BYOD. Transformation. Joe Leonard Director, Secure Networks. April 3, 2013
|
|
- Mavis Tate
- 6 years ago
- Views:
Transcription
1 BYOD Transformation April 3, 2013 Joe Leonard Director, Secure Networks
2 Agenda Joe Leonard Introduction CIO Top 10 Tech Priorities What is BYOD? BYOD Trends BYOD Threats Security Best Practices HIPAA Security Rule BYOD Business Challenges BYOD Architecture Q&A
3 Joe Leonard Introduction 3
4 CIO TOP 10 TECH PRIORITIES
5 CIO Top 10 Technology Priorities Analytics & Business Intelligence Mobile Technologies 1. Analytics and Business Wireless Intelligence and BYOD Cloud Computing (SaaS, IaaS, PaaS) Collaboration technologies (workflow) Legacy Modernization IT Management CRM Virtualization 2. Mobile Technologies 3. Cloud Computing (Iaas, PaaS, SaaS) 4. Collaboration Technologies (workflow) 5. Legacy Modernization 6. IT Management 7. CRM 8. Virtualization 9. ERP Applications 10.Security Cloud Computing & Data Center Virtualization Unified Communications, Web Based Collaboration & Video Core Network Infrastructures, Virtual Infrastructure, ITaaS Models Managed Services, Network Management, Cloud Orchestration Data Center Virtualization 9 Security Security *According to Gartner research combined reports 2012
6 WHAT IS BYOD?
7 WHAT DOES BYOD MEAN TO YOU?
8 BYOD TRENDS
9 MORE THAN 3 CONNECTED DEVICES PER PERSON 2014
10 How Fast is Mobile Internet Growing?
11 Connected World is Changing Business THE INTERNET OF THINGS is evolving to THE INTERNET OF EVERYTHING
12 TOTAL GLOBAL IP TRAFFIC.9 EB in EB in EB in EXABYTE EQUALS 36,000 YEARS OF HD-TV VIDEO OR 1 BILLION GB
13 Global Mobile Data Forecast by Region
14 Mobile Devices Traffic Growth
15 Mobile Video Traffic
16 BYOD THREATS
17 Bring Your Own Device (BYOD) 75 percent of companies allow employee-owned smartphones and/or tablets to be used at work Aberdeen Study. Gartner predicts that this number will rise to 90 percent by Less that 10% of respondents felt completely aware of all mobile devices accessing their enterprise infrastructure SANS BYOD Survey 2012 The BYOD movement has significant productivity, convenience and cost benefits, but it is leading to serious challenges for IT security and privacy. 17
18 2012 Mobile Landscape Source: F-Secure Mobile Threat Report Q4 2012
19 2012 Mobile Threat Families Source: F-Secure Mobile Threat Report Q4 2012
20 Threat Families Source: F-Secure Mobile Threat Report Q4 2012
21 Malware Threats Source: Kaspersky 21
22 Mobile Threats by Type Source: F-Secure Mobile Threat Report Q4 2012
23 Malware Threat Report Source: FireEye Threat Report 2H 2011
24 Malware Attacks Malware Android DroidDream malware 50 apps pulled Rogue apps Upgrade attack
25 Top 5 Mobile Threats 1. Lost or stolen device 2. Mobile malware data leakage 3. Wi-Fi hotspots 4. Vulnerabilities phone OS and applications "lost" 50 phones on purpose (msnbc.com): 5. Proximity based hacking Cell-phone Symantec conducted insurance provider an experiment Asurion earlier reports this that year, 60 where million they smartphones are lost, stolen or damaged each year. In dollar terms, according to a report conducted by mobile security firm Lookout, Americans 43 percent lost of $30 finders billion clicked dollars on worth an app of smartphones labeled "online banking." 53 percent clicked on a filed named "HR salaries." 57 percent opened a file named "saved passwords. 60 percent checked Social networking tools and personal percent tempted a folder labeled "private photos. 89 percent clicked on something they probably shouldn t have. 50 percent of the phones were returned. 25
26 SECURITY BEST PRACTICES
27 SANS Consensus Audit Guidelines (CAG) # Guidelines 1 Inventory of authorized and unauthorized devices 2 Inventory of authorized and unauthorized software 3 Secure configurations for hardware software (Laptop and Server) 4 Continuous vulnerability assessment and remediation 5 Malware defenses 6 Application software security 7 Wireless device control 8 Data recovery capability (validated manually) 9 Security skills assessment and training to fill gaps 10 Secure configurations for network devices (Firewall, Router and Switch) # Guidelines 11 Limitation and control of network ports and services 12 Controlled use of administration privileges 13 Boundary defense 14 Maintenance, monitoring and analysis of audit logs 15 Controlled access based or need to know 16 Access monitoring and control 17 Data Loss Prevention (DLP) 18 Incident response capability 19 Secure networking engineering 20 Penetration tests and red team exercises
28 HIPAA SECURITY RULE
29 History of HIPAA
30 HIPAA Security Rule What do we check? Administration Safeguards Physical Safeguards Technical Safeguards Organizational Safeguards Documentation Requirements 30
31 Administration Safeguards (a) (1) Standard: Security management (a) (2) Standard: Assigned security responsibility (a) (3) Standard: Workforce security (a) (4) Standard: Information access management (a) (5) Standard: Security awareness and training (a) (6) Standard: Security incident procedures (a) (7) Standard: Contingency plan (a) (8) Standard: Evaluation (b) (9) Standard: Business associate contracts and other arrangements
