Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...Shawn Tuma
Shawn Tuma, a professional "breach guide" (aka, breach quarterback, coach, privacy counsel, etc), is an attorney who has practiced in cyber law since 1999. His day job as Co-Chair of Spencer Fane LLP's Data Privacy and Cybersecurity Practice is leading companies through the cyber incident response and recovery process. In this presentation, he provides a virtual tabletop exercise explaining the lifecycle of responding to a typical ransomware attack through a detailed timeline.
The audio for this presentation, in podcast form, is here: https://www.secureworldexpo.com/resources/podcast-ransomware-attack-lifecycle
Recovering from a Cyber Attack was delivered on February 7, 2018, at the Texas Bar CLE Cybersecurity Workshop course by Todd Hindman, Global Director, Data Breach Response Services of ID Experts Corp. and Shawn Tuma, Cybersecurity & Data Privacy Attorney at Scheef & Stone.
Presentation to the Texas Bar CLE program on Contract Drafting, Review and Negotiation on December 5, 2017 in Austin, Texas, by Cybersecurity & Data Privacy Attorney Shawn Tuma, on October 19, 2017. For more information visit www.businesscyberrisk.com
Cybersecurity Ventures predicts that Ransomware damage costs will exceed $5 billion in 2017, up more than 15X from 2015. This deck by Mat Hamlin, VP of Products at Spanning, and Brian Rutledge, Spanning's Security Engineer, will help you to:
- Understand Vulnerabilities in Various Platforms
- Get Pointers to Prepare for an Attack
- Understand How and Why Backup Helps
Cybersecurity Fundamentals for Legal ProfessionalsShawn Tuma
Cybersecurity & Data Privacy Attorney Shawn Tuma delivered this presentation at the 55th Annual Conference on Intellectual Property Law at The Center for American and International Law on November 13, 2017.
Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016centralohioissa
Key legal data security concerns for 2016; Privacy and security preparation; Vendor management; When and how to engage outside counsel & advisors; EU Privacy update; Sample enforcement actions.
Ponemon Report: Cyber Security Incident Response: Are we as prepared as we th...Lancope, Inc.
Learn about the key mistakes organizations are making when it comes to incident response, presented by the chairman and founder of the Ponemon Institute, Dr. Larry Ponemon, and Lancope’s director of security research, Tom Cross. Then learn about how the right mix of people, processes and technology can dramatically improve your incident response efforts and elevate the importance of the CSIRT within your organization.
Ransomware Has Evolved And So Should Your CompanyVeriato
Ransomware is typically initiated via phishing or social engineering tactics, these attacks often take advantage of human error for the successful delivery of the malware. These criminal organizations are impartial to the size of your organization. They target any company with data, and if you don't pay the ransom, your information could be posted to a public forum or sold on the Dark Web for profit. Most companies unfortunately are forced to pay due to system failure and file corruption.
The scariest about these methods is that the Ransomware doesn't need to be developed by the attackers. Ransomware services can now be purchased on the DarkWeb and used at the Cybercriminal's will (RAAS). As these Ransomware attacks and services evolve, how can companies arm themselves with the right solutions to defend themselves from these evergrowing attacks?
Join us in our latest webinar with Dr. Christine Izuakor (cybersecurity expert) and Jay Godse (head of product dev at Veriato).
Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...Shawn Tuma
Shawn Tuma, a professional "breach guide" (aka, breach quarterback, coach, privacy counsel, etc), is an attorney who has practiced in cyber law since 1999. His day job as Co-Chair of Spencer Fane LLP's Data Privacy and Cybersecurity Practice is leading companies through the cyber incident response and recovery process. In this presentation, he provides a virtual tabletop exercise explaining the lifecycle of responding to a typical ransomware attack through a detailed timeline.
The audio for this presentation, in podcast form, is here: https://www.secureworldexpo.com/resources/podcast-ransomware-attack-lifecycle
Recovering from a Cyber Attack was delivered on February 7, 2018, at the Texas Bar CLE Cybersecurity Workshop course by Todd Hindman, Global Director, Data Breach Response Services of ID Experts Corp. and Shawn Tuma, Cybersecurity & Data Privacy Attorney at Scheef & Stone.
