emerging security threats

50 %
50 %
Information about emerging security threats
Entertainment

Published on September 29, 2007

Author: Lucianna

Source: authorstream.com

Essential Strategies for Protecting Against the New Wave Of Information Security Threats:  Essential Strategies for Protecting Against the New Wave Of Information Security Threats Abe Usher, CISSP Sharp Ideas LLC About the presenter:  About the presenter Abe Usher CISSP Master’s degree in Information Systems Ideas published in Wired Magazine, Network World, New Scientist Magazine, Business Week On-line and others Creator of slurp.exe Principal architect of SecurityBuzz.org Webinar agenda:  Webinar agenda Review of security concepts New threats Pod slurping Data theft in the news Strategies for reducing risk Questions and wrap up Information security: key terms:  Information security: key terms Confidentiality Integrity Availability Information security: key terms:  Information security: key terms Network security Application security Host security (endpoint security) Information security: key terms:  Information security: key terms Network Application Host (Endpoint) Typically strong Moderate Weak (non-existent?) Information security: new threats:  Information security: new threats The widespread introduction of computing devices and portable storage in the enterprise bring significant risks: iPods USB and Firewire storage Bluetooth accessories PDAs Unauthorized wireless Endpoint: entry vectors:  Endpoint: entry vectors Optical drives PDAs Smart phones Firewire USB accessories RJ-45 net WiFi Bluetooth Universal Serial Bus (USB):  Universal Serial Bus (USB) Originally developed in 1995 as an external expansion bus to make adding peripherals easy. “Universal” acceptance of USB – virtually all new PCs come with one or more USB ports. New USB 2.0 allows data transfer at a rate 40 times faster than USB 1.1 (480 Mb/second) USB devices: the good:  USB devices: the good Supported by all vendors on all major operating systems Productivity booster in the proper context USB has reduced cost and complexity of peripherals Convenient data exchange between computers USB devices: the bad:  USB devices: the bad Modern operating systems do not provide granular control over the use of USB devices (e.g. No auditing) Most commercial organizations do not have clear policies on the use of USB devices Most organizations do not understand the security implications of USB devices The importance of information:  The importance of information The currency of the Information Age is the bit. Information economies gain competitive advantage through creating, analyzing, and distributing information. Organizations that fail to protect their information resources jeopardize their own future. Adapt your security infrastructure or become a statistic:  Adapt your security infrastructure or become a statistic Privacy Rights Clearing House | Washington Post, June 22, 2005 Adapt your security infrastructure or become a statistic:  Adapt your security infrastructure or become a statistic Privacy Rights Clearing House | Washington Post, June 22, 2005 Adapt your security infrastructure or become a statistic:  Adapt your security infrastructure or become a statistic Privacy Rights Clearing House | Washington Post, June 22, 2005 Digital media players and portable storage:  Digital media players and portable storage More than 42 million iPods sold Other digital media players increasingly popular USB thumb drives reaching low price point and ubiquitous adoption Information security: in the news:  Information security: in the news Information security: in the news:  Information security: in the news Information security: in the news:  Information security: in the news Information security: in the news:  Information security: in the news Unauthorized use of computers increased Unauthorized access to information and theft of proprietary information showed significant increases in average loss per respondent ($303,324 and $355,552 respectively) Information security: in the news:  Information security: in the news Information security: in the news:  Information security: in the news Information security: in the news:  Information security: in the news Additional resources available at: http://www.sharp-ideas.net/ideas/ 37 additional stories from the news media related to data theft 26 messages from prominent information security mailing lists discussing data leakage / data theft Information security: traditional threats:  Information security: traditional threats External hackers Malicious code outbreaks SPAM Spyware Phishing Traditional threats (network security):  Traditional threats (network security) Hacker activity Worms & viruses SPAM Spyware Phishing Traditional threats (network security):  Traditional threats (network security) Hacker activity Worms & viruses SPAM Spyware Phishing Firewall Intrusion Detection SPAM filtering Anti-Spyware Phishing filtering Emerging threats: endpoint security:  Emerging threats: endpoint security Widespread adoption of portable storage and digital media players USB Firewire Emerging threats: endpoint security:  Emerging threats: endpoint security Widespread adoption of portable storage and digital media players USB Firewire Wireless trend in peripherals & secondary components Bluetooth 802.11 Emerging threats: endpoint security:  Emerging threats: endpoint security Widespread adoption of portable storage and digital media players USB Firewire Wireless trend in peripherals & secondary components Bluetooth 802.11 Bottom line: Network security strategies do nothing to protect against devices connected inside of your enterprise network. Evolution of security threats:  Evolution of security threats Computing capacity vs. human skill:  Computing capacity vs. human skill The rate that computing power increases is vastly greater than the rate that computer users achieve new understanding. Information security: new solutions:  Information security: new solutions Comprehensive policies that account for portable computing devices, wireless computing, and a mobile workforce User awareness of security issues and policies Technical solutions that mitigate access of storage and communication devices at the endpoint 5 Point strategy to remain secure:  5 Point strategy to remain secure Assess your technology environment Adapt your security policy Have a user awareness plan Put your policies and procedures into action Assess effectiveness and revise your policy Strategy #1: Assess your technology environment:  Strategy #1: Assess your technology environment At a minimum define: Critical information and information systems System owners System users: employees contractors business partners Most likely vulnerabilities and threats to endpoint security Strategy #2: Revise your security policy:  Strategy #2: Revise your security policy At a minimum, revise these two areas: Corporate acceptable use policy Use of personal computing devices: USB storage Bluetooth peripherals Personal media players (e.g. iPod) PDAs Optical drives Multi-function phones Strategy #3: User awareness:  Strategy #3: User awareness Inform users of security issues and their responsibilities through awareness initiatives training education References: NIST 800-50 “Building an Information Technology Security Awareness and Training Program” NIST Awareness, Training, Education http://csrc.nist.gov/ATE/ Strategy #4: Implement your policies and procedures:  Strategy #4: Implement your policies and procedures Assign specific responsibilities Deploy required technical solutions Strategy 4: Assign specific responsibilities:  Strategy 4: Assign specific responsibilities Security manager Managers IT staff Employees Contractors Restrict privileges to critical information to those who require it to be productive Strategy #4: Deploy required technical solutions:  Strategy #4: Deploy required technical solutions Based on your internal analysis of vulnerabilities and threats, protect essential data: in active use in active storage in archival storage in transmission Strategy 4: Example technical solutions:  Strategy 4: Example technical solutions Strategy 4: Example technical solutions:  Strategy 4: Example technical solutions (1) Access control, (2) audit activities, (3) detect events in real-time Strategy #5: Assess effectiveness and revise strategy:  Strategy #5: Assess effectiveness and revise strategy All business systems require a feedback loop As your operating context changes, so too will your security solutions If/when you have endpoint security incidents, be sure to revise your policies appropriately Conclusions:  Conclusions We've only witnessed the tip of the iceberg related to data theft Incident prevention is significantly less costly than incident response Addressing the issue at the endpoint provides the best ratio of risk reduction per dollar Tailor the recommended strategies to your organization's business requirements Slide44:  Media Classes Centrally manage and protect networks from threats associated with removable media devices: Data theft Virus and malware propagation Computer misuse. How DeviceWall Works:  Customer Data Intellectual Property Corp. Knowledge Desperate Housewives Viruses Malware How DeviceWall Works Effective Management Reporting:  Effective Management Reporting DeviceWall 1-minute Overview:  DeviceWall 1-minute Overview Measured response to known risk Intuitive and comprehensive auditing Easy policy creation and deployment Effective guard against unwanted device connections Minimal overhead and ongoing cost of ownership Low cost of acquisition Deploy in minutes, update automatically Temporary access tools keeps users productive Communication minimizes calls to helpdesk Intuitive, fast and effective to manage No specialist training required No need for dedicated staff to run Control Center Technical Specifics:  Supported platforms Windows NT, 2000, XP, 2003 Devices managed PDAs, USB memory, MP3 players, PDAs, CompactFlash, optical drives, external hard drives, digital cameras, mobile phones, Firewire ports, Bluetooth ports and more Server Requirements Pentium, 128MB RAM, 512MB Hard Disk Network Requirements MS IIS 5.0+, Active Directory & NT domains supported Technical Specifics Slide49:  We hope that you have enjoyed this presentation on protecting against the future information security threats. To gain additional information, please examine the following resources: www.sharp-ideas.net www.devicewall.com Program Note:  Program Note This webinar is sponsored by Centennial Software. All referenced research is copyrighted 2006 by Sharp Ideas LLC, and/or its affiliates. All rights reserved. Every reasonable attempt has been made to present accurate and reliable information. However, Sharp Ideas LLC disclaims all warranties as to the accuracy, completeness or adequacy of information contained within the webinar. Sharp Ideas LLC shall have no liability for errors, omissions, or inadequacies in the information contained herein or for interpretations thereof. The opinions expressed herein are subject to change without notice.