32 Physical Safeguards (a) (1) Standard: Facility access controls (b) Standard: Workstation use (c) Standard: Workstation security (d) Standard: Device and media controls
33 Technical Safeguards (a) Standard: Access control (b) Standard: Audit controls (c) (1) Standard: Integrity (d) Standard: Person or entity authentication (e) Standard: Transmission security
34 Organizational Safeguards (a) (1) Standard: Business associate contracts or other arrangements (b) (1) Standard: Requirements for Group Health Plans
35 Documentation Requirements (a) Standard: Policies and Procedures (b) (1) Standard: Documentation
36 NIST Management Controls Identifier Checks Family CA 7 Security Assessment and Authorization PL 6 Planning RA 5 Risk Assessment SA 14 System and Services Acquisition PM 11 Program Management
37 NIST Operational Controls Identifier Checks Family AT 5 Awareness and Training CM 9 Configuration Management CP 10 Contingency Planning IR 8 Incident Response MA 6 Maintenance MP 6 Media Protection PE 19 Physical and Environmental Protection PS 8 Personnel Security SI 13 System and Information Integrity
38 NIST Technical Controls Identifier Checks Family AC 22 Access Controls AU 14 Audit and Accountability IA 8 Identification and Authentication SC 34 System and Communication Protection
39 HIPAA Security Rule + NIST Example AC-1 AC-3 AC-5 AC-6 Security Controls Mapping Access Control Policy and Procedures Access Enforcement Separation of Duties Least Privilege
40 HHS Office of Civil Rights (OCR) Audits Massachusetts Eye and Ear Laptop with patient data stolen $1.5M Alaska Department of Health $1.7M One USB drive
41 BYOD BUSINESS CHALLENGES
42 APPLYING BYOD PRACTICAL THINKING NOT JUST TECHNOLOGY Transformation
43 BYOD Transformation DEVICE PROLIFERATION 15 Billion Devices by 2015 that Will Be Connecting to Your Network On Average Every Person Has 3 4 Devices On Them that Connect to the Network 75% of Staff Are Bringing Their Own Devices to Work DEVICE PROLIFERATION NEXT GENERATIKON WORKFORCE VIRTUALIZATION
44 BYOD Transformation NEXT GENERATION WORKFORCE Work Is No Longer a Place You Go to Work People Are Willing to Take a Pay Cut as Long as They Are Able to Work from Home 70% percent of end users admit to breaking IT policy to make their lives easier Need Anywhere, Anytime, Any Device Access DEVICE PROLIFERATION NEXT GENERATIKON WORKFORCE VIRTUALIZATION
45 BYOD Transformation 60% of server workloads will be virtualized by 2013 VIRTUALIZATION 20% of professional PCs will be managed under a hosted virtual desktop model by Datacenters are evolving, Applications are now objects moving through the network DEVICE PROLIFERATION NEXT GENERATIKON WORKFORCE VIRTUALIZATION
46 Top of Mind Concerns The Burden Falls on IT How do I manage the risk of employees bringing their own devices? How do I ensure consistent experience on all devices? How do I implement multiple security policies per user and device? How and What do I support? DEVICE PROLIFERATION
47 Top of Mind Concerns The Burden Falls on IT Am I hindering my workforce from being competitive? How do I retain top talent? How do I ensure compliance with HIPAA and PCI? Can I handle partners, consultants, guest appropriately? CHANGING WORKFORCE
48 Market Transition Mobility Workplace Experience Video 7 Billion New Wireless Devices by 2015 Mobile Devices IT Resources Blurring the Borders Consumer Workforce Employee Partner Physical Virtual Anyone, Anywhere, Anytime Changing the Way We Work Video projected to quadruple IP traffic by 2014 to 767 exabytes
49 BYOD ARCHITECTURE
50 BYOD Policy Considerations LIMIT BASIC ENHANCED ADVANCED Business Policy Environment Requires Tight Controls Device Types Corp Only Device Hospital (Example) IT Requirements Hospital extends wireless access to employees for corporate devices (laptop, ipad, smartphone) Visibility to who/what is on network Restrict access to only corporate issued devices
51 BYOD Policy Considerations LIMIT BASIC ENHANCED ADVANCED Business Policy Environment Requires Tight Controls Focus on Basic Services, Easy Access Device Types Corp Only Device Broader Device Types but Internet Only Simple Guest Hospital (Example) IT Requirements Hospital extends wireless access to employees for corporate devices (laptop, ipad, smartphone) Visibility to who/what is on network Restrict access to only corporate issued devices Hospital provides guest access to patients Restrict personal devices to public internet Restricted access to internal sites
52 BYOD Policy Considerations LIMIT BASIC ENHANCED ADVANCED Business Policy Environment Requires Tight Controls Focus on Basic Services, Easy Access Secure Access to Business Applications Onsite/Offsite Device Types Corp Only Device Broader Device Types but Internet Only Simple Guest Multiple Device Types + Access Methods Early BYOD Commercial Adopters Hospital (Example) Hospital extends wireless access to employees for corporate devices (laptop, ipad, smartphone) Hospital provides guest access to patients Doctor uses personal device in hospital and offsite on the train with access to some hospital applications IT Requirements Visibility to who/what is on network Restrict access to only corporate issued devices Restrict personal devices to public internet Restricted access to internal sites Allow granular onsite and offsite access to network/applications for personal and company devices
