Presentation is loading. Please wait.

Presentation is loading. Please wait.

Considerations for Cybersecurity and Data Security in Today’s World

Published byGábor Veres Modified over 5 years ago

Similar presentations

Presentation on theme: "Considerations for Cybersecurity and Data Security in Today’s World"— Presentation transcript:

1 Considerations for Cybersecurity and Data Security in Today’s World
ACIL Education Series Presented by | Darrell Laffoon March 25 – 30, Washington, DC

2 Can you survive a breach?
Do you know that you are in the ring What is your plan And then what?

3 Fundamental Questions
What are cybersecurity and data-security risks? How can you protect your cyber and data assets

4 What are cybersecurity and data-security risks?

5 Information Security – Protecting your Most Valuable Asset
MVA Workforce Data Second & Third party Customer Data Partner Data Research Data Company IP “Data is the new oil.” — Clive Humby Clive Humby – data scientist cybersecurity preventative methods used to protect digital information and assets from being stolen, compromised or attacked data-security is a set of standards and technologies that protect data from intentional or accidental destruction, modification or disclosure.

6 Cybercrime is BIG BUSINESS
$1200 $300 $20 $11 $4 Black Market Value Personal Information What is your research and results worth? What about other IP? Visa or MasterCard Date of Birth Medical Insurance Bank Account Complete Identity

7 The New Oil Fields… 2018 Data Breaches
500 million Starwood guest reservation database was compromised, including name, address, phone number, date of birth, gender, address, passport number, and Starwood’s rewards information. Under Armour confirmed a breach that impacted 150 million MyFitness Pal users. Usernames, addresses and hashed passwords were among the information exposed. 92 million MyHeritage users were exposed in a data breach event after a data file containing MyHeritage user login credentials was found on a private server. Nearly 87 million Facebook user accounts were compromised after hackers took control of approximately 50 million accounts plus an additional 40 million accounts that may have been accessed. 60 million address, username, user ID, account number, street address, phone number, authorized users, mailing campaign data, real time tracking data. A hack by an unauthorized party lead to a data breach at Ticketfly that affected 26 million user names, addresses, addresses and phone numbers. Government Payment Service leaked personal information of more than 14 million customers including names, addresses, phone numbers, and partial credit card data. Do you think these guys had a plan?

8 58% Don’t recognize they are a target Lower InfoSec Budgets
SME’s are targets too Don’t recognize they are a target Lower InfoSec Budgets Lack cybersecurity skillsets Easier to infiltrate 58% Verizon – 2018 Data Breach Investigations Report

9 - Robert Mueller - FBI Director
There are only two types of companies: those that have been hacked, and those that will be. - Robert Mueller - FBI Director

10 Accept and understand that you are at Risk
Top Risks Human Error Hacker Extortion Hactivism Espionage

11 How can you protect your cyber and data assets?

12 Information Security Hygiene
CIA Triad Confidentiality Integrity Availability Constant & Evolving Threats Layered Security Continuous PDM Cycle Top level information protection and privacy controls are an absolute necessity

13 Layered Security – Prevent, Detect & Manage
Data Application Host Network Physical/Enterprise PDM Controls Prevent Detect Manage Reduce the attack surface

14 Information Security Plan
4/3/2019 Information Security Governance The goal is to meet and exceed the strictest policies and controls Enterprise Wide Security Policies Security Committee Industry Standards/ Best Practices Compliance & Certification 3rd Party Auditing, Testing Strict Role Based Access Control Strict Change Management Disaster Recovery/BCP Training & Education Standards & Best Practices 3rd Party Certifications Job #1 - 24/7 x 365 Defense in Depth & Breadth Principle of Least Privilege Multi-Factor Authentication Secure Profile Triple Layer Encryption Independent Testing & Verification Threat Assessment & Response Independent Auditors & Testing Partner Security Assessments

15 Football is two things. It’s blocking and tackling. I don’t care about formations or new offenses or tricks on defense. You block and tackle better than the team you’re playing, you win. – Vince Lombardi

