Are You Protecting Your & Your Customers? Learnings from the 2017 OTA Trust Audit. August 1, 2017
|
|
- Alice Cook
- 6 years ago
- Views:
Transcription
1 Are You Protecting Your & Your Customers? Learnings from the 2017 OTA Trust Audit August 1, All rights reserved. Online Trust Alliance (OTA) Slide 1 Panel Kevin Gallant Manager, Intelligence Products, Yes Lifecycle Marketing Peter Goldstein CTO & Co-Founder, ValiMail Mike Jones Director, Product Management, Agari Jeff Wilbur Director, Online Trust Alliance, Internet Society 2017 All rights reserved. Online Trust Alliance (OTA) Slide 2
2 Why Care? The Risk. Rise in phishing attacks, precision, variety of methods Entry point for >90% of breaches 2017 All rights reserved. Online Trust Alliance (OTA) Slide 3 Why Care? The Value. Protect customers, partners & employees Insight into authentication, attacks Deliverability 2017 All rights reserved. Online Trust Alliance (OTA) Slide 4
3 Who Cares? 2017 All rights reserved. Online Trust Alliance (OTA) Slide Who s Doing It? 2017 All rights reserved. Online Trust Alliance (OTA) Slide 6
4 2017 Who s Doing It? Store Tools 2017 All rights reserved. Online Trust Alliance (OTA) Wireless Slide 7 9th Annual Audit Overview Over 1,000 web sites Internet Retailer Top 500 Bank 100 (previously FDIC 100) Consumer Services 100 News/Media 100 Federal Gov t 100 ISP/Carriers/Hosters 100 OTA Members Scoring Consumer Protection Security Privacy 100 baseline points for each category Weighted composite analysis Bonus points for emerging practices Penalties for vulnerabilities, data loss incident & fines/settlements Honor Roll = 80% or higher overall, no failure(s) Failure for less than 60 points in each category 2017 All rights reserved. Online Trust Alliance (OTA) Slide 8
5 Causes of Failures Overlooking the basics & fundamentals 36% failed in one area, 11% failed in 2-3 areas 2017 All rights reserved. Online Trust Alliance (OTA) Slide 9 Consumer Protection 2017 Base points authentication SPF and DKIM at top-level and subdomains ( TLD weight) DMARC record and policy DMARC reject/quarantine Increased weight for reject Invalid SPF / DMARC & naked DMARC records not counted Bonus points TLS for DNSSEC IPv6 Multi-factor authentication Italics = new for 2017 Penalty points Domain locking (not locked) Security Consumer Protection Privacy Can the app or website be spoofed, fooling a person to open/download an update, open an attachment or simply open an with a drive-by exploit? Does the site or app exercise best practice to help prevent brand-jacking and domain abuse? 2017 All rights reserved. Online Trust Alliance (OTA) Slide 10
6 Overall Adoption Trends 100% 80% 60% 40% 20% OVERALL AUTHENTICATION ADOPTION Any SPF or DKIM Any SPF SPF at TLD Any DKIM Both SPF & DKIM DKIM at TLD DMARC TLD Record 0% DMARC TLD R/Q General uptrend, especially DKIM and DMARC Dip in SPF-related adoption this year due to invalid records, shift in sector lists 2017 All rights reserved. Online Trust Alliance (OTA) Slide 11 Fighting Phishing 90% 81% 80% 75% 78% 77% 73% 65% SPF & DKIM ADOPTION 77% 70% 53% 53% 56% 48% 51% 35% 92% 88% 83% 77% 75% 60% 55% 46% SPF (TLD) DKIM (TLD) SPF & DKIM IR 100 IR 500 BANKS FED CONSUMER NEWS ISP/HOSTS OVERALL SPF & DKIM allow recipient to verify sender Recommend implementation for inbound & outbound All domains top-level and subdomains 2017 All rights reserved. Online Trust Alliance (OTA) Slide 12
7 Fighting Phishing 62% DMARC ADOPTION 50% 33% 39% 20% 29% 25% 34% 22% 13% 10% 11% 34% 11% 12% 15% DMARC RECORD DMARC R/Q IR 100 IR 500 BANKS FED CONSUMER NEWS ISP/HOSTS OVERALL DMARC ensures from matches real sender, allows sender to get reports, tell receiver how to handle messages that fail authentication Use of enforcement (reject/quarantine policy) growing, but far from adequate 2017 All rights reserved. Online Trust Alliance (OTA) Slide 13 The Trifecta Gaining Momentum SPF+DKIM AT TLD AND DMARC R/Q VS % 16% 3% 9% 2% 5% 5% 9% 6% 8% 3% 11% 11% 4% 9% IR 100 IR 500 FDIC CONSUMER FED NEWS ISP/HOSTS OVERALL Shows percent of organizations that support both SPF and DKIM at the TLD and have a DMARC record with a reject or quarantine policy Highlights need for increased focus across organizational silos to protect consumers, employees and brands 2017 All rights reserved. Online Trust Alliance (OTA) Slide 14
