Data Security and Privacy : Compliance to Stewardship. Jignesh Patel Solution Consultant,Oracle

Size: px
Start display at page:

Download "Data Security and Privacy : Compliance to Stewardship. Jignesh Patel Solution Consultant,Oracle"

Transcription

1 Data Security and Privacy : Compliance to Stewardship Jignesh Patel Solution Consultant,Oracle

2 Agenda Connected Government Security Threats and Risks Defense In Depth Approach Summary

3 Connected Government : Provide better services FOR Efficient GOVERNMENT Government

4 CONNECTED GOVERNMENT MAKES DIFFERENCE IN PEOPLE S LIVES Cloud Computing Analytics and Big Data Mobile Users Social Experience Citizen Services CHANGING THE WAY GOVERNMENT DELIVER SERVICES

5 Security Threats and Risks Growing Risk FOR GOVERNMENT

6 GOVERNMENT CHALLENGES HAVE EVOLVED Privacy Quality of Service Data Security & Integrity Regulatory Compliance SSN # Personal Profile Identity Theft Info Security Credit Card Info Tax IDs Denial of Service Fraud Continuous Monitoring Collaboration Privacy HIPAA / HITECH PII NERC PCI DSS IRS 1075 CJIS

7 Importance of Security Risk to data : Actor and Motivator HACKERS ORGANIZED CRIMINAL NATION STATES Insider Outsider Outsider with help of insider! TERRORISTS INDIVIDUALS

8 FROM MISTAKES TO ATTACKS BASIC SECURITY IS NOT ENOUGH MISTAKES ACCIDENTAL ERASURE ACCIDENTAL DISCLOSURE MISUSE PRIVILEGE ABUSE DELIBERATE LEAKAGE CURIOSITY MALICIOUS COORDINATED ATTACKS HACKING DATA THEFT DENIAL OF SERVICE BLACKMAIL Adapted from Kuppinger Cole Presentation, March 2013

9 NIST 800 Series IRS 1075

10 Security Finding Auditor :Compliance Verification Finding Addressed Finding Addressed Finding Addressed Q1 Audit Finding Q2 Audit Finding Q3 Audit Finding Time Ad-hoc response to Audit Findings is Costly & Insecure Adapted from Kuppinger Cole Presentation, March 2013

11 Traditional Security Approach Detecting, Preventing or Stopping the threats on the network or devices. Apps User Device Data USERS ARE ACCESSING APPLICATIONS AND DATA FROM DEVICES VIA NETWORK Network

12 Traditional Security Approach Detecting, Preventing or Stopping the threats on the network or devices. Device Apps User Data MAJORITY OF THE SECURITY BUDGET HAS BEEN SPENT ON STOPPING OR DETECTING THE THREATS ON THE NETWORK OR DEVICE. Network

13 Traditional Security Approach Limited controls to protect data and user Device Apps User Data LITTLE ATTENTION TO USER ACTIVITY AND DATA PROTECTION. MOST ORGANIZATIONS DON T COMPLETELY UNDERSTAND DATA AND USER ACTIONS. Network

14 67 % Records breached from servers 76 % 69 % Breached using weak or stolen credentials Discovered by an external party Over 1.1B Served 97 % Preventable with basic controls Most of security budget spent on Firewalls, Anti-virus and IDS, forgetting to secure data

15 Defense in Depth Approach Multi-Layered

16 Defense in Depth Architecture Multi-layered Security Integrate : People, Process and Technology Process People Technology Layered Security All security products have inherent weaknesses. It is only a matter of time before an adversary will find a weakness. The environment must be protected by multiple independent and reinforcing controls such that a single failure will have minimal or no impact.

17 Security Strategy PREVENTIVE PREVENT THE THREAT SECURITY CONTROL STOP ATTACK AUTOMATED REMEDIATION DETECTIVE MANAGE THE RISK IMPROVE DETECTION FASTER RESPONSE MINIMIZE EXPOSURE

18 Defense in Depth Security Principal Implemented to secure government building Multiple layer of security Guards have visibility to see adversaries approaching from a distance. Guard controls everyone entering and leaving. Security camera monitors activity in the building. Physical access controls protects resources inside the building. Access to business premises is monitored. Multiple layers of preventive and detective controls provide best protection against threats.

19 Policies, Procedure and Awareness Preventive : Prevent the threat SMART approach to security policy Security Awareness Training Auditor Incident Response Process Develop procedure to follow policy Detective : Manage the Risk Near Real-time Monitoring Security incident dashboard! Alerts Review configuration changes and access report Integrate People, Process and Technology for maximum security

20 Policies & Procedure Recommendation MAP Security policy to procedure Leverage The CIS* Benchmark configuration to document technical control policies. Develop security configuration standard for all system components. Identify Risk for not implementing technical control policies. Automate configuration verification against benchmark configuration. Leverage IT Service Management ( ITSM ) framework. Incident Management & Service Desk Service-level management ( SLA ) Configuration Management Promote configuration monitoring advantage to unplanned outage to application It is against the security policy!!! but nobody ever explains what the policy is, let alone document or evaluate it. * CIS The Center for Internet Security

21 Security Awareness Benefits Security Myth Busters Our Firewall Products Protects us from the internet. We Haven t been broken into so far, So We must Be doing great Job of Security. Technology Products Solve the Security Problem. Our Anti-Virus and Anti-Malware Scanner Protects us. Our IDS/NIDS Will Detect Intrusions. We don t do any thing that makes us a target for attack. Awareness training is one of the best Myth Busters

22 Physical Security Preventive : Prevent the threat Secure building Restrict physical access Security guards Physical barriers Detective : Manage the Risk Closed Circuit TV (CCTV) Real-time surveillance Security Camera Most Security controls can be circumvented, if attacker gains physical access

23 Perimeter Security Preventive : Prevent the threat DMZ Perimeter Hardened VPN Control outbound connection from server in DMZ zone Permit only required network traffic Detective : Manage the Risk IDS on Perimeter Network Firewall VPN IDS Monitor Access log Associate Alert using ITSM Service request Properly configured Perimeter security protects from large percentage of attacks.

