We think you have liked this presentation. If you wish to download it, please recommend it to your friends in any social system. Share buttons are a little bit lower. Thank you!
Presentation is loading. Please wait.
Published byJosiah Jarratt
Modified over 2 years ago
1 © Copyright, Risk Masters, Inc All rights reserved.Draft for Discussion Purposes Only RMI Risk Masters, Inc. Emerging Trends in Cyber-Security & Recovery Presented at Data Connecter, Cambridge, MA March 27, 2014 Presented by… Jim Gursha, Principal, Risk Masters Inc. Allan Cytryn, Principal, Risk Masters Inc.
2 © Copyright, Risk Masters, Inc All rights reserved.Draft for Discussion Purposes Only RMI Presenters
3 © Copyright, Risk Masters, Inc All rights reserved.Draft for Discussion Purposes Only RMI The Problem: – Cyber Attacks are more sophisticated and more frequent They are now the Advanced Persistent Threat They are sponsored by states and organizations, as well as hackers and hactivists. – BYOD and the consumerization of technology conflict with historical approaches to defense – Existing defenses are being breached daily – Restoring trust in infrastructure is becoming increasingly difficult The Emerging Solutions: – New strategies and technologies for defense are providing better options – But the new strategies and technologies are recent and have not been widely adopted – Reluctance to change is jeopardizing security Emerging Trends in Cyber-Security
4 © Copyright, Risk Masters, Inc All rights reserved.Draft for Discussion Purposes Only RMI Strategic ElementsTactical Elements New Security Model All networks elements must be secureSegment networks and data Provide access only as needed and enforce access control Enforce regular expiry of passwords and access control rights/lists Implement broad file retention rules and automated archiving Encrypt data where it is stored and where it may be accessed (e.g. in transmission) Log all trafficAnalyze all traffic and logs in real-time Inspect all traffic Implement Malware Traps and rigorously investigate what they trap New Recovery Model Establish defined states of trustImplement a Cyber-Recovery capability Mitigate opportunities to disrupt critical I/T components including source code, executables and operating systems. Eliminate Disaster Recovery off site storage risks Implement secured Cloud based disaster recovery planning for critical business functions, encrypt all business critical source elements, and data structures. Eliminate Tape and Test! Elements of the Cyber-Security Solution
5 © Copyright, Risk Masters, Inc All rights reserved.Draft for Discussion Purposes Only RMI StrategyCurrentEmerging All networks elements must be secure The network perimeter is secured. Within the perimeter, the network is generally open with friendly security Segment networks and data into discrete secured elements. Penetrating one does not compromise another Provide access only as needed and enforce access control Once inside the perimeter, access is restricted as needed Access is provided as needed. Enforce regular expiry of passwords and access control rights/lists Implement broad file retention rules and automated archiving Encrypt data where it is stored and where it may be accessed (e.g. in transmission) Log all trafficConsider intrusion detectionAnalyze all traffic and logs in real-time Inspect all traffic Implement Malware Traps and rigorously investigate what they trap Establish defined states of trust Eradicate virusesImplement a Cyber-Recovery capability New Elements Enhance Legacy Technologies
6 © Copyright, Risk Masters, Inc All rights reserved.Draft for Discussion Purposes Only RMI Emerging Trends in Recovery – Cloud DR Multiple benefits of Cloud DR, in addition to mitigating disaster recovery risk: When combined with New Security Model, enables Cyber-Recovery as well as Disaster-Recovery Achieves cost savings and improved reliability and service levels via tape-elimination, timeliness and recovery enterprise-wide services Key Concepts Adopt backup/recovery into the Cloud Replace tapes with electronic transfer Improves timeliness, reliability and application coverage Lowers lost Augment recovery strategy with recovery into the cloud Expand recovery testing into the Cloud for critical applications in order to validate technical recovery capabilities. Revise testing procedures to periodically validate Cloud DR Lower in cost and effort than traditional hot/redundant site testing
7 © Copyright, Risk Masters, Inc All rights reserved.Draft for Discussion Purposes Only RMI Tape Elimination has a low total cost of ownership at 1.5¢ to 3¢ per month per gigabyte. Provides instant access to electronic data assets from months to several decades. Exabyte-scale elasticity and flexible pay-as-you-use pricing model. Comprehensive SLA for service availability and data durability, portability and survivorship. Built on OpenStack and accessible via OpenStack Swift and S3 APIs to prevent vendor and data lock-in. Data integrity checking. Cloud DR - Tape Elimination Tape Elimination is based on Long-Term Storage Service, a fully managed IaaS Cloud storage service.
