1 / 50

“7 Steps to Guard Against Hackers, Disasters, and Thieves”

“7 Steps to Guard Against Hackers, Disasters, and Thieves”. Tuesday, November 1, 2005 ASU West Phoenix, AZ Debbie Christofferson Sapphire-Security Services LLC. Debbie Christofferson, CISSP, CISM. DebbieChristofferson@earthlink.net www.Sapphire-Security.com

ryann
Download Presentation

“7 Steps to Guard Against Hackers, Disasters, and Thieves”

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. “7 Steps to Guard Against Hackers, Disasters, and Thieves” Tuesday, November 1, 2005 ASU West Phoenix, AZ Debbie Christofferson Sapphire-Security Services LLC

  2. Debbie Christofferson,CISSP, CISM • DebbieChristofferson@earthlink.net • www.Sapphire-Security.com • 602-268-3517 or Mobile 480-988-4194 • 14 yrs Fortune 500 industry experience in security management and strategy • Leading edge security certifications • Business owner • Help organizations identify and manage security and career strategy through • Consulting, education & training, business coaching, speaking and writing DebbieChristofferson@Earthlink.net

  3. What are your most pressing security concerns? DebbieChristofferson@Earthlink.net

  4. Contents • Risks & rewards • Strategy • People • Processes • Technology • Trends • Call to Action • Resources DebbieChristofferson@Earthlink.net

  5. Personal Benefits • Protect your privacy • Safeguard against identity theft • Avoid disruption • Prevent loss of records and data DebbieChristofferson@Earthlink.net

  6. School Benefits • Assure student privacy, protect financial and medial records • Protect integrity of research, grades, tests, and curriculum • Keep IT infrastructure up and running to support educational activities • Provide stable online environment for registration and class delivery • Safeguard reputation DebbieChristofferson@Earthlink.net

  7. What are you protecting, and what’s the value if it’s lost, stolen, altered, or unavailable? DebbieChristofferson@Earthlink.net

  8. Got Security? • Black Hat vs. White Hat? www.blackhatbriefings.com DebbieChristofferson@Earthlink.net

  9. Digital Trade Secrets www.pl8s.com/coke.htm • From 50 to 70 percent of the value of a company today is derived from its proprietary data and trade secrets, and 90 percent of those secrets can be found in digital form. American Society for Industrial Securityand PricewaterhouseCoopers 2000 study http://www.business2.com/b2/subscribers/articles/print/0,17925,527791,00.html DebbieChristofferson@Earthlink.net

  10. “Spyware Will be a Top Threat in 2005” www.watchguard.com by Marcia Savage, SC Magazine “82% of companies reported virus attacks, even though 99% of them ran anti-virus software” The 2003 CSI/FBI Computer Crime and Security Survey Nightcrawlers DebbieChristofferson@Earthlink.net

  11. “Botnets More Menacing Than Ever” “…More than a million machines worldwide are bot-infested and under the control of hackers; … (most) attacks … monitored last year were designed to covertly steal information or take over computers for criminal purposes.” By Bill Brenner, News Writer18-Mar-2005, SearchSecurity.com DebbieChristofferson@Earthlink.net

  12. “Spam Nightmare Grows for Small Firms” “Small companies are suffering at the hands of spammers, because they do not have the correct defenses in place. A new report reveals that companies with 100 users or fewer can receive up to ten times more Spam than large businesses.” The SC Infosecurity Newswire, January 28, 2005, http://www.scmagazine.com DebbieChristofferson@Earthlink.net

  13. “ … in 2003 U.S. corporations spent more than $25 billion to keep hackers out of their databases.” BY Art Jahnke, CSOOnline Magazine, 010105 http://www.csoonline.com/read/010105/russian.htm DebbieChristofferson@Earthlink.net

  14. “…a group of hackers …, learned the practice of "carding"—buying goods online with stolen credit cards.” “ … among other things, tapped a database of an estimated 50,000 credit cards …” BY Art Jahnke, CSOOnline Magazine, 010105, “Russian Roulette”, http://www.csoonline.com/read/010105/russian.html DebbieChristofferson@Earthlink.net

  15. We’re Under Attack! • “82% of companies reported virus attacks, even though 99% of them ran anti-virus software.” • – 2003 CSI/FBI Computer Crime & Security Survey. • “Symantec Corp. tests indicated an IM virus could infect as many as half a million users in as little as 30 to 40 seconds.” • “Security Wire Perspectives”, 12/6/04, Information Security Magazine • “Spyware Will be a top Threat in 2005”, • www.watchguard.com by Marcia Savage, SC Magazine • “Identity Theft Now Costs US Businesses Some $33B a Year” - Peter Krass, CFO-IT Spring 2005 • Spam nightmare grows for Small Firms” • The SC Infosecurity Newswire, 1/28/05 www.scmagazine.com DebbieChristofferson@Earthlink.net

  16. We Make it Easy Thieves snatch documents containing Social Security numbers and other personal data from the mail, steal computers with stored data, hack databases, buy IDs from other thieves, bribe company insiders, fish through the trash, and trick us into providing their user Ids and passwords. “The New Face of Identity Theft”, CFO-IT, Spring 2005 DebbieChristofferson@Earthlink.net

