U.S. Driver s Licenses: Addressing the Potential Vulnerabilities
|
|
- Arthur Moore
- 6 years ago
- Views:
Transcription
1 U.S. Driver s Licenses: Addressing the Potential Vulnerabilities A 3M White Paper Marty Kenner, Bruce Wilson, Steve Rhyner 3M Security Systems Division St. Paul, MN bbwilson@mmm.com sjrhyner@mmm.com
2 Table of Contents Abstract... 1 Introduction: Addressing the Potential Vulnerabilities of U.S. Driver s Licenses Results: Analysis of Counterfeit U.S. Driver s Licenses Holographic Optically Variable Device... 4 UV Fluorescent Printing Assessment of Counterfeit Security Feature Penetration Conclusions... 8 References... 8
3 Abstract Identifying the physical security vulnerabilities in ID cards and driver s licenses is becoming increasingly important, especially in the United States where driver s licenses not only serve to certify driving privileges but also entitle the holders to access services or locations, travel domestically, and use it as breeder documents for passports. Sophisticated counterfeiting of U.S. driver s licenses is on the rise, with The Washington Post recently reporting on the proliferation of fake IDs being generated out of China ( Latest Counterfeit IDs so good they re dangerous, The Washington Post, July 30, 2011). Three commonly relied upon security features will be discussed with counterfeit examples. This paper will also compare readily available security information with data from counterfeits that demonstrate the potential vulnerabilities of U.S. driver s licenses. Introduction: Addressing the Potential Vulnerabilities of U.S. Driver s Licenses A United States Driver s License (DL) is primarily used to authenticate the privilege of legally operating a motor vehicle. Over time, the function of this document has evolved into a primary identity device for both personal and governmental purposes. Today the value of the physical characteristics within the license has increased significantly, as well, due to their heavy reliance for identity authentication. In the United States, the federal government does not issue a national driver s license or identification card (ID). Each state (including the District of Columbia for purposes of this paper) controls issuance for its residents, has its own driving rules, and its own regulations; however, the recipient may then drive a vehicle or use as a form of identification in any of the other states once a valid DL is obtained. In 2005, the REAL ID Act was passed by Congress in an attempt to create minimum federal performance standards although the final security level of the driver s license is still determined by the individual states. 1 Once the security features are selected and implemented, it is imperative for the issuing state to communicate genuine security features to the other states in order to help identify fraudulent documents. Physical security features are commonly published in the I.D. Checking Guide annually in February and used for reference and training wherever verifying identification is important. 2 Examples of potential locations that may use such a guide include: law enforcement, bars, liquor stores, retail sales, government services, financial institutions, healthcare facilities, and transportation providers. It is recognized that a comprehensive list of security features intentionally may not be incorporated into the I.D. Checking Guide. Additional authentication methods, for example forensic features, may be present beyond what is in the guide. These may be made available to authorized organizations when identification is verified. 1
4 Security features can be separated into different types. Level 1 is a designation for visual or tactile features which can be identified without use of a tool. This can also be described as an overt security feature. Level 2 is a feature that requires a simple tool such as a flash light, a 10X magnification loop, ultraviolet (UV) source, etc. to inspect the document for the security feature. Portability of the inspecting tool is a key discerning factor. Level 3 features, also referred to as forensic, require the use of a sophisticated analytical device such as a high-magnification optical or electron microscope, Fourier Transform Infrared spectrometer, fluorometer, etc. Historically, altered DLs had been typically used to obtain alcohol by minors. Relatively simple modifications to existing documents were made and covered by ubiquitous clear lamination films. With time, the complexity of valid driver s license printing and protective films, e.g. holograms, increased in an attempt to thwart illegal activity from the casual perpetrator. More recently, sophisticated counterfeiting of U.S. driver s licenses is on the rise as exemplified in The Washington Post reporting on the proliferation of fake IDs being generated out of China ( Latest Counterfeit IDs so good they re dangerous, The Washington Post, July 30, 2011) which bases the article on the death of a motorcyclist due to a fraudulent South Carolina driver s license. This article also highlights that IDs have appeared from various states believed to be sourced from a single Chinese company. Despite efforts after September 11, 2001 events, progress to improve DL security on the physical driver s license and issuance systems has been slow. This is largely due to the concerns of state s rights versus providing for the common national defense. It is recognized in the industry that no document is 100% secure and that a proactive approach to stay ahead of the targeted criminal activity is imperative. This security is then enhanced by two common strategies: 1) use of layered security features and 2) replacement of security features as they become obsolete or compromised. Layering of security features involves the use of multiple features for authentication. Each feature on its own may not represent significant difficulty for alteration or counterfeiting; however, the need to defeat several security features on a single document requires a sophistication as to each of the technologies employed and know-how to integrate them into a document. Common security features used in the DLs include: Holographic, Optically Variable Devices, Ghost Image, Microprinting, and UV fluorescent printing. The lifetime of any security feature has limitations. Experts in the field have stated Anything that man can make, man can copy. Eventually, even sophisticated security features will be reverse-engineered to produce counterfeit, altered, or forged licenses. The security materials industry refers to this targeting as an attack on a document. It is essential for maintaining the authenticity of a document to monitor the progress of the attacks and to replace or add alternate features when necessary. As indicated in the title, counterfeit documents are the primary focus of the work that follows. Counterfeiters often target the simplest construction based on the value (actual or perceived) of the security document for use in locations that are not necessarily within the issuing state. This paper will compare readily available security feature information from the 2011 I.D. Checking Guide with several confiscated DLs provided legally to 3M from law enforcement agencies. These counterfeits exemplify the potential vulnerabilities of DLs in the United States to counterfeit attack. 2