8 © Copyright, Risk Masters, Inc All rights reserved.Draft for Discussion Purposes Only RMI For Further Information Allan Cytryn Principal
Federal Aviation Administration NAS Enterprise Information System Security (NEISS) Vic Patel, FAA ICAP, ACP WG-I May 28 th – 30 th 1.
Creating HIPAA-Compliant Medical Data Applications with Amazon Web Services Presented by, Tulika Srivastava Purdue University.
Notes accompany this presentation. Please select Notes Page view. These materials can be reproduced only with written approval from Gartner. Such approvals.
This presentation, including any supporting materials, is owned by Gartner, Inc. and/or its affiliates and is for the sole use of the intended Gartner.
John Clark COO, PCI Security and Compliance CCIA Fall Meeting – 7 th October 2011.
Countermeasures against Cyber-terrorist Attacks on Critical Infrastructure Thai delegation Presentation at 4 th ARF seminar on Cyber-terrorism Busan, Republic.
Lost in Cyberspace? Best Practices for Maintaining Security on the Internet and in the Cloud.
© 2011 Verdasys, Inc. All Rights Reserved. CONFIDENTIAL AND PROPRIETARY - DO NOT REPRODUCE. Enterprise Information Protection When DLP is Not Enough? Graham.
Digital Object Architcture An open approach to Information Management on the Net Bibliotheca Alexandrina Dr. Robert E. Kahn Corporation for National Research.
Cloud Security Assessment. 2 CoE IT Leadership.- Progress report Introduction »Cloud computing is an approach in which infrastructure and software resources.
Presented by. © 2012 ISACA. All rights reserved. No part of this publication may be used, copied, reproduced, modified, distributed, displayed, stored.
1© Hitachi Data Systems Corporation All Rights Reserved.1 HITACHI DATA INGESTOR BOTTOMLESS, BACKUP-FREE CLOUD ON-RAMP DELIVERS IT SERVICES TO THE.
©2014 Bit9. All Rights Reserved The Evolution of Endpoint Security: Detecting and Responding to Malware Across the Kill Chain Mary Ann Fitzsimmons Regional.
1 Copyright © 2011 M. E. Kabay. All rights reserved. Securing Data at Rest CSH5 Chapter 36 Securing Stored Data David J. Johnson, Nicholas Takacs, & Jennifer.
Page 1 Virtual Tape Library for Open Systems Gavin Cole Storage Consultant
Securing your move to VoIP… Luis Eguiagaray, Managing Director Professional Services EMEA Lucent Worldwide Services 15 November 2005, Lisbon.
Software Reuse and Component-Based Software Engineering CIS 376 Bruce R. Maxim UM-Dearborn.
Business Continuity Technology Peter Lesser (212) Peter Lesser (212) Kraft Kennedy & Lesser, Inc. 360 Lexington.
Mastering Network Security (MNS101) Week 01: Introduction & Survivability Discussion Matthew W. Stephan: CISM, CISSP, CGEIT, CRISC, PMP.
What happened to IPv5? and other oft asked IPv6 questions The Internet Society, IPv6 and You Susan Estrada.
Effectively and Securely Using the Cloud Computing Paradigm.
IBM Software Group Tivoli Software from IBM Storage Data Protection Solution Seminar Tele-Rep Training Manual Internal Document Prepared by: Wunderman.
The Client/Server Database Environment CS263 Lecture 12.
IT Security Auditing. Topics Defining IT Audit Risk Analysis Internal Controls Steps of an IT Audit Preparing to be Audited Auditing IT Applications Who.
Budget for an IT Strategy. Use of the Guide The introduction of an IT strategy into a business is a very important step and needs to be considered very.
© 2016 SlidePlayer.com Inc. All rights reserved.