  17. ChoicePoint’s stock dropped nearly 10% after announcing that criminals duped it into giving access to its database. “ChoicePoint Execs Sold Stock Before Leak Revealed” Harry R. Webber of the Associated Press, The Arizona Republic, 2/27/05 DebbieChristofferson@Earthlink.net

  18. DebbieChristofferson@Earthlink.net

  19. Credit agency reports security breach News Story by Carly SuppaMARCH 17, 2004 (ITWORLDCANADA) - TORONTO - More than 1,400 Canadians, primarily in the provinces of British Columbia and Alberta, have been notified of a major security breach at Equifax Canada Inc., a national consumer-credit reporting agency. DebbieChristofferson@Earthlink.net

  20. DebbieChristofferson@Earthlink.net

  21. DebbieChristofferson@Earthlink.net

  22. DebbieChristofferson@Earthlink.net

  23. Phishing Symantec filters blocking 33M phishing attempts a week in Dec/04, up from 9M a week in Jul/04, …an increase of … 366%. 3/21/05 press release at http://ses.symantec.com/ content.cfm?ArticleID=5491 DebbieChristofferson@Earthlink.net

  24. Instant Messaging Risk • Symantec Corp. tests indicated an IM virus could infect as many as half a million users in as little as 30 to 40 seconds. • Meta Group analyst Matt Cain pegs sanctioned IM at less than a 17% corporate penetration rate, while Sybari Software Inc. said more than 90% of enterprises are using IM. “Security Wire Perspectives”, Vol. 6, No. 93, December 6, 2004 by Information Security Magazine DebbieChristofferson@Earthlink.net

  25. “Thieves Tap Wi-Fi Networks With Ease” “Connections are being commandeered for child pornography, fraud, death threats and identity and credit-card theft.” “…Most consumers who spend the $60 to $80 for a wi-fi router are just happy to make it work at all and never turn on encryption.” By Seth Schiesel, New York Times The Arizona Republic, March 20, 2005 DebbieChristofferson@Earthlink.net

  26. “Mobile Phone Virus Found in US” “The world's first mobile phone virus ‘in the Wild’ has spread to the United States from its birthplace in the Philippines eight months ago, … The virus, called Cabir, has spread slowly into 12 countries and marks the beginning of the mobile phone virus era, …” From MSNBC.com (Topic: Mobile Viruses) Feb 18:( (2005) http://www.businessweek.com/magazine/content/05_09/b3922046_mz011.htm DebbieChristofferson@Earthlink.net

  27. Security Questions • Is your system used to • Spew our forged email? • Hack and deface web sites? • Serve child pornography? • Illegally download music or software? • What are you posting on the network? • What are you doing to place yourself and your school at risk? DebbieChristofferson@Earthlink.net

  28. The Human Element

  29. “The Weakest Link!” “When I did security audits, I found the fastest path into a secure area was to effectively look for the key under the doormat. People simply don't think about security enough and, without knowing it, will often create exposures … to simplify their jobs. …No platform alone can fully compensate for this.” “What if Microsoft Got it Right?”, By Rob Enderle, TechNewsWorld, 03/01/04 http://www.technewsworld.com/story/32976.html DebbieChristofferson@Earthlink.net

  30. “I’ve Seen the Enemy and the Enemy is Me” “If the exposure is people and people are gullible, then security at a product level might only make you feel more secure. You might not actually be more secure.” “What if Microsoft Got it Right?” By Rob Enderle, TechNewsWorld 3/1/05 http://www.technewsworld. com/story/32976.html DebbieChristofferson@Earthlink.net

  31. “…Lack of consumer awareness, if not downright naiveté, allows the war to escalate.” …between hackers and security programmers The Arizona Republic, 12/27/04, “Hackers Hone for Holidays DebbieChristofferson@Earthlink.net

  32. “… Home users who aren't updating their antivirus or installing security patches may have to get burned before they understand,” - Steve Fallin, director of WatchGuard's rapid response team “Extroverts More Likely to Open Virus-Laden E-Mail Attachments,”, Mark Baard Contributing Writer, Security Wire Perspective, 01/24/05, published by Information Security Magazine DebbieChristofferson@Earthlink.net

  33. “Stolen passwords enable ID thieves to roam undetected in computer systems.”CFO Magazine (CFO-IT), Spring 2005 DebbieChristofferson@Earthlink.net

  34. What is Your Favorite Pet’s Name? • T-Mobile.com requires users to answer a "secret question" if they forget their passwords. For Hilton's account, the secret question was "What is your favorite pet's name?" By correctly providing the answer, any internet user could change Hilton's password and freely access her account. • “How Paris Hilton Got Hacked” Feb 22 2005, Mobile Tracker, • http://www.mobiletracker.net/archives/2005/02/22/paris-hilton-hacked-sidekick-phone- DebbieChristofferson@Earthlink.net