Presentation to the Texas Bar CLE program on Contract Drafting, Review and Negotiation on December 5, 2017 in Austin, Texas, by Cybersecurity & Data Privacy Attorney Shawn Tuma, on October 19, 2017. For more information visit www.businesscyberrisk.com
Cybersecurity Ventures predicts that Ransomware damage costs will exceed $5 billion in 2017, up more than 15X from 2015. This deck by Mat Hamlin, VP of Products at Spanning, and Brian Rutledge, Spanning's Security Engineer, will help you to:
- Understand Vulnerabilities in Various Platforms
- Get Pointers to Prepare for an Attack
- Understand How and Why Backup Helps
Cybersecurity Fundamentals for Legal ProfessionalsShawn Tuma
Cybersecurity & Data Privacy Attorney Shawn Tuma delivered this presentation at the 55th Annual Conference on Intellectual Property Law at The Center for American and International Law on November 13, 2017.
Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016centralohioissa
Key legal data security concerns for 2016; Privacy and security preparation; Vendor management; When and how to engage outside counsel & advisors; EU Privacy update; Sample enforcement actions.
Ponemon Report: Cyber Security Incident Response: Are we as prepared as we th...Lancope, Inc.
Learn about the key mistakes organizations are making when it comes to incident response, presented by the chairman and founder of the Ponemon Institute, Dr. Larry Ponemon, and Lancope’s director of security research, Tom Cross. Then learn about how the right mix of people, processes and technology can dramatically improve your incident response efforts and elevate the importance of the CSIRT within your organization.
Ransomware Has Evolved And So Should Your CompanyVeriato
Ransomware is typically initiated via phishing or social engineering tactics, these attacks often take advantage of human error for the successful delivery of the malware. These criminal organizations are impartial to the size of your organization. They target any company with data, and if you don't pay the ransom, your information could be posted to a public forum or sold on the Dark Web for profit. Most companies unfortunately are forced to pay due to system failure and file corruption.
The scariest about these methods is that the Ransomware doesn't need to be developed by the attackers. Ransomware services can now be purchased on the DarkWeb and used at the Cybercriminal's will (RAAS). As these Ransomware attacks and services evolve, how can companies arm themselves with the right solutions to defend themselves from these evergrowing attacks?
Join us in our latest webinar with Dr. Christine Izuakor (cybersecurity expert) and Jay Godse (head of product dev at Veriato).
Cybersecurity: Cyber Risk Management for Banks & Financial InstitutionsShawn Tuma
Everyone should now understand that no bank or financial institution is immune from cyber risk. Many are now ready to move forward with improving their cyber risk posture but do not know what to do next or how to prioritize their resources. Recognizing that cybersecurity is an overall business risk issue that must be properly managed to comply with many laws and regulations governing banks and financial institutions, this presentation will provide a strategy for how to better understand and manage such risks by:
(1) Providing an overview of the legal and regulatory framework;
(2) Examining the most likely real-world risks; and
(3) Providing strategies for how to manage such risks, including cyber insurance and the development and implementation of an appropriate cyber risk management program (which is not as difficult as it sounds).
Shawn E. Tuma, cybersecurity and data privacy attorney at Spencer Fane, LLP, delivered the presentation titled Cybersecurity: Cyber Risk Management for Banks & Financial Institutions (and Attorneys Who Represent Them) at the Southwest Association of Bank Counsel 42nd Annual Convention on September 20, 2018 (formerly, Texas Association of Bank Counsel).
HOW TO PREPARE FOR AND RESPOND TO A RANDSOMWARE ATTACK [Webinar]Stanton Viaduc
With recent attacks on hospital data catching headlines, we wanted to provide some best practices in this webinar to keep your systems safe and sound! We will be co-presenting this webinar with our partners at Intellisuite IT Solutions.
What you will learn:
How-to use an Intranet to educate staff on IT security
How-to Engage staff in pro-active thinking about IT and patient privacy with a social Intranet tools.
How a proactive IT plan and an Intranet can help keep an organization safe from Ransomware Attacks
How-to publish and ensure readership on HITECH, HIPPA and other IT policies across the entire hospital using a web based Policy Manager
How an Intranet can alert staff of an attack and train staff on ways to prevent attacks
How to leverage layered security to prevent ransomware attack
Important elements of a layer security approach
What to do if ransomware attack evades the initial layer
Risks of vulnerable or unprotected system
Organization’s recourse for getting back to production are restoring from backup or paying the ransom
Do you do enough to keep your source code secure from hackers and thieves? Here's the four-step plan we used to lock down our vital intellectual property.
