Presentation is loading. Please wait.

Presentation is loading. Please wait.

2 Assessing the Threatscape Addressing compliance requirements Respond, don’t just report You’re already a statistic, how do you rebound? Q&A.

Published byKendra Hutchings Modified over 9 years ago

Similar presentations

Presentation on theme: "2 Assessing the Threatscape Addressing compliance requirements Respond, don’t just report You’re already a statistic, how do you rebound? Q&A."— Presentation transcript:

1

2 2 Assessing the Threatscape Addressing compliance requirements Respond, don’t just report You’re already a statistic, how do you rebound? Q&A

3 3

4 4 91% of companies have experienced at least one IT security event from an external source. 90% of all cyber crime costs are those caused by web attacks, malicious code and malicious insiders. Security Breach Statistics* *Statistics collected from Gartner, Forrester, Ponemon, Kaspersky, Eschelon

5 5 Due to complexity, over 70% of organizations still not adequately securing critical systems. The median annualized cost of breaches is $3.8 million per year, (range: $1M to $52M/yr) Security Breach Statistics

6 6 96% of attacks were not highly difficult 94% of all data compromised involved servers 85% of breaches took weeks or more to discover 92% of incidents were discovered by a third party 97% of breaches were avoidable 96% of victims subject to PCI DSS had not achieved compliance A study conducted by the Verizon RISK Team

7 7 Data breaches Data loss/leakage Account/service traffic hijacking Insecure interfaces and APIs Denial of service Malicious insiders Insufficient due diligence Technology vulnerabilities Social Engineering Viruses, phishing, malware, spyware Employees exposing information Carelessness/lax security policies According to Cloud Security Alliance

8 8 Source: www.securelist.comwww.securelist.com Kaspersky Bulletin

9 9 “ I get audited. I get audited a lot.” - Michael Tampone Chief Technology Officer Sterling Risk

10 10 FFIEC PCI / DSS CIP Sarbanes Oxley GLBA FISMA NERC HIPAA FERPA SB-1386 (California)

11 11

12 12

13 13

14 14 It’s expensive It’s time consuming It’s resource heavy Perceived imbalance in the risk/reward quotient -We’ve got it covered -We haven’t been attacked/complacency -We’re too small for hackers to care/notice Expertise difficult to retain …but it doesn’t have to be MSPAlliance says: Unemployment for IT security is <1%. And once found, they’re expensive to keep. In fact their salaries doubled in past 3 years.

15 15 Preventive/Preemptive policies Centralized control Automation Transaction Anomaly Prevention Minimize end user impact Consistency Maintain and enforce standards Minimizing management and operational cost Best practices

16 16 (3.11)Implement automated configuration monitoring system to analyze hardware and software changes, network configuration changes, and other modifications affecting the security of the system. *Source SANS 20 Critical Controls SANS offers 12 critical controls for implementation, automation, and measurement. Security Configuration Management applies to 8 of those guidelines, most notably

17 17 Continuous monitoring discovers red flags (via Log/SIEM) but too often reviewed days/weeks later Doesn’t FIX the problem Signatures will not detect anything unusual in a zero-day exploit Doesn’t maintain continuous integrity of files/apps/registry

18 18 Improve the success rate of patching XP Migration Avoid unauthorized changes that threaten compliance Real-time configuration mgmt Prevent & recover back to ideal state Reduce support incidents Demonstrate control of computing environment

19 19 Reduce, remove security threats Reduce operational downtime Reduce support incidents by 80% Automate security compliance policy Increase application availability Reduce case resolution times and repeat cases Reduce on-site or remote service requests Integrates with existing infrastructure Automated compliance reporting Improve customer satisfaction

20 20 Demonstration

21 21  Innovative Software Company ◦ Over 12 years in the marketplace ◦ 1,000’s of customer deployments globally ◦ Proven and patented technology IT organizations will fail to successfully manage their PC environment if they have not addressed the biggest issue: complexity … Persystent Suite … does provide configuration drift management functionality. Customers

22 22 Bob Whirley Utopic Software bobwhirley@utopicsoftware.com 727-512-9001 www.utopicsoftware.com

Download ppt "2 Assessing the Threatscape Addressing compliance requirements Respond, don’t just report You’re already a statistic, how do you rebound? Q&A."

Similar presentations

1© Copyright 2011 EMC Corporation. All rights reserved. The Future of the Advance Soc 3rd Annual Privacy, Access and Security Congress, Ottawa, 2012 Mike.