8 2017 Who s Doing It? Store Tools 2017 All rights reserved. Online Trust Alliance (OTA) WirelessSlide 15 Audit Findings Common Mistakes SPF (10% of records) DMARC (5% of records) References to invalid, non-existent records Naked records (p=none, no reporting) Multiple SPF records Syntax errors Syntax errors Send records to places not set up to receive Use of?all or +all Excessive lookups (8%) Bottom line check your records regularly! Utilize resources of OTA members 2017 All rights reserved. Online Trust Alliance (OTA) Slide 16
9 Notable Trends DMARC initially focused on consumer , now available in many enterprise offerings, e.g. Google G Suite, Microsoft O365 Cisco/IronPort, Mimecast, Proofpoint ARC new proposed standard to connect the dots for DKIM signing (mailing lists, etc.) Sender identification ongoing developments to build on authentication 2017 All rights reserved. Online Trust Alliance (OTA) Slide 17 Justifying Internally Security When door s shut, bad guys go elsewhere Protects users, and employees (when used inbound) Insight governance ( shadow ) Attackers Deliverability Helps receivers better assess real reputation Improves overall reputation (bad guys stop, spoof messages don t count) 2017 All rights reserved. Online Trust Alliance (OTA) Slide 18
10 What Now? Self-assessment inventory, stakeholders, etc. Get help OTA, industry resources Build a business case Implement and put processes in place 2017 All rights reserved. Online Trust Alliance (OTA) Slide 19 Tools & Resources OTA Security DMARC Resources TLS OTA Members Agari Dmarcian Global Cyber Alliance ValiMail All rights reserved. Online Trust Alliance (OTA) Slide 20
2016 Online Trust Audit Authentication Practices Deep Dive & Reality Check
2016 Online Trust Audit Email Authentication Practices Deep Dive & Reality Check July 20, 2016 Craig Spiezle Executive Director Online Trust Alliance https://otalliance.org/dmarc 2016 All rights reserved.
More informationAbout Us. Overview Integrity Audit Fighting Malicious & Deceptive August 13, 2014
2014 Email Integrity Audit Fighting Malicious & Deceptive Email August 13, 2014 Craig Spiezle Executive Director & President, OTA Mike Jones Director of Product Management, Agari About Us The Online Trust
More information2015 Online Trust Audit & Honor Roll Methodology
2015 Online Trust Audit & Honor Roll Methodology Jeff Wilbur VP Marketing, Iconix Craig Spiezle Executive Director & President, OTA 2015 All rights reserved. Online Trust Alliance (OTA) Slide 1 Who Is
More information2015 Online Trust Audit & Honor Roll Review June 23, All rights reserved. Online Trust Alliance (OTA) Slide 1
2015 Online Trust Audit & Honor Roll Review June 23, 2015 Sal Tripi AVP, Publishers Clearing House Jeff Wilbur VP Marketing, Iconix Craig Spiezle Executive Director & President, OTA 2015 All rights reserved.
More information2016 Online Trust Audit Webinar Will Start Shortly
2016 Online Trust Audit Webinar Will Start Shortly Webinar will be recorded Presentation will be posted at https://otalliance.org/honorroll 2016 Online Trust Audit Madelon Smith VP, Director of Strategic
More informationIs Your Marketing Trustworthy? Best Practices & Findings from Auditing 200 Top Retailers. December 13, 2017
Is Your Email Marketing Trustworthy? Best Practices & Findings from Auditing 200 Top Retailers December 13, 2017 2017 All rights reserved. Online Trust Alliance (OTA) Slide 1 Panel Sam Silberman Director
More informationJeff Wilbur VP Marketing Iconix
2016 Data Protection & Breach Readiness Guide February 3, 2016 Craig Spiezle Executive Director & President Online Trust Alliance Jeff Wilbur VP Marketing Iconix 1 Who is OTA? Mission to enhance online
More informationDMARC ADOPTION AMONG
DMARC ADOPTION AMONG Top US Colleges and Universities Q1 2018 Featuring Matthew Vernhout (CIPP/C) Director of Privacy, 250ok TABLE OF CONTENTS Introduction... 03 Research Overview... 04 Top US Colleges
More informationThe Anti-Impersonation Company. Date: May 2 nd, ValiMail. All Rights Reserved. Confidential and Proprietary.