5 Results: Analysis of Counterfeit U.S. Driver s Licenses 3M has been provided numerous confiscated United Stated DLs from different states. In this analysis, three specific security features layered in the documents are the subject of the discussion: 1) Holographic, 2) Optically Variable Device, e.g. ink, and 3) UV Fluorescent print. 1) Holographic As described above, it is a significant challenge to authenticate security features based solely on a written description without the genuine document available for comparison or appropriate authentication equipment. Holographic components, also known as Diffractive Optically Variable Image Devices (DOVIDs), are a very common security feature in the retail and ID sectors. DOVIDs can be defined simply as an image that changes shape or rainbow-like color when viewed from different angles. In practice, the complexity of such security features has advanced to such a high level that a significant amount of time and/or forensic equipment may be required to detect counterfeits. Figure 1 shows two examples of counterfeit holograms that match the I.D. Checking Guide description. Ascertaining the authenticity of a DOVID requires a Level 3 examination of the document and either possessing specific knowledge of the security feature response or having an original for comparison. Specifically, authenticating a DL holographic feature involves observing the DOVID color response from specular light illumination at a controlled angle while rotating the document in question under high magnification. Figure 1. Counterfeit Hologram Examples The confiscated counterfeit DLs contained DOVID gratings that consisted of a singular color (grating) portions that are rotated to produce rainbow-like response when viewed in diffuse light, common to a normal lighting environment. Hence, they are not normally discernable from the genuine without use of a controlled lighting environment combined with direct comparison to an original document. This level of sophistication is easily beyond the threshold of good enough to pass cursory inspection. 3
6 2) Optically Variable Device Color shifting ink or print is another example of a common security feature categorized as an Optically Variable Device (OVD). The OVD ink changes to/from a specific color when tilted. This achieves a security feature that is easy to detect but, unfortunately, one that is also easy to duplicate/simulate. Figure 2 below is an example of the counterfeit Optically Variable Ink. Commercially-available paints, either specific color change or mixtures, may be used to simulate such an effect that, again, may appear good enough if a genuine document is not available. Figure 2. Counterfeit OVD Examples 3) UV Fluorescent Printing Authentication of UV fluorescent print exhibits similar challenges as holograms in that it is primarily the presence of the ink that determines acceptance. Figure 3 shows examples of counterfeit UV fluorescent print of two common colors. The quality of this printing varies significantly across the samples obtained. Again, it is a significant challenge to identify a counterfeit visually without the genuine document in-hand. Figure 3. Counterfeit UV Fluorescent Print Examples 4
7 Assessment of Counterfeit Security Feature Penetration Counterfeit DLs from several U.S. states have been analyzed at 3M using various analytical techniques to assess Level 1, Level 2, and Level 3 security features. These techniques are the same or similar to the practices employed at the federal government level. In general, the qualitative assessment of these counterfeit DLs ranged from apparent good enough to surprisingly very high quality possibly genuine. Obviously, there must have been something either in the physical document or the person that triggered suspicion because these counterfeit DLs were confiscated. Genuine DLs were not used in all cases for direct comparison during this assessment in order to mimic a typical visual verification scenario as described above. In order to assess the potential extent of counterfeit security feature penetration, the primary security features listed in the I.D. Checking Guide from each state were summarized. One of the challenges encountered during this exercise was the lack of consistent use of feature terminology (either intentional or unintentional). In certain instances, a judgment was made to assign the validation description into one of the categories given in Figure 4. Some security features, such as signature over photo, barcodes/magnetic stripe, and multiple examples of the same feature were not included in this analysis which focused on counterfeit capabilities. The number of states containing the specific security feature is also indicated. UV Text/Graphic, Ghost Image, Microprinting, Holographic, and OVD are the most prevalent features in the United States DLs. All the states that were counterfeited and analyzed contained at least three of the five most common security features. The counterfeit documents for two of the states contained all five common security features so it is reasonable to assume that any state DL that relies primarily on these security features is at risk of attack. Rainbow Printing, 3 Laser Engraving, 4 Virtual Image, 3 UV Personalized, 5 Raised Print, 2 Laser Perforation, 6 UV Ghost Image, 8 Fine Line Background, 10 UV Text/Graphic, 45 OVD, 18 Ghost Image, 41 Holographic, 30 Microprinting, 39 Source: Analysis of I.D. Checking Guide 2011 Figure 4. Number of States Containing Specific Security Feature 5
8 As shown in Figure 4, multiple security feature options are available for incorporation into a security document and used within the United States. Again, it is recognized that the data represents an attempt to summarize the I.D. Checking Guide descriptions into common physical security feature categories which may not be comprehensive. The large number and diversity of security features also creates a significant challenge for correct authentication/identity verification. The number of variations contained in the valid security feature portfolio means a security person at an access point must be fluent in authenticating the complete United States DL library. The number of valid security features enters into the hundreds at this time. This places an immense burden on the inspecting agent to identify any irregularities of these Level 1or Level 2 features. This also dictates a high level of expertise on the past and current issuances of the DLs in circulation. Previous to 2011, South Carolina had listed one primary security feature, holographic overlay, and it was this state that was mentioned in The Washington Post article but it is not known which generation of DL was counterfeited. It should also be noted that South Carolina added significantly more security features to its current license. This highlights the possible confusion caused by multiple valid DLs from a given issuing state. The majority of states currently have between three and six listed security features which encompass forty-eight states (see Figure 5). The highest number of security features listed was seven for Illinois; however the number of security features does not necessarily equate to added security as exemplified by the list of available counterfeit documents shown below Number of States Number of Listed Security Features Source: Analysis of I.D. Checking Guide 2011 Figure 5. Number of Listed Security Features in State DLs 6
