Post on 21-Oct-2014
description
ADNETTechnologiesIncADNETTechADNETTechnologiesInc
WorkSmart 2011
ADNETTechnologiesIncADNETTechADNETTechnologiesInc
Cyber Risky Business (Just Take Those Old Records Off the Shelf)Michelle Syc, Xhemil KolianiMichelle Syc, Xhemil Koliani
• Infrastructure Services – Infrastructure design– Managed Services– Virtualization– Unified
communications– Backup & Disaster
Recovery– Security & Risk
Management– IT
Management/Strategy
• Learning Services– Learning path
development and strategy
– Technical training
– Desktop applications
– Professional development
– Recordings
– Goal‐oriented learning
– Certification preparation and testing
– Instructor led, Distance delivery, and e‐Learning
ADNET is proud
to offe
r:
Outline
The current state of data security
Thinking Like a Criminal
Predicting the data loss: risk mitigation steps
Records Breached in US Since 1/1/2011
22,202,232
EQUALS:~ 7 Gigabytes of Data
~600 Feet of paper
‐ OR ‐
Source: PrivacyRights.org
Pre‐internet Security Threats
Eavesdropping
Source: Scheiener, B. Risk, Complexity, and Network Security. Counterpane Internet Security Inc., April 2001
Internet Security is Complex
Social Engineering Attacks
Social Engineering Attacks
Integrity Attacks Identity Theft Domain Name
(DNS) attacks“Launching Pad” for attacks
Misconfigurations, Software Errors, Social Engineering
Denial of Service (DOS) Attacks
Eavesdropping (Masquerading, Web‐based attacks, etc., etc.)
Insider Attack
Viruses, Trojans, back doors, etc.
Source: Scheiener, B. Risk, Complexity and Network Security. Counterpane Internet Security Inc., April 2001
Moving On…..
The current state of data security
Thinking Like a Criminal
Predicting the data loss: risk mitigation steps
Front Door Break‐In
The Living Room Window?
The Second Floor Bedroom Window?
The key under the plant out back?
The Kitchen Window?
The Back Door
Risks
1. Guessable Passwords2. Default Credentials3. Poor Alerting4. Unknown / Rogue Devices5. Malicious Applications6. Poorly Trained Users7. Poorly Managed Remote Access Services8. Rogue remote access applications9. Outdated virus definitions / virus software
The story continues…..
The current state of data security
Thinking Like a Criminal
Predicting the data loss: risk mitigation steps
Risks
1. Guessable Passwords2. Default Credentials3. Poor Alerting4. Unknown / Rogue Devices5. Malicious Applications6. Poorly Trained Users7. Poorly Managed Remote Access Services8. Rogue remote access applications9. Outdated virus definitions / virus software
Know and train your usersAccess Control
PasswordsEncryptionPrivileged Users
Log and AuditNetwork Management Procedures
Scan for Rogue Devices / ServicesSecure Remote AccessFilter egress network traffic
Incident Management Procedures
Controls
The Cloud ….. briefly ☺
Picture Source: http://www.theiia.org/intAuditor/five‐emerging‐trends‐in‐technology‐slide‐show/
Source: Verizon Business 2011 Data Breach Investigations Report
2011 Data Breach Investigations Report
96% of breaches were avoidable through simple or intermediate controls
Functionality Security
Kostin Ruffkess & Company, LLC76 Batterson Park RoadFarmington, CT 06032
860‐678‐6000www.kostin.com
Xhemil (John) Koliani, CPA / ABVMember of the Firmjkoliani@kostin.com
Michelle Syc, CISSP, CEHmsyc@kostin.com
Disclaimer: The materials presented are for training purposes only. We are not rendering legal or professional advice.