Развитие безопасных технологий в России. Существуют ли возможности импортозам...SelectedPresentations
VII Уральский форум
Информационная безопасность банков
Пленарное заседание. Часть II
Информационная безопасность в банковском секторе.
Вихорев Сергей Викторович, заместитель генерального директора компании «ЭЛВИС-ПЛЮС»
Источник: http://ural.ib-bank.ru/materials_2015
John W. Pirc from Hewlett Packard/HP Security Research gave a presentation on the real economics of cybercrime. Some key statistics were provided, such as over 8,300 malware infections occurring daily and cybercrime costs totaling around $4.1 million USD. The presentation also discussed strategies for effective defense based on principles from The Art of War, emphasizing that opponents should not know how defenses will be employed and that appearing where least expected can help secure systems.
This document contains no summary text. It appears to be a technical diagram showing various IT systems and components with labels but no descriptive text. The diagram includes labels for systems like CSDIP/I, AAMVA, CAS, NSTIC, PIV-I, SICAM and components like Citizen Centric Portal, Health Benefit Exchange, Enterprise Service Bus, Workflow Engine, Business Rules Engine, Agency Data, EDM - Enterprise Data Management, Agency Web App/Service, Data Warehouse, Document Management, Commonwealth Authentication Service, along with contact information for two individuals.
This document discusses privacy and provides a mathematical formula for calculating privacy based on effort, knowledge, and awareness. It defines privacy as separation from a group or environment and notes that privacy depends on the amount of effort put into mitigation actions, one's knowledge of privacy concepts and technologies, and overall awareness of how one's data is exposed. The document presents examples of how different combinations of these factors can result in higher or lower levels of privacy. It encourages increasing effort, knowledge, and awareness to improve privacy according to the formula P=E(K+A).
The document discusses the potential for mass mobile device compromises through exploit kits. It outlines how exploit kits currently work on desktop computers and how their methods could translate to mobile. Mobile devices are increasingly popular and contain sensitive user information, making them attractive targets. Exploit kits already identify mobile clients and mobile malware exists, so the remaining barrier is connecting these threats through mobile-specific exploits. With profiling of mobile platforms, targeted mobile exploits could efficiently compromise users on a large scale similar to existing desktop attacks.
This document outlines a roadmap toward building a more secure and resilient cyber ecosystem. It discusses improving static defenses through measures like infrastructure hardening, continuous authentication, and security awareness training. It also discusses improving dynamic defenses through real-time information sharing, continuous monitoring, and automated responses to threats. The document notes barriers remain and additional steps are required to fully achieve the goal of a secure cyber ecosystem.
The seminar agenda covers various security leadership topics over half day sessions. The first session discusses the maturity lifecycle of a security program. The second session focuses on building a security team and provides five lessons from experience. The third session examines the role of the CISO in providing influence and decision support through effective communication and relationship building. The final session questions whether security leaders are fighting the wrong battles.
John Hawley from CA Technologies and Bill Sieglein from CISO Executive Network discuss how security needs to evolve from protecting the network perimeter to focusing on identity management. As applications move to the cloud and users access systems from anywhere, the traditional network perimeter is no longer sufficient. Security functions must adapt to focus on controlling identity and access management across cloud services, mobile users, partners, and more. The top lesson is for security professionals to stay relevant by understanding executive priorities and reporting on issues important to business leaders rather than technical details.
Развитие безопасных технологий в России. Существуют ли возможности импортозам...SelectedPresentations
VII Уральский форум
Информационная безопасность банков
Пленарное заседание. Часть II
Информационная безопасность в банковском секторе.
Вихорев Сергей Викторович, заместитель генерального директора компании «ЭЛВИС-ПЛЮС»
Источник: http://ural.ib-bank.ru/materials_2015
John W. Pirc from Hewlett Packard/HP Security Research gave a presentation on the real economics of cybercrime. Some key statistics were provided, such as over 8,300 malware infections occurring daily and cybercrime costs totaling around $4.1 million USD. The presentation also discussed strategies for effective defense based on principles from The Art of War, emphasizing that opponents should not know how defenses will be employed and that appearing where least expected can help secure systems.