53 BYOD Policy Considerations LIMIT BASIC ENHANCED ADVANCED Business Policy Environment Requires Tight Controls Focus on Basic Services, Easy Access Secure Access to Business Applications Onsite/Offsite All Key Applications, New Services, Full Control Device Types Corp Only Device Broader Device Types but Internet Only Simple Guest Multiple Device Types + Access Methods Early BYOD Commercial Adopters Any Device, Any Ownership Innovative Organizations Hospital (Example) Hospital extends wireless access to employees for corporate devices (laptop, ipad, smartphone) Hospital provides guest access to patients Doctor uses personal device in hospital and offsite on the train with access to some hospital applications Hospital administrator is granted full network access to applications with new collaboration services IT Requirements Visibility to who/what is on network Restrict access to only corporate issued devices Restrict personal devices to public internet Restricted access to internal sites Allow granular onsite and offsite access to network/applications for personal and company devices Enable a full mobile and collaboration experience
54 Presidio BYOD Architecture Security Information Event Management - SIEM (Control) 6 Internet Mobile User 2 Wireless (Control) VPN (Control) 3 IPS Malware (Control) Switch 4 Firewall (Control) Redirect Wireless SSL VPN 5 Content Security (Control) 1 Policy Mobile Device Management MDM (Control) Mobile Device Management Device Management Selective and Full Wipe Security Enforcement Access Control Certificate Management Application Management and Distribution Content Management 54 Policy 802.1x Authentication Authorization Profiling Device Type Posture Assessment Remediation Guest Services High Availability Design Mobile Onboarding Comprehensive Reporting IPS-Malware Malware/Spyware Malicious Software DDoS Attacks Reconnaissance Attacks SIEM Logging Correlation Reporting Firewall Access Control Remote Access VPN Dynamic Access Policies Content Security Malware Defense Data Security Acceptable Use Controls
55 Summary BYOD is transforming how we work. BYOD is a layered architecture BYOD Transformation requires a clearly defined policy. Bandwidth requirements are increasing.
56 Q&A
57 Practical thinking for a connected world. THANK YOU.
Building Secure Systems
Building Secure Systems Antony Selim, CISSP, P.E. Cyber Security and Enterprise Security Architecture 13 November 2015 Copyright 2015 Raytheon Company. All rights reserved. Customer Success Is Our Mission
More informationMOBILE SECURITY 2017 SPOTLIGHT REPORT. Information Security PRESENTED BY. Group Partner
MOBILE SECURITY 2017 SPOTLIGHT REPORT Group Partner Information Security PRESENTED BY OVERVIEW Security and privacy risks are on the rise with the proliferation of mobile devices and their increasing use
More informationEXABEAM HELPS PROTECT INFORMATION SYSTEMS
WHITE PAPER EXABEAM HELPS PROTECT INFORMATION SYSTEMS Meeting the Latest NIST SP 800-53 Revision 4 Guidelines SECURITY GUIDELINE COMPLIANCE There has been a rapid increase in malicious insider threats,
More informationMINIMUM SECURITY CONTROLS SUMMARY
APPENDIX D MINIMUM SECURITY CONTROLS SUMMARY LOW-IMPACT, MODERATE-IMPACT, AND HIGH-IMPACT INFORMATION SYSTEMS The following table lists the minimum security controls, or security control baselines, for
More informationAltius IT Policy Collection Compliance and Standards Matrix
Governance Context and Alignment Policy 4.1 4.4 800-26 164.308 12.4 EDM01 IT Governance Policy 5.1 800-30 12.5 EDM02 Leadership Mergers and Acquisitions Policy A.6.1.1 800-33 EDM03 Context Terms and Definitions
More informationINTERNATIONAL CIVIL AVIATION ORGANIZATION ASIA and PACIFIC OFFICE ASIA/PAC RECOMMENDED SECURITY CHECKLIST
INTERNATIONAL CIVIL AVIATION ORGANIZATION ASIA and PACIFIC OFFICE Aeronautical Telecommunication Network Implementation Coordination Group (ATNICG) ASIA/PAC RECOMMENDED SECURITY CHECKLIST September 2009
More informationAltius IT Policy Collection Compliance and Standards Matrix
Governance Context and Alignment Policy 4.1 4.4 800-26 164.308 12.4 EDM01 IT Governance Policy 5.1 800-30 12.5 EDM02 Leadership Mergers and Acquisitions Policy A.6.1.1 800-33 EDM03 Context Terms and Definitions
More informationIT Security Mandatory Solutions. Andris Soroka 2nd of July, RIGA
IT Security Mandatory Solutions Andris Soroka 2nd of July, 2014 @LPS, RIGA Data Security Solutions business card Specialization IT Security IT Security services (consulting, audit, pen-testing, market
More informationBecause Security Gives Us Freedom
Because Security Gives Us Freedom PANOPTIC CYBERDEFENSE CYBERSECURITY LEADERSHIP Panoptic Cyberdefense is a monitoring and detection service in three levels: Security Management and Reporting Managed Detection