Symantec Data Loss Prevention- From Adoption to MaturitySymantec
It's bad enough if hackers break into your network. It's even worse if they make off with your confidential data. Read how we use Symantec Data Loss Prevention to keep our most valuable digital assets out of hackers' hands.
GDPR, Data Privacy and Cybersecurity - MIT SymposiumEric Vanderburg
GDPR, Data Privacy, and Cybersecurity presented by Eric Vanderburg and Stephanie Gruber at the MIT Chief Data Officer Information Quality Symposium on July 20, 2018.
The Legal Case for Cybersecurity - SecureWorld Dallas 2017 (Lunch Keynote)Shawn Tuma
Cybersecurity & Data Privacy Attorney Shawn Tuma presents the lunch keynote on the Legal Case for Cybersecurity at SecureWorld-Dallas in 2017.
Here is a link directly to the YouTube video of this presentation: https://youtu.be/3ZeJ86Ebas0
Do you know the internal signs of a compromise? This deck takes you through the process our Mandiant services teams go through to help discover if an organization has been compromised. You can also view the full webinar here: https://www.brighttalk.com/webcast/10703/187133?utm_source=SS
Security Program Guidance and Establishing a Culture of SecurityDoug Copley
Doug Copley and John Kelley present advice for new CISOs, applying a framework model for assessment and measurement, establishing executive support and establishing a culture of security.
Cybersecurity: Cyber Risk Management for Lawyers and ClientsShawn Tuma
Shawn E. Tuma, cybersecurity and data privacy attorney at Spencer Fane, LLP, delivered the presentation titled "Cybersecurity: Cyber Risk Management for Lawyers and Clients" at the Texas Bar CLE's 16th Annual Advanced Business Law Course on November 8, 2018.
Cylance Ransomware - Remediation & Prevention Consulting Data-sheet: Current Ransomware Threat Environment
Today’s ransomware campaigns are very different from what we have seen in the past. On the one hand, ransomware can be easily obtained and used successfully by criminals that have little to no hacking skills, often referred to as Ransomware as a Service (RaaS). On the other hand, we are seeing ransomware being used for much more than just ransoms. In some cases, we have seen it used as a diversion; first harvesting credentials for later use, and then encrypting the drive to keep IT staff occupied while the attacker covers their tracks and accomplishes even more nefarious objectives. And more recently, we are seeing highly opportunistic campaigns that encrypt entire networks in an organization and delete host backups prior to encryption, leaving the entire organization held hostage and unable to operate.
Cylance® offers two complementary service offerings to help organizations address this evolving threat.
Cylance’s Proactive Prevention and Readiness services cater specifically to the ransomware epidemic by:
• Leveragingthepowerofmachinelearningandartificialintelligencetoallowpredictive,autonomous,pre-executionprevention • Providing world-renowned, highly sought after, knowledgeable consultants with the expertise to facilitate remediation of a
ransomware attack
• Imparting wisdom BEFORE the attack occurs to ensure the best preparation, preventative technologies, and workflows are
in place
Building a Strategic Plan for Your Security Awareness ProgramPriyanka Aash
The key to securing your employees behaviors is an effective strategic plan that is both realistic and supported by your leadership. Learn how other organizations are doing this and how you can apply their lessons learned to build your own strategic plan when you get back to your organization.
(Source: RSA Conference USA 2017)
Cybersecurity: Cyber Risk Management for Banks & Financial InstitutionsShawn Tuma
Everyone should now understand that no bank or financial institution is immune from cyber risk. Many are now ready to move forward with improving their cyber risk posture but do not know what to do next or how to prioritize their resources. Recognizing that cybersecurity is an overall business risk issue that must be properly managed to comply with many laws and regulations governing banks and financial institutions, this presentation will provide a strategy for how to better understand and manage such risks by:
(1) Providing an overview of the legal and regulatory framework;
(2) Examining the most likely real-world risks; and
(3) Providing strategies for how to manage such risks, including cyber insurance and the development and implementation of an appropriate cyber risk management program (which is not as difficult as it sounds).
