security conference
Jameel Nabbo Cyber Security conference
 
CWFI Presentation Version 1
CWFI Presentation Version 1CWFI Presentation Version 1
CWFI Presentation Version 1
 
Refugees on Rails Berlin - #2 Tech Talk on Security
Refugees on Rails Berlin - #2 Tech Talk on SecurityRefugees on Rails Berlin - #2 Tech Talk on Security
Refugees on Rails Berlin - #2 Tech Talk on Security
 
Insider Attacks: Theft of Intellectual and Proprietary Data
Insider Attacks: Theft of Intellectual and Proprietary DataInsider Attacks: Theft of Intellectual and Proprietary Data
Insider Attacks: Theft of Intellectual and Proprietary Data
 
Protect the Unexpected
Protect the UnexpectedProtect the Unexpected
Protect the Unexpected
 
Cyber warfare Threat to Cyber Security by Prashant Mali
Cyber warfare Threat to Cyber Security by Prashant MaliCyber warfare Threat to Cyber Security by Prashant Mali
Cyber warfare Threat to Cyber Security by Prashant Mali
 
Cyberattacks.pptx
Cyberattacks.pptxCyberattacks.pptx
Cyberattacks.pptx
 
Worldwide Cyber Threats report to House Permanent Select Committee on Intelli...
Worldwide Cyber Threats report to House Permanent Select Committee on Intelli...Worldwide Cyber Threats report to House Permanent Select Committee on Intelli...
Worldwide Cyber Threats report to House Permanent Select Committee on Intelli...
 
The 1B Data Leak, TrickBot Gang Shift and Cyber Espionage - F5 SIRT This Week...
The 1B Data Leak, TrickBot Gang Shift and Cyber Espionage - F5 SIRT This Week...The 1B Data Leak, TrickBot Gang Shift and Cyber Espionage - F5 SIRT This Week...
The 1B Data Leak, TrickBot Gang Shift and Cyber Espionage - F5 SIRT This Week...
 
External threats-to-information-system
External threats-to-information-systemExternal threats-to-information-system
External threats-to-information-system
 

Recently uploaded

[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?XfilesPro
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 

Recently uploaded (20)

[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 

IT Risk Management In The Age of Wikileaks

  • 1. Public IT Risk Management in the Age of Wikileaks Anderson Ruysam, BBA (IS), CISSP, CRISC, ITIL v3 July 2011
  • 2. 2 Agenda • Current IT Security Issue and Concerns (non technical) • Non-technical overview of recent industry breaches “Sony, Amazon, Wikileaks, and Stephen Harper and Ontario Courts webpage defacement”. • How does it relate to us? • Solutions
  • 3. 3 Current Security Breaches and Concerns • Stuxnet Virus - nation-state supported, highly complex, first programmable logic controller (PLC) rootkit worm (July 2010) • Wiki leaks - 779 secret government files leaked relating to prisoners detained in Guantanamo Bay detention camp (April 2011) • Sony Playstation Network Hack - The PlayStation Network outage was the result of an "external intrusion" on Sony's PlayStation Network and Qriocity services, in which personal details from approximately 77 million accounts were stolen and prevented users of PlayStation 3 and PlayStation Portable consoles from playing online through the service. (April 2011) • RSA Hack - sophisticated spear phishing attack that exploited zero day vulnerability to steal authentication information (March 2011) • Lockheed Martin Hack - possible state sponsor complex attack on top secret military systems using stolen RSA authentication data (May 2011)
  • 4. 4 Current Security Breaches and Concerns • Amazon Cloud computing availability issues - Amazon's "Elastic Compute Cloud," part of the online retail company's cloud-computing service that hosts websites for start-ups, experienced latency problems and other errors. (April 2011) • Conservative Website Hack – The website of the Canadian Conservative Party was hacked, and it reported that the Prime Minister Stephen Harper was rushed to hospital. (June 2011) • Hacker groups Anonymous and LulzSec - Anonymous is a group initiating active civil disobedience, they spread through the Internet while staying hidden, representing the concept of many online community users simultaneously existing as an anarchic, digitized global brain. In 2011 they have been involved in the hack of the website of the Irish Political Party Fine Gael, websites for the Government of Tunisia, releasing emails it obtained from Bank of America, and a mass email/fax bomb to the Bay Area Rapid Transit (BART) LulzSec is a computer hacker group that claims responsibility for several high profile attacks, including the compromise of user accounts from Sony Pictures in 2011. The group also claimed responsibility for taking the CIA website offline. The group has been described as a "cyber terrorism group" by the Arizona Department of Public Safety after their systems were compromised and information leaked.
  • 5. 5 2011, Sony hacked 3 times • Playstation Network “PlayStation Network is a free-to-access interactive environment where you can play online games, chat to friends and family around the world and surf the web - and all for free” • The attack “Cyber-security expert Dr. Gene Spafford has told the U.S. House of Representatives that Sony allegedly ignored reports of gaping vulnerabilities on its servers.” • How did they notice it? • How they’ve noticed the impact? Sony’s Stock Drops 2.08 Billion Dollars Since PSN Outage
  • 6. 6 2011, Sony hacked 3 times Asset: Names, addresses, passwords, credit card info, and security answers. Threat: Unauthorized access, disclosure of personal / confidential data Agent: Hackers (Anonymous, Lulzsec Hacktivists), disgruntled employees Vulnerability: “known-vulnerability in non-specified web application server platform” Planned Safeguards: Automated software monitoring to their networks; Enhanced levels of data protection and encryption, new firewalls; Moving the data center to a different location, and Hiring a Chief Information Security Officer (CISO)
  • 7. 7 Today’s Sign up webpage (as of Aug 15th, 2011)
  • 8. 8 Harper hacked by Hash Brown Threat agent: Lulzraft "no useful credit card information was taken and our internal database was not hacked," DeLorey said “The conservatives said no contributor data was accessed..I wonder where this sample came from then!” Donors information gets published, Email to CBC news. Ontario Courts, MOF and TSB have also been hacked this year.
  • 9. 9 Wikileaks We provide an innovative, secure and anonymous way for independent sources around the world to leak information to our journalists
  • 10. 10 Amazon Cloud Incident • Security Process Document • The attack, impact, compensation... • Customer Agreement • We may change, discontinue or add SLA from time to time... • Another outage in Aug 9th. Your Responsibilities You are responsible for properly configuring and using the Service Offerings and taking your own steps to maintain appropriate security, protection and backup of Your Content, which may include the use of encryption technology to protect Your Content from unauthorized access Proprietary DDoS mitigation techniques are used.
  • 11. 11 How does it relate to us? • All IT systems and infrastructure are at risk – whether they are exposed publicly or to just internal users (insiders). • We are all collectively mandated to protect and secure the public’s sensitive and private information • Ontario is the financial capital of Canada, and is a high value target not only to Hackers, but also organized crime units for the purpose of identity theft
  • 12. 12 Solutions • Information Protection Centers – Security Operating Centers are reactive security teams working 24/7 to monitor and protect our networks and data from Hackers, Viruses, Botnets, DDoS attacks etc. • Threat and Risk Assessment (TRA) and Risk Advisory groups provide proactive risk assessments advice to protect data and infrastructures by providing security recommendations such as encryption of sensitive data in transit and in storage, software updates and security patches, proper Business Continuity and Disaster Recovery planning, least-privilege role base access controls, Vulnerability Assessments, Penetration Tests etc. • Vulnerability Assessment and Penetration Testing teams work to test and discover security vulnerabilities.
  • 13. 13 Questions? Anderson Ruysam, BBA (IS), CISSP, CRISC, ITIL v3