24 Network Security Preventive : Prevent the threat Series of network segments/zones Least possible software/services USER Internet DMZ Mid Tier Database Firewall Configuration Encryption of Network packets Detective : Manage the Risk Network intruder detection system ( NIDS ) Access log monitoring Secure network devices against information gathering and DoS attacks.

25 Host,Data and Application Security Objection against additional security control - Strong Perimeter security protects our Application and Database. - Our firewall/nids protects us from the internet. - Web based application requires credential. - Database servers are in most secured zone. - Limited persons have direct production server and database access. - Our Information is public record. Perimeter security unable to protect sensitive data against attack using SQL injection,compromized privilege user access and clear text network traffic.

26 HOST ( Server ) Security Preventive : Prevent the threat Secure OS Implement compliance framework configuration. Patch management schedule patching IPS Intrusion Protection System Detective : Manage the Risk Centralized audit and log management system Monitor & correct configuration drift Leverage ITSM - Service Desk Secured server protects sensitive information on the server

27 HOST Security Recommendation Defend the HOST ( Server ) using strong access controls on hosts. Automate configuration verification against benchmark configuration. Proactively apply security patches in timely manner. Grant access to user based on their roles (needs ) rather than enabled by default. Review User's access rights periodically. Monitor Host server access and activity log. Multiple access failure should generate alert. Multi-factor authentication for privileged user access in production environment.

28 Application Security Preventive : Prevent the threat Secure development practice Single authentication and authorization services. Strong Encryption and Control Data-in-Use Detective : Manage the Risk Application Activity monitoring Privileged user s access review Leverage ITIL Monitoring and Service Desk Minimize application vulnerabilities to prevent attackers exploiting them for unauthorized access to data and complete control of the system

29 Application Security Recommendation Develop Secure design guidelines for application architects. Security logic must be externalized as much as possible. Application should leverage common security services. Developers must not hard-code security logic into business solutions. Security enforcement, decisions, and management must be performed by dedicated, shared services and infrastructure. Common audit log framework and monitoring should be leveraged. Evaluate application code for vulnerabilities and perform penetration testing.

30 Data Security Preventive : Prevent the threat Secure data at rest ( Encryption ) Secure data in transit Secure database configuration Prevent SQL injection Control Data-in-Use Mask non- production sensitive data Detective : Manage the Risk Privileged user Control & Analysis Database activity monitoring Verify database configuration Encrypted Data SQL Aware Firewall Masked Data Encrypted internal network communication Encrypted data is protected against by-pass database and server access control attack

31 Data Security Recommendation Classify Sensitive data stored in the database. Secure Data-at-Rest in database to prevent users from bypassing database security. Protects against theft or loss of disks and backups. Implement data redaction to limit exposure of sensitive data in applications. Rotate encryption key periodically ( Yearly, Quarterly). Prevents developers and testers from seeing the actual production data. Reduce Privileged access to the sensitive data Implement Privileged uses access control ( Emergency Privileged Access Control ) Multi factor privileged access control to access production system.

32 Defense in Depth Architecture Security Awareness,policies,procedures Security event response strategy Guards, Lock, Security Camera and Access control Firewalls,ACL configured routers, VPN Network based Intrusion Detection system Network segments, Network based Intrusion Detection system Patch Management Security update Intrusion Prevention Prevent attack Secure configuration OS hardening, log management Strong Password, Permission Securely designed Application Secure Communication Path, Encrypt ( Scramble ) data at rest.

33 DEFENSE IN DEPTH Secure Information and Meet Privacy Requirements SECURITY AT EACH LAYER SECURITY BETWEEN LAYERS SECURITY BETWEEN SYSTEMS S E C U R I T Y S E C U R I T Y S E C U R I T Y S E C U R I T Y S E C U R I T Y S E C U R I T Y S E C U R I T Y S E C U R I T Y S E C U R I T Y S E C U R I T Y S E C U R I T Y S E C U R I T Y S E C U R I T Y

34 THANK YOU

Defense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation

Defense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation Defense-in-Depth Against Malicious Software Speaker name Title Group Microsoft Corporation Agenda Understanding the Characteristics of Malicious Software Malware Defense-in-Depth Malware Defense for Client

More information

90% 191 Security Best Practices. Blades. 52 Regulatory Requirements. Compliance Report PCI DSS 2.0. related to this regulation

90% 191 Security Best Practices. Blades. 52 Regulatory Requirements. Compliance Report PCI DSS 2.0. related to this regulation Compliance Report PCI DSS 2.0 Generated by Check Point Compliance Blade, on April 16, 2018 15:41 PM O verview 1 90% Compliance About PCI DSS 2.0 PCI-DSS is a legal obligation mandated not by government

More information

PCI Compliance. What is it? Who uses it? Why is it important?