Shawn E. Tuma, cybersecurity and data privacy attorney at Spencer Fane, LLP, delivered the presentation titled Cybersecurity: Cyber Risk Management for Banks & Financial Institutions (and Attorneys Who Represent Them) at the Southwest Association of Bank Counsel 42nd Annual Convention on September 20, 2018 (formerly, Texas Association of Bank Counsel).
HOW TO PREPARE FOR AND RESPOND TO A RANDSOMWARE ATTACK [Webinar]Stanton Viaduc
With recent attacks on hospital data catching headlines, we wanted to provide some best practices in this webinar to keep your systems safe and sound! We will be co-presenting this webinar with our partners at Intellisuite IT Solutions.
What you will learn:
How-to use an Intranet to educate staff on IT security
How-to Engage staff in pro-active thinking about IT and patient privacy with a social Intranet tools.
How a proactive IT plan and an Intranet can help keep an organization safe from Ransomware Attacks
How-to publish and ensure readership on HITECH, HIPPA and other IT policies across the entire hospital using a web based Policy Manager
How an Intranet can alert staff of an attack and train staff on ways to prevent attacks
How to leverage layered security to prevent ransomware attack
Important elements of a layer security approach
What to do if ransomware attack evades the initial layer
Risks of vulnerable or unprotected system
Organization’s recourse for getting back to production are restoring from backup or paying the ransom
Do you do enough to keep your source code secure from hackers and thieves? Here's the four-step plan we used to lock down our vital intellectual property.
Symantec Data Loss Prevention- From Adoption to MaturitySymantec
It's bad enough if hackers break into your network. It's even worse if they make off with your confidential data. Read how we use Symantec Data Loss Prevention to keep our most valuable digital assets out of hackers' hands.
GDPR, Data Privacy and Cybersecurity - MIT SymposiumEric Vanderburg
GDPR, Data Privacy, and Cybersecurity presented by Eric Vanderburg and Stephanie Gruber at the MIT Chief Data Officer Information Quality Symposium on July 20, 2018.
The Legal Case for Cybersecurity - SecureWorld Dallas 2017 (Lunch Keynote)Shawn Tuma
Cybersecurity & Data Privacy Attorney Shawn Tuma presents the lunch keynote on the Legal Case for Cybersecurity at SecureWorld-Dallas in 2017.
Here is a link directly to the YouTube video of this presentation: https://youtu.be/3ZeJ86Ebas0
Do you know the internal signs of a compromise? This deck takes you through the process our Mandiant services teams go through to help discover if an organization has been compromised. You can also view the full webinar here: https://www.brighttalk.com/webcast/10703/187133?utm_source=SS
Security Program Guidance and Establishing a Culture of SecurityDoug Copley
Doug Copley and John Kelley present advice for new CISOs, applying a framework model for assessment and measurement, establishing executive support and establishing a culture of security.
Cybersecurity: Cyber Risk Management for Lawyers and ClientsShawn Tuma
Shawn E. Tuma, cybersecurity and data privacy attorney at Spencer Fane, LLP, delivered the presentation titled "Cybersecurity: Cyber Risk Management for Lawyers and Clients" at the Texas Bar CLE's 16th Annual Advanced Business Law Course on November 8, 2018.
Cylance Ransomware - Remediation & Prevention Consulting Data-sheet: Current Ransomware Threat Environment
Today’s ransomware campaigns are very different from what we have seen in the past. On the one hand, ransomware can be easily obtained and used successfully by criminals that have little to no hacking skills, often referred to as Ransomware as a Service (RaaS). On the other hand, we are seeing ransomware being used for much more than just ransoms. In some cases, we have seen it used as a diversion; first harvesting credentials for later use, and then encrypting the drive to keep IT staff occupied while the attacker covers their tracks and accomplishes even more nefarious objectives. And more recently, we are seeing highly opportunistic campaigns that encrypt entire networks in an organization and delete host backups prior to encryption, leaving the entire organization held hostage and unable to operate.
Cylance® offers two complementary service offerings to help organizations address this evolving threat.