9 Counterfeit IDs (sometimes marketed as novelty or fake cards) obtained through various websites provide easily-obtainable security documents that may appear good enough to pass Level 1 and sometimes Level 2 inspection. Mentioned above, the I.D. Checking Guide only displays an image of the DL - front side under visible lighting conditions and describes the various security features. In this case, just the presence (not quality) of such a security feature may be sufficient for it to be considered genuine by the unskilled verifier. Even with that non-specific information, internet sites do exist that review the quality of the counterfeit IDs and provide guidance on how and where to purchase high quality fraudulent documents. Often times, the review websites warn that counterfeit DL providers within the United States provide poor quality documents and that websites that accept credit card payments may be a scam. Therefore, the majority of counterfeit suppliers appear to be located outside the United States and also openly advertise that they operate outside the United States legal system. Multiple counterfeit websites indicate that novelty IDs are available for all states, including the District of Columbia. In some instances, the DL is visibly labeled as a novelty. In other instances, the novelty aspect is less obvious, for example by embedding novelty information in the magnetic stripe. One particular high quality counterfeit ID website, with product believed to have penetrated the United States, offers driver s licenses from eighteen states. Interestingly, all of these states include one or more of the counterfeit security features mentioned previously: hologram, OVD, or UV print. However, the apparent capability to counterfeit is not limited to just these three security features because the offering list consists of states that incorporate from three to seven different security technologies. As mentioned above, the total number of security features does not appear to act as a criminal deterrent based on the available counterfeit documents. Unfortunately it is not legal to simply order counterfeit DLs for the purposes of assessing the quality of such documents since genuine DLs are under the control of each state. The analyzed counterfeit United States DLs unequivocally demonstrate a significant capability to produce sophisticated counterfeits containing UV fluorescent, Ghost image, Microprinting, Holographic, and OVD features and the significance of this observation should be investigated further within each state. Individual states would need to be engaged in order to evaluate specific counterfeiting techniques and identify specific solutions to combat such fraudulent methods. 7
10 Conclusions The growing number of sophisticated counterfeit United States DLs entering the U.S. poses an eminent risk to national security. Organizations outside the United States have openly marketed fraudulent documents and demonstrated the means by which to distribute them. As the quality of these fraudulent documents improves even further, distinguishing a counterfeit from a genuine, especially involving holographic, color shifting ink, UV print and other security print features (not described here), will become significantly more challenging. State DLs relying primarily on these features, which includes a vast majority, are particularly vulnerable to fraudulent attack. The presence of sophisticated layered counterfeits in the United States DL system that broadly pass Level 1 and 2 inspections by authorities is clear evidence that the current primary security features (DOVID, OVD, and UV) have been compromised. New, easy to authenticate, secure materials, integrated security designs, and authentication systems are required in order to minimize the impact of the growing counterfeit market. References 1) 2) I.D. Checking Guide 2011 by Drivers License Guide Company (Redwood City, CA) 8
QC1 VSC. Rapid Travel Document Authentication. foster+freeman. all passports & ID cards. alterations & counterfeits. covert security features
foster+freeman VSC Video Spectral Comparator QC1 Rapid Travel Document Authentication examine all passports & ID cards DeteCt alterations & counterfeits Reveal covert security features foster+freeman QC1
More informationDATACARD PB6500 PASSPORT ISSUANCE SYSTEM ADVANCED TECHNOLOGY FOR HIGH-SECURITY PASSPORTS
DATACARD PB6500 PASSPORT ISSUANCE SYSTEM ADVANCED TECHNOLOGY FOR HIGH-SECURITY PASSPORTS A TRUSTED SOLUTIONS PROVIDER FOR GOVERNMENT Governments rely on Datacard Group to develop and deliver sophisticated
More informationVSC for document examination. foster+freeman. The Essential Video Spectral Comparator
4 foster+freeman Forensic Science Innovation 1978-2018 forty years in forensics VSC 8000 for document examination The Essential Video Spectral Comparator Examine and Authenticate Passports and ID Cards
More informationfor Questioned Document Examination
VSC 8000 THE ESSENTIAL VIDEO SPECTRAL COMPARATOR for Questioned Document Examination Examine and Authenticate Passports & ID Cards Security Documents Banknotes & Cheques foster+freeman VSC 8000 A STATE-OF-THE-ART
More informationChapter X Security Performance Metrics
Chapter X Security Performance Metrics Page 1 of 10 Chapter X Security Performance Metrics Background For many years now, NERC and the electricity industry have taken actions to address cyber and physical
More informationWhite Paper. Why IDS Can t Adequately Protect Your IoT Devices
White Paper Why IDS Can t Adequately Protect Your IoT Devices Introduction As a key component in information technology security, Intrusion Detection Systems (IDS) monitor networks for suspicious activity
More informationFraud Mobility: Exploitation Patterns and Insights
WHITEPAPER Fraud Mobility: Exploitation Patterns and Insights September 2015 2 Table of Contents Introduction 3 Study Methodology 4 Once a SSN has been Compromised, it Remains at Risk 4 Victims Remain
More informationSecurity for Financial Services: Addressing the Perception Gaps in a Dynamic Landscape
White Paper Security for Financial Services: Addressing the Perception Gaps in a Dynamic Landscape Financial services organizations have a unique relationship with technology: electronic data and transactions
More informationProtect Your Data the Way Banks Protect Your Money
Protect Your Data the Way Banks Protect Your Money A New Security Model Worth Understanding and Emulating Enterprise security traditionally relied on a fortress strategy that locked down user endpoints
More informationChapter X Security Performance Metrics
Chapter X Security Performance Metrics Page 1 of 9 Chapter X Security Performance Metrics Background For the past two years, the State of Reliability report has included a chapter for security performance
More information5. The technology risk evaluation need only be updated when significant changes or upgrades to systems are implemented.