PCI Compliance. What is it? Who uses it? Why is it important? PCI Compliance What is it? Who uses it? Why is it important? Definitions: PCI- Payment Card Industry DSS-Data Security Standard Merchants Anyone who takes a credit card payment 3 rd party processors companies

More information

Effective Strategies for Managing Cybersecurity Risks

Effective Strategies for Managing Cybersecurity Risks October 6, 2015 Effective Strategies for Managing Cybersecurity Risks Larry Hessney, CISA, PCI QSA, CIA 1 Everybody s Doing It! 2 Top 10 Cybersecurity Risks Storing, Processing or Transmitting Sensitive

More information

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data Kenna Platform Security A technical overview of the comprehensive security measures Kenna uses to protect your data V3.0, MAY 2017 Multiple Layers of Protection Overview Password Salted-Hash Thank you

More information

Cyber Security Audit & Roadmap Business Process and

Cyber Security Audit & Roadmap Business Process and Cyber Security Audit & Roadmap Business Process and Organizations planning for a security assessment have to juggle many competing priorities. They are struggling to become compliant, and stay compliant,

More information

Juniper Vendor Security Requirements

Juniper Vendor Security Requirements Juniper Vendor Security Requirements INTRODUCTION This document describes measures and processes that the Vendor shall, at a minimum, implement and maintain in order to protect Juniper Data against risks

More information

Watson Developer Cloud Security Overview

Watson Developer Cloud Security Overview Watson Developer Cloud Security Overview Introduction This document provides a high-level overview of the measures and safeguards that IBM implements to protect and separate data between customers for

More information

Complying with RBI Guidelines for Wi-Fi Vulnerabilities

Complying with RBI Guidelines for Wi-Fi Vulnerabilities A Whitepaper by AirTight Networks, Inc. 339 N. Bernardo Avenue, Mountain View, CA 94043 www.airtightnetworks.com 2013 AirTight Networks, Inc. All rights reserved. Reserve Bank of India (RBI) guidelines

More information

University of Pittsburgh Security Assessment Questionnaire (v1.7)

University of Pittsburgh Security Assessment Questionnaire (v1.7) Technology Help Desk 412 624-HELP [4357] technology.pitt.edu University of Pittsburgh Security Assessment Questionnaire (v1.7) Directions and Instructions for completing this assessment The answers provided

More information

NOTHING IS WHAT IT SIEMs: COVER PAGE. Simpler Way to Effective Threat Management TEMPLATE. Dan Pitman Principal Security Architect

NOTHING IS WHAT IT SIEMs: COVER PAGE. Simpler Way to Effective Threat Management TEMPLATE. Dan Pitman Principal Security Architect NOTHING IS WHAT IT SIEMs: COVER PAGE Simpler Way to Effective Threat Management TEMPLATE Dan Pitman Principal Security Architect Cybersecurity is harder than it should be 2 SIEM can be harder than it should

More information

Automating the Top 20 CIS Critical Security Controls

Automating the Top 20 CIS Critical Security Controls 20 Automating the Top 20 CIS Critical Security Controls SUMMARY It s not easy being today s CISO or CIO. With the advent of cloud computing, Shadow IT, and mobility, the risk surface area for enterprises

More information

NEW DATA REGULATIONS: IS YOUR BUSINESS COMPLIANT?

NEW DATA REGULATIONS: IS YOUR BUSINESS COMPLIANT? NEW DATA REGULATIONS: IS YOUR BUSINESS COMPLIANT? What the new data regulations mean for your business, and how Brennan IT and Microsoft 365 can help. THE REGULATIONS: WHAT YOU NEED TO KNOW Australia:

More information

SECURITY & PRIVACY DOCUMENTATION

SECURITY & PRIVACY DOCUMENTATION Okta s Commitment to Security & Privacy SECURITY & PRIVACY DOCUMENTATION (last updated September 15, 2017) Okta is committed to achieving and preserving the trust of our customers, by providing a comprehensive

More information

Security Readiness Assessment

Security Readiness Assessment Security Readiness Assessment Jackson Thomas Senior Manager, Sales Consulting Copyright 2015 Oracle and/or its affiliates. All rights reserved. Cloud Era Requires Identity-Centric Security SaaS PaaS IaaS

More information

QuickBooks Online Security White Paper July 2017

QuickBooks Online Security White Paper July 2017 QuickBooks Online Security White Paper July 2017 Page 1 of 6 Introduction At Intuit QuickBooks Online (QBO), we consider the security of your information as well as your customers and employees data a

More information

Threat Control and Containment in Intelligent Networks. Philippe Roggeband - Product Manager, Security, Emerging Markets

Threat Control and Containment in Intelligent Networks. Philippe Roggeband - Product Manager, Security, Emerging Markets Threat Control and Containment in Intelligent Networks Philippe Roggeband - proggeba@cisco.com Product Manager, Security, Emerging Markets 1 Agenda Threat Control and Containment Trends in motivation The

More information

C1: Define Security Requirements

C1: Define Security Requirements OWASP Top 10 Proactive Controls IEEE Top 10 Software Security Design Flaws OWASP Top 10 Vulnerabilities Mitigated OWASP Mobile Top 10 Vulnerabilities Mitigated C1: Define Security Requirements A security

More information

Projectplace: A Secure Project Collaboration Solution

Projectplace: A Secure Project Collaboration Solution Solution brief Projectplace: A Secure Project Collaboration Solution The security of your information is as critical as your business is dynamic. That s why we built Projectplace on a foundation of the