The Email Anti-Impersonation Company Date: May 2 nd, 2017 Email: I need you, but I don t trust you 3 90%+ of cyber attacks start with a phish 4 Anyone can send email in your name Your Company 3 rd -Party
More informationDMARC ADOPTION AMONG
DMARC ADOPTION AMONG Top US Colleges and Universities Q1 2018 Featuring Matthew Vernhout (CIPP/C) Director of Privacy, 250ok TABLE OF CONTENTS Introduction... 03 Research Overview... 04 Top US Colleges
More informationDMARC ADOPTION AMONG. SaaS 1000 Q Featuring Matthew Vernhout (CIPP/C) Director of Privacy, 250ok
DMARC ADOPTION AMONG SaaS 1000 Q1 2018 Featuring Matthew Vernhout (CIPP/C) Director of Privacy, 250ok TABLE OF CONTENTS Introduction... 03 Research Overview... 04 SaaS 1000... 05 DMARC Adoption Among SaaS
More information2017 Cyber Incident & Breach Readiness Webinar Will Start Shortly
2017 Cyber Incident & Breach Readiness Webinar Will Start Shortly please download the guide at https://otalliance.org/incident 2017 Cyber Incident & Breach Readiness Webinar Craig Spiezle Executive Director
More informationDMARC ADOPTION AMONG. SaaS 1000 Q Featuring Matthew Vernhout (CIPP/C) Director of Privacy, 250ok
DMARC ADOPTION AMONG SaaS 1000 Q1 2018 Featuring Matthew Vernhout (CIPP/C) Director of Privacy, 250ok TABLE OF CONTENTS Introduction... 03 Research Overview... 04 SaaS 1000... 05 DMARC Adoption Among SaaS
More informationDMARC ADOPTION AMONG e-retailers
DMARC ADOPTION AMONG e-retailers Q1 2018 Almost 90% of Top US and EU e-retailer Domains Fail to Protect Consumers from Phishing Attacks Featuring Matthew Vernhout (CIPP/C) Director of Privacy, 250ok TABLE
More information2016 Data Protection & Breach Readiness Webinar Will Start Shortly. please download the guide at
2016 Data Protection & Breach Readiness Webinar Will Start Shortly please download the guide at https://otalliance.org/breach 1 2016 Data Protection & Breach Readiness Guide February 3, 2016 Craig Spiezle
More informationAn Executive s FAQ About Authentication
An Executive s FAQ About Email Authentication Understanding how email authentication helps your organization protect itself from phishing with an approach that s radically different from other security
More informationDMARC ADOPTION AMONG e-retailers
DMARC ADOPTION AMONG e-retailers Q1 2018 Almost 90% of Top US and EU e-retailer Domains Fail to Protect Consumers from Phishing Attacks Featuring Matthew Vernhout (CIPP/C) Director of Privacy, 250ok TABLE
More informationFRAUD DEFENSE: How To Fight The Next Generation of Targeted BEC Attacks
EMAIL FRAUD DEFENSE: How To Fight The Next Generation of Targeted BEC Attacks Brian Westnedge bwestnedge@proofpoint.com November 8, 2017 1 2017 Proofpoint, Inc. THE BUSINESS PROBLEM BUSINESS EMAIL COMPROMISE
More informationDMARC ADOPTION AMONG
DMARC ADOPTION AMONG US and UK Nonprofit Organizations Q2 2018 Featuring Matthew Vernhout (CIPP/C) Director of Privacy, 250ok TABLE OF CONTENTS Introduction... 03 Research Overview... 04 US and UK Nonprofit
More informationDMARC Continuing to enable trust between brand owners and receivers
DMARC Continuing to enable trust between brand owners and receivers February 2014 1 DMARC Defined DMARC stands for: Domain-based Message Authentication, Reporting & Conformance (pronounced dee-mark ) 2
More informationPhishing Discussion. Pete Scheidt Lead Information Security Analyst California ISO
Phishing Discussion Pete Scheidt Lead Information Security Analyst California ISO 2 Phish What is Phishing Types of Phish 3 Phish What is Phishing Attackers (Phishers) would email (cast their nets) far
More informationAuthentication GUIDE. Frequently Asked QUES T ION S T OGETHER STRONGER
Email Authentication GUIDE Frequently Asked QUES T ION S T OGETHER STRONGER EMAIL AUTHENTICATION Marketers that use email for communication and transactional purposes should adopt and use identification
More informationAgari Global DMARC Adoption Report: Open Season for Phishers
Agari Global DMARC Adoption Report: Open Season for Phishers Executive Summary Based on Agari research of public DNS records, 92 percent of all Fortune 500 companies have left their customers and business
More informationDMARC ADOPTION AMONG
DMARC ADOPTION AMONG Top 100 Chinese Brands Q1 2018 Featuring Matthew Vernhout (CIPP/C) Director of Privacy, 250ok TABLE OF CONTENTS Introduction... 03 Research Overview... 04 Top 100 Chinese Brands...