More informationMapping of FedRAMP Tailored LI SaaS Baseline to ISO Security Controls
Mapping of FedRAMP Tailored LI SaaS Baseline to ISO 27001 Security Controls This document provides a list of all controls that require the Cloud Service Provider, Esri, to provide detailed descriptions
More informationThe SANS Institute Top 20 Critical Security Controls. Compliance Guide
The SANS Institute Top 20 Critical Security Controls Compliance Guide February 2014 The Need for a Risk-Based Approach A common factor across many recent security breaches is that the targeted enterprise
More informationDesigning and Building a Cybersecurity Program
Designing and Building a Cybersecurity Program Based on the NIST Cybersecurity Framework (CSF) Larry Wilson lwilson@umassp.edu ISACA Breakfast Meeting January, 2016 Designing & Building a Cybersecurity
More informationProtecting Health Information
Agenda Protecting Health Information BRONSON HEALTHCARE GROUP INFORMATION TECHNOLOGY SECURITY ENGINEERING MICHAEL SMITH Personal device usage with sensitive data Mobile devices and BYOD Secure messaging
More informationSecuring Health Data in a BYOD World
Business White Paper Securing Health Data in a BYOD World Five strategies to minimize risk Page 2 of 9 Securing Health Data in a BYOD World Table of Contents Page 2 Introduction Page 3 BYOD Adoption Drivers
More informationDFARS Compliance. SLAIT Consulting SECURITY SERVICES. Mike D Arezzo Director of Security Services. SLAITCONSULTING.com
DFARS Compliance SLAIT Consulting SECURITY SERVICES Mike D Arezzo Director of Security Services Introduction 18+ year career in Information Technology and Security General Electric (GE) as Software Governance
More informationCyber Security in a Connected World The Evolution of the Network and Security Considerations
Cyber Security in a Connected World The Evolution of the Network and Security Considerations Nathan Look Chief Technology Officer Los Angeles World Airports September 8-9, 2012 Calgary, AB Network Evolution
More informationISACA Arizona May 2016 Chapter Meeting
ISACA Arizona May 2016 Chapter Meeting Suzanne Farr / Carlos A. Villalba Agenda Introduction Preliminary questions CCM Preliminaries Definition Benefits Challenges Beyond Templates Questions 1 Background
More informationTop 10 ICS Cybersecurity Problems Observed in Critical Infrastructure
SESSION ID: SBX1-R07 Top 10 ICS Cybersecurity Problems Observed in Critical Infrastructure Bryan Hatton Cyber Security Researcher Idaho National Laboratory In support of DHS ICS-CERT @phaktor 16 Critical
More informationSecurity Control Mapping of CJIS Security Policy Version 5.3 Requirements to NIST Special Publication Revision 4 4/1/2015
U. S. Department of Justice Federal Bureau of Investigation Criminal Justice Information Services Division Security Control Mapping of CJIS Security Policy Version 5.3 s to NIST Special Publication 800-53
More informationBest Practices in Securing a Multicloud World
Best Practices in Securing a Multicloud World Actions to take now to protect data, applications, and workloads We live in a multicloud world. A world where a multitude of offerings from Cloud Service Providers
More informationACHIEVING COMPLIANCE WITH NIST SP REV. 4:
ACHIEVING COMPLIANCE WITH NIST SP 800-53 REV. 4: How Thycotic Helps Implement Access Controls OVERVIEW NIST Special Publication 800-53, Revision 4 (SP 800-53, Rev. 4) reflects the U.S. federal government
More informationFour Deadly Traps of Using Frameworks NIST Examples
Four Deadly Traps of Using Frameworks NIST 800-53 Examples ISACA Feb. 2015 Meeting Doug Landoll dlandoll@lantego.com (512) 633-8405 Session Agenda Framework Definition & Uses NIST 800-53 Framework Intro
More informationSAC PA Security Frameworks - FISMA and NIST
SAC PA Security Frameworks - FISMA and NIST 800-171 June 23, 2017 SECURITY FRAMEWORKS Chris Seiders, CISSP Scott Weinman, CISSP, CISA Agenda Compliance standards FISMA NIST SP 800-171 Importance of Compliance
More informationThe Context Aware Network A Holistic Approach to BYOD
The Context Aware Network A Holistic Approach to BYOD Trends Bring Your Own Device BYOD at Cisco Cisco BYOD Solution Use Cases Summary Trends #CiscoPlusCA Demand for Mobility 15 billion new networked mobile
More informationKenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data
Kenna Platform Security A technical overview of the comprehensive security measures Kenna uses to protect your data V3.0, MAY 2017 Multiple Layers of Protection Overview Password Salted-Hash Thank you
More informationGo mobile. Stay in control.
Go mobile. Stay in control. Enterprise Mobility + Security Jeff Alexander Sr. Technical Evangelist http://about.me/jeffa36 Mobile-first, cloud-first reality 63% 80% 0.6% Data breaches Shadow IT IT Budget
More informationMobile Security using IBM Endpoint Manager Mobile Device Management
Mobile Security using IBM Endpoint Manager Mobile Device Management Mahendra Chopra Security Solution Architect @ IBM CIO Lab, Innovation mahendra.chopra@in.ibm.com Agenda Market Trends Mobile Security?
More informationHow Secure Do You Feel About Your HIPAA Compliance Plan? Daniel F. Shay, Esq.
