JAMIE S. HERMAN, C|CISO, CISM, CISSPMANAGER OF INFORMATION SECURITY
ROPES & GRAY LLP
Navigating an Ever-Changing Security
Landscape
The Reality
50% - attacks on companies with fewer than 2500 employees
1719 – Average number of attacks per 1000 users
80 – FBI estimates more than 80 major US law firms were compromised in 2011
Exponential growth – 6x more malicious links (2012)
Malware
Software that interferes with normal operation of your computer
Generally executes without your knowledge or consent
Can damage or disable your computer, or steal firm information
Includes viruses, trojans, works, and spyware
The How
Phishing campaign
Social Engineering
Unencrypted Media
Elevated privileges
Malicious websites
Perception…
Data Classification
Critical aspect of Information Security Client/Matter intake
How can you protect what you don’t know?
Many flavors (government, industry, business model)
Role Based Access Control (RBAC)
Need to know
Data Vaults
Auditing
Visibility
Data Leak Prevention (DLP)
Reporting
Client protection and retention
Compliance and competitive advantage
Hot Topics
Secure file sharing
Email encryption
Removable Media Encryption
Social media/personal email access
Mobile devices (BYOD)
Resources
http://www.darkreading.com
http://www.infosecisland.com
http://www.threatpost.com
http://www.krebsonsecurity.com
http://www.dhs.gov/dhs-daily-open-source-infrastructure-report
http://www.us-cert.gov/ncas/current-activity
https://isc.sans.edu/ https://isc.sans.edu/reportfakecall.html
Remember
Security is Everyone's responsibility!
Sec-U-R-IT-y………You Are It!
Questions
Top Related