More information

Total Security Management PCI DSS Compliance Guide

Total Security Management PCI DSS Compliance Guide Total Security Management PCI DSS Guide The Payment Card Industry Data Security Standard (PCI DSS) is a set of regulations to help protect the security of credit card holders. These regulations apply to

More information

Comprehensive Database Security

Comprehensive Database Security Comprehensive Database Security Safeguard against internal and external threats In today s enterprises, databases house some of the most highly sensitive, tightly regulated data the very data that is sought

More information

K12 Cybersecurity Roadmap

K12 Cybersecurity Roadmap K12 Cybersecurity Roadmap Introduction Jason Brown, CISSP Chief Information Security Officer Merit Network, Inc jbrown@merit.edu @jasonbrown17 https://linkedin.com/in/jasonbrown17 2 Agenda 3 Why Use the

More information

AZURE CLOUD SECURITY GUIDE: 6 BEST PRACTICES. To Secure Azure and Hybrid Cloud Environments

AZURE CLOUD SECURITY GUIDE: 6 BEST PRACTICES. To Secure Azure and Hybrid Cloud Environments AZURE CLOUD SECURITY GUIDE: 6 BEST PRACTICES To Secure Azure and Hybrid Cloud Environments Introduction Cloud is at the core of every successful digital transformation initiative. With cloud comes new

More information

ANATOMY OF AN ATTACK!

ANATOMY OF AN ATTACK! ANATOMY OF AN ATTACK! Are Your Crown Jewels Safe? Dom Kapac, Security Evangelist WHAT DO WE MEAN BY CROWN JEWELS? Crown jewels for most organizations are critical infrastructure and data Data is a valuable

More information

Protect Your Application with Secure Coding Practices. Barrie Dempster & Jason Foy JAM306 February 6, 2013

Protect Your Application with Secure Coding Practices. Barrie Dempster & Jason Foy JAM306 February 6, 2013 Protect Your Application with Secure Coding Practices Barrie Dempster & Jason Foy JAM306 February 6, 2013 BlackBerry Security Team Approximately 120 people work within the BlackBerry Security Team Security

More information

Security Testing. - a requirement for a secure business. ISACA DAY in SOFIA. Gabriel Mihai Tanase, Director, Cyber Services KPMG in CEE

Security Testing. - a requirement for a secure business. ISACA DAY in SOFIA. Gabriel Mihai Tanase, Director, Cyber Services KPMG in CEE Gabriel Mihai Tanase, Director, Cyber Services KPMG in CEE Cyber Security Services Security Testing - a requirement for a secure business ISACA DAY in SOFIA Agenda No Agenda Some minimum theory More real

More information

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

The SANS Institute Top 20 Critical Security Controls. Compliance Guide The SANS Institute Top 20 Critical Security Controls Compliance Guide February 2014 The Need for a Risk-Based Approach A common factor across many recent security breaches is that the targeted enterprise

More information

Criminal Justice Information Security (CJIS) Guide for ShareBase in the Hyland Cloud

Criminal Justice Information Security (CJIS) Guide for ShareBase in the Hyland Cloud Criminal Justice Information Security (CJIS) Guide for ShareBase in the Hyland Cloud Introduction The Criminal Justice Information Security (CJIS) Policy is a publically accessible document that contains

More information

Presenter Jakob Drescher. Industry. Measures used to protect assets against computer threats. Covers both intentional and unintentional attacks.

Presenter Jakob Drescher. Industry. Measures used to protect assets against computer threats. Covers both intentional and unintentional attacks. Presenter Jakob Drescher Industry Cyber Security 1 Cyber Security? Measures used to protect assets against computer threats. Covers both intentional and unintentional attacks. Malware or network traffic

More information

How NOT To Get Hacked

How NOT To Get Hacked How NOT To Get Hacked The right things to do so the bad guys can t do the wrong ones Mark Burnette Partner, LBMC -Risk Services October 25, 2016 Today s Agenda Protecting Against A Hack How should I start?

More information

Security+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 5 Host, Application, and Data Security

Security+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 5 Host, Application, and Data Security Security+ Guide to Network Security Fundamentals, Fourth Edition Chapter 5 Host, Application, and Data Security Objectives List the steps for securing a host computer Define application security Explain

More information

to protect the well-being of citizens. Fairfax is also home to some Fortune 500 and large

to protect the well-being of citizens. Fairfax is also home to some Fortune 500 and large Executive Summary As a County Government servicing about 1.5 million citizens, we have the utmost responsibility to protect the well-being of citizens. Fairfax is also home to some Fortune 500 and large

More information

Enhancing the Cybersecurity of Federal Information and Assets through CSIP

Enhancing the Cybersecurity of Federal Information and Assets through CSIP TECH BRIEF How BeyondTrust Helps Government Agencies Address Privileged Access Management to Improve Security Contents Introduction... 2 Achieving CSIP Objectives... 2 Steps to improve protection... 3

More information

Security Issues and Best Practices for Water Facilities

Security Issues and Best Practices for Water Facilities Security Issues and Best Practices for Water Facilities Standards Certification Jeff Hayes Business Development Manager Beijer Electronics Education & Training Publishing Conferences & Exhibits 2013 ISA

More information

Designing and Building a Cybersecurity Program

Designing and Building a Cybersecurity Program Designing and Building a Cybersecurity Program Based on the NIST Cybersecurity Framework (CSF) Larry Wilson lwilson@umassp.edu ISACA Breakfast Meeting January, 2016 Designing & Building a Cybersecurity