Cylance’s Proactive Prevention and Readiness services cater specifically to the ransomware epidemic by:
• Leveragingthepowerofmachinelearningandartificialintelligencetoallowpredictive,autonomous,pre-executionprevention • Providing world-renowned, highly sought after, knowledgeable consultants with the expertise to facilitate remediation of a
ransomware attack
• Imparting wisdom BEFORE the attack occurs to ensure the best preparation, preventative technologies, and workflows are
in place
Building a Strategic Plan for Your Security Awareness ProgramPriyanka Aash
The key to securing your employees behaviors is an effective strategic plan that is both realistic and supported by your leadership. Learn how other organizations are doing this and how you can apply their lessons learned to build your own strategic plan when you get back to your organization.
(Source: RSA Conference USA 2017)
Cyber Security presentation for the GS-GMIS in Columbia, SC on 7-19-2018, 125 people present, discussion at an Executive level to help Project Managers better understand Cyber Security and recent updates and guidance to help you plan for your company
Information Technology Security ManagementMITSDEDistance
The PGDM in Information Technology at MITSDE follows the curriculum set by the IT Management Institute,
providing thorough instruction delivered by seasoned professionals.
The Crucial Role of IT Network Support Services.docxTheWalkerGroup1
Our IT network support services are essential for the smooth functioning and security of our business networks. We provide troubleshooting, maintenance, and monitoring to ensure uninterrupted operations and secure data management. Discover the benefits of our IT network support services at The Walker Group.
The GDPR requires organizations — both “data controllers” and “data processors” — to strengthen their data protection and security measures to protect the personally identifiable information (PII) of EU citizens, and to demonstrate their compliance at any time. See how Quest solutions can help make it easier to ensure that your customer on-premises, cloud or hybrid environment meets GDPR compliance requirements.
The Legal Case for Cyber Risk Management Programs and What They Should IncludeShawn Tuma
Cybersecurity & Data Privacy Attorney Shawn Tuma presented this session to The American Institute of Architects' Large Firm Round Table on March 15, 2018. For more of Shawn Tuma's presentations please visit: https://shawnetuma.com/presentations/
With 2014 being noted as “The Year of the Breach,” many businesses are still unprepared or not properly protected from numerous security threats. So what can your business do to help keep sensitive data safe? Check out the following slideshow to learn how to protect yourself and your business from threats. Contact the IT Security experts at MTG today to protect your organization!
With the increasing number of data breaches and cyber attacks, it's becoming clear that traditional security measures are no longer sufficient. Zero Trust security is an approach that assumes no user, device, or network is trustworthy by default. This seminar will explore the concept of Zero Trust and its application to data security.
During this seminar, we will cover a range of topics related to Zero Trust and data security, including the history and evolution of Zero Trust, the key principles of Zero Trust, and the different applications of Zero Trust in data security. We will also discuss the impact of Zero Trust on the job market and the skills required to work effectively with this approach.
Through a combination of lectures, case studies, and interactive discussions, attendees will gain a comprehensive understanding of the potential benefits of implementing a Zero Trust approach to data security. They will leave the seminar with practical insights and strategies to effectively leverage Zero Trust to protect their organization's data.
Learning Objectives:
Upon completion of this seminar, participants will be able to:
1. Understand the history and evolution of Zero Trust and its application to data security.
2. Gain insights into the key principles of Zero Trust and the different applications of this approach in data security.
3. Learn about the potential benefits and challenges of implementing a Zero Trust approach to data security.
4. Develop practical strategies for effectively leveraging Zero Trust to protect their organization's data.
5. Network with other industry professionals to share insights and best practices.
ISO/IEC 27001 & ISO/IEC 27002:2022: What you need to knowPECB
Data is one of the most crucial assets within an organization, hence, it is highly important to prioritize its security.
How would ISO/IEC 27002:2022 and ISO/IEC 27001 help you in this regard?
The webinar covers
• ISO/IEC 27001
• Latest changes in the ISO/IEC 27002:2022
• The relation between ISO/IEC 27001 and ISO/IEC 27002:2022
• How the latest changes in the ISO/IEC 27002:2022 impacts your business?
Presenters:
Carl Carpenter
Carl is a former CISO of a $6B entity where he was responsible for protecting data of all types and regulatory environments such as FFIEC, HIPAA, and PCI as well as working with the FBI, IRS, and US Department of Labor around investigations relating to money laundering. He has performed assessments against Fortune 10 and 50 companies in the areas of GDPR, CCPA, ISO/IEC 27001 and currently performs CMMC assessments as well as CMMC pre-audit support to help ensure a successful CMMC audit. Prior to that, Carl retired from the US Military where he was involved in counter-terrorist, counter-narcotics, counter-intelligence operations and training foreign military members in these same concepts. Carl is also a PECB trainer in ISO/IEC 27001, ISO/IEC 27032, and CMMC Foundations and holds numerous other certifications.
