Presentation is loading. Please wait.

Presentation is loading. Please wait.

Top Threats WG Co-Chair Jon-Michael Brook. Agenda About our Top Threats Polling the industry Call for participation Categorizing our Top Threats.

Published byWendy O’Neal’ Modified over 8 years ago

Similar presentations

Presentation on theme: "Top Threats WG Co-Chair Jon-Michael Brook. Agenda About our Top Threats Polling the industry Call for participation Categorizing our Top Threats."— Presentation transcript:

1 Top Threats WG Co-Chair Jon-Michael Brook

2 Agenda About our Top Threats Polling the industry Call for participation Categorizing our Top Threats

3 About the Top Threats Report This report is capturing the Top Concerns – As reported by industry practitioners and stakeholders Threats, Vulnerabilities, Risks – Will be defined and correctly identified for each Template – Follows previous Top Threats release documents – Will include proper semantic clarification – Mitigation and security references

4 Threat Definitions and Discussion Data Breaches – Definition: A data breach is an incident in which sensitive, protected or confidential data has potentially been viewed, stolen or used by an individual unauthorized to do so. Data breaches may involve personal health information (PHI), personally identifiable information (PII), trade secrets or intellectual property. – Source: searchsecurity.techtarget.com/definition/data-breach Data Loss – Definition: Data loss is an error condition in information systems in which information is destroyed by failures or neglect in storage, transmission, or processing. Information systems implement backup and disaster recovery equipment and processes to prevent data loss or restore lost data. – Source: https://www.bostoncomputing.net/consultation/databackup/dataloss/https://www.bostoncomputing.net/consultation/databackup/dataloss/ https://en.wikipedia.org/wiki/Data_loss – Notes: consider merging Data breaches and Data loss with new label to encompass both

5 Abuse and nefarious use of Cloud Services – Definition: Weak fraud detection capabilities opens cloud computing models such as IaaS and PaaS to malicious attacks by criminals who can leverage those technologies and target cloud providers. Most cloud providers do not enforce strong registration processes where any person with a valid credit card can register to receive cloud services – Source: http://www.ijceronline.com/papers/Vol3_issue6/part%204/D0364022027. pdf http://www.ijceronline.com/papers/Vol3_issue6/part%204/D0364022027. pdf – https://cloudsecurityalliance.org/topthreats/csathreats.v1.0.pdf Insufficient due diligence – Definition: Businesses and their lawyers often have limited time and resources to devote to cloud due diligence, developing a good roadmap and checklist for due diligence on a CSP is essential. Due diligence should involve a team approach, IT, legal, compliance and the appropriate business unit of the company. – Source: http://www.insidecounsel.com/2013/12/06/technology-a-lack-of- due-diligence-still-a-top-thr

6

7

8 https://cloudsecurityalliance.org/group/top- threats/ https://cloudsecurityalliance.org/group/top- threats/ Download the 2013 Notorious Nine Take the new survey for 2016 – LinkedIn – Twitter – Email campaigns – CSA News Visit the Top Threats WG website

9 Develop content for the different sections based on template Categories – Abuse and Nefarious Use of Cloud Services (Scott Field) – Shared Technology Issues (Jon-Michael) – Misaligned or Missing Cloud Strategy (Michael Roza) – Weak Identity, Credential Access Management (Scott Field) – Denial of Service – Data Loss – Malicious Insiders (Jon-Michael) – Insufficient Due Diligence (Michael Roza) – Advanced Persistent Threats (Vic Hargrave) – Insecure APIs (Jon-Michael) – Data Breaches – System Application Vulnerabilities (Vic Hargrave) – Account Hijacking Call for participation

10 THANK YOU! Co-Chair Jon-Michael Brook Co-Chair Dave Shackelford Co-Chair Scott Field Top Threats Working Group

Download ppt "Top Threats WG Co-Chair Jon-Michael Brook. Agenda About our Top Threats Polling the industry Call for participation Categorizing our Top Threats."