More information

Look Who s Hiring! AWS Solution Architect AWS Cloud TAM

Look Who s Hiring! AWS Solution Architect   AWS Cloud TAM Look Who s Hiring! AWS Solution Architect https://www.amazon.jobs/en/jobs/362237 AWS Cloud TAM https://www.amazon.jobs/en/jobs/347275 AWS Principal Cloud Architect (Professional Services) http://www.reqcloud.com/jobs/701617/?k=wxb6e7km32j+es2yp0jy3ikrsexr

More information

Technology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited

Technology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited Technology Risk Management in Banking Industry Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited Change in Threat Landscape 2 Problem & Threats faced by Banking Industry

More information

Cyber Criminal Methods & Prevention Techniques. By

Cyber Criminal Methods & Prevention Techniques. By Cyber Criminal Methods & Prevention Techniques By Larry.Boettger@Berbee.com Meeting Agenda Trends Attacker Motives and Methods Areas of Concern Typical Assessment Findings ISO-17799 & NIST Typical Remediation

More information

Keys to a more secure data environment

Keys to a more secure data environment Keys to a more secure data environment A holistic approach to data infrastructure security The current fraud and regulatory landscape makes it clear that every firm needs a comprehensive strategy for protecting

More information

EMERGING THREATS & STRATEGIES FOR DEFENSE. Paul Fletcher Cyber Security

EMERGING THREATS & STRATEGIES FOR DEFENSE. Paul Fletcher Cyber Security EMERGING THREATS & STRATEGIES FOR DEFENSE Paul Fletcher Cyber Security Evangelist @_PaulFletcher Threats by Customer Environment Cloud Environment On Premise Environment 1.96% 0.13% 0.02% application-attack

More information

Daxko s PCI DSS Responsibilities

Daxko s PCI DSS Responsibilities ! Daxko s PCI DSS Responsibilities According to PCI DSS requirement 12.9, Daxko will maintain all applicable PCI DSS requirements to the extent the service prov ider handles, has access to, or otherwise

More information

Security Terminology Related to a SOC

Security Terminology Related to a SOC Security Terminology Related to a SOC Cybersecurity literacy is crucial for practicing proper security hygiene. As business leaders develop fluency in the language of information security (infosec), they

More information

What are PCI DSS? PCI DSS = Payment Card Industry Data Security Standards

What are PCI DSS? PCI DSS = Payment Card Industry Data Security Standards PCI DSS What are PCI DSS? PCI DSS = Payment Card Industry Data Security Standards Definition: A multifaceted security standard that includes requirements for security management, policies, procedures,

More information

CoreMax Consulting s Cyber Security Roadmap

CoreMax Consulting s Cyber Security Roadmap CoreMax Consulting s Cyber Security Roadmap What is a Cyber Security Roadmap? The CoreMax consulting cyber security unit has created a simple process to access the unique needs of each client and allows

More information

10 Cybersecurity Questions for Bank CEOs and the Board of Directors

10 Cybersecurity Questions for Bank CEOs and the Board of Directors 4 th Annual UBA Bank Executive Winter Conference February, 2015 10 Cybersecurity Questions for Bank CEOs and the Board of Directors Dr. Kevin Streff Founder, Secure Banking Solutions 1 Board of Directors

More information

Securing Your Web Application against security vulnerabilities. Alvin Wong, Brand Manager IBM Rational Software

Securing Your Web Application against security vulnerabilities. Alvin Wong, Brand Manager IBM Rational Software Securing Your Web Application against security vulnerabilities Alvin Wong, Brand Manager IBM Rational Software Agenda Security Landscape Vulnerability Analysis Automated Vulnerability Analysis IBM Rational

More information

Compliance Audit Readiness. Bob Kral Tenable Network Security

Compliance Audit Readiness. Bob Kral Tenable Network Security Compliance Audit Readiness Bob Kral Tenable Network Security Agenda State of the Market Drifting Out of Compliance Continuous Compliance Top 5 Hardest To Sustain PCI DSS Requirements Procedural support

More information

You will discuss topics related to ethical hacking, information risks, and security techniques which hackers will seek to circumvent.

You will discuss topics related to ethical hacking, information risks, and security techniques which hackers will seek to circumvent. IDPS Effectiveness and Primary Takeaways You will discuss topics related to ethical hacking, information risks, and security techniques which hackers will seek to circumvent. IDPS Effectiveness and Primary

More information

Private Clouds: Opportunity to Improve Data Security and Lower Costs. InfoTRAMS Fusion Tematyczny, Bazy Danych, Kariera I Prywatny Sprzęt t W Pracy

Private Clouds: Opportunity to Improve Data Security and Lower Costs. InfoTRAMS Fusion Tematyczny, Bazy Danych, Kariera I Prywatny Sprzęt t W Pracy Private Clouds: Opportunity to Improve Data Security and Lower Costs InfoTRAMS Fusion Tematyczny, Bazy Danych, Kariera I Prywatny Sprzęt t W Pracy Private Clouds: Opportunity to Improve Data Security and

More information

Cyber Fraud What can you do about it?

