disclaimer: opinions or points of view expressed are those ...€¦ · for more see: ‘learning...
TRANSCRIPT
![Page 1: DISCLAIMER: Opinions or points of view expressed are those ...€¦ · For more see: ‘Learning from the Octopus – How Secrets from Nature can fight terrorist attacks, natural](https://reader036.vdocuments.us/reader036/viewer/2022071003/5fc05e4381affe3c881cc238/html5/thumbnails/1.jpg)
DISCLAIMER: Opinions or points of view expressed are those of the author and do not reflect the position of any other organization.
![Page 2: DISCLAIMER: Opinions or points of view expressed are those ...€¦ · For more see: ‘Learning from the Octopus – How Secrets from Nature can fight terrorist attacks, natural](https://reader036.vdocuments.us/reader036/viewer/2022071003/5fc05e4381affe3c881cc238/html5/thumbnails/2.jpg)
WELCOME TO SECURE360 2013Don’t forget to pick up your Certificate of
Attendance at the end of each day.
Please complete the Session Survey front and back, and leave it on your seat.
Are you tweeting? #Sec360 @steenfjalstad
2
![Page 3: DISCLAIMER: Opinions or points of view expressed are those ...€¦ · For more see: ‘Learning from the Octopus – How Secrets from Nature can fight terrorist attacks, natural](https://reader036.vdocuments.us/reader036/viewer/2022071003/5fc05e4381affe3c881cc238/html5/thumbnails/3.jpg)
AGENDA• Overview• Background• Ground Rules
• Nuances• Security Program• Risk• Standards & Frameworks• Cyber Security
• Fast Break Demo
• The Security Journey
• Simple Security Model (exercise)
• Wrap-up
3
KISS (HOW MUCH SECURITY IS ENOUGH?)
![Page 4: DISCLAIMER: Opinions or points of view expressed are those ...€¦ · For more see: ‘Learning from the Octopus – How Secrets from Nature can fight terrorist attacks, natural](https://reader036.vdocuments.us/reader036/viewer/2022071003/5fc05e4381affe3c881cc238/html5/thumbnails/4.jpg)
4
![Page 5: DISCLAIMER: Opinions or points of view expressed are those ...€¦ · For more see: ‘Learning from the Octopus – How Secrets from Nature can fight terrorist attacks, natural](https://reader036.vdocuments.us/reader036/viewer/2022071003/5fc05e4381affe3c881cc238/html5/thumbnails/5.jpg)
BACKGROUND
About this presentation:•Ah-Ha. Where do I start, go next?• Struggle. How much is enough or is that too much?•Knowledge. Many available sources.•Tool. Something to add to your security tool belt.• Source. Time for me to share. Historical and fact based. • Lets go. Continue the dialog…
Security: freedom from danger, risk, etc.; safety.
Cyber Security: measures taken to protect a computer or computer system (as on the Internet) against unauthorized access or attack.
Source: merriam-webster.com5
![Page 6: DISCLAIMER: Opinions or points of view expressed are those ...€¦ · For more see: ‘Learning from the Octopus – How Secrets from Nature can fight terrorist attacks, natural](https://reader036.vdocuments.us/reader036/viewer/2022071003/5fc05e4381affe3c881cc238/html5/thumbnails/6.jpg)
BASIC GROUND RULE 1 OF 3
Security is an ∞ journey, ≠ destination.
6
![Page 7: DISCLAIMER: Opinions or points of view expressed are those ...€¦ · For more see: ‘Learning from the Octopus – How Secrets from Nature can fight terrorist attacks, natural](https://reader036.vdocuments.us/reader036/viewer/2022071003/5fc05e4381affe3c881cc238/html5/thumbnails/7.jpg)
BASIC GROUND RULE 2 OF 3
Even the most secure systems will be compromised.