This document contains no summary text. It appears to be a technical diagram showing various IT systems and components with labels but no descriptive text. The diagram includes labels for systems like CSDIP/I, AAMVA, CAS, NSTIC, PIV-I, SICAM and components like Citizen Centric Portal, Health Benefit Exchange, Enterprise Service Bus, Workflow Engine, Business Rules Engine, Agency Data, EDM - Enterprise Data Management, Agency Web App/Service, Data Warehouse, Document Management, Commonwealth Authentication Service, along with contact information for two individuals.
This document discusses privacy and provides a mathematical formula for calculating privacy based on effort, knowledge, and awareness. It defines privacy as separation from a group or environment and notes that privacy depends on the amount of effort put into mitigation actions, one's knowledge of privacy concepts and technologies, and overall awareness of how one's data is exposed. The document presents examples of how different combinations of these factors can result in higher or lower levels of privacy. It encourages increasing effort, knowledge, and awareness to improve privacy according to the formula P=E(K+A).
The document discusses the potential for mass mobile device compromises through exploit kits. It outlines how exploit kits currently work on desktop computers and how their methods could translate to mobile. Mobile devices are increasingly popular and contain sensitive user information, making them attractive targets. Exploit kits already identify mobile clients and mobile malware exists, so the remaining barrier is connecting these threats through mobile-specific exploits. With profiling of mobile platforms, targeted mobile exploits could efficiently compromise users on a large scale similar to existing desktop attacks.
This document outlines a roadmap toward building a more secure and resilient cyber ecosystem. It discusses improving static defenses through measures like infrastructure hardening, continuous authentication, and security awareness training. It also discusses improving dynamic defenses through real-time information sharing, continuous monitoring, and automated responses to threats. The document notes barriers remain and additional steps are required to fully achieve the goal of a secure cyber ecosystem.
The seminar agenda covers various security leadership topics over half day sessions. The first session discusses the maturity lifecycle of a security program. The second session focuses on building a security team and provides five lessons from experience. The third session examines the role of the CISO in providing influence and decision support through effective communication and relationship building. The final session questions whether security leaders are fighting the wrong battles.
John Hawley from CA Technologies and Bill Sieglein from CISO Executive Network discuss how security needs to evolve from protecting the network perimeter to focusing on identity management. As applications move to the cloud and users access systems from anywhere, the traditional network perimeter is no longer sufficient. Security functions must adapt to focus on controlling identity and access management across cloud services, mobile users, partners, and more. The top lesson is for security professionals to stay relevant by understanding executive priorities and reporting on issues important to business leaders rather than technical details.
The document discusses evaluating the root causes of "stupidity" or non-compliance with information security policies through a framework that analyzes execution failures in terms of awareness, capability, motivation, expectations, skills, resources, benefits, and liabilities; it provides an example process and results from analyzing instances of non-compliance using this framework; the results can then be used to develop targeted strategies to address the underlying causes of non-compliance.
Создание национальной системы платежных карт с использованием отечественных HSMSelectedPresentations
VII Уральский форум
Информационная безопасность банков
ТЕМАТИЧЕСКОЕ ЗАСЕДАНИЕ № 1
Банковский фрод
Простов Владимир Михайлович, сотрудник ФСБ России
Источник: http://ural.ib-bank.ru/materials_2015
The document discusses legal issues around employers monitoring employee communications and activities via mobile devices. It begins with an introduction of the presenters and provides historical context on privacy laws. It then examines different scenarios regarding employer monitoring of corporate-owned vs. personal devices and communications. Key considerations discussed include employee consent, reasonable expectations of privacy, and compliance with federal and state wiretapping and privacy laws. The document concludes with some general takeaways around the lack of clear legal lines with new technologies and importance of network use policies.