Cyber Fraud What can you do about it? Cyber Fraud What can you do about it? Eric Wright Shareholder June 10, 2014 What is Cyber Fraud? NetLingo definition: Cyber fraud refers to any type of deliberate deception for unfair or unlawful gain

More information

Cloud-Based Data Security

Cloud-Based Data Security White Paper Cloud-Based Data Security SaaS-built Galileo collects and analyzes customized performance data efficiently, on-demand, via a secure Internet connection. About Galileo Created by the ATS Group,

More information

Solution Pack. Managed Services Virtual Private Cloud Security Features Selections and Prerequisites

Solution Pack. Managed Services Virtual Private Cloud Security Features Selections and Prerequisites Solution Pack Managed Services Virtual Private Cloud Security Features Selections and Prerequisites Subject Governing Agreement DXC Services Requirements Agreement between DXC and Customer including DXC

More information

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006 Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 April 2013 Hologic and the Hologic Logo are trademarks or registered trademarks of Hologic, Inc. Microsoft, Active Directory,

More information

locuz.com SOC Services

locuz.com SOC Services locuz.com SOC Services 1 Locuz IT Security Lifecycle services combine people, processes and technologies to provide secure access to business applications, over any network and from any device. Our security

More information

TOP 10 IT SECURITY ACTIONS TO PROTECT INTERNET-CONNECTED NETWORKS AND INFORMATION

TOP 10 IT SECURITY ACTIONS TO PROTECT INTERNET-CONNECTED NETWORKS AND INFORMATION INFORMATION TECHNOLOGY SECURITY GUIDANCE TOP 10 IT SECURITY ACTIONS TO PROTECT INTERNET-CONNECTED NETWORKS AND INFORMATION ITSM.10.189 October 2017 INTRODUCTION The Top 10 Information Technology (IT) Security

More information

Online Services Security v2.1

Online Services Security v2.1 Online Services Security v2.1 Contents 1 Introduction... 2 2... 2 2.1... 2 2.2... 2 2.3... 3 3... 4 3.1... 4 3.2... 5 3.3... 6 4... 7 4.1... 7 4.2... 7 4.3... 7 4.4... 7 4.5... 8 4.6... 8 1 Introduction

More information

align security instill confidence

align security instill confidence align security instill confidence cyber security Securing data has become a top priority across all industries. High-profile data breaches and the proliferation of advanced persistent threats have changed

More information

Teradata and Protegrity High-Value Protection for High-Value Data

Teradata and Protegrity High-Value Protection for High-Value Data Teradata and Protegrity High-Value Protection for High-Value Data 12.16 EB7178 DATA SECURITY Table of Contents 2 Data Centric Security: Providing High-Value Protection for High-Value Data 3 Visibility:

More information

Secure Access & SWIFT Customer Security Controls Framework

Secure Access & SWIFT Customer Security Controls Framework Secure Access & SWIFT Customer Security Controls Framework SWIFT Financial Messaging Services SWIFT is the world s leading provider of secure financial messaging services. Their services are used and trusted

More information

Locking down a Hitachi ID Suite server

Locking down a Hitachi ID Suite server Locking down a Hitachi ID Suite server 2016 Hitachi ID Systems, Inc. All rights reserved. Organizations deploying Hitachi ID Identity and Access Management Suite need to understand how to secure its runtime

More information

Hacker Explains Privilege Escalation: How Hackers Get Elevated Permissions

Hacker Explains Privilege Escalation: How Hackers Get Elevated Permissions Hacker Explains Privilege Escalation: How Hackers Get Elevated Permissions Liam Cleary Solution Architect Protiviti Jeff Melnick Systems Engineer Netwrix Corporation Agenda Elevation Escalation Prevention

More information

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS 10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS WHITE PAPER INTRODUCTION BANKS ARE A COMMON TARGET FOR CYBER CRIMINALS AND OVER THE LAST YEAR, FIREEYE HAS BEEN HELPING CUSTOMERS RESPOND

More information

LBI Public Information. Please consider the impact to the environment before printing this.

LBI Public Information. Please consider the impact to the environment before printing this. LBI Public Information. Please consider the impact to the environment before printing this. DGPC Framework People Executive management commitment Engaged management team Integrated governance organization

More information

Security Policy (EN) v1.3

Security Policy (EN) v1.3 Security Policy (EN) v1.3 Author: Erik Klein Langenhorst Date: Sept 21, 2017 Classificatie: 2 Intended for stakeholders only Security Policy (EN) v1.5 Pagina 1 van 9 Version History Version Date Name Changes

More information

A Measurement Companion to the CIS Critical Security Controls (Version 6) October

A Measurement Companion to the CIS Critical Security Controls (Version 6) October A Measurement Companion to the CIS Critical Security Controls (Version 6) October 2015 1 A Measurement Companion to the CIS Critical Security Controls (Version 6) Introduction... 3 Description... 4 CIS

More information

Carbon Black PCI Compliance Mapping Checklist

Carbon Black PCI Compliance Mapping Checklist Carbon Black PCI Compliance Mapping Checklist The following table identifies selected PCI 3.0 requirements, the test definition per the PCI validation plan and how Carbon Black Enterprise Protection and

More information

Boston Chapter AGA 2018 Regional Professional Development Conference Cyber Security MAY 2018

Boston Chapter AGA 2018 Regional Professional Development Conference Cyber Security MAY 2018 Boston Chapter AGA 2018 Regional Professional Development Conference Cyber Security BRANDEIS UNIVERSITY PROFESSOR ERICH SCHUMANN MAY 2018 1 Chinese military strategist Sun Tzu: Benchmark If you know your

More information

10 FOCUS AREAS FOR BREACH PREVENTION

10 FOCUS AREAS FOR BREACH PREVENTION 10 FOCUS AREAS FOR BREACH PREVENTION Keith Turpin Chief Information Security Officer Universal Weather and Aviation Why It Matters Loss of Personally Identifiable Information (PII) Loss of Intellectual