Annex to the Financial Services Businesses Handbook Using Technology in the Customer Due Diligence Process A.1. Technology Risk Evaluation 1. A financial services business must, prior to deciding whether
More informationILLICIT GOODS AND GLOBAL HEALTH. Future-oriented policing projects
ILLICIT GOODS AND GLOBAL HEALTH Future-oriented policing projects In keeping with its consistent support of international organisations to strengthen the global community, the United Arab Emirates through
More informationFAQ: Privacy, Security, and Data Protection at Libraries
FAQ: Privacy, Security, and Data Protection at Libraries This FAQ was developed out of workshops and meetings connected to the Digital Privacy and Data Literacy Project (DPDL) and Brooklyn Public Library
More informationHeader. The Covert Diffractive Image A LaserCard Security Feature
Header The Covert Diffractive Image A LaserCard Security Feature Robert Hazel, Ph.D New Product Engineering Manager, LaserCard Corporation July, 2010 1875 N. Shoreline Blvd Mountain View, CA 94043 USA
More informationPanda Security 2010 Page 1
Panda Security 2010 Page 1 Executive Summary The malware economy is flourishing and affecting both consumers and businesses of all sizes. The reality is that cybercrime is growing exponentially in frequency
More informationCOUNTERING IMPROVISED EXPLOSIVE DEVICES
COUNTERING IMPROVISED EXPLOSIVE DEVICES FEBRUARY 26, 2013 COUNTERING IMPROVISED EXPLOSIVE DEVICES Strengthening U.S. Policy Improvised explosive devices (IEDs) remain one of the most accessible weapons
More informationSupercharge Your SIEM: How Domain Intelligence Enhances Situational Awareness
Supercharge Your SIEM: How Domain Intelligence Enhances Situational Awareness Introduction Drowning in data but starving for information. It s a sentiment that resonates with most security analysts. For
More informationElectronic Signature Systems
Electronic Signature Systems A Guide for IT Personnel Copyright Topaz Systems Inc. All rights reserved. For Topaz Systems, Inc. trademarks and patents, visit www.topazsystems.com/legal. Table of Contents
More informationIdentity Management: Setting Context
Identity Management: Setting Context Joseph Pato Trusted Systems Lab Hewlett-Packard Laboratories One Cambridge Center Cambridge, MA 02412, USA joe.pato@hp.com Identity Management is the set of processes,
More information10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS
10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS WHITE PAPER INTRODUCTION BANKS ARE A COMMON TARGET FOR CYBER CRIMINALS AND OVER THE LAST YEAR, FIREEYE HAS BEEN HELPING CUSTOMERS RESPOND
More informationTITLE 595. DEPARTMENT OF PUBLIC SAFETY CHAPTER 10. CLASS D DRIVER LICENSES AND IDENTIFICATION CARDS AND MOTOR LICENSE AGENT PROCEDURES
TITLE 595. DEPARTMENT OF PUBLIC SAFETY CHAPTER 10. CLASS D DRIVER LICENSES AND IDENTIFICATION CARDS AND MOTOR LICENSE AGENT PROCEDURES RULEMAKING ACTION: EMERGENCY adoption PROPOSED RULES: Subchapter 11.
More informationCloud Communications for Healthcare
Cloud Communications for Healthcare Today, many powerful business communication challenges face everyone in the healthcare chain including clinics, hospitals, insurance providers and any other organization
More informationUsing Threat Analytics to Protect Privileged Access and Prevent Breaches
Using Threat Analytics to Protect Privileged Access and Prevent Breaches Under Attack Protecting privileged access and preventing breaches remains an urgent concern for companies of all sizes. Attackers
More informationINFORMATION ASSURANCE DIRECTORATE
National Security Agency/Central Security Service INFORMATION ASSURANCE DIRECTORATE CGS Risk Monitoring Risk Monitoring assesses the effectiveness of the risk decisions that are made by the Enterprise.
