Presentation is loading. Please wait.

Presentation is loading. Please wait.

2 Assessing the Threatscape Addressing compliance requirements Respond, dont just report Youre already a statistic, how do you rebound? Q&A.

Published byDallas Gingell Modified over 10 years ago

Similar presentations

Presentation on theme: "2 Assessing the Threatscape Addressing compliance requirements Respond, dont just report Youre already a statistic, how do you rebound? Q&A."— Presentation transcript:

1

2 2 Assessing the Threatscape Addressing compliance requirements Respond, dont just report Youre already a statistic, how do you rebound? Q&A

3 3

4 4 91% of companies have experienced at least one IT security event from an external source. 90% of all cyber crime costs are those caused by web attacks, malicious code and malicious insiders. Security Breach Statistics* *Statistics collected from Gartner, Forrester, Ponemon, Kaspersky, Eschelon

5 5 Due to complexity, over 70% of organizations still not adequately securing critical systems. The median annualized cost of breaches is $3.8 million per year, (range: $1M to $52M/yr) Security Breach Statistics

6 6 96% of attacks were not highly difficult 94% of all data compromised involved servers 85% of breaches took weeks or more to discover 92% of incidents were discovered by a third party 97% of breaches were avoidable 96% of victims subject to PCI DSS had not achieved compliance A study conducted by the Verizon RISK Team

7 7 Data breaches Data loss/leakage Account/service traffic hijacking Insecure interfaces and APIs Denial of service Malicious insiders Insufficient due diligence Technology vulnerabilities Social Engineering Viruses, phishing, malware, spyware Employees exposing information Carelessness/lax security policies According to Cloud Security Alliance

8 8 Source: www.securelist.comwww.securelist.com Kaspersky Bulletin

9 9 And then this happens…. … that becomes this … which ultimately ends up with this …followed by this They all start off like this

10 10 I get audited. I get audited a lot. - Michael Tampone Chief Technology Officer Sterling Risk

11 11 FFIEC PCI / DSS CIP Sarbanes Oxley GLBA FISMA NERC HIPAA FERPA SB-1386 (California)

12 12 Its expensive Its time consuming Its resource heavy Perceived imbalance in the risk/reward quotient -Weve got it covered -We havent been attacked/complacency -Were too small for hackers to care/notice Expertise difficult to retain …but it doesnt have to be MSPAlliance says: Unemployment for IT security is <1%. And once found, theyre expensive to keep. In fact their salaries doubled in past 3 years.

13 13 Preventive/Preemptive policies Centralized control Automation Transaction Anomaly Prevention Minimize end user impact Consistency Maintain and enforce standards Minimizing management and operational cost Best practices

14 14 Continuous monitoring discovers red flags (via Log/SIEM) but too often reviewed days/weeks later Doesnt FIX the problem Signatures will not detect anything unusual in a zero-day exploit Doesnt maintain continuous integrity of files/apps/registry

15 15 Real-time configuration mgmt Recovery back to ideal state Automated alerts and repair Avoid unauthorized changes that threaten compliance Demonstrate control of computing environment Change management Reduce support incidents

16 16 (3.11)Implement automated configuration monitoring system to analyze hardware and software changes, network configuration changes, and other modifications affecting the security of the system. *Source SANS 20 Critical Controls SANS offers 12 critical controls for implementation, automation, and measurement. Security Configuration Management applies to 8 of those guidelines, most notably

17 17 Reduce, remove security threats Reduce operational downtime Reduce support incidents by 80% Automate security compliance policy Increase application availability Reduce case resolution times and repeat cases Reduce on-site or remote service requests Integrates with existing infrastructure Automated compliance reporting Improve customer satisfaction

18 18 Demonstration

19 19 Innovative Software Company Over 12 years in the marketplace 1,000s of customer deployments globally Proven and patented technology IT organizations will fail to successfully manage their PC environment if they have not addressed the biggest issue: complexity … Persystent Suite … does provide configuration drift management functionality. Customers

20 20 Bob Whirley Utopic Software bobwhirley@utopicsoftware.com 727-512-9001 www.utopicsoftware.com

Download ppt "2 Assessing the Threatscape Addressing compliance requirements Respond, dont just report Youre already a statistic, how do you rebound? Q&A."

Similar presentations

1© Copyright 2011 EMC Corporation. All rights reserved. The Future of the Advance Soc 3rd Annual Privacy, Access and Security Congress, Ottawa, 2012 Mike.

1© Copyright 2011 EMC Corporation. All rights reserved. The Future of the Advance Soc 3rd Annual Privacy, Access and Security Congress, Ottawa, 2012 Mike.
Information Privacy and Data Protection Lexpert Seminar David YoungDecember 9, 2013 Breach Prevention – Due Diligence and Risk Reduction.