In 2016, Carl joined Arrakis Consulting where he started as an auditor and providing CISO-as-a-Service to small or medium sized companies that needed more experience without increased cost. In 2017, Carl added active penetration testing to his portfolio of skills and routinely performs penetration tests against companies of all sizes. Carl also trains people on a variety of skills such as penetration testing, network engineering, network administration, OSI model, subnetting, etc…
Carl holds a Bachelors from Western Governors University in Network Security and Operations as well as numerous certifications from ITIL, Cisco, CompTIA, Microsoft, CMMC-AB, ISACA, OneTrust, RSA, PCI Council, Citrix, and Novell
Andreas Christoforides
Mr. Christoforides is an active IT auditor and a trainer for a various organization on Information Security Management Systems. He is a member of the Cyprus Computer Society, a PECB certified trainer for ISO/IEC 27001, ISO 22301 and GDPR CDPO, and a former Deputy Head of IT Infrastructure at a Bulgarian Leading Bank.
In 2019, he joined BEWISE and delivered to clients a wide range of Cybersecurity projects in the areas of strategy, governance and risk management, data privacy and protection (GDPR), and business resilience and recovery. He conducts IT Risk Assessments and develops IT policies and procedures towards establishing an effective and secure IT Governance framework.
Mr. Christoforides holds a BEng degree from Birmingham City University and a variety of other qualifications from Microsoft and CISCO.
YouTube video: https://youtu.be/tWyuEiXVHnY
Protecting health and life science organizations from breaches and ransomwareCloudera, Inc.
3 Things to Learn About:
* 1. Ransomware is a particular problem and currently the highest priority for healthcare organizations. Machine learning can use the structure of a malicious email to detect an attack even before the email is opened.
* 2. Big data architectures provide the machine-learning models with the volume and variety of data required to achieve complete visibility across the spectrum of IT activity—from packets to logs to alerts.
* 3. Intel and industry partners are currently running one-hour, complimentary, confidential benchmark engagements for HLS organizations that want to see how their security compares with the industry .
Jorge Plascencia, Senior Account Manager at Laser App Software show Laser App Fusion, Laser App for your website at the 2017 Financial Services Conference in San Francisco.
Chris Maury, RIA Channel Manager for Laser App Software, unveils Propel, the fastest way to open new accounts.Presented at the Laser App Software 2017 Financial services conference.
Financial Services Conference 2017 Robert Powell, VP of Marketing and Sales presents 3 new innovations ( Propel, Fusion, Salesforce Accelerator) from Laser App.
Sharpen existing tools or get a new toolbox? Contemporary cluster initiatives...Orkestra
UIIN Conference, Madrid, 27-29 May 2024
James Wilson, Orkestra and Deusto Business School
Emily Wise, Lund University
Madeline Smith, The Glasgow School of Art
0x01 - Newton's Third Law: Static vs. Dynamic AbusersOWASP Beja
f you offer a service on the web, odds are that someone will abuse it. Be it an API, a SaaS, a PaaS, or even a static website, someone somewhere will try to figure out a way to use it to their own needs. In this talk we'll compare measures that are effective against static attackers and how to battle a dynamic attacker who adapts to your counter-measures.
About the Speaker
===============
Diogo Sousa, Engineering Manager @ Canonical
An opinionated individual with an interest in cryptography and its intersection with secure software development.
Acorn Recovery: Restore IT infra within minutesIP ServerOne
Introducing Acorn Recovery as a Service, a simple, fast, and secure managed disaster recovery (DRaaS) by IP ServerOne. A DR solution that helps restore your IT infra within minutes.
This presentation by Morris Kleiner (University of Minnesota), was made during the discussion “Competition and Regulation in Professions and Occupations” held at the Working Party No. 2 on Competition and Regulation on 10 June 2024. More papers and presentations on the topic can be found out at oe.cd/crps.
This presentation was uploaded with the author’s consent.