1© Copyright 2011 EMC Corporation. All rights reserved. The Future of the Advance Soc 3rd Annual Privacy, Access and Security Congress, Ottawa, 2012 Mike.
2 Assessing the Threatscape Addressing compliance requirements Respond, dont just report Youre already a statistic, how do you rebound? Q&A.

2 Assessing the Threatscape Addressing compliance requirements Respond, dont just report Youre already a statistic, how do you rebound? Q&A.
Information Privacy and Data Protection Lexpert Seminar David YoungDecember 9, 2013 Breach Prevention – Due Diligence and Risk Reduction.

Information Privacy and Data Protection Lexpert Seminar David YoungDecember 9, 2013 Breach Prevention – Due Diligence and Risk Reduction.
Www.accessdata.com Digital Investigations of Any Kind ONE COMPANY Cyber Intelligence Response Technology (CIRT)

Digital Investigations of Any Kind ONE COMPANY Cyber Intelligence Response Technology (CIRT)
‘Changing environment – changing security’ - Cyber-threat challenges today – Budapest, September 17-18, 2012 1 Industry and the fight against cybercrime.

‘Changing environment – changing security’ - Cyber-threat challenges today – Budapest, September 17-18, Industry and the fight against cybercrime.
Security, Privacy and the Cloud Connecticut Community Providers’ Association June 20, 2014 Steven R Bulmer, VP of Professional Services.

Security, Privacy and the Cloud Connecticut Community Providers’ Association June 20, 2014 Steven R Bulmer, VP of Professional Services.
Information & Communication Technologies 08 2014 NMSU All About Discovery! Risk-Based Information Security Program at NMSU presented by Norma Grijalva.

Information & Communication Technologies NMSU All About Discovery! Risk-Based Information Security Program at NMSU presented by Norma Grijalva.
Information Security in Higher Education Today Current Threats

Information Security in Higher Education Today Current Threats
Global Information Security Issues According to the E&Y Global Survey, Managers Say the Right Thing… –90% of 1400 companies surveyed in 66 countries say.

Global Information Security Issues According to the E&Y Global Survey, Managers Say the Right Thing… –90% of 1400 companies surveyed in 66 countries say.
Information & Communication Technologies 08 2014 NMSU All About Discovery! Risk-Based Information Security Program at NMSU presented by Norma Grijalva.

Information & Communication Technologies NMSU All About Discovery! Risk-Based Information Security Program at NMSU presented by Norma Grijalva.
Citadel Security Software Presents Are you Vulnerable? Bill Diamond Senior Security Engineer

Citadel Security Software Presents Are you Vulnerable? Bill Diamond Senior Security Engineer
Company LOGO Copyright Carrie Kerskie Data Breach & Identity Theft By Carrie Kerskie Kerskie Group, Inc.

Company LOGO Copyright Carrie Kerskie Data Breach & Identity Theft By Carrie Kerskie Kerskie Group, Inc.
Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.

Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.
1 Title ECI: Anatomy of a Cyber Investigation Who Are the Actors.

1 Title ECI: Anatomy of a Cyber Investigation Who Are the Actors.
Security issues in the Cloud Presentation for CloudCamp 2012 (Lagos) Christopher Odutola FVC Inc. Dubai.

Security issues in the Cloud Presentation for CloudCamp 2012 (Lagos) Christopher Odutola FVC Inc. Dubai.
Security Imperatives in a New Workplace Partnering to Protect Digital Information in the 21st Century Presented by Michael Ferris, Alaska Enterprise Solutions.

Security Imperatives in a New Workplace Partnering to Protect Digital Information in the 21st Century Presented by Michael Ferris, Alaska Enterprise Solutions.
© 2009 IDBI Intech, Inc. All rights reserved.IDBI Intech Confidential 1 Information (Data) Security & Risk Mitigation.

© 2009 IDBI Intech, Inc. All rights reserved.IDBI Intech Confidential 1 Information (Data) Security & Risk Mitigation.
Www.softwareassist.net Protecting Mainframe and Distributed Corporate Data from FTP Attacks: Introducing FTP/Security Suite Alessandro Braccia, DBA Sistemi.

Protecting Mainframe and Distributed Corporate Data from FTP Attacks: Introducing FTP/Security Suite Alessandro Braccia, DBA Sistemi.
Did You Hear That Alarm? The impacts of hitting the information security snooze button.

Did You Hear That Alarm? The impacts of hitting the information security snooze button.
PCI: As complicated as it sounds? Gerry Lawrence CTO

PCI: As complicated as it sounds? Gerry Lawrence CTO

Similar presentations

Ads by Google