7
![Page 8: DISCLAIMER: Opinions or points of view expressed are those ...€¦ · For more see: ‘Learning from the Octopus – How Secrets from Nature can fight terrorist attacks, natural](https://reader036.vdocuments.us/reader036/viewer/2022071003/5fc05e4381affe3c881cc238/html5/thumbnails/8.jpg)
BASIC GROUND RULE 3 OF 3
$ecurity <> Security
“It's possible to spend a fortune on security, but if it's done poorly, it doesn't help a business,” -
Gartner Consulting (2010) 8
Est. $337 Billion on IT Security 2006-11
Est. 5,114 data loss incidents 2006-11
IT Budget as a percentage of overall revenue* or operating expense** (2011 Garner Report):• 3.5% Commercial organizations*• 6.0% Technology-intensive*• 4.5% Media, entertainment , professional services*• 8.5% Government**• 4.8% Education**• NA not-for-profit
IT Security Spending as a percentage of IT Budget (2010 Gartner Survey):• 5% total IT budget spent on Security
Survey deep dive:• 37% is spent on personnel• 25% on software• 20% on hardware• 10% on outsourcing• 9% on consulting
$525/yr per employee 2009
![Page 9: DISCLAIMER: Opinions or points of view expressed are those ...€¦ · For more see: ‘Learning from the Octopus – How Secrets from Nature can fight terrorist attacks, natural](https://reader036.vdocuments.us/reader036/viewer/2022071003/5fc05e4381affe3c881cc238/html5/thumbnails/9.jpg)
9
![Page 10: DISCLAIMER: Opinions or points of view expressed are those ...€¦ · For more see: ‘Learning from the Octopus – How Secrets from Nature can fight terrorist attacks, natural](https://reader036.vdocuments.us/reader036/viewer/2022071003/5fc05e4381affe3c881cc238/html5/thumbnails/10.jpg)
NUANCES OF A SECURITY PROGRAMTechnology Security
• Computer & Network Security• Firewalls• DDoS, Viruses, Worms,
Crimeware• System Hardening• Encryption• Engineering• Intrusion Prev./Intrusion
Detection• Incident Response• Access Controls/Change Mgmt.• Security Information & Event
Management (SIEM)
Information Security• Risk Management• Business Continuity & Disaster
Planning• Awareness Training• Intellectual Property• Business/Financial Integrity• Regulatory Compliance &
Auditing• Industrial Espionage• Privacy• Forensics & Investigations• Data Loss Prevention
Strategic Security• Terrorism & Cyber Crime• Regional Interests (Including
Cyber and Natural Disaster)• Nation State Interests• Intelligence Analysis• Professional & Trusted
Alliances• Politics• Strategies and Tactics• Red Teaming & simulated
attacks*
Modified from Source: University of Washington
Technical Problems Business Problems Critical Security Problems
People, Process, Technology
Continued Research
CSO/CISO = Chief of What?
10
![Page 11: DISCLAIMER: Opinions or points of view expressed are those ...€¦ · For more see: ‘Learning from the Octopus – How Secrets from Nature can fight terrorist attacks, natural](https://reader036.vdocuments.us/reader036/viewer/2022071003/5fc05e4381affe3c881cc238/html5/thumbnails/11.jpg)
NUANCES OF RISK
Known Consequences• Loss of data• System Outage• Traffic light DDoS• Airport Runways (Chicago)• Loss of Reputation
Known Vulnerabilities • Patch Management• Weak Code & Weak
Configuration• FUZZING
• Information leakage• Poor Passwords (default)
• PADDING• User Credentials (default)• Insiders• Spearphishing
• EMAIL ALIAS
Known Threats • OpUSA (May 7-9)..maybe• APT1 (Mandiant)• BRIC• Insiders• Cyber Jihadists• You….yes, you!• Various Breach Reports
(Verizon, Symantec, etc.)
11
Known Risk & Unknown Risk
Risk Management must include adaptability & resiliency (1st nod to the animal kingdom).
Unknown Threats • BLACK SWANS• Cyber Pearl Harbor
Unknown Vulnerabilities • 0 Day• Achilles heel
Unknown Consequences • Atomic, biological, chemical• Drone Compromise
![Page 12: DISCLAIMER: Opinions or points of view expressed are those ...€¦ · For more see: ‘Learning from the Octopus – How Secrets from Nature can fight terrorist attacks, natural](https://reader036.vdocuments.us/reader036/viewer/2022071003/5fc05e4381affe3c881cc238/html5/thumbnails/12.jpg)
NUANCES OF STANDARDS & FRAMEWORKS
12
“Organizations have made compliance in general the basis of their information security policies. As a community, we have not evolved at all. “
-Joshua Corman, 2009
![Page 13: DISCLAIMER: Opinions or points of view expressed are those ...€¦ · For more see: ‘Learning from the Octopus – How Secrets from Nature can fight terrorist attacks, natural](https://reader036.vdocuments.us/reader036/viewer/2022071003/5fc05e4381affe3c881cc238/html5/thumbnails/13.jpg)
NUANCES OF CYBER SECURITY
Traditionally Cyber Security focuses on (NIST 1995):• Confidentiality: A requirement that private or confidential information not
be disclosed to unauthorized individuals.