How Secure Do You Feel About Your HIPAA Compliance Plan? Daniel F. Shay, Esq. Word Count: 2,268 Physician practices have lived with the reality of HIPAA for over twenty years. In that time, it has likely
More informationEC-Council Certified Network Defender (CND) Duration: 5 Days Method: Instructor-Led
EC-Council Certified Network Defender (CND) Duration: 5 Days Method: Instructor-Led Certification: Certified Network Defender Exam: 312-38 Course Description This course is a vendor-neutral, hands-on,
More informationMobile Security Overview Rob Greer, VP Endpoint Management and Mobility Product Management Dave Cole, Sr. Director Consumer Mobile Product Management
Mobile Security Overview Rob Greer, VP Endpoint Management and Mobility Product Management Dave Cole, Sr. Director Consumer Mobile Product Management June 29, 2011 1 Forward-Looking Statements This presentation
More informationISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002
ISO 27002 COMPLIANCE GUIDE How Rapid7 Can Help You Achieve Compliance with ISO 27002 A CONTENTS Introduction 2 Detailed Controls Mapping 3 About Rapid7 8 rapid7.com ISO 27002 Compliance Guide 1 INTRODUCTION
More informationMEETING ISO STANDARDS
WHITE PAPER MEETING ISO 27002 STANDARDS September 2018 SECURITY GUIDELINE COMPLIANCE Organizations have seen a rapid increase in malicious insider threats, sensitive data exfiltration, and other advanced
More informationCYBERSECURITY. Recent OCR Actions & Cyber Awareness Newsletters. Claire C. Rosston
CYBERSECURITY Recent OCR Actions & Cyber Awareness Newsletters Claire C. Rosston DISCLAIMER This presentation is similar to any other legal education materials designed to provide general information on
More informationSecuring Today s Mobile Workforce
WHITE PAPER Securing Today s Mobile Workforce Secure and Manage Mobile Devices and Users with Total Defense Mobile Security Table of Contents Executive Summary..................................................................................
More informationRSA Solution Brief. Managing Risk Within Advanced Security Operations. RSA Solution Brief
RSA Solution Brief Managing Risk Within Advanced Security Operations RSA Solution Brief How do you advance your security operations function? Increasingly sophisticated security threats and the growing
More informationARUBA CLEARPASS NETWORK ACCESS CONTROL
Device Visibility, Control and Attack Response for the Enterprise Gartner is forecasting 70 billion connected devices by 2020. Laptops, smartphones, tablets and Internet of Things (IoT) devices are pouring
More informationMobile Technology meets HIPAA Compliance. Tuesday, May 2, 2017 MT HIMSS Conference
Mobile Technology meets HIPAA Compliance Tuesday, May 2, 2017 MT HIMSS Conference Susan Clarke, HCISPP (ISC) 2 certified Healthcare Information Security and Privacy Practitioner. 15+ years of Healthcare
More informationOptimizing Pulse Secure Access Suite with Pulse Secure Virtual Application Delivery Controller solution
DATASHEET Optimizing Pulse Secure Access Suite with Pulse Secure Virtual Application Delivery Controller solution Features & Benefits Best-in-class VPN and vadc solutions A single point of access for all
More informationHIPAA Security and Privacy Policies & Procedures
Component of HIPAA Security Policy and Procedures Templates (Updated for HITECH) Total Cost: $495 Our HIPAA Security policy and procedures template suite have 71 policies and will save you at least 400
More informationWHO AM I? Been working in IT Security since 1992
(C) MARCHANY 2011 1 WHO AM I? Been working in IT Security since 1992 CISO at VA Tech 35+K node network. dual stack IPV4, IPV6 network since 2006 Multi-national Main campus (Blacksburg, VA), Remote campuses
More informationDFARS Safeguarding Covered Defense Information The Interim Rule: Cause for Confusion and Request for Questions
DFARS 252.204.7012 Safeguarding Covered Defense Information The Interim Rule: Cause for Confusion and Request for Questions By Jonathan Hard, CEO And Carol Claflin, Director of Business Development H2L
More informationSpeaker Introduction Who Mate Barany, VMware Manuel Mazzolin, VMware Peter Schmitt, Deutsche Bahn Systel Why VMworld 2017 Understanding the modern sec
SIE3197BE Secure Your Windows 10 and Office 365 Deployment with VMware Security Solutions Mate Barany, VMware Manuel Mazzolin, VMware Peter Schmitt, Deutsche Bahn Systel #VMworld #SIE3197BE Speaker Introduction
More informationA Roadmap for BYOD Adoption. By Jon Oltsik, Sr. Principal Analyst, and Bob Laliberte, Sr. Analyst
White Paper A Roadmap for BYOD Adoption By Jon Oltsik, Sr. Principal Analyst, and Bob Laliberte, Sr. Analyst April 2012 This ESG White Paper was commissioned by Enterasys and is distributed under license
More informationDoD Guidance for Reviewing System Security Plans and the NIST SP Security Requirements Not Yet Implemented This guidance was developed to
DoD Guidance for Reviewing System Security Plans and the s Not Yet Implemented This guidance was developed to facilitate the consistent review and understanding of System Security Plans and Plans of Action,
More informationNETWORKING &SECURITY SOLUTIONSPORTFOLIO
NETWORKING &SECURITY SOLUTIONSPORTFOLIO NETWORKING &SECURITY SOLUTIONSPORTFOLIO Acomprehensivesolutionsportfoliotohelpyougetyourbusiness securelyconnected.clickononeofoursolutionstoknowmore NETWORKING
More informationForeScout CounterACT. Continuous Monitoring and Mitigation. Real-time Visibility. Network Access Control. Endpoint Compliance.
