Employees Attitude towards Cyber Security and Risky Online ...
Cyber Risky Business (Just Take Those Old Records Off the Shelf)
15
ADNETTech ADNETTechnologiesInc WorkSmart 2011 ADNETTechnologiesInc ADNETTech ADNETTechnologiesInc Cyber Risky Business (Just Take Those Old Records Off the Shelf) Michelle Syc, Xhemil Koliani Michelle Syc, Xhemil Koliani • Infrastructure Services – Infrastructure design – Managed Services – Virtualization – Unified communications – Backup & Disaster Recovery – Security & Risk Management – IT Management/Strategy • Learning Services – Learning path development and strategy – Technical training – Desktop applications – Professional development – Recordings – Goal‐oriented learning – Certification preparation and testing – Instructor led, Distance delivery, and e‐Learning ADNET is proud to offer:
-
date post
21-Oct-2014 -
Category
Documents
-
view
932 -
download
2
description
What’s at risk when sensitive informationabout you, your customers or your employer iscompromised? How do you know whether thedisclosure of the information was intentional orunintentional? After all, this sensitive informationcould have found its way into the hands of anunauthorized individual simply as the result of amishandled or misdirected fax or email. Instead;perhaps you were hacked by an outside party,malware or spyware? Unless you’re prepared tocrawl under a rock and just stop communicating,the best you can do is minimize the risksassociated with using today’s technology. Here,you’ll learn about the various risks associatedwith technology, how to implement data securitymeasures to protect yourself, your employeesand your customers from the catastrophic eventsfollowing an unintended release of protectedinformation, and about the costs involved in a databreach.
Transcript of Cyber Risky Business (Just Take Those Old Records Off the Shelf)
ADNETTechnologiesIncADNETTechADNETTechnologiesInc
WorkSmart 2011
ADNETTechnologiesIncADNETTechADNETTechnologiesInc
Cyber Risky Business (Just Take Those Old Records Off the Shelf)Michelle Syc, Xhemil KolianiMichelle Syc, Xhemil Koliani
• Infrastructure Services – Infrastructure design– Managed Services– Virtualization– Unified
communications– Backup & Disaster
Recovery– Security & Risk
Management– IT
Management/Strategy
• Learning Services– Learning path
development and strategy
– Technical training
– Desktop applications
– Professional development
– Recordings
– Goal‐oriented learning
– Certification preparation and testing
– Instructor led, Distance delivery, and e‐Learning
ADNET is proud
to offe
r:
Outline
The current state of data security
Thinking Like a Criminal
Predicting the data loss: risk mitigation steps
Records Breached in US Since 1/1/2011
22,202,232
EQUALS:~ 7 Gigabytes of Data
~600 Feet of paper
‐ OR ‐
Source: PrivacyRights.org
Pre‐internet Security Threats
Eavesdropping
Source: Scheiener, B. Risk, Complexity, and Network Security. Counterpane Internet Security Inc., April 2001
Internet Security is Complex
Social Engineering Attacks
Social Engineering Attacks
Integrity Attacks Identity Theft Domain Name
(DNS) attacks“Launching Pad” for attacks
Misconfigurations, Software Errors, Social Engineering
Denial of Service (DOS) Attacks
Eavesdropping (Masquerading, Web‐based attacks, etc., etc.)
Insider Attack
Viruses, Trojans, back doors, etc.
Source: Scheiener, B. Risk, Complexity and Network Security. Counterpane Internet Security Inc., April 2001
Moving On…..
The current state of data security
Thinking Like a Criminal
Predicting the data loss: risk mitigation steps
Front Door Break‐In
The Living Room Window?
The Second Floor Bedroom Window?
The key under the plant out back?
The Kitchen Window?
The Back Door
Risks
1. Guessable Passwords2. Default Credentials3. Poor Alerting4. Unknown / Rogue Devices5. Malicious Applications6. Poorly Trained Users7. Poorly Managed Remote Access Services8. Rogue remote access applications9. Outdated virus definitions / virus software
The story continues…..
The current state of data security
Thinking Like a Criminal
Predicting the data loss: risk mitigation steps
Risks
1. Guessable Passwords2. Default Credentials3. Poor Alerting4. Unknown / Rogue Devices5. Malicious Applications6. Poorly Trained Users7. Poorly Managed Remote Access Services8. Rogue remote access applications9. Outdated virus definitions / virus software
Know and train your usersAccess Control
PasswordsEncryptionPrivileged Users
Log and AuditNetwork Management Procedures
Scan for Rogue Devices / ServicesSecure Remote AccessFilter egress network traffic
Incident Management Procedures
Controls
The Cloud ….. briefly ☺
Picture Source: http://www.theiia.org/intAuditor/five‐emerging‐trends‐in‐technology‐slide‐show/
Source: Verizon Business 2011 Data Breach Investigations Report
2011 Data Breach Investigations Report
96% of breaches were avoidable through simple or intermediate controls
Functionality Security
Kostin Ruffkess & Company, LLC76 Batterson Park RoadFarmington, CT 06032
860‐678‐6000www.kostin.com
Xhemil (John) Koliani, CPA / ABVMember of the [email protected]
Michelle Syc, CISSP, [email protected]
Disclaimer: The materials presented are for training purposes only. We are not rendering legal or professional advice.