• Integrity: Data integrity is a requirement that information and programs are changed only in a specified and authorized manner. System integrity is a requirement that a system performs its intended function in an unimpaired manner, free from deliberate or inadvertent unauthorized manipulation of the system.
• Availability: A requirement intended to ensure that systems work promptly and service is not denied to authorized users.
Cyber Security is using people, processes, & technologies … increase electronic information & communication system confidentiality, integrity, and availability …
@ an acceptable level…13
![Page 14: DISCLAIMER: Opinions or points of view expressed are those ...€¦ · For more see: ‘Learning from the Octopus – How Secrets from Nature can fight terrorist attacks, natural](https://reader036.vdocuments.us/reader036/viewer/2022071003/5fc05e4381affe3c881cc238/html5/thumbnails/14.jpg)
INTEGRITY
Bloomberg: “the hoax erased $136 billion in equity market value in 3 minutes.”
NUANCES OF CYBER SECURITY, CONT.
CONFIDENTIALITY
April 2011 – 70 million individuals had user names, passwords, birthdays, other personal information stolen.
CIA triad to classify cyber breach
Recent security events tied directly to Confidentiality, Integrity, Availability.
14
AVAILABILITY
Multiple bank web-sites down due to DDoS April 2013. Software issue caused hundred of flight cancelations April 2013.
Stay up on breaches, hacks, exploits…if you don’t have that vulnerability don’t mitigate.
![Page 15: DISCLAIMER: Opinions or points of view expressed are those ...€¦ · For more see: ‘Learning from the Octopus – How Secrets from Nature can fight terrorist attacks, natural](https://reader036.vdocuments.us/reader036/viewer/2022071003/5fc05e4381affe3c881cc238/html5/thumbnails/15.jpg)
NUANCES OF CYBER SECURITY, CONT.
Confidentiality: All electronic information and physical access is limited to individuals with a need to know.
Integrity: All electronic and physical component user and system change is controlled and monitored to prevent and detect any and all additions, changes, and removals.
Availability: All electronic and physical components are available and recoverable.
15
CIA based security controls – Internal
“By failing to prepare, we are preparing to fail.” – Ben Franklin
![Page 16: DISCLAIMER: Opinions or points of view expressed are those ...€¦ · For more see: ‘Learning from the Octopus – How Secrets from Nature can fight terrorist attacks, natural](https://reader036.vdocuments.us/reader036/viewer/2022071003/5fc05e4381affe3c881cc238/html5/thumbnails/16.jpg)
NUANCES OF CYBER SECURITY, CONT.Confidentiality: Out of the box software
must allow for all electronic and physical component information to only be accessed by individuals with a need to know.
Integrity: Out of the box software must allow for all electronic and physical component user and system changes to be controlled and monitored to only allow authorized and prevent unauthorized additions, changes, and removals.
Availability: Out of the box software must allow for all electronic and physical components to be available and recoverable.
CIA based security controls – Software & Vendor
“An ounce of prevention is worth a pound of cure.” – Ben Franklin
2008 Cyber Security Procurement Language for Control Systems Version 1.8 (DHS, INL, MS-ISAC, SANS)
16
![Page 17: DISCLAIMER: Opinions or points of view expressed are those ...€¦ · For more see: ‘Learning from the Octopus – How Secrets from Nature can fight terrorist attacks, natural](https://reader036.vdocuments.us/reader036/viewer/2022071003/5fc05e4381affe3c881cc238/html5/thumbnails/17.jpg)
17
![Page 18: DISCLAIMER: Opinions or points of view expressed are those ...€¦ · For more see: ‘Learning from the Octopus – How Secrets from Nature can fight terrorist attacks, natural](https://reader036.vdocuments.us/reader036/viewer/2022071003/5fc05e4381affe3c881cc238/html5/thumbnails/18.jpg)
FAST BREAK - DEMODEMO:• Integrity: OS integrity will be changed - system event log will have shutdown event inserted.• Confidentiality: Access to box could happen by obtaining passwords through unencrypted
traffic (post-it note). (This demo shows Armitage….it works.)• Availability: System shut down – game over.