More informationQuestion 1: What steps can organizations take to prevent incidents of cybercrime? Answer 1:
Cybercrime Question 1: What steps can organizations take to prevent incidents of cybercrime? Answer 1: Organizations can prevent cybercrime from occurring through the proper use of personnel, resources,
More informationfor Questioned Document Examination
VSC 8000 THE ESSENTIAL VIDEO SPECTRAL COMPARATOR for Questioned Document Examination Examine and Authenticate Passports & ID Cards Security Documents Banknotes & Cheques foster+freeman VSC 8000 A STATE-OF-THE-ART
More informationPreview. Mobile Payments. Payments Strategy Series. A Guide to Planning Your Approach. Price: $150
Payments Strategy Series Mobile Payments A Guide to Planning Your Approach Price: $150 WesPay Publications Payments Strategy Series WesPay (Western Payments Alliance) has a long tradition of working with
More informationDecember 10, Statement of the Securities Industry and Financial Markets Association. Senate Committee on Banking, Housing, and Urban Development
December 10, 2014 Statement of the Securities Industry and Financial Markets Association Senate Committee on Banking, Housing, and Urban Development Hearing Entitled Cybersecurity: Enhancing Coordination
More informationIntegrated Access Management Solutions. Access Televentures
Integrated Access Management Solutions Access Televentures Table of Contents OVERCOMING THE AUTHENTICATION CHALLENGE... 2 1 EXECUTIVE SUMMARY... 2 2 Challenges to Providing Users Secure Access... 2 2.1
More informationDeveloping Issues in Breach Notification and Privacy Regulations: Risk Managers Are you having the right conversation with the C Suite?
Developing Issues in Breach Notification and Privacy Regulations: Risk Managers Are you having the right conversation with the C Suite? Minnesota RIMS 39 th Annual Seminar Risk 2011-2012: Can You Hack
More informationMinistry of Government and Consumer Services. ServiceOntario. Figure 1: Summary Status of Actions Recommended in June 2016 Committee Report
Chapter 3 Section 3.06 Ministry of Government and Consumer Services ServiceOntario Standing Committee on Public Accounts Follow-Up on Section 4.09, 2015 Annual Report In March 2016, the Committee held
More informationOverview of the Federal Interagency Operational Plans
Overview of the Federal Interagency Operational Plans July 2014 Table of Contents Introduction... 1 Federal Interagency Operational Plan Overviews... 2 Prevention Federal Interagency Operational Plan...2
More informationBoston Chapter AGA 2018 Regional Professional Development Conference Cyber Security MAY 2018
Boston Chapter AGA 2018 Regional Professional Development Conference Cyber Security BRANDEIS UNIVERSITY PROFESSOR ERICH SCHUMANN MAY 2018 1 Chinese military strategist Sun Tzu: Benchmark If you know your
More informationControl Systems Cyber Security Awareness
Control Systems Cyber Security Awareness US-CERT Informational Focus Paper July 7, 2005 Produced by: I. Purpose Focus Paper Control Systems Cyber Security Awareness The Department of Homeland Security
More informationImperva Incapsula Survey: What DDoS Attacks Really Cost Businesses
Survey Imperva Incapsula Survey: What DDoS Attacks Really Cost Businesses BY: TIM MATTHEWS 2016, Imperva, Inc. All rights reserved. Imperva and the Imperva logo are trademarks of Imperva, Inc. Contents
More informationThe commission communication "towards a general policy on the fight against cyber crime"
MEMO/07/199 Brussels, 22 May 2007 The commission communication "towards a general policy on the fight against cyber crime" The use of the term cyber crime in this communication There is no agreed definition
More informationCyber Risks, Coverage, and the Board of Directors.
Cyber Risks, Coverage, and the Board of Directors PCI Northeastern General Counsel Seminar September 19-20, 2016 Vincent J. Vitkowsky Seiger Gfeller Laurie LLP vvitkowsky@sgllawgroup.com CYBER RISKS and
More informationPrevention of Identity Theft in Student Financial Transactions AP 5800
Reference: Fair and Accurate Credit Transactions Act (Pub. L. 108-159) The Board recognizes that some activities of the Shasta-Tehama-Trinity Joint Community College District, "District," are subject to
More informationTHE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION
BREACH & ATTACK SIMULATION THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION Cymulate s cyber simulation platform allows you to test your security assumptions, identify possible security gaps and receive
More informationHow AlienVault ICS SIEM Supports Compliance with CFATS
How AlienVault ICS SIEM Supports Compliance with CFATS (Chemical Facility Anti-Terrorism Standards) The U.S. Department of Homeland Security has released an interim rule that imposes comprehensive federal
More informationSectigo Security Solution
Sectigo Email Security Solution 2018 Sectigo. All rights reserved. Email hacking is a commonly used malicious tactic in our increasingly connected world. Business email compromise (BEC), or email account
More informationNEW! SOMEWHERE OUT THERE, SOMEONE IS HOPING YOU LL SETTLE FOR LESS. SYSTEM SELECTION GUIDE
NEW! SOMEWHERE OUT THERE, SOMEONE IS HOPING YOU LL SETTLE FOR LESS. SYSTEM SELECTION GUIDE FARGO SECURE CARD IDENTITY SYSTEMS PREVENTING THE LOSS OF TIME, MONEY AND LIVES IS A LOT TO EXPECT FROM AN ID
More informationGLOBAL PKI TRENDS STUDY
2018 GLOBAL PKI TRENDS STUDY Sponsored by Thales esecurity Independently conducted by Ponemon Institute LLC SEPTEMBER 2018 EXECUTIVE SUMMARY #2018GlobalPKI Mi Ponemon Institute is pleased to present the
More informationTWIC Update to Sector Delaware Bay AMSC 8 June 2018
TWIC Update to Sector Delaware Bay AMSC 8 June 2018 Agenda TWIC Program Metrics TWIC Next Generation (NexGen Physical Features) Credential Modes of Operation Canceled Card List Mobile App TWIC Assessments
More informationCYBER SOLUTIONS & THREAT INTELLIGENCE
CYBER SOLUTIONS & THREAT INTELLIGENCE STRENGTHEN YOUR DEFENSE DarkTower is a global advisory firm focused on security for some of the world s leading organizations. Our security services, along with real-world
More informationISACA GEEK WEEK SECURITY MANAGEMENT TO ENTERPRISE RISK MANAGEMENT USING THE ISO FRAMEWORK AUGUST 19, 2015
ISACA GEEK WEEK SECURITY MANAGEMENT TO ENTERPRISE RISK MANAGEMENT USING THE ISO 27001 FRAMEWORK AUGUST 19, 2015 Agenda Coalfire Overview Threat Landscape What is ISO Why ISO ISO Cycle Q&A 2 Presenters
More informationPhishing Activity Trends Report August, 2006
Phishing Activity Trends Report, 26 Phishing is a form of online identity theft that employs both social engineering and technical subterfuge to steal consumers' personal identity data and financial account
More informationCyber Insurance: What is your bank doing to manage risk? presented by
Cyber Insurance: What is your bank doing to manage risk? David Kitchen presented by Lisa Micciche Today s Agenda Claims Statistics Common Types of Cyber Attacks Typical Costs Incurred to Respond to an
More informationTHE INTERNATIONAL INSTITUTE OF CERTIFIED FORENSIC ACCOUNTANTS, INC. USA. CERTIFIED IN FRAUD & FORENSIC ACCOUNTING (Cr.