More informationUK Healthcare: DMARC Adoption Report Security in Critical Condition
UK Healthcare: DMARC Adoption Report Email Security in Critical Condition Executive Summary Email is one of the primary digital channels for digital engagement. But email has never been secure. Phishing
More informationOffice 365: Secure configuration
Office 365: Secure email configuration Published September 2017 Copyright 2017 Health and Social Care Information Centre. The Health and Social Care Information Centre is a non-departmental body created
More informationAnti-Spoofing. Inbound SPF Settings
Anti-Spoofing SonicWall Hosted Email Security solution allows you to enable and configure settings to prevent illegitimate messages from entering your organization. Spoofing consists of an attacker forging
More informationM 3 AAWG DMARC Training Series. Mike Adkins, Paul Midgen DMARC.org October 22, 2012
M 3 AAWG DMARC Training Series Mike Adkins, Paul Midgen DMARC.org October 22, 2012 M3AAWG DMARC Training Videos (2.5 hours of training) This is Segment 6 of 6 The complete series of DMARC training videos
More informationbuilding an effective action plan for the Department of Homeland Security
Customer Guide building an effective action plan for the Department of Homeland Security Binding The recently issued directive from the Department of Homeland Security (DHS), Binding Operational Directive
More informationCommunicator. Branded Sending Domain July Branded Sending Domain
Branded Sending Domain Communicator Branded Sending Domain July 2017 Version 2.1 This document includes instructions on how to set up a new sender domain and ensure this is configured correctly. Contents
More informationTeach Me How: B2B Deliverability in a B2C World
Teach Me How: B2B Deliverability in a B2C World Chris Arrendale CEO & Principal Deliverability Strategist Inbox Pros (www.inboxpros.com) @Arrendale Agenda - Outline Delivery versus Deliverability Provisioning
More informationHow to Conquer Targeted Threats: SANS Review of Agari Enterprise Protect
How to Conquer Targeted Email Threats: SANS Review of Agari Enterprise Protect A SANS Product Review Written by Dave Shackleford May 2017 Sponsored by Agari 2017 SANS Institute Introduction: Email Is a
More informationOTA Strategic Update Building & Amplifying April 5, 2017
OTA Strategic Update Building & Amplifying April 5, 2017 Reminders OTA Members Only Chatham House Rules Will be Recorded for Member Access Updated 4/7/17 OTA Strategic Update Building & Amplifying Craig
More informationRBI GUIDELINES ON CYBER SECURITY AND RAKSHA APPROACH
RBI GUIDELINES ON CYBER SECURITY AND RAKSHA APPROACH RBI GUIDELINES ON CYBER SECURITY AND RAKSHA APPROACH CONTEXT RBI has provided guidelines on Cyber Security Framework circular DBS. CO/CSITE/BC.11/33.01.001/2015-16
More informationMonthly Cyber Threat Briefing
Monthly Cyber Threat Briefing January 2016 1 Presenters David Link, PM Risk and Vulnerability Assessments, NCATS Ed Cabrera: VP Cybersecurity Strategy, Trend Micro Jason Trost: VP Threat Research, ThreatStream
More informationCYBER SECURITY AND MITIGATING RISKS
CYBER SECURITY AND MITIGATING RISKS 01 WHO Tom Stewart Associate Director Technology Consulting Chicago Technical Security Leader Protiviti Slides PRESENTATION AGENDA 3 START HACKING DEFINITION BRIEF HISTORY
More informationSecurity by Any Other Name:
Security by Any Other Name: On the Effectiveness of Provider Based Email Security Ian Foster, Jon Larson, Max Masich, Alex C. Snoeren, Stefan Savage, and Kirill Levchenko University of California, San
More informationCISO as Change Agent: Getting to Yes
SESSION ID: CXO-W02F CISO as Change Agent: Getting to Yes Frank Kim Chief Information Security Officer SANS Institute @fykim Outline Catch the Culture Shape the Strategy Build the Business Case 2 #1 Catch
More informationwith Advanced Protection
with Advanced Email Protection OVERVIEW Today s sophisticated threats are changing. They re multiplying. They re morphing into new variants. And they re targeting people, not just technology. As organizations
More informationMachine-Powered Learning for People-Centered Security
White paper Machine-Powered Learning for People-Centered Security Protecting Email with the Proofpoint Stateful Composite Scoring Service www.proofpoint.com INTRODUCTION: OUTGUNNED AND OVERWHELMED Today
More informationTABLE OF CONTENTS Introduction: IS A TOP THREAT VECTOR... 3 THE PROBLEM: ATTACKS ARE EVOLVING FASTER THAN DEFENSES...
