Security DY JEOPARDY JEOPARDY JEOPARDY JEOPARDY JEOPARDY

Transcription

1 JEOPARDY JEOPARDY JEOPARDY JEOPARDY JEOPARDY JEO Security DY JEOPARDY JEOPARDY JEOPARDY JEOPARDY JEOPARDY

2 HERE ARE TODAY S CATEGORIES

3 Life, Death, Taxes and Breaches

4 Data Classification

5 What is Your RISK?

6 How to Get Rid of your Auditor

7 Who are you Entertaining in your Cloud?

8 Hollywood Hacking

9 Life, Death, Taxes, & Breaches Data Classification What is your RISK? How to Get Rid of your Auditor Who are you Entertaining in your Cloud? Hollywood Hacking $100 $100 $100 $100 $100 $100 $200 $200 $200 $200 $200 $200 $300 $300 $300 $300 $300 $300 $400 $400 $400 $400 $400 $400 $500 $500 $500 $500 $500 $500 FINAL JEOPARDY

10 22.1Million

11 What is the number of records hacked during the OPM breach?

12 Approximately $200

13 What is the approximate cost per record of a breach?

14 A loosely associated international network of activist and hacktivist entities.

15 What is Anonymous?

16 data is in both known and unknown places throughout the environment

17 What is Unmanaged Sensitive Data?

18 According to IDC, less than 5% of the $27 billion spent on security products directly addressed data center security.

19 What is not enough money is spent on protecting the crown jewels allowing for majority of breaches to occur at the data center level.

20 1. Excessive and Unused Privileges 2. Privilege Abuse 3. Input Injection 4. Malware 5. Weak Audit Trail 6. Storage Media Exposure 7. Exploitation of Vulnerabilities and Misconfigured Databases 8. Unmanaged Sensitive Data 9. Denial of Service 10. Limited Security Expertise and Education

21 What are the Top 10 most Critical Database Threats in 2015?

22 Auditors look at multiple aspects of a database environment including: user management, authentication, separation of duties, access control, and audit trail.

23 How do Auditors verify Regulatory Compliance?

24 1. Is the audit process independent from the database system being audited? 2. Does the audit trail establish user accountability? 3. Does the audit trail include appropriate detail? 4. Does the audit trail identify material variances from baseline activity? 5. Is the scope of the audit trail sufficient?

25 What are the top 5 questions Auditors ask?

26

27 During a security Discovery of SAAS or Cloud based Applications, typically around SAAS Apps are found.

28 What is over 100?

29 This movie was released directly to streaming movie services because Hollywood was allegedly hacked by North Korea. The North Korean government threatened action against the United States if Sony Entertainment released this film.

30 What is The Interview?

31 This movie had their own studio hack and deface the movie website to further promote their movie.

32 What is Hackers?

33 This movie used modem war-dialing to find a supercomputer that almost caused a thermal nuclear war.

34 What is Wargames?

35 This 3D Grid character used NMAP to scan a Power Plant then used sshnuke to exploit an SSH vulnerability to gain root access.

36 Who is Trinity in the Matrix Reloaded?

37 This movie sported a covenanted red stapler and had their disgruntled employees upload a virus to the banking software system to skim the fractions of cents into a bank account like in Superman 3.

38 What is Office Space?

39

40 Where can you find more information on how to protect your data and build Security into your environment be it in the data center or cloud data?

41 Imperva s th: Please Come by.

42 For more information contact: Vaishali Patel