THE INTERNATIONAL INSTITUTE OF CERTIFIED FORENSIC ACCOUNTANTS, INC. USA CERTIFIED IN FRAUD & FORENSIC ACCOUNTING (Cr.FFa) BROCHURE Contents INTRODUCTION... 3 THE IICFA... 4 Basic Entry qualifications...
More informationDDoS MITIGATION BEST PRACTICES
DDoS MITIGATION BEST PRACTICES DDoS ATTACKS ARE INCREASING EXPONENTIALLY Organizations are becoming increasingly aware of the threat that Distributed Denial of Service (DDoS) attacks can pose. According
More informationAcceptable Use Policy (AUP)
Acceptable Use Policy (AUP) Questions regarding this policy and complaints of violations of this policy by PLAINS INTERNET users can be directed to support@plainsinternet.com. Introduction Plains Internet
More informationSecurity & Phishing
Email Security & Phishing Best Practices In Cybersecurity Presenters Bill Shieh Guest Speaker Staff Engineer Information Security Ellie Mae Supervisory Special Agent Cyber Crime FBI 2 What Is Phishing?
More informationA quick-reference guide to secure your organization s data and reduce cybersecurity attacks
Cybersecurity & Network Security: Best Practices to Protect Your Data A quick-reference guide to secure your organization s data and reduce cybersecurity attacks 1 More and more cybersecurity breaches
More informationPolicy recommendations. Technology fraud and online exploitation
Policy recommendations Technology fraud and online The opportunity Cloud computing is revolutionizing how people work, learn, interact, and play. Education is just one example as a new generation of cloud-based
More informationRed Flags Program. Purpose
Red Flags Program Purpose The purpose of this Red Flags Rules Program is to document the protocol adopted by the University of Memphis in compliance with the Red Flags Rules. Many offices at the University
More informationUNITED STATES DISTRICT COURT DISTRICT OF MASSACHUSETTS
UNITED STATES DISTRICT COURT DISTRICT OF MASSACHUSETTS MASSACHUSETTS BAY TRANSPORTATION AUTHORITY v. Plaintiff ZACK ANDERSON, RJ RYAN, ALESSANDRO CHIESA, RONALD L. RIVEST, and the MASSACHUSETTS INSTITUTE
More informationWhy you MUST protect your customer data
Why you MUST protect your customer data If you think you re exempt from compliance with customer data security and privacy laws because you re a small business, think again. Businesses of all sizes are
More informationPPR TOKENS SALE PRIVACY POLICY. Last updated:
PPR TOKENS SALE PRIVACY POLICY Last updated: 05.03.2018 STATUS AND ACCEPTANCE OF PRIVACY POLICY 1. This Privacy Policy (hereinafter referred to as the Policy ) sets forth the general rules of Participant
More informationTWIC Next Generation Card Design
TWIC Next Generation Card Design Authentication Guide June 2018 First issued by the Transportation Security Administration (TSA) in October 2007, the (TWIC) is a biometrically enabled card credential mandated
More informationUNCLASSIFIED R-1 ITEM NOMENCLATURE FY 2013 OCO
COST ($ in Millions) FY 2011 FY 2012 Base OCO Total FY 2014 FY 2015 FY 2016 FY 2017 Cost To Complete Total Cost Total Program Element 8.306 7.299 10.429-10.429 11.464 12.492 12.840 13.010 Continuing Continuing
More informationSpecial Action Plan on Countermeasures to Cyber-terrorism of Critical Infrastructure (Provisional Translation)
Special Action Plan on Countermeasures to Cyber-terrorism of Critical Infrastructure (Provisional Translation) December 15, 2000 1. Goals of the Special Action Plan The goal of this action plan is to protect
More informationIntroduction to Ethical Hacking. Chapter 1
Introduction to Ethical Hacking Chapter 1 Definition of a Penetration Tester Sometimes called ethical hackers though label is less preferred Pen testers are: People who assess security of a target Specially
More informationEscapees Temporary Mail Service Agreement 101 Rainbow Drive, Livingston, TX
Escapees Temporary Mail Service Agreement 101 Rainbow Drive, Livingston, TX 77399-9330 936-327-8873 888-757-2582 mailservice@escapees.com Date processed: PMB #: Member name(s): SKP #: Send packet to: Permanent
More informationRed Flags/Identity Theft Prevention Policy: Purpose
Red Flags/Identity Theft Prevention Policy: 200.3 Purpose Employees and students depend on Morehouse College ( Morehouse ) to properly protect their personal non-public information, which is gathered and
More informationREGULATORY COMPLIANCE REGULATORY COMPLIANCE SERVICES. Dynamic Solutions. Superior Results.