Real-time Visibility Network Access Control Endpoint Compliance Mobile Security ForeScout CounterACT Continuous Monitoring and Mitigation Rapid Threat Response Benefits Rethink IT Security Security Do
More informationWHITEPAPER. How to secure your Post-perimeter world
How to secure your Post-perimeter world WHAT IS THE POST-PERIMETER WORLD? In an increasingly cloud and mobile focused world, there are three key realities enterprises must consider in order to move forward
More informationIs your privacy secure? HIPAA Compliance Workshop September Presented by: Andrés Castañeda, Senior Manager Steve Nouss, Partner
Is your privacy secure? HIPAA Compliance Workshop September 2008 Presented by: Andrés Castañeda, Senior Manager Steve Nouss, Partner Agenda Have you secured your key operational, competitive and financial
More informationThe "Notes to Reviewers" in the February 2012 initial public draft of Revision 4 of SP states:
Major Enhancements to NIST SP 800-53 Revision 4 BD Pro The "Notes to Reviewers" in the February 2012 initial public draft of Revision 4 of SP 800-53 states: "The proposed changes included in Revision 4
More informationJoe Stocker, CISSP, MCITP, VTSP Patriot Consulting
Joe Stocker, CISSP, MCITP, VTSP Patriot Consulting Microsoft Cloud Evangelist at Patriot Consulting Principal Systems Architect with 17 Years of experience Technical certifications: MCSE, MCITP Office
More information2015 HFMA What Healthcare Can Learn from the Banking Industry
2015 HFMA What Healthcare Can Learn from the Banking Industry Agenda Introduction- Background and Experience Healthcare vs. Banking The Results OCR Audit Results Healthcare vs. Banking The Theories Practical
More informationIBM Cloud Security for the Cloud. Amr Ismail Security Solutions Sales Leader Middle East & Pakistan
IBM Cloud Security for the Cloud Amr Ismail Security Solutions Sales Leader Middle East & Pakistan Today s Drivers for Cloud Adoption ELASTIC LOWER COST SOLVES SKILLS SHORTAGE RAPID INNOVATION GREATER
More informationIT Security: Managing a New Reality
IT Security: Managing a New Reality Kevin Lonergan #IDCDirections IDC You re Only as Strong as Your Weakest Link Locks Only Work if you Know How to Use Them IDC 2 Millions Canadian Security Market Forecast:
More informationHow to Secure Your Cloud with...a Cloud?
A New Era of Thinking How to Secure Your Cloud with...a Cloud? Eitan Worcel Offering Manager - Application Security on Cloud IBM Security 1 2016 IBM Corporation 1 A New Era of Thinking Agenda IBM Cloud
More informationSecure Network Access for Personal Mobile Devices
White Paper Secure Network Access for Personal Mobile Devices What You Will Learn People around the globe are enamored with their smartphones and tablet computers, and they feel strongly that they should
More informationRSA Solution Brief. The RSA Solution for Cloud Security and Compliance
The RSA Solution for Cloud Security and Compliance The RSA Solution for Cloud Security and Compliance enables enduser organizations and service providers to orchestrate and visualize the security of their
More informationMobile Experience and Security - A Delicate Balance. Jeff Keller, CISA, CIA, CFSA SVP/Senior Audit Director, Technology, Projects, Due Diligence
Mobile Experience and Security - A Delicate Balance Jeff Keller, CISA, CIA, CFSA SVP/Senior Audit Director, Technology, Projects, Due Diligence Admin Items Please put phones on vibrate Please take calls
More informationDigital Forensics Readiness PREPARE BEFORE AN INCIDENT HAPPENS
Digital Forensics Readiness PREPARE BEFORE AN INCIDENT HAPPENS Digital Forensics Readiness: PREPARE BEFORE AN INCIDENT HAPPENS 2 Digital Forensics Readiness The idea that all networks can be compromised
More informationManaging BYOD Networks
Managing BYOD Networks SPS-2013 Raghu Iyer raghu.iyer@nevisnetworks.com 1 What is BYOD Bring Your Own Device Are you allowing a Rogue? SPS-2013 Raghu Iyer raghu.iyer@nvisnetworks.com 2 Why BYOD Increased
More informationSecuring Wireless Mobile Devices. Lamaris Davis. East Carolina University 11/15/2013
Securing Wireless Mobile Devices Lamaris Davis East Carolina University 11/15/2013 Attract As more employees prefer to use mobile devices in the workplace, organizations are starting to adopt the Bring
More informationDelivering Integrated Cyber Defense for the Cloud Generation Darren Thomson
Delivering Integrated Cyber Defense for the Generation Darren Thomson Vice President & CTO, EMEA Region Symantec In 2009 there were 2,361,414 new piece of malware created. In 2015 that number was 430,555,582
More informationTechnology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited
Technology Risk Management in Banking Industry Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited Change in Threat Landscape 2 Problem & Threats faced by Banking Industry
More information2013 InterWorks, Page 1
2013 InterWorks, Page 1 The BYOD Phenomenon 68% of devices used by information workers to access business applications are ones they own themselves, including laptops, smartphones, and tablets. IT organizations
More informationISE North America Leadership Summit and Awards
ISE North America Leadership Summit and Awards November 6-7, 2013 Presentation Title: Presenter: Presenter Title: Company Name: Embracing Cyber Security for Top-to-Bottom Results Larry Wilson Chief Information
More informationENTERPRISE MOBILITY TRENDS