16 Protect yourself, your employees, your customers and your business
Information Security 101 Protect yourself, your employees, your customers and your business Prevent Leverage cloud and vendor to reduce attack surface Detect – Practice good information hygiene and secure all digital assets - Proactively identify, monitoring, test, and verify – Mitigate risk, prepare and plan, and respond quickly Leverage cloud and vendor services to reduce your attack surface Seek guidance from cybersecurity experts to assess cyber risk and develop strategic plans to minimize exposures Manage Seek guidance from cybersecurity experts

Download ppt "Considerations for Cybersecurity and Data Security in Today’s World"

Similar presentations

Travelers CyberRisk for Insurance Companies

Travelers CyberRisk for Insurance Companies
Ethics, Privacy and Information Security

Ethics, Privacy and Information Security
Information Security Confidential Two-Factor Authentication Solution Overview Shawn Fulton January 15th, 2015.

Information Security Confidential Two-Factor Authentication Solution Overview Shawn Fulton January 15th, 2015.
OWASP Principles for GIS Data Security Keeping your GIS data secure.

OWASP Principles for GIS Data Security Keeping your GIS data secure.
Security Controls – What Works

Security Controls – What Works
This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
Company LOGO Copyright Carrie Kerskie Data Breach & Identity Theft By Carrie Kerskie Kerskie Group, Inc.

Company LOGO Copyright Carrie Kerskie Data Breach & Identity Theft By Carrie Kerskie Kerskie Group, Inc.
External Threats to Healthcare Data Joshua Spencer, CPHIMS, C | EH.

External Threats to Healthcare Data Joshua Spencer, CPHIMS, C | EH.
Information Security Technological Security Implementation and Privacy Protection.

Information Security Technological Security Implementation and Privacy Protection.
Why are Small and Mid-Size Companies Easy Targets for Hackers, and What can You do to Protect Yourself? 2/11/2015 Asher Dahan.

Why are Small and Mid-Size Companies Easy Targets for Hackers, and What can You do to Protect Yourself? 2/11/2015 Asher Dahan.
Teresa Macklin Information Security Officer 27 May, 2009 Campus-wide Information Security Activities.

Teresa Macklin Information Security Officer 27 May, 2009 Campus-wide Information Security Activities.
1 Deployment of Computer Security in an Organization CE-408 Sir Syed University of Engineering & Technology 99-CE-282, 257 & 260.

1 Deployment of Computer Security in an Organization CE-408 Sir Syed University of Engineering & Technology 99-CE-282, 257 & 260.
Did You Hear That Alarm? The impacts of hitting the information security snooze button.

Did You Hear That Alarm? The impacts of hitting the information security snooze button.
Staying Ahead of the Curve in Cyber Security Bill Chang CEO, SingTel Group Enterprise.

Staying Ahead of the Curve in Cyber Security Bill Chang CEO, SingTel Group Enterprise.
Case Study: Department of Revenue Data Breach National Association of State Auditors, Comptrollers and Treasurers March 21, 2013.

Case Study: Department of Revenue Data Breach National Association of State Auditors, Comptrollers and Treasurers March 21, 2013.
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.

Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
IT Strategy for Business © Oxford University Press 2008 All rights reserved Chapter 12 IT Security Strategies.

IT Strategy for Business © Oxford University Press 2008 All rights reserved Chapter 12 IT Security Strategies.
Data Security and Payment Card Acceptance Presented by: Brian Ridder Senior Vice President First National September 10, 2009.

Data Security and Payment Card Acceptance Presented by: Brian Ridder Senior Vice President First National September 10, 2009.
Security in ERP Systems By Jason Rhodewalt & Marcel Gibson.

Security in ERP Systems By Jason Rhodewalt & Marcel Gibson.
Yair Grindlinger, CEO and Co-Founder Do you know who your employees are sharing their credentials with? Do they?

Yair Grindlinger, CEO and Co-Founder Do you know who your employees are sharing their credentials with? Do they?

Similar presentations

Ads by Google