REGULATORY COMPLIANCE REGULATORY COMPLIANCE SERVICES Dynamic Solutions. Superior Results. PERSONALIZED HELP THAT RELIEVES THE BURDEN OF MANAGING COMPLIANCE The burden of managing risk and compliance is
More informationInapplicability to Non-Federal Sales and Use
Security Industry Association 8405 Colesville Road, Suite 500 Silver Spring, MD, 20190 301-804-4705 www.securityindustry.org Submitted by email: osd.dfars@mail.mil October 19, 2018 Re: Section 889 of the
More informationMIS Week 9 Host Hardening
MIS 5214 Week 9 Host Hardening Agenda NIST Risk Management Framework A quick review Implementing controls Host hardening Security configuration checklist (w/disa STIG Viewer) NIST 800-53Ar4 How Controls
More informationICBA Summary of FFIEC Cybersecurity Assessment Tool (May 2017 Update)
ICBA Summary of FFIEC Cybersecurity Assessment Tool (May 2017 Update) June 2017 INSERT YEAR HERE Contact Information: Jeremy Dalpiaz AVP, Cyber and Data Security Policy Jeremy.Dalpiaz@icba.org ICBA Summary
More informationBring Your Own Device (BYOD)
Bring Your Own Device (BYOD) An information security and ediscovery analysis A Whitepaper Call: +44 345 222 1711 / +353 1 210 1711 Email: cyber@bsigroup.com Visit: bsigroup.com Executive summary Organizations
More informationPolicy 24 Identity Theft Prevention Program IDENTITY THEFT PREVENTION PROGRAM OF WEBB CREEK UTILITY DISTRICT
Policy 24 Identity Theft Prevention Program IDENTITY THEFT PREVENTION PROGRAM OF WEBB CREEK UTILITY DISTRICT The Utility maintains accounts for its customers to pay for utility service where bills are
More informationVirtual Currencies and The Commonwealth. 1 June 2016
1 Virtual Currencies and The Commonwealth 1 June 2016 The Commonwealth Cybercrime Initiative Mission CCI aims to provide coherent, comprehensive and sustainable assistance to member states to build capacity
More informationSANMINA CORPORATION PRIVACY POLICY. Effective date: May 25, 2018
SANMINA CORPORATION PRIVACY POLICY Effective date: May 25, 2018 This Privacy Policy (the Policy ) sets forth the privacy principles that Sanmina Corporation and its subsidiaries (collectively, Sanmina
More informationWire Fraud Begins to Hammer the Construction Industry
Wire Fraud Begins to Hammer the Construction Industry Cybercriminals are adding new housing construction to their fraud landscape and likely on a wide scale. Created and published by: Thomas W. Cronkright
More informationRetail Security in a World of Digital Touchpoint Complexity
Retail Security in a World of Digital Touchpoint Complexity Author Greg Buzek, President of IHL Services Sponsored by Cisco Systems Inc. Featuring industry research by Previously in part 1 and part 2 of
More informationPhishing Activity Trends Report October, 2004
Phishing Activity Trends Report October, 2004 Phishing is a form of online identity theft that uses spoofed emails designed to lure recipients to fraudulent websites which attempt to trick them into divulging
More informationPayment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire A and Attestation of Compliance
Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire A and Attestation of Compliance Card-not-present Merchants, All Cardholder Data Functions Fully Outsourced For use with
More informationISSUE BRIEF SC DMV ELECTRONIC TICKET TRANSMISSION MANDATE (November, 2017)
551 Tollgate Road Suite B Elgin, IL 60123-9357 (847) 922-9480 Telephone stever@ecitationcoalition.com Email www.ecitationcoalition.com ISSUE BRIEF SC DMV ELECTRONIC TICKET TRANSMISSION MANDATE (November,
More informationELECTRONIC BANKING & ONLINE AUTHENTICATION
ELECTRONIC BANKING & ONLINE AUTHENTICATION How Internet fraudsters are trying to trick you What you can do to stop them How multi-factor authentication and other new techniques can help HELPING YOU STAY
More informationIdentity Theft Policies and Procedures
Identity Theft Policies and Procedures Davis & Wehrle, LLC 1104 S. Mays, Suite 105 Round Rock, TX 78664-6700 United States (512) 346-1131 Davis & Wehrle Identity Theft Policies & Procedures September 2017
More informationFOR FINANCIAL SERVICES ORGANIZATIONS
RSA BUSINESS-DRIVEN SECURITYTM FOR FINANCIAL SERVICES ORGANIZATIONS MANAGING THE NEXUS OF RISK & SECURITY A CHANGING LANDSCAPE AND A NEW APPROACH Today s financial services technology landscape is increasingly
More informationEXECUTIVE SUMMARY JUNE 2016 Multifamily and Cybersecurity: The Threat Landscape and Best Practices
Multifamily and Cybersecurity: The Threat Landscape and Best Practices By CHRISTOPHER G. CWALINA, ESQ., KAYLEE A. COX, ESQ. and THOMAS H. BENTZ, JR., ESQ. HOLLAND & KNIGHT Overview Cyber policy is critical
More informationASSESSMENT LAYERED SECURITY
FFIEC BUSINESS ACCOUNT GUIDANCE RISK & ASSESSMENT LAYERED SECURITY FOR ONLINE BUSINESS TRANSACTIONS New financial standards will assist banks and business account holders to make online banking safer and
More informationToday s cyber threat landscape is evolving at a rate that is extremely aggressive,