ENTERPRISE MOBILITY TRENDS Raghuram Nair, Nandakishore Bellore Enterprise Mobility has emerged as a top technology trend globally. Every enterprise with a mobile workforce has an imperative to deploy a
More informationexisting customer base (commercial and guidance and directives and all Federal regulations as federal)
ATTACHMENT 7 BSS RISK MANAGEMENT FRAMEWORK PLAN [L.30.2.7, M.2.2.(7), G.5.6; F.2.1(41) THROUGH (76)] A7.1 BSS SECURITY REQUIREMENTS Our Business Support Systems (BSS) Risk MetTel ensures the security of
More informationEnhancing the Cybersecurity of Federal Information and Assets through CSIP
TECH BRIEF How BeyondTrust Helps Government Agencies Address Privileged Access Management to Improve Security Contents Introduction... 2 Achieving CSIP Objectives... 2 Steps to improve protection... 3
More informationCASE STUDY: USING THE HYBRID CLOUD TO INCREASE CORPORATE VALUE AND ADAPT TO COMPETITIVE WORLD TRENDS
CASE STUDY: USING THE HYBRID CLOUD TO INCREASE CORPORATE VALUE AND ADAPT TO COMPETITIVE WORLD TRENDS Geoff Duncan, Senior Solutions Architect, Digital Fortress Brandon Tanner, Senior Manager, Rentsys Recovery
More informationChecklist for Applying ISO 27000, PCI DSS v2 & NIST to Address HIPAA & HITECH Mandates. Ali Pabrai, MSEE, CISSP (ISSAP, ISSMP)
Checklist for Applying ISO 27000, PCI DSS v2 & NIST to Address HIPAA & HITECH Mandates Ali Pabrai, MSEE, CISSP (ISSAP, ISSMP) ecfirst, chief executive Member, InfraGard Compliance Mandates Key Regulations
More informationInformation Technology Security Plan Policies, Controls, and Procedures Protect: Identity Management and Access Control PR.AC
Information Technology Security Plan Policies, Controls, and Procedures Protect: Identity Management and Access Control PR.AC Location: https://www.pdsimplified.com/ndcbf_pdframework/nist_csf_prc/documents/protect/ndcbf_
More informationNW NATURAL CYBER SECURITY 2016.JUNE.16
NW NATURAL CYBER SECURITY 2016.JUNE.16 ADOPTED CYBER SECURITY FRAMEWORKS CYBER SECURITY TESTING SCADA TRANSPORT SECURITY AID AGREEMENTS CONCLUSION QUESTIONS ADOPTED CYBER SECURITY FRAMEWORKS THE FOLLOWING
More informationSurprisingly Successful: What Really Works in Cyber Defense. John Pescatore, SANS
Surprisingly Successful: What Really Works in Cyber Defense John Pescatore, SANS 1 Largest Breach Ever 2 The Business Impact Equation All CEOs know stuff happens in business and in security The goal is
More informationK12 Cybersecurity Roadmap
K12 Cybersecurity Roadmap Introduction Jason Brown, CISSP Chief Information Security Officer Merit Network, Inc jbrown@merit.edu @jasonbrown17 https://linkedin.com/in/jasonbrown17 2 Agenda 3 Why Use the
More information- Samsung Tablet Photo - Tablets Mean Business. Survey of IT pros reflects growing trend toward tablets for workforce mobility and more
- Samsung Tablet Photo - Tablets Mean Business Survey of IT pros reflects growing trend toward tablets for workforce mobility and more Table of contents Introduction 2 Giving employees what they want pays
More informationGDPR: An Opportunity to Transform Your Security Operations
GDPR: An Opportunity to Transform Your Security Operations McAfee SIEM solutions improve breach detection and response Is your security operations GDPR ready? General Data Protection Regulation (GDPR)
More informationDoug Couto Texas A&M Transportation Technology Conference 2017 College Station, Texas May 4, 2017
Cyber Concerns of Local Government and What Does It Mean to Transportation Doug Couto Texas A&M Transportation Technology Conference 2017 College Station, Texas May 4, 2017 Transportation and Infrastructure
More informationSecure & Unified Identity
Secure & Unified Identity for End & Privileged Users Copyright 2015 Centrify Corporation. All Rights Reserved. 1 Key Point #1: Perimeter is Dissolving Making Identity Matter Most You must plant a strong
More informationMobile Device Management: A Real Need for the Mobile World
Mobile Device Management: A Real Need for the Mobile World In today s modern workplace, employees are utilizing a variety of mobile devices both in and out of the office. Gone are the days when employees
More informationInformation Technology Security Plan Policies, Controls, and Procedures Identify Governance ID.GV
Information Technology Security Plan Policies, Controls, and Procedures Identify Governance ID.GV Location: https://www.pdsimplified.com/ndcbf_pdframework/nist_csf_prc/documents/identify/ndcbf _ITSecPlan_IDGV2017.pdf
More informationMay 14, :30PM to 2:30PM CST. In Plain English: Cybersecurity and IT Exam Expectations
May 14, 2018 1:30PM to 2:30PM CST In Plain English: Cybersecurity and IT Exam Expectations Options to Join Webinar and audio Click on the link: https://www.webcaster4.com/webcast/page/584/24606 Choose
More informationDefensible and Beyond
TELUS Defensible and Beyond Mike Vamvakaris Director and Head of Cyber Security Consulting November 2017 Digital transformation brings many benefits Communication and Collaboration Autonomous and Artificial
More informationPrivacy and Security in the Age of Meaningful Use
Privacy and Security in the Age of Meaningful Use David S. Finn Health IT Officer Lewis Etheridge Principal Systems Engineer, Symantec Healthcare Privacy & Security in the Age of Meaningful Use SYMANTEC
More informationHow do you track devices that have been approved for use? Are you automatically alerted if an unapproved device connects to the network?
