Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security Imperatives in a New Workplace Partnering to Protect Digital Information in the 21st Century Presented by Michael Ferris, Alaska Enterprise Solutions.

Published byMervyn Lyons Modified over 8 years ago

Similar presentations

Presentation on theme: "Security Imperatives in a New Workplace Partnering to Protect Digital Information in the 21st Century Presented by Michael Ferris, Alaska Enterprise Solutions."— Presentation transcript:

1 Security Imperatives in a New Workplace Partnering to Protect Digital Information in the 21st Century Presented by Michael Ferris, Alaska Enterprise Solutions

2 Today’s rising security threats come in various forms, in varying degrees of severity: 2 While others can be extreme… … Such as the Stuxnet virus that paralyzed Iran’s nuclear research facilities. Some occur undetected but are much more severe… …Such as malicious software, or “malware,” that’s unintentionally installed by a computer user and which causes the user’s computer to conduct illicit tasks via the network on behalf of the malware’s owner. Some security breaches are obvious but relatively harmless… … Receiving spam messages, for example.

3 The real costs of a security breach: Digital information makes up 49% of an organization’s value.* Average cost of each compromised record per breach: $214**. Average organizational cost of a data breach is $5.5 million**. *2012 state of information survey. **Source: “2010 Annual Study: US Cost of a Data Breach.” The Ponemon Institute, LLC, March 2011. 3 By addressing security proactively, organizations can reduce per record cost of breaches by $80**. Security Policies Security Breach Costs

4 End points are connected on networks with increasing risk velocity. 4 Changing Threat Landscape Devices Go Undetected on the Network Controlled Network

5 Today’s MFPs are complex embedded network devices with many potential security vulnerabilities: Some MFPs have: An operating system with a direct external interface A proprietary operating system All MFPs have: One or more operating systems Network controller and firmware One or more hard disk drives Web server Hardware ports Page Description Language interpreters (PS & PCL) 5

6 MFP Security cannot be an afterthought! In a December, 2011 lecture, “Print Me If You Dare,” a research team from Columbia University was able to design malware with capabilities that include: Port scanning Network exploration Exfiltration data from print-jobs Security Levels 6

7 3 Levels of Security Perimeter Machine Documents 7

8 Security at the Perimeter McAfee Embedded Security Cisco TrustSec Service Technicians 8

9 What you need to protect information on the network: 1.“Hands-off, self-protecting” devices that are resilient to new attacks. 2.Compliance with the most up-to- date security standards and regulations. 3.Complete visibility on the network. 9

10 Hands off Protection: McAfee Whitelisting Technology 10 Known users Approved software Unknown files and software Normal usage Attacks Alerts Unknown users Malicious acts Polymorphic zero-day attacks Known files and software Whitelisting technology allows only approved software to run Email Management Tools McAfee ePO

11 McAfee Integrity Control Proactive/Always active even if mismanaged Security is managed at the end point in addition to the network Permits secure use of advanced MFP features — user permissions, scanning without fear Turns the unknown (bad) into known (good) 11

12 Compliance: Integration with Cisco TrustSec Gain complete visibility on the network Automatically identifies printer and MFP devices on the network Monitors device activity, similar to PC on the network. Reports any suspicious activity and alerts IT administrators. Virtually every device is TrustSec compliant – more than any other vendor 12

13 Service Technicians Technicians Laptops Thumb Drives Software 13

14 14 Protecting the Perimeter: Multilayered Approach Network Management Consoles User Endpoints TrustSec Access Protection MFPs

15 Security at the Machine Level Common Criteria Certification –HIPAA –Sarbanes Oxley Fax / Network Isolation 15

16 Security at the Document Level Disk/Image overwrite Encrypted Hard Disk Audit Log Secure Print Standard Accounting Secure Watermark Password protected PDF Smart Card technology Secure Access Follow you Print Hard Disk Retention 16

17 The New Security Standard for a New Age Security cannot be an afterthought Information is an increasingly valuable intellectual property Firewalls aren’t enough; security policies must be holistic and ubiquitous Protection for embedded devices is now an integral part of today’s security imperative 17

Download ppt "Security Imperatives in a New Workplace Partnering to Protect Digital Information in the 21st Century Presented by Michael Ferris, Alaska Enterprise Solutions."

Similar presentations

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
Data Security The Best Data Security In The Industry.

Data Security The Best Data Security In The Industry.
SPEAKER BLITZ ERIC BROWN Senior Systems Engineer NICK JAVANOVIC DoD Regional Sales Manager.

SPEAKER BLITZ ERIC BROWN Senior Systems Engineer NICK JAVANOVIC DoD Regional Sales Manager.
Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.

Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
Access Control Chapter 3 Part 5 Pages 248 to 252.

Access Control Chapter 3 Part 5 Pages 248 to 252.
Security Controls – What Works

Security Controls – What Works
Network and Server Basics. 6/1/20152 Learning Objectives After viewing this presentation, you will be able to: Understand the benefits of a client/server.

Network and Server Basics. 6/1/20152 Learning Objectives After viewing this presentation, you will be able to: Understand the benefits of a client/server.
Data Security Issues in IR Eileen Driscoll Institutional Planning and Research Cornell University

Data Security Issues in IR Eileen Driscoll Institutional Planning and Research Cornell University
Security Management IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.

Security Management IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.
IBM Security Network Protection (XGS)

IBM Security Network Protection (XGS)
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Security Policies and Implementation Issues.

© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. Security Policies and Implementation Issues.
Www.encase.com Mel Pless, Sr. Director, Solutions Consulting Guidance Software, Inc. Let’s Get Right To The Endpoint Leveraging Endpoint Data to Expose,

Mel Pless, Sr. Director, Solutions Consulting Guidance Software, Inc. Let’s Get Right To The Endpoint Leveraging Endpoint Data to Expose,
Customized solutions. Keep It Secure Contents  Protection objectives  Endpoint and server software  Protection.

Customized solutions. Keep It Secure Contents  Protection objectives  Endpoint and server software  Protection.
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
New Data Regulation Law 201 CMR 17.00. TJX Video.

New Data Regulation Law 201 CMR TJX Video.
OPSEC Awareness Briefing Multi-Function Printer (MFP) Security.

OPSEC Awareness Briefing Multi-Function Printer (MFP) Security.
Trojan Horse Implementation and Prevention By Pallavi Dharmadhikari Sirisha Bollineni VijayaLakshmi Jothiram Vasanthi Madala.

Trojan Horse Implementation and Prevention By Pallavi Dharmadhikari Sirisha Bollineni VijayaLakshmi Jothiram Vasanthi Madala.
eScan Total Security Suite with Cloud Security

eScan Total Security Suite with Cloud Security

Similar presentations

Ads by Google