Preparing for a Bad Day The importance of public-private partnerships in keeping our institutions safe and secure Thomas J. Harrington Today s cyber threat landscape is evolving at a rate that is extremely
More informationBUZCOIN TOKENS SALE PRIVACY POLICY. Last updated:
BUZCOIN TOKENS SALE PRIVACY POLICY Last updated: 20.10.2018 STATUS AND ACCEPTANCE OF PRIVACY POLICY 1. This Privacy Policy (hereinafter referred to as the Policy ) sets forth the general rules of Participant
More informationEffective Threat Modeling using TAM
Effective Threat Modeling using TAM In my blog entry regarding Threat Analysis and Modeling (TAM) tool developed by (Application Consulting and Engineering) ACE, I have watched many more Threat Models
More informationRisk Management. Modifications by Prof. Dong Xuan and Adam C. Champion. Principles of Information Security, 5th Edition 1
Risk Management Modifications by Prof. Dong Xuan and Adam C. Champion Principles of Information Security, 5th Edition 1 Learning Objectives Upon completion of this material, you should be able to: Define
More informationin PCI Regulated Environments
in PCI Regulated Environments JULY, 2018 PCI COMPLIANCE If your business accepts payments via credit, debit, or pre-paid cards, you are required to comply with the security requirements of the Payment
More informationSecurity Standards for Electric Market Participants
Security Standards for Electric Market Participants PURPOSE Wholesale electric grid operations are highly interdependent, and a failure of one part of the generation, transmission or grid management system
More informationA Regulator s Perspective on Accountability and How to Incentivise It
Centre for Information Policy Leadership (CIPL) Workshop in collaboration with the Singapore Personal Data Protection Commission Implementing Accountability 26 July 2018 A Regulator s Perspective on Accountability
More informationTransforming Security from Defense in Depth to Comprehensive Security Assurance
Transforming Security from Defense in Depth to Comprehensive Security Assurance February 28, 2016 Revision #3 Table of Contents Introduction... 3 The problem: defense in depth is not working... 3 The new
More informationNEXT GENERATION SECURITY OPERATIONS CENTER
DTS SOLUTION NEXT GENERATION SECURITY OPERATIONS CENTER SOC 2.0 - ENHANCED SECURITY O&M SOC 2.0 - SUCCESS FACTORS SOC 2.0 - FUNCTIONAL COMPONENTS DTS SOLUTION SOC 2.0 - ENHANCED SECURITY O&M SOC 2.0 Protecting
More informationIDENTITY THEFT PREVENTION PROGRAM
IDENTITY THEFT PREVENTION PROGRAM COLDWELL BANKER-D ANN HARPER REALTY PROPERTY MANAGEMENT JULY 1, 2013 COLDWELL BANKER-D ANN HARPER REALTY PROPERTY MANAGEMENT, located in SAN ANTONIO, TX 78258 developed
More informationThe Hidden Costs of Free Database Auditing Comparing the total cost of ownership of native database auditing vs. Imperva SecureSphere
Comparing the total cost of ownership of native database auditing vs. Imperva SecureSphere Executive Summary To achieve compliance for regulatory mandates, many organizations turn to the free auditing
More informationSecure Government Computing Initiatives & SecureZIP
Secure Government Computing Initiatives & SecureZIP T E C H N I C A L W H I T E P A P E R WP 700.xxxx Table of Contents Introduction FIPS 140 and SecureZIP Ensuring Software is FIPS 140 Compliant FIPS
More informationCYBER FRAUD & DATA BREACHES 16 CPE s May 16-17, 2018
CYBER FRAUD & DATA BREACHES 16 CPE s May 16-17, 2018 Cyber fraud attacks happen; they can t all be stopped. The higher order question must be how can we, as fraud examiners and assurance professionals,
More informationभ रत य ररज़र व ब क. Setting up and Operationalising Cyber Security Operation Centre (C-SOC)
Annex-2 Setting up and Operationalising Cyber Security Operation Centre (C-SOC) Introduction 1 - Banking Industry in India has evolved technologically over the years and currently delivering innovative
More informationWHEN IS A DOCUMENT DEEMED POTENTIALLY FRAUDULENT?
WHEN IS A DOCUMENT DEEMED POTENTIALLY FRAUDULENT? There are a number of reasons a document might be suspected as being fraudulent. This document will give you an introduction to understanding document
More informationTowards a uniform solution to identity theft
Towards a uniform solution to identity theft November 2006 (V2.1) Lockstep Technologies www.lockstep.com.au Everybody s talking about identity theft. And many banks and other institutions are doing something
More informationCyberArk Privileged Threat Analytics
CyberArk Privileged Threat Analytics Table of Contents The New Security Battleground: Inside Your Network 3 Privileged account security 3 Collect the right data 4 Detect critical threats 5 Alert on critical
More informationPhishing Activity Trends
Phishing Activity Trends Report for the Month of, 27 Summarization of Report Findings The number of phishing reports received rose to 24,853 in, an increase of over 1, from February but still more than
More information