Cybersecurity Due Diligence Checklist Control # Control Name Risks Questions for IT 1 Make an Benign Case: Employees Inventory of using unapproved Authorized devices without Devices appropriate security
More informationSirius Security Overview
Sirius Security Overview Rob Hoisington IT Security Consultant www.siriuscom.com 8/18/2017 1 Rob Hoisington IT Security Consultant - CISSP, GLEG, GCIH Robert.Hoisington@siriuscom.com - 757.675.0101 Rob
More informationRansomware. How to protect yourself?
Ransomware How to protect yourself? ED DUGUID, CISSP, VCP CONSULTANT, WEST CHESTER CONSULTANTS Ransomware Ransomware is a type of malware that restricts access to the infected computer system in some way,
More informationWhat It Takes to be a CISO in 2017
What It Takes to be a CISO in 2017 Doug Copley Deputy CISO Sr. Security & Privacy Strategist February 2017 IMAGINE You re the CISO In Bangladesh Of a bank On a Friday when you re closed You realize 6 huge
More informationPrivilege Security & Next-Generation Technology. Morey J. Haber Chief Technology Officer
Privilege Security & Next-Generation Technology Morey J. Haber Chief Technology Officer mhaber@beyondtrust.com Agenda The Next-Gen Threat Landscape o Infomatics, Breaches & the Attack Chain o Securing
More informationData Inventory and Classification, Physical Devices and Systems ID.AM-1, Software Platforms and Applications ID.AM-2 Inventory
Audience: NDCBF IT Security Team Last Reviewed/Updated: March 2018 Contact: Henry Draughon hdraughon@processdeliveysystems.com Overview... 2 Sensitive Data Inventory and Classification... 3 Applicable
More informationFive Essential Capabilities for Airtight Cloud Security
Five Essential Capabilities for Airtight Cloud Security SECURITY IN THE CLOUD REQUIRES NEW CAPABILITIES It is no secret; security and compliance are at the top of the list of concerns tied to cloud adoption.
More informationAutomating the Top 20 CIS Critical Security Controls
20 Automating the Top 20 CIS Critical Security Controls SUMMARY It s not easy being today s CISO or CIO. With the advent of cloud computing, Shadow IT, and mobility, the risk surface area for enterprises
More informationSIEM: Five Requirements that Solve the Bigger Business Issues
SIEM: Five Requirements that Solve the Bigger Business Issues After more than a decade functioning in production environments, security information and event management (SIEM) solutions are now considered
More informationLookout's cybersecurity predictions
LOOKING FORWARD AND LOOKING BACK: Lookout's cybersecurity predictions by Kevin Mahaffey Every year, cybersecurity pundits cast predictions for which issues will make headlines in the year to come. We ve
More informationBring Your Own Device (BYOD) Best Practices & Technologies
Experience the Eide Bailly Difference Bring Your Own Device (BYOD) Best Practices & Technologies Ross McKnight Sr. Network Engineer 406.867.4160 rmcknight@eidebailly.com Agenda Best Practices for BYOD
More informationUltimate. Security Guide
Ultimate Security Guide 2 Softchoice Ultimate Security Guide Table of Contents 3 Security Overview 6 Changing Landscape 8 Solutions 15 Discovery Questions 19 Assessments 21 Next Steps 23 Key Vendors 25
More informationIT SECURITY OFFICER. Department: Information Technology. Pay Range: Professional 18
Pierce County Classification Description IT SECURITY OFFICER Department: Information Technology Job Class #: 634900 Pay Range: Professional 18 FLSA: Exempt Represented: No Classification descriptions are
More informationHIPAA Security. 3 Security Standards: Physical Safeguards. Security Topics
HIPAA Security SERIES Security Topics 1. Security 101 for Covered Entities 2. Security Standards - Administrative Safeguards 3. Security Standards - Physical Safeguards 4. Security Standards - Technical
More informationThe New Enterprise Network In The Era Of The Cloud. Rohit Mehra Director, Enterprise Communications Infrastructure IDC
The New Enterprise Network In The Era Of The Cloud Rohit Mehra Director, Enterprise Communications Infrastructure IDC Agenda 1. Dynamics of the Cloud Era 2. Market Landscape 3. Implications for the new
More informationWHITE PAPER. HIPAA Breaches Continue to Rise: Avoid Becoming a Casualty
WHITE PAPER HIPAA Breaches Continue to Rise: Avoid Becoming a Casualty WHITE PAPER HIPAA Breaches Continue to Rise: Avoid Becoming a Casualty By Jill Brooks, MD, CHCO and Katelyn Byrne, BSN, RN Data Breaches
More informationA Mobile Security Checklist: The Top Ten Threats to Your Enterprise Today. White Paper
A Mobile Security Checklist: The Top Ten Threats to Your Enterprise Today White Paper As enterprises mobilize business processes, more and more sensitive data passes through and resides on mobile devices.
More informationAltitude Software. Data Protection Heading 2018
Altitude Software Data Protection Heading 2018 How to prevent our Contact Centers from Data Leaks? Why is this a priority for Altitude? How does it affect the Contact Center environment? How does this
More information