Опыт противодействия целенаправленным атакам в финансовых организацияхSelectedPresentations
VII Уральский форум
Информационная безопасность банков
ТЕМАТИЧЕСКОЕ ЗАСЕДАНИЕ № 1
Банковский фрод
Безкоровайный Денис Игоревич, руководитель направления по работе с финансовыми организациями Trend Micro
Источник: http://ural.ib-bank.ru/materials_2015
Representatives from security companies discussed managing risks from increased use of consumer mobile devices for work. They released a guidebook providing strategies for balancing risks and opportunities. It recommends understanding business value, constructing a picture of fast-changing mobile risks, establishing cross-functional governance, and creating a mobile security action plan. The panel discussed realizing the need for a new security model that protects data rather than devices, implements security without hindering user experience, and understands different mobile platform security architectures.
This document discusses geolocation privacy in 2012 and the direction of related laws and policies. It covers how location can be determined through cameras, aircraft, satellites, radio transmitters and cell/WiFi signals. Benefits and costs of location data are debated, as well as differences between knowing one's current, past or future locations. Privacy expectations vary depending on if data is collected by the government or private parties. Supreme Court and legislative efforts grapple with applying older privacy frameworks around physical trespass to new technologies like location tracking via aggregation of data over time. International laws like the EU's also aim to require consent for use of geolocation data.
The document discusses evaluating the root causes of "stupidity" or non-compliance with information security policies through a framework that analyzes execution failures in terms of awareness, capability, motivation, expectations, skills, resources, benefits, and liabilities; it provides an example process and results from analyzing instances of non-compliance using this framework; the results can then be used to develop targeted strategies to address the underlying causes of non-compliance.
Создание национальной системы платежных карт с использованием отечественных HSMSelectedPresentations
VII Уральский форум
Информационная безопасность банков
ТЕМАТИЧЕСКОЕ ЗАСЕДАНИЕ № 1
Банковский фрод
Простов Владимир Михайлович, сотрудник ФСБ России
Источник: http://ural.ib-bank.ru/materials_2015
The document discusses legal issues around employers monitoring employee communications and activities via mobile devices. It begins with an introduction of the presenters and provides historical context on privacy laws. It then examines different scenarios regarding employer monitoring of corporate-owned vs. personal devices and communications. Key considerations discussed include employee consent, reasonable expectations of privacy, and compliance with federal and state wiretapping and privacy laws. The document concludes with some general takeaways around the lack of clear legal lines with new technologies and importance of network use policies.
Опыт противодействия целенаправленным атакам в финансовых организацияхSelectedPresentations
VII Уральский форум
Информационная безопасность банков
ТЕМАТИЧЕСКОЕ ЗАСЕДАНИЕ № 1
Банковский фрод
Безкоровайный Денис Игоревич, руководитель направления по работе с финансовыми организациями Trend Micro
Источник: http://ural.ib-bank.ru/materials_2015
Representatives from security companies discussed managing risks from increased use of consumer mobile devices for work. They released a guidebook providing strategies for balancing risks and opportunities. It recommends understanding business value, constructing a picture of fast-changing mobile risks, establishing cross-functional governance, and creating a mobile security action plan. The panel discussed realizing the need for a new security model that protects data rather than devices, implements security without hindering user experience, and understands different mobile platform security architectures.
This document discusses geolocation privacy in 2012 and the direction of related laws and policies. It covers how location can be determined through cameras, aircraft, satellites, radio transmitters and cell/WiFi signals. Benefits and costs of location data are debated, as well as differences between knowing one's current, past or future locations. Privacy expectations vary depending on if data is collected by the government or private parties. Supreme Court and legislative efforts grapple with applying older privacy frameworks around physical trespass to new technologies like location tracking via aggregation of data over time. International laws like the EU's also aim to require consent for use of geolocation data.
Об угрозах информационной безопасности, актуальных для разработчика СЗИSelectedPresentations
Качалин Алексей Игоревич, эксперт МОО «АЗИ»
IV Форум АЗИ
«Актуальные вопросы информационной безопасности России»
г. Москва, Конгресс-Центр МТУСИ, 14 апреля 2015 года
This document provides an overview of cyberespionage and international cyber operations as weapons. It defines key terms, gives a brief history of cyberespionage dating back to the 1980s, describes the anatomy of a typical cyberespionage attack, discusses implications for nation-state policy, and outlines what individuals should do to protect themselves. The presenter is Mark Russinovich, author of Zero Day and Trojan Horse, speaking at an intermediate-level conference session.