The Guide TABLE OF CONTENTS Introduction: EMAIL IS A TOP THREAT VECTOR... 3 THE PROBLEM: ATTACKS ARE EVOLVING FASTER THAN EMAIL DEFENSES... 4 Today s Top Email Fraud Tactics...5 Advanced Malware...8 Outbound
More informationA Federal Agency Guide to Complying with Binding Operational Directive (BOD) 18-01
Table of Contents Introduction... 2 Required Actions Overview... 2 Required Actions Email Security... 3 Required Actions Web Security... 9 Status of Implementation... 11 Roles and Responsibilities... 11
More information2014 INTERNET COMMERCE CASE STUDY. The Battle Against Phishing and Fraudulent s. 100 S. Ellsworth Ave 4th Floor San Mateo, CA
2014 INTERNET COMMERCE CASE STUDY The Battle Against Phishing and Fraudulent Emails 100 S. Ellsworth Ave 4th Floor San Mateo, CA 94401 650.627.7667 ABOUT AGARI Agari analizes big data from the world s
More informationSecuring, Protecting, and Managing the Flow of Corporate Communications
Securing, Protecting, and Managing the Flow of Corporate Communications Getting mailflow right Dave Stork Technical Consultant OGD ict-diensten QR: URL to Presentation Who am I? Dave Stork Technical consultant
More informationDigital Health Cyber Security Centre
Digital Health Cyber Security Centre Current challenges Ransomware According to the ACSC Threat Report 2017, cybercrime is a prevalent threat for Australia. Distributed Denial of Service (DDoS) Targeting
More informationStephanie Zierten Associate Counsel Federal Reserve Bank of Boston
Stephanie Zierten Associate Counsel Federal Reserve Bank of Boston Cybersecurity Landscape Major Data Breaches (e.g., OPM, IRS) Data Breach Notification Laws Directors Derivative Suits Federal Legislation
More informationCybersecurity A Regulatory Perspective Sara Nielsen IT Manager Federal Reserve Bank of Kansas City
1 Cybersecurity A Regulatory Perspective Sara Nielsen IT Manager Federal Reserve Bank of Kansas City The opinions expressed are those of the presenters and are not those of the Federal Reserve Banks, the
More informationCyber Security in Smart Commercial Buildings 2017 to 2021
Smart Buildings Cyber Security in Smart Commercial Buildings 2017 to 2021 Published: Q2 2017 Cyber Security in Smart Buildings Synopsis 2017 This report will help all stakeholders and investors in the
More informationKeep the Door Open for Users and Closed to Hackers
Keep the Door Open for Users and Closed to Hackers A Shift in Criminal Your Web site serves as the front door to your enterprise for many customers, but it has also become a back door for fraudsters. According
More informationEBOOK. Stopping Fraud. How Proofpoint Helps Protect Your Organization from Impostors, Phishers and Other Non-Malware Threats.
EBOOK Stopping Email Fraud How Proofpoint Helps Protect Your Organization from Impostors, Phishers and Other Non-Malware Threats www.proofpoint.com EBOOK Stopping Email Fraud 2 Today s email attacks have
More informationEducation Network Security
Education Network Security RECOMMENDATIONS CHECKLIST Learn INSTITUTE Education Network Security Recommendations Checklist This checklist is designed to assist in a quick review of your K-12 district or
More informationFDIC InTREx What Documentation Are You Expected to Have?