Similar presentations

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Hi – 5 Marcus Hogue Chris Jacobson Alexandra Korol Mark Ordonez Jinjia Xi Security of Cloud Computing.

Hi – 5 Marcus Hogue Chris Jacobson Alexandra Korol Mark Ordonez Jinjia Xi Security of Cloud Computing.
Security, Privacy and the Cloud Connecticut Community Providers’ Association June 20, 2014 Steven R Bulmer, VP of Professional Services.

Security, Privacy and the Cloud Connecticut Community Providers’ Association June 20, 2014 Steven R Bulmer, VP of Professional Services.
Privacy (or Data) Breaches - Examples South Carolina Department of Revenue Hackers got into the SCDOR’s computers, and stole information on up to 3.2 Million.

Privacy (or Data) Breaches - Examples South Carolina Department of Revenue Hackers got into the SCDOR’s computers, and stole information on up to 3.2 Million.
KDE Employee Training. What IS a Data Breach? Unauthorized release (loss or theft) of Sensitive or Confidential Data, such as PII, PHI, etc. On site or.

KDE Employee Training. What IS a Data Breach? Unauthorized release (loss or theft) of Sensitive or Confidential Data, such as PII, PHI, etc. On site or.
Security for Today’s Threat Landscape Kat Pelak 1.

Security for Today’s Threat Landscape Kat Pelak 1.
JARED BIRD Nagios: Providing Value Throughout the Organization.

JARED BIRD Nagios: Providing Value Throughout the Organization.
STOP.THINK.CONNECT™ NATIONAL CYBERSECURITY AWARENESS CAMPAIGN SMALL BUSINESS PRESENTATION.

STOP.THINK.CONNECT™ NATIONAL CYBERSECURITY AWARENESS CAMPAIGN SMALL BUSINESS PRESENTATION.
THE INSIDER THREAT AND DATA LOSS PREVENTION CSCE 727.

THE INSIDER THREAT AND DATA LOSS PREVENTION CSCE 727.
1 © 2008 Venable LLP Top 5 Technology Legal Traps for Associations Venable LLP August 24, 2010 10:45 AM – 12:00 PM ASAE Annual Meeting Los Angeles, CA.

1 © 2008 Venable LLP Top 5 Technology Legal Traps for Associations Venable LLP August 24, :45 AM – 12:00 PM ASAE Annual Meeting Los Angeles, CA.
FIT3105 Security and Identity Management Lecture 1.

FIT3105 Security and Identity Management Lecture 1.
This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
Security Architecture Dr. Gabriel. Security Database security: –degree to which data is fully protected from tampering or unauthorized acts –Full understanding.

Security Architecture Dr. Gabriel. Security Database security: –degree to which data is fully protected from tampering or unauthorized acts –Full understanding.
Copyright 2013 FUJITSU LIMITED. AGENDA Mitigation Considerations 4. Data Security – Examples and Application 2. Data Security Life-Cycle 1 1. Data Management.

Copyright 2013 FUJITSU LIMITED. AGENDA Mitigation Considerations 4. Data Security – Examples and Application 2. Data Security Life-Cycle 1 1. Data Management.
Security issues in the Cloud Presentation for CloudCamp 2012 (Lagos) Christopher Odutola FVC Inc. Dubai.

Security issues in the Cloud Presentation for CloudCamp 2012 (Lagos) Christopher Odutola FVC Inc. Dubai.
TOP 10 TECHNOLOGY INITIATIVES © 2013 - Robert G. Parker S-1 9. Preventing and Responding to Computer Fraud IT Security Ranked #2 Preventing and Responding.

TOP 10 TECHNOLOGY INITIATIVES © Robert G. Parker S-1 9. Preventing and Responding to Computer Fraud IT Security Ranked #2 Preventing and Responding.
SEC835 Database and Web application security Information Security Architecture.

SEC835 Database and Web application security Information Security Architecture.
General Awareness Training

General Awareness Training
Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.

Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.
How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.

How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.

Similar presentations

Ads by Google