  35. What are You Throwing Out? DebbieChristofferson@Earthlink.net

  36. Virus protection at client and server Software updates Camera phones Encryption USB Storage devices Peer to Peer file sharing Secure Remote access Wireless security Technology: Hype Vs. Reality DebbieChristofferson@Earthlink.net

  37. Over 70% of wireless LANs have no security at all, allowing hackers to access corporate networks from outside a corporate building source: WorldWide WarDrive Wifi Finder detects wireless networks up to 200 feet away DebbieChristofferson@Earthlink.net

  38. “Hacker Breaches T-Mobile Systems, Reads US Secret Service Email” “A sophisticated computer hacker had access to servers at wireless giant T-Mobile for at least a year, which he used to monitor US Secret Service email, obtain customers' passwords and Social Security numbers, and download candid photos taken by Sidekick users, including Hollywood celebrities, SecurityFocus has learned. By Kevin Poulsen, SecurityFocus, 01/12/05 http://www.theregister.co.uk/2005/01/12/hacker_penetrates_t-mobile/ DebbieChristofferson@Earthlink.net

  39. Software Quality "You really need a revolution in the IT industry, …. If engineers built bridges as software developers build software, there wouldn't be a bridge standing. Mary Ann Davidson, Oracle CSO, “Security Wire Perspectives”, Vol. 6, No. 93, December 6, 2004 by Information Security Magazine DebbieChristofferson@Earthlink.net

  40. Trends • Regulations and Compliance • Mergers & Acquisitions • Outsourcing of security DebbieChristofferson@Earthlink.net

  41. Forensics • “Evidence is becoming increasingly harder to destroy, says forensic accountant Peter Dent”www.deloitte.com Super-sleuth Sherlock solved crimes with forensic chemistry DebbieChristofferson@Earthlink.net

  42. Tech Trends www.dw-world.de/ dw/article/ 0,,1113690,00.html • Mobile & Wireless • Voice and video over IP • Broadband from the power plug • Blogging • PodCasting • eLearning • RFID • Biometrics DebbieChristofferson@Earthlink.net

  43. What info gets indexed; is it sensitive? • Who has access to the computer • Google utility indexes past web searches and cached web pages, including secure web pages DebbieChristofferson@Earthlink.net

  44. Increasing Crime • “…Sale of bootleg products is estimated at to account for up to 7 percent of global trade…” CSO Magazine, December, 2004, • “Top Billing: News From Inside the Beltway” • “… 13.3% of all computer thefts involve PDAs • http://www.pcphonehome.com/index.php! Complete survey isavailable at the Brigadoon Web site www.brigadoonsoftware.com DebbieChristofferson@Earthlink.net

  45. High Tech Theft • Laptop Thefts:1.6 million laptops stolen in the USA in the last 3 years. Worldwide statistics are similarhttp://www.pcphonehome.com/index.php • CPU Scams: Hardware thefts top a million dollars a week. Auction sites and small shops often offer PCs with doctored chips. • http://www.pcworld.com/news/article/0,aid,9734,00.aspChristina Wood in April 1999 issue of PC World magazine • Freight Theft: “Last Christmas, a gang sliced open the padlock on a parked big rig north of the 101 freeway in Santa Clara, CA, quickly loaded the booty onto a nearby truck and drove off into the night. The holiday payoff: a cool $3 million in Cisco boards. • “Thwarting the Perfect Crime”, Jonathan Littman, 4/1/03 Electronic Business. www.TapaOnline.org DebbieChristofferson@Earthlink.net

  46. Call to Action • You are the key to success • Practice safe computing • Keep your system up to date • Run anti-virus regularly • Use a firewall • Keep passwords private • Use legal software DebbieChristofferson@Earthlink.net

  47. Summary • Stay aware • Think security • Keep safe online DebbieChristofferson@Earthlink.net

  48. Free US Consumer Credit Report • www.annualcreditreport.com or • Call 877-322-8228 toll-free • Or complete the Annual Credit Report Request Form and mail it to • Annual Credit Report Request Service • P. O. Box 105281, Atlanta, GA 30348-5281 • Starts in June for Southern states, in September for Eastern states, and already in affect in Western and Northern states. • Visit www.ftc.gov for more information • www.myfico.com for credit scores (for a paid fee) DebbieChristofferson@Earthlink.net

  49. To Receive Free Resources • “Tips & Tricks to Pass the CISSP Exam” • “The Security Strategist” Newsletter – Subscribe today by sending email: • List of resources for those interested in a security career • Send email with request in subject line to: DebbieChristofferson@earthlink.net DebbieChristofferson@Earthlink.net Previous Page

  50. Debbie Christofferson, CISSP, CISM • Getting the results you need to protect your bottom line. • Helping organizations build and manage a successful security strategy based on risks and the bottom line. • 20 years international Fortune 500 management experience with Intel Corp, across the US, Europe and Greater Asia. Published author. • “The Security Strategist” Newsletter –send email to subscribe now! • Sapphire-Security Services LLC • DebbieChristofferson@earthlink.net • www.sapphire-security.com DebbieChristofferson@Earthlink.net

More Related