FDIC InTREx What Documentation Are You Expected to Have? Written by: Jon Waldman, CISA, CRISC Co-founder and Executive Vice President, IS Consulting - SBS CyberSecurity, LLC Since the FDIC rolled-out the
More informationAbout Us. Unsub Best Practices & Audit A Decade Since CAN-SPAM. Unsub Best Practices & Audit A Decade Since CAN-SPAM September 30, 2014
Unsub Best Practices & Audit A Decade Since CAN-SPAM The Webinar Will Start Shortly Please submit questions in the GoToMeeting Question Pane Reference the 2014 Unsub Report & Resources https://otalliance.org/best-practices/unsubscribe
More informationTurning the Tide: Fending off Cyber Threats
SESSION ID: SPO1-W05A Turning the Tide: Fending off Cyber Threats Authenticate / Protect / Respond Roy Murdoch SE Manager NEMEA Proofpoint Who s in the Actors Sights? Attacks Increasingly Target Individuals,
More informationTHE CLOUD SECURITY CHALLENGE:
THE CLOUD EMAIL SECURITY CHALLENGE: CLOSING THE CYBERSECURITY SKILLS GAP THROUGH AUTOMATION THE EMAIL SECURITY CHALLENGE Email remains at the heart of the business communications landscape. While nobody
More informationCloud Security & Advance Threat Protection. Cloud Security & Advance Threat Protection
Cloud Email Security & Advance Threat Protection Cloud Email Security & Advance Threat Protection Overview Over the years Cyber criminals have become more inventive in their attack methods to infiltrate
More informationM 3 AAWG DMARC Training Series. Mike Adkins, Paul Midgen DMARC.org October 22, 2012
M 3 AAWG DMARC Training Series Mike Adkins, Paul Midgen DMARC.org October 22, 2012 M3AAWG DMARC Training Videos (2.5 hours of training) This is Segment 1 of 6 The complete series of DMARC training videos
More informationBuilding a Scalable, Service-Centric Sender Policy Framework (SPF) System
Valimail White Paper February 2018 Building a Scalable, Service-Centric Sender Policy Framework (SPF) System Introduction Sender Policy Framework (SPF) is the protocol by which the owners of a domain can
More informationA New Cyber Defense Management Regulation. Ophir Zilbiger, CRISC, CISSP SECOZ CEO
A New Cyber Defense Management Regulation Ophir Zilbiger, CRISC, CISSP SECOZ CEO Personal Background IT and Internet professional (since 1992) PwC (1999-2003) Global SME for Network Director Information
More informationMust Have Items for Your Cybersecurity or IT Budget in 2018
Must Have Items for Your Cybersecurity or IT Budget in 2018 CBAO Regional Meeting Dan Desko (Senior Manager, IT Risk Advisory) Matt Dunn (Senior Security Analyst, IT Risk Advisory) Who is Schneider Downs?
More informationCybersecurity: Considerations for Internal Audit. Gina Gondron Senior Manager Frazier & Deeter Geek Week August 10, 2016
Cybersecurity: Considerations for Internal Audit Gina Gondron Senior Manager Frazier & Deeter Geek Week August 10, 2016 Agenda Key Risks Incorporating Internal Audit Resources Questions 2 San Francisco
More informationIoT Security & Privacy Trust Framework v2.5
IoT Security & Privacy Trust Framework v2.5 The IoT Trust Framework includes a set of strategic principles necessary to help secure IOT devices and their data when shipped and throughout their entire life-cycle.
More informationNo IT Audit Staff? How to Hack an IT Audit. Presenters. Mark Bednarz, Partner-In-Charge, Risk Advisory PKF O Connor Davies, LLP
No IT Audit Staff? How to Hack an IT Audit Presenters Mark Bednarz, Partner-In-Charge, Risk Advisory PKF O Connor Davies, LLP Learning Objectives After this session, participants will be able to: Devise
More informationPresented by Ingrid Fredeen and Pamela Passman. Copyright 2017NAVEXGlobal,Inc. AllRightsReserved. Page 0
Cyber Security and Inside Threats: Turning Policies into Practices Presented by Ingrid Fredeen and Pamela Passman Copyright 2017NAVEXGlobal,Inc. AllRightsReserved. Page 0 Presented By Ingrid Fredeen, J.D.