Information Privacy and Data Protection Lexpert Seminar David YoungDecember 9, 2013 Breach Prevention – Due Diligence and Risk Reduction.
Www.accessdata.com Digital Investigations of Any Kind ONE COMPANY Cyber Intelligence Response Technology (CIRT)

Digital Investigations of Any Kind ONE COMPANY Cyber Intelligence Response Technology (CIRT)
2 Assessing the Threatscape Addressing compliance requirements Respond, don’t just report You’re already a statistic, how do you rebound? Q&A.

2 Assessing the Threatscape Addressing compliance requirements Respond, don’t just report You’re already a statistic, how do you rebound? Q&A.
Security, Privacy and the Cloud Connecticut Community Providers’ Association June 20, 2014 Steven R Bulmer, VP of Professional Services.

Security, Privacy and the Cloud Connecticut Community Providers’ Association June 20, 2014 Steven R Bulmer, VP of Professional Services.
Information Security Jim Cusson, CISSP. Largest Breaches 110,000 2009-11-27 NorthgateArinso, Verity Trustees 6,400 2009-11-25 Aurora St. Luke's Medical.

Information Security Jim Cusson, CISSP. Largest Breaches 110, NorthgateArinso, Verity Trustees 6, Aurora St. Luke's Medical.
Information & Communication Technologies 08 2014 NMSU All About Discovery! Risk-Based Information Security Program at NMSU presented by Norma Grijalva.

Information & Communication Technologies NMSU All About Discovery! Risk-Based Information Security Program at NMSU presented by Norma Grijalva.
Information Security in Higher Education Today Current Threats

Information Security in Higher Education Today Current Threats
W w w. d u a n e m o r r i s. c o m Duane Morris - Firm and Affiliate Offices New York | London | Chicago | Houston | Philadelphia | San Diego | San Francisco.

W w w. d u a n e m o r r i s. c o m Duane Morris - Firm and Affiliate Offices New York | London | Chicago | Houston | Philadelphia | San Diego | San Francisco.
Global Information Security Issues According to the E&Y Global Survey, Managers Say the Right Thing… –90% of 1400 companies surveyed in 66 countries say.

Global Information Security Issues According to the E&Y Global Survey, Managers Say the Right Thing… –90% of 1400 companies surveyed in 66 countries say.
Information & Communication Technologies 08 2014 NMSU All About Discovery! Risk-Based Information Security Program at NMSU presented by Norma Grijalva.

Information & Communication Technologies NMSU All About Discovery! Risk-Based Information Security Program at NMSU presented by Norma Grijalva.
Get Complete IT Compliance: Reduce Risk and Cost Jonathan CISO, Qualys Seth Automation Specialist, BMC.

Get Complete IT Compliance: Reduce Risk and Cost Jonathan CISO, Qualys Seth Automation Specialist, BMC.
Citadel Security Software Presents Are you Vulnerable? Bill Diamond Senior Security Engineer

Citadel Security Software Presents Are you Vulnerable? Bill Diamond Senior Security Engineer
Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.

Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.
1 Title ECI: Anatomy of a Cyber Investigation Who Are the Actors.

1 Title ECI: Anatomy of a Cyber Investigation Who Are the Actors.
Security Imperatives in a New Workplace Partnering to Protect Digital Information in the 21st Century Presented by Michael Ferris, Alaska Enterprise Solutions.

Security Imperatives in a New Workplace Partnering to Protect Digital Information in the 21st Century Presented by Michael Ferris, Alaska Enterprise Solutions.
Www.softwareassist.net Protecting Mainframe and Distributed Corporate Data from FTP Attacks: Introducing FTP/Security Suite Alessandro Braccia, DBA Sistemi.

Protecting Mainframe and Distributed Corporate Data from FTP Attacks: Introducing FTP/Security Suite Alessandro Braccia, DBA Sistemi.
Did You Hear That Alarm? The impacts of hitting the information security snooze button.

Did You Hear That Alarm? The impacts of hitting the information security snooze button.
PCI: As complicated as it sounds? Gerry Lawrence CTO

PCI: As complicated as it sounds? Gerry Lawrence CTO
WHAT EVERY RISK MANAGER NEEDS TO KNOW ABOUT DATA SECURITY RIMS Rocky Mountain Chapter Meeting Thursday, July 25, 2013 11:30 am – 12:30 pm.

WHAT EVERY RISK MANAGER NEEDS TO KNOW ABOUT DATA SECURITY RIMS Rocky Mountain Chapter Meeting Thursday, July 25, :30 am – 12:30 pm.

Similar presentations

Ads by Google