Add a comment

Related presentations

Related pages

Emerging Security Threats - UNIDIR

Emerging Security Threats. Current Areas of Work: • Cyber • Outer Space Security • EST Concepts & Other Work . UNIDIR’s Emerging Security Threats ...
Read more

Emerging Information Security Threats news, help and ...

Evaluate Emerging Information Security Threats Vendors & Products. Weigh the pros and cons of technologies, products and projects you are considering.
Read more

6 Emerging Security Threats, and How to Fight Them ...

Hackers are nothing if not creative, so it's important for enterprise security pros to educate themselves about emerging security threats like these six.
Read more

Behind the Headlines, Emerging Security Threats in the ...

The Middle East, as much as ever, is the focus of international attention, but the obvious crises may be a distraction from deeper underlying issues ...
Read more

Security Predictions 2013-2014: Emerging Trends in IT and ...

Security Predictions 2013-2014: Emerging Trends in IT and Security. Instructors at SANS Security West 2012 2013-14 SecWest 2012 Emerging Trends This is ...
Read more

Emerging Security Threats in the Middle East eBook by ...

Lesen Sie Emerging Security Threats in the Middle East The Impact of Climate Change and Globalization von Ashok Swain mit Kobo. Increasingly the Middle ...
Read more

Emerging Threats and New Challenges for Internationale ...

Kursbeschreibung. Since the collapse of the Soviet Union and the end of the global bi-polar power structure, priorities in international security have been ...
Read more

Emerging Threats to National Security (PDF) - RAND

Emerging Threats to National Security GREGORY F. TREVERTON CT-234 February 2005 Testimony presented to the House of Representatives Permanent Select
Read more

Emerging Threats for 2016 - Information Security Forum

Join Steve Durbin, Managing Director of ISF Ltd on the 8th of December 2015 at 14:00 (GMT) for an ISF Webinar: “Emerging Threats for 2016” “As we ...
Read more

Security Threat Report 2014 - sophos.com

Since our last Security Threat Report, malware and related IT security threats have grown and matured, and the developers and publishers of malicious code ...
Read more