More information

ISACA Silicon Valley. APIs The Next Hacker Target or a Business and Security Opportunity? Tim Mather, CISO Cadence Design Systems

ISACA Silicon Valley. APIs The Next Hacker Target or a Business and Security Opportunity? Tim Mather, CISO Cadence Design Systems ISACA Silicon Valley APIs The Next Hacker Target or a Business and Security Opportunity? Tim Mather, CISO Cadence Design Systems Why Should You Care About APIs? Because cloud and mobile computing are built

More information

Education Network Security

Education Network Security Education Network Security RECOMMENDATIONS CHECKLIST Learn INSTITUTE Education Network Security Recommendations Checklist This checklist is designed to assist in a quick review of your K-12 district or

More information

IC32E - Pre-Instructional Survey

IC32E - Pre-Instructional Survey Name: Date: 1. What is the primary function of a firewall? a. Block all internet traffic b. Detect network intrusions c. Filter network traffic d. Authenticate users 2. A system that monitors traffic into

More information

MIS5206-Section Protecting Information Assets-Exam 1

MIS5206-Section Protecting Information Assets-Exam 1 Your Name Date 1. Which of the following contains general approaches that also provide the necessary flexibility in the event of unforeseen circumstances? a. Policies b. Standards c. Procedures d. Guidelines

More information

Business White Paper. Healthcare IT In The Cloud: Predicting Threats, Protecting Patient Data

Business White Paper. Healthcare IT In The Cloud: Predicting Threats, Protecting Patient Data Business White Paper Healthcare IT In The Cloud: Predicting Threats, Protecting Patient Data Page 2 of 7 Healthcare IT In The Cloud: Predicting Threats, Protecting Patient Data Table of Contents Page 2

More information

Transforming Security from Defense in Depth to Comprehensive Security Assurance

Transforming Security from Defense in Depth to Comprehensive Security Assurance Transforming Security from Defense in Depth to Comprehensive Security Assurance February 28, 2016 Revision #3 Table of Contents Introduction... 3 The problem: defense in depth is not working... 3 The new

More information

Security Principles for Stratos. Part no. 667/UE/31701/004

Security Principles for Stratos. Part no. 667/UE/31701/004 Mobility and Logistics, Traffic Solutions Security Principles for Stratos Part no. THIS DOCUMENT IS ELECTRONICALLY APPROVED AND HELD IN THE SIEMENS DOCUMENT CONTROL TOOL. All PAPER COPIES ARE DEEMED UNCONTROLLED

More information

CYBERSECURITY RISK LOWERING CHECKLIST

CYBERSECURITY RISK LOWERING CHECKLIST CYBERSECURITY RISK LOWERING CHECKLIST The risks from cybersecurity attacks, whether external or internal, continue to grow. Leaders must make thoughtful and informed decisions as to the level of risk they

More information

How Breaches Really Happen

How Breaches Really Happen How Breaches Really Happen www.10dsecurity.com About Dedicated Information Security Firm Clients Nationwide, primarily in financial industry Services Penetration Testing Social Engineering Vulnerability

More information

Security Architecture

Security Architecture Security Architecture RDX s top priority is to safeguard our customers sensitive information. Introduction RDX understands that our customers have turned over the keys to their sensitive data stores to

More information

Unlocking the Power of the Cloud

Unlocking the Power of the Cloud TRANSFORM YOUR BUSINESS With Smarter IT Unlocking the Power of the Cloud Hybrid Networking Managed Security Cloud Communications Software-defined solutions that adapt to the shape of your business The

More information

Addressing PCI DSS 3.2

Addressing PCI DSS 3.2 Organizational Challenges Securing the evergrowing landscape of devices while keeping pace with regulations Enforcing appropriate access for compliant and non-compliant endpoints Requiring tools that provide

More information

Cloud Security Whitepaper

Cloud Security Whitepaper Cloud Security Whitepaper Sep, 2018 1. Product Overview 3 2. Personally identifiable information (PII) 3 Using Lookback without saving any PII 3 3. Security and privacy policy 4 4. Personnel security 4

More information

Chapter 9. Firewalls

Chapter 9. Firewalls Chapter 9 Firewalls The Need For Firewalls Internet connectivity is essential Effective means of protecting LANs Inserted between the premises network and the Internet to establish a controlled link however

More information

Payment Card Industry (PCI) Data Security Standard

Payment Card Industry (PCI) Data Security Standard Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire Version 1.0 Release: December 2004 How to Complete the Questionnaire The questionnaire is divided into six sections. Each

More information

Google Cloud Platform: Customer Responsibility Matrix. April 2017

Google Cloud Platform: Customer Responsibility Matrix. April 2017 Google Cloud Platform: Customer Responsibility Matrix April 2017 Introduction 3 Definitions 4 PCI DSS Responsibility Matrix 5 Requirement 1 : Install and Maintain a Firewall Configuration to Protect Cardholder

More information

the SWIFT Customer Security

the SWIFT Customer Security TECH BRIEF Mapping BeyondTrust Solutions to the SWIFT Customer Security Controls Framework Privileged Access Management and Vulnerability Management Table of ContentsTable of Contents... 2 Purpose of This

More information

Securing the Smart Grid. Understanding the BIG Picture 11/1/2011. Proprietary Information of Corporate Risk Solutions, Inc. 1.