Have you ever wondered how search works while visiting an e-commerce site, internal website, or searching through other types of online resources? Look no further than this informative session on the ways that taxonomies help end-users navigate the internet! Hear from taxonomists and other information professionals who have first-hand experience creating and working with taxonomies that aid in navigation, search, and discovery across a range of disciplines.
1. Sid Yenamandra
CEO & Co-Founder
sid@entreda.com
PREDICTIVE CYBERSECURITY RISK
MITIGATION SOFTWARE FOR
REGULATED ENTERPRISES
2. Seasoned leadership team
Management Team, Board Members & Investors
Sid Yenamandra
Co-founder and CEO
• Advisor, Memoir Systems (Cisco); VP
Product at Plato Networks
(Netlogic/Broadcom)
• Sr. Director of NSA funded crypto-
acceleration project
• Co-founder of multiple start-up’s
• BS EECS, UC Berkeley
Farshad Ghaffari
Co-founder, Engineering Ops
• Application Engineering, Broadcom
supporting Cisco, Netgear and 2Wire
• Network Stack Development at Sun
Microsystems
• BS EECS, UC Berkeley
Shirish Phatak
Architect
• Co-founder, Talon Storage
• CTO of Wide Area File Services at
Packeteer
Co-founder at Tacit Networks (Packeteer)
• MS IIT, MPhil Rutgers
Jay Sethuram
Chairman, Entreda
• Co-founder Fiberlane, Cerent (Cisco)
• Co-founder, StratumOne (Cisco)
• Founding Director, APIgee
• LP in multiple venture funds
Ajay Goel
Strategy and Business Development
• Managing Director for Symantec
Corporation for India and SAARC countries
• Senior Vice President (Cisco Systems, India
and SAARC)
• Country Director (Sun Microsystems)
Jens Horstmann
Partner Crestlight Ventures
• Inventor of Redbox Technology
• Founder & CEO DVDplay (NCR)
• Advisor to multiple start-up’s
• LP Founder’s Fund
2
3. Corporate highlights
• Silicon-valley based Start-up
• Cybersecurity risk management software
• 1st market: Financial services (Broker-Dealers)
• VC funded – Crestlight VC & angel investors
• Global Team - 30 Employees, HQ San Mateo CA
• Multiple patents filed, 1 granted to date
• Unify for Financial Services launch - Q4CY14
• Signed-up 10K+ business users over 30 months
• Achieved Operational B/E in Q4, 2016
• Revenue mix - 50%/50% SMB/Enterprise
• 300% Y-o-Y growth for last 2 years
• Listed in FINRA’s compliance vendor directory
Company
Background
Corporate
Milestones
3
4. Premier customer partnerships in financial services in place
B-D wide mandate to use
our software
2 of 5 largest branch offices use
our software
Shortlisted as a compliance
resource provider
Partnership to offer our
software to 100K+ RIA firms
Partnership to offer our
software to 5K+ RIA firms
Partnership to offer our software
to 80K+ RIA firms
7th
largest US Insurance
Company owns 4 B-Ds
#1
Independent Broker
Dealer in the U.S.
4
5. Our breakthrough:
Pro-active risk mitigation for users, devices & networks
Today
Manual and Siloed
Automated
Integrated
IT Service Delivery
and Support
IT Governance, Risk
and Compliance
ITSoftwareManagement
User
Authentication
Log
Analysis
VPN
Remote
Desktop
Anti-virus MDM
Patch
Management
Firewall/IDS
Asset
Tracking
Password
Manager
Incident
Reporting
Data-DrivenWorkflow-based
Cyber
Risk
Score:
690
5
6. Automated cybersecurity policy enforcement
with integrated remediation applications
User installs light-weight
Entreda agent software
on all devices including
mobile devices.
Active
Monitoring Agent
Multi-user
Console
GRC integrated
with IT Software
24x7 Compliance
Reports
Compliance analytics
integrated with applications enables
intuitive and
automated user experience.
Single pane-of-glass
management for cybersecurity
policy enforcement with
real-time analytics.
Easy to understand alerts and
reports inline with
SEC & FINRA regulatory policy
guidelines.
• Behavioral scoring
• Contextual Remediations
• Real-time notifications
Secure Remote
Desktop
User
Management
Auto
VPN
File sharing
Policy Engine
SMRH:434326567.4 -1-
[FORM OF] INFORMATION SECURITY POLICY
[Tip: This Information Security Policy is only a form and must be customized to your business. Please
see the disclaimers below.]