More informationA Buyer s Guide to DMARC
0800 133 7127 support@lawyerchecker.co.uk A Buyer s Guide to DMARC Meet the cyber security protocol that reduces phishing attacks and improves email deliverability 1971 First email sent 1982 SMTP established
More informationAuditing Bring Your Own Devices (BYOD) Risks. Shannon Buckley
Auditing Bring Your Own Devices (BYOD) Risks Shannon Buckley Agenda 1. Understanding the trend towards BYOD. 2. Weighing up the cost benefit vs. the risks. 3. Identifying and mitigating the risks. 4. Tips
More informationAutomatic Delivery Setup Guide
for GuideSpark Communicate Cloud Table of Contents Summary: Working with Automatic Email Delivery... 1 What your IT department needs to know... 2 Prerequisite: Select a Targeted Audience... 3 Enable Automatic
More informationCompetitive Matrix - IRONSCALES vs Alternatives
Competitive Matrix - IRONSCALES vs Alternatives Traditional Awareness and Training Features IRONSCALES SEG PhishMe Wombat Knowbe4 Sans Institute Simulation & Training Compliance PCI/DSS, HIPAA, GLBA to
More informationRisk: Security s New Compliance. Torsten George VP Worldwide Marketing and Products, Agiliance Professional Strategies - S23
Risk: Security s New Compliance Torsten George VP Worldwide Marketing and Products, Agiliance Professional Strategies - S23 Agenda Market Dynamics Organizational Challenges Risk: Security s New Compliance
More informationCISM Certified Information Security Manager
CISM Certified Information Security Manager Firebrand Custom Designed Courseware Logistics Start Time Breaks End Time Fire escapes Instructor Introductions Introduction to Information Security Management
More informationSophos Central Partner. help
help Contents About help...1 About...2 Dashboard... 3 Alerts...4 Logs... 5 Audit Logs...5 Sophos Central...7 Sophos Central customers...7 Sophos Central Licenses... 7 Managed Customer Usage... 9 Trial
More informationSymantec ST0-250 Exam
Volume: 126 Questions Question No: 1 What is the recommended minimum hard-drive size for a virtual instance of Symantec Messaging Gateway 10.5? A. 80 GB B. 90 GB C. 160 GB D. 180 GB Answer: B Question
More informationAutomatic Delivery Setup Guide
for GuideSpark Communicate Cloud Table of Contents Summary: Working with Automatic Email Delivery... 1 What your IT department needs to know... 2 Prerequisite: Select a Targeted Audience... 3 Enable Automatic
More informationTrustwave SEG Cloud BEC Fraud Detection Basics
.trust Trustwave SEG Cloud BEC Fraud Detection Basics Table of Contents About This Document 1 1 Background 2 2 Configuring Trustwave SEG Cloud for BEC Fraud Detection 5 2.1 Enable the Block Business Email
More informationBringing Cybersecurity to the Boardroom Bret Arsenault
SESSION ID: CXO-T11 Bringing Cybersecurity to the Boardroom Bret Arsenault Corporate Vice President & CISO Microsoft Security has Transcended from to a an 3 How Microsoft Approaches Security Reinventproductivity
More informationManaging Privacy Risk & Compliance in Financial Services. Brett Hamilton Advisory Solutions Consultant ServiceNow
Managing Privacy Risk & Compliance in Financial Services Brett Hamilton Advisory Solutions Consultant ServiceNow 1 Speaker Introduction INSERT PHOTO Name: Brett Hamilton Title: Advisory Solutions Consultant
More informationSecurity and resilience in Information Society: the European approach
Security and resilience in Information Society: the European approach Andrea Servida Deputy Head of Unit European Commission DG INFSO-A3 Andrea.servida@ec.europa.eu What s s ahead: mobile ubiquitous environments
More informationKey Findings from the Global State of Information Security Survey 2017 Indonesian Insights
www.pwc.com/id Key Findings from the State of Information Security Survey 2017 n Insights Key Findings from the State of Information Security Survey 2017 n Insights By now, the numbers have become numbing.
More informationGetting Started with DMARC A Guide for Federal Agencies Complying with BOD 18-01
Getting Started with DMARC A Guide for Federal Agencies Complying with BOD 18-01 The DHS Mandate Adopt DMARC for Email Security On October 16, 2017, the U.S. Department of Homeland Security issued a Binding
More informationHow Cyber-Criminals Steal and Profit from your Data
How Cyber-Criminals Steal and Profit from your Data Presented by: Nick Podhradsky, SVP Operations SBS CyberSecurity www.sbscyber.com Consulting Network Security IT Audit Education 1 Agenda Why cybersecurity
More informationManaging Cybersecurity Risk
Managing Cybersecurity Risk Maureen Brundage Andy Roth August 9, 2016 Managing Cybersecurity Risk Cybersecurity: The Current Legal and Regulatory Environment Cybersecurity Governance: Considerations for
More informationThe rise of major Adversaries is the most relevant trend in 2014, targeting Government and Critical Services
The rise of major Adversaries is the most relevant trend in 2014, targeting Government and Critical Services Major Trends of 2014 And relevant changes in Threat Scenario Most Target Countries and Sectors
More informationM 3 AAWG DMARC Training Series. Mike Adkins, Paul Midgen DMARC.org October 22, 2012
M 3 AAWG DMARC Training Series Mike Adkins, Paul Midgen DMARC.org October 22, 2012 M3AAWG DMARC Training Videos (2.5 hours of training) This is Segment 1 of 6 The complete series of DMARC training videos
More informationInitiative. Copyright Techdemocracy, 2017
A Initiative 1 A Initiative 2 November 2 nd, 2017 Ken Pfeil / Gautam Dev 3 What is the purpose of the ACRG? The alliance purpose is to establish a standard framework for risk measurement, reporting and
More informationOffice 365 Buyers Guide: Best Practices for Securing Office 365
Office 365 Buyers Guide: Best Practices for Securing Office 365 Microsoft Office 365 has become the standard productivity platform for the majority of organizations, large and small, around the world.