Securing the Smart Grid. Understanding the BIG Picture 11/1/2011. Proprietary Information of Corporate Risk Solutions, Inc. 1. Securing the Smart Grid Understanding the BIG Picture The Power Grid The electric power system is the most capital-intensive infrastructure in North America. The system is undergoing tremendous change

More information

FairWarning Mapping to PCI DSS 3.0, Requirement 10

FairWarning Mapping to PCI DSS 3.0, Requirement 10 FairWarning Mapping to PCI DSS 3.0, Requirement 10 Requirement 10: Track and monitor all access to network resources and cardholder data Logging mechanisms and the ability to track user activities are

More information

Managing and Auditing Organizational Migration to the Cloud TELASA SECURITY

Managing and Auditing Organizational Migration to the Cloud TELASA SECURITY Managing and Auditing Organizational Migration to the Cloud 1 TELASA SECURITY About Me Brian Greidanus bgreidan@telasasecurity.com 18+ years of security and compliance experience delivering consulting

More information

EBOOK 4 TIPS FOR STRENGTHENING THE SECURITY OF YOUR VPN ACCESS

EBOOK 4 TIPS FOR STRENGTHENING THE SECURITY OF YOUR VPN ACCESS EBOOK 4 TIPS FOR STRENGTHENING THE SECURITY OF YOUR VPN ACCESS HOW SECURE IS YOUR VPN ACCESS? Remote access gateways such as VPNs and firewalls provide critical anywhere-anytime connections to the networks

More information

INFORMATION SECURITY-SECURITY INCIDENT RESPONSE

INFORMATION SECURITY-SECURITY INCIDENT RESPONSE Information Technology Services Administrative Regulation ITS-AR-1506 INFORMATION SECURITY-SECURITY INCIDENT RESPONSE 1.0 Purpose and Scope The purpose of the Security Response Administrative Regulation

More information

Express Monitoring 2019

Express Monitoring 2019 Express Monitoring 2019 WHY CHOOSE PT EXPRESS MONITORING PT Express Monitoring provides a quick evaluation of the current signaling network protection level. This service helps to discover critical vulnerabilities

More information

HikCentral V1.3 for Windows Hardening Guide

HikCentral V1.3 for Windows Hardening Guide HikCentral V1.3 for Windows Hardening Guide Contents Introduction... 1 1. The Operating System - Microsoft Windows Security Configuration... 2 1.1Strict Password Policy... 2 1.2Turn Off Windows Remote

More information

Reinvent Your 2013 Security Management Strategy

Reinvent Your 2013 Security Management Strategy Reinvent Your 2013 Security Management Strategy Laurent Boutet 18 septembre 2013 Phone:+33 6 25 34 12 01 Email:laurent.boutet@skyboxsecurity.com www.skyboxsecurity.com What are Your Key Objectives for

More information

SECURITY PRACTICES OVERVIEW

SECURITY PRACTICES OVERVIEW SECURITY PRACTICES OVERVIEW 2018 Helcim Inc. Copyright 2006-2018 Helcim Inc. All Rights Reserved. The Helcim name and logo are trademarks of Helcim Inc. P a g e 1 Our Security at a Glance About Helcim

More information

Altius IT Policy Collection Compliance and Standards Matrix

Altius IT Policy Collection Compliance and Standards Matrix Governance Context and Alignment Policy 4.1 4.4 800-26 164.308 12.4 EDM01 IT Governance Policy 5.1 800-30 12.5 EDM02 Leadership Mergers and Acquisitions Policy A.6.1.1 800-33 EDM03 Context Terms and Definitions

More information

Surprisingly Successful: What Really Works in Cyber Defense. John Pescatore, SANS

Surprisingly Successful: What Really Works in Cyber Defense. John Pescatore, SANS Surprisingly Successful: What Really Works in Cyber Defense John Pescatore, SANS 1 Largest Breach Ever 2 The Business Impact Equation All CEOs know stuff happens in business and in security The goal is

More information

NETWORKING &SECURITY SOLUTIONSPORTFOLIO

NETWORKING &SECURITY SOLUTIONSPORTFOLIO NETWORKING &SECURITY SOLUTIONSPORTFOLIO NETWORKING &SECURITY SOLUTIONSPORTFOLIO Acomprehensivesolutionsportfoliotohelpyougetyourbusiness securelyconnected.clickononeofoursolutionstoknowmore NETWORKING

More information

Understand & Prepare for EU GDPR Requirements

Understand & Prepare for EU GDPR Requirements Understand & Prepare for EU GDPR Requirements The information landscape has changed significantly since the European Union (EU) introduced its Data Protection Directive in 1995 1 aimed at protecting the

More information

Formulate A Database Security Strategy To Ensure Investments Will Actually Prevent Data Breaches And Satisfy Regulatory Requirements

Formulate A Database Security Strategy To Ensure Investments Will Actually Prevent Data Breaches And Satisfy Regulatory Requirements A Forrester Consulting Thought Leadership Paper Commissioned By Oracle Formulate A Database Security Strategy To Ensure Investments Will Actually Prevent Data Breaches And Satisfy Regulatory Requirements

More information

SECURITY IN MICROSOFT AZURE. Marija Strazdas Sr. Solutions Engineer

SECURITY IN MICROSOFT AZURE. Marija Strazdas Sr. Solutions Engineer SECURITY IN MICROSOFT AZURE Marija Strazdas Sr. Solutions Engineer Infrastructure Has Changed Buying Hardware EARLY 2000 s MID 2000 s NOW Infrastructure Has Changed Buying Hardware Infrastructure As Code

More information