Purpose. The purpose of this Information Security Policy (this “Policy”) is to comply with all applicable
laws and regulations designed to protect the nonpublic personal information (the “Private Information”)
of the customers (the “Customers”) advised by [insert Firm Name] (“Firm”, “we”, “us” or “our”) who
are natural persons, as well as natural persons consisting of our employees and service providers with
whom Firm does business (each, a “Protected Person”). The Information Security Policy is designed to
accomplish the following: (a) to ensure the security and confidentiality of Private Information in a manner
consistent with industry standards and as required by applicable state and federal law; (b) to protect
against any anticipated threats or hazards to the security or integrity of the Private Information; and (c) to
protect against unauthorized access to or use of the Private Information that could result in substantial risk
of harm or inconvenience to any Protected Person.
Compliance Officer. ____________________ is our Information Security Policy “Compliance Officer.”
It is [his][her] responsibility to implement, maintain, administer and coordinate the effectiveness of the
Information Security Policy. Any questions or comments regarding this Policy should be directed to the
Compliance Officer. Following the resignation or removal of the current Compliance Officer, the Firm
shall as soon as reasonably practicable appoint another person as the new Compliance Officer. [Tip:
Generally, the Compliance Officer is an employee of the Firm. In certain instances, the Compliance
Officer may be from a third party vendor that provides certain outsourced services to the Firm.]
Risk Assessment. As of the adoption of this Policy, we have identified the following potential risks to the
security, confidentiality and integrity of Private Information that could result in the unauthorized
disclosure, misuse, alteration, or other compromise of such information: [Tip: The Firm should run an
initial risk assessment with Entreda’s assistance at the beginning of the relationship with Entreda to
analyze the risks that the Firm has. The below is a sample set of risks that a Firm may have and may not
represent all the risks of a particular firm.]
• Unauthorized access to documents containing Private Information by our personnel, service
providers, Protected Persons or third parties;
• Inappropriate use or disclosure of Private Information by personnel, service providers, Protected
Persons or third parties who are authorized to have access to Private Information;
• General security risks posed to our information technology system, including the theft of
computers or other equipment permitting access to Private Information, the loss of Private
Information due to electrical outages or other computer system failures, and the introduction of
viruses into our information technology system; and
• The loss of documents containing Private Information through unanticipated physical hazards
such as fire, earthquakes, floods or other natural disasters.
The Compliance Officer shall periodically re-assess the reasonably foreseeable risks to the security,
confidentiality and integrity of Private Information. Such assessment will include analysis of, among
other things, (i) the effectiveness of personnel training and management with regard to the treatment and
handling of Private Information, (ii) the reliability and suitability of our information technology systems
in light of the objectives of this Policy, including network software design, as well as information
processing, storage, transmission and disposal, and (iii) the ability to detect, prevent and respond to
attacks, intrusions or other system failures.
Limiting Private Information. The Firm will generally limit the amount of Private Information collected
to that reasonably necessary to accomplish the legitimate purpose for which it is collected. [Option 1:
Weekly reports Cyber security
Policy
6
7. Cybersecurity Risk Mitigation with Predictive Analytics
7
Risk Heuristics
3rd Party threat databases, customers
IT Governance, Risk and
Compliance controls
GRC Frameworks – HIPAA, SEC, FINRA
Cybersecurity Applications
SIEM Anti-virus Firewall
Networks
Devices
Users
Enterprise
Device
Data
User
Behavior
Network
Data
Predictive
Scoring
Policy
Engine
Decision
Engine
Pattern
log
Remediation
Services
Alerts and
Notifications
Cybersecurity R
isk Score
690
8. Our unique and sustainable advantage …
Team expertise
with heterogeneous
platforms and devices
Technology Patents
filed on analytics and service
provisioning framework
Partnerships
with B-D, RIA, MF
and custodial platforms
Cybersecurity Risk Mitigation Software
Data-driven architecture
• Analytics-first approach
• Predictive modeling and ML
Hybrid cloud policy orchestration
• Monitoring, remediation and reporting for cloud
and/or on-premise infrastructure
Built-in remediation apps
• Custom developed thin applications
• Scalability with 3rd Party API integrations
8