More informationHealthcare HIPAA and Cybersecurity Update
Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed member of Baker Tilly International. Healthcare HIPAA and Cybersecurity Update Agenda > Introductions > Cybersecurity
More informationGetting Started with DMARC. A Guide for Federal Agencies Complying with BOD 18-01
Getting Started with DMARC A Guide for Federal Agencies Complying with BOD 18-01 The DHS Mandate - Adopt DMARC for Email Security in 90 Days On October 16, 2017, the U.S. Department of Homeland Security
More informationSage Data Security Services Directory
Sage Data Security Services Directory PROTECTING INFORMATION ASSETS ENSURING REGULATORY COMPLIANCE FIGHTING CYBERCRIME Discover the Sage Difference Protecting your business from cyber attacks is a full-time
More informationDFARS Compliance. SLAIT Consulting SECURITY SERVICES. Mike D Arezzo Director of Security Services. SLAITCONSULTING.com
DFARS Compliance SLAIT Consulting SECURITY SERVICES Mike D Arezzo Director of Security Services Introduction 18+ year career in Information Technology and Security General Electric (GE) as Software Governance
More informationCISCO NETWORKS BORDERLESS Cisco Systems, Inc. All rights reserved. 1
CISCO BORDERLESS NETWORKS 2009 Cisco Systems, Inc. All rights reserved. 1 Creating New Business Models The Key Change: Putting the Interaction Where the Customer Is Customer Experience/ Innovation Productivity/
More informationTripwire State of Cyber Hygiene Report
RESEARCH Tripwire State of Cyber Hygiene Report August 2018 FOUNDATIONAL CONTROLS FOR SECURITY, COMPLIANCE & IT OPERATIONS When a high-profile cyberattack grabs the headlines, your first instinct may be
More informationIMPLEMENTING SECURITY, PRIVACY, AND FAIR DATA USE PRINCIPLES
IMPLEMENTING SECURITY, PRIVACY, AND FAIR DATA USE PRINCIPLES Introductions Agenda Overall data risk and benefit landscape / shifting risk and opportunity landscape and market expectations Looking at data
More informationCombating Cyber Risk in the Supply Chain
SESSION ID: CIN-W10 Combating Cyber Risk in the Supply Chain Ashok Sankar Senior Director Cyber Strategy Raytheon Websense @ashoksankar Introduction The velocity of data breaches is accelerating at an
More informationW H IT E P A P E R. Salesforce Security for the IT Executive
W HITEPAPER Salesforce Security for the IT Executive Contents Contents...1 Introduction...1 Background...1 Settings Related to Security and Compliance...1 Password Settings... 1 Session Settings... 2 Login
More informationOWASP CISO Survey Report 2015 Tactical Insights for Managers
OWASP CISO Survey Report 2015 Tactical Insights for Managers Disclaimer The views and opinions expressed in this presentation are those of the author and not of any organisation. Everything I say is my
More informationInformation Security in Corporation
Information Security in Corporation System Vulnerability and Abuse Software Vulnerability Commercial software contains flaws that create security vulnerabilities. Hidden bugs (program code defects) Zero
More information2018 Marketing & Unsubscribe Audit
2018 Email Marketing & Unsubscribe Audit Benchmark research providing marketers, service providers and policymakers insight into enhancing the integrity and trust of email Released November 28, 2018 2
More informationPCI DSS 3.1 is here. Are you ready? Mike Goldgof Sr. Director Product Marketing
PCI DSS 3.1 is here. Are you ready? Mike Goldgof Sr. Director Product Marketing 1 WhiteHat Security Application Security Company Leader in the Gartner Magic Quadrant Headquartered in Santa Clara, CA 320+
More informationEvaluating DMARC Effectiveness for the Financial Services Industry
Evaluating DMARC Effectiveness for the Financial Services Industry by Robert Holmes General Manager, Email Fraud Protection Return Path Executive Summary Email spoofing steadily increases annually. DMARC
More informationIT Security in a Meaningful Use Era C&SO HIMSS Meeting
CSOHIMSS 2011 Slide 1 October 21, 2011 October 21, 2011 IT Security in a Meaningful Use Era C&SO HIMSS Meeting Presented by: Mac McMillan CEO CynergisTek, Inc. Chair, HIMSS Privacy & Security Task Force
More information