18
‘shutdown -s -t 900’ (-t 00 = immediately)
‘shutdown –a’
Availability ‘Payload’
http://www.fastandeasyhacking.com/images/screenshots/armitage4.png
![Page 19: DISCLAIMER: Opinions or points of view expressed are those ...€¦ · For more see: ‘Learning from the Octopus – How Secrets from Nature can fight terrorist attacks, natural](https://reader036.vdocuments.us/reader036/viewer/2022071003/5fc05e4381affe3c881cc238/html5/thumbnails/19.jpg)
19
![Page 20: DISCLAIMER: Opinions or points of view expressed are those ...€¦ · For more see: ‘Learning from the Octopus – How Secrets from Nature can fight terrorist attacks, natural](https://reader036.vdocuments.us/reader036/viewer/2022071003/5fc05e4381affe3c881cc238/html5/thumbnails/20.jpg)
THE SECURITY JOURNEY. FOOTBALL
Security in the game of football is easy…if only everything were…
20
![Page 21: DISCLAIMER: Opinions or points of view expressed are those ...€¦ · For more see: ‘Learning from the Octopus – How Secrets from Nature can fight terrorist attacks, natural](https://reader036.vdocuments.us/reader036/viewer/2022071003/5fc05e4381affe3c881cc238/html5/thumbnails/21.jpg)
1908 Ford Model T• Laminated glass (1930)
http://commons.wikimedia.org/wiki/File:1926_Ford
1926 Ford Model T• Turn signals (1939)
Little harder…
Pont A-B
Night driving
THE SECURITY JOURNEY. CARS
21
2009 Lincoln MKS• Early Collision Warning
Brake Support (2000s)
Inattentive driver
![Page 22: DISCLAIMER: Opinions or points of view expressed are those ...€¦ · For more see: ‘Learning from the Octopus – How Secrets from Nature can fight terrorist attacks, natural](https://reader036.vdocuments.us/reader036/viewer/2022071003/5fc05e4381affe3c881cc238/html5/thumbnails/22.jpg)
THE SECURITY JOURNEY. ‘WHAT’S NEXT?’Extremely sensitive and
important data. *No visitors allowed.
http://www.swissfortknox.com
“Resistant against any known civil, terroristic and military threat (ABC, EMP, earth quakes, floods, landslides and large-scale fires)”
22
![Page 23: DISCLAIMER: Opinions or points of view expressed are those ...€¦ · For more see: ‘Learning from the Octopus – How Secrets from Nature can fight terrorist attacks, natural](https://reader036.vdocuments.us/reader036/viewer/2022071003/5fc05e4381affe3c881cc238/html5/thumbnails/23.jpg)
THE SECURITY JOURNEY. YOUR COMPANY
Information, cell phone, door, window, document, object, computer, person, place, thing, formula, etc.
23
What is the security journey for your industry or company like? Anyone ?
![Page 24: DISCLAIMER: Opinions or points of view expressed are those ...€¦ · For more see: ‘Learning from the Octopus – How Secrets from Nature can fight terrorist attacks, natural](https://reader036.vdocuments.us/reader036/viewer/2022071003/5fc05e4381affe3c881cc238/html5/thumbnails/24.jpg)
24
![Page 25: DISCLAIMER: Opinions or points of view expressed are those ...€¦ · For more see: ‘Learning from the Octopus – How Secrets from Nature can fight terrorist attacks, natural](https://reader036.vdocuments.us/reader036/viewer/2022071003/5fc05e4381affe3c881cc238/html5/thumbnails/25.jpg)
SIMPLE SECURITY MODEL 1. What are you securing? Must always start here.2. Define the World. 3. Define the Threats.
4. Define the Loss.5. Define the Security Measures (Spend or Mitigation).6. Define what will not be Secured (Spent or Mitigated).
25
Modified from Source: University of Minnesota – Twin Cities ( CSC5271 - KTB!)
If the security program cannot tie back to the object being secured, then the program
must change.
![Page 26: DISCLAIMER: Opinions or points of view expressed are those ...€¦ · For more see: ‘Learning from the Octopus – How Secrets from Nature can fight terrorist attacks, natural](https://reader036.vdocuments.us/reader036/viewer/2022071003/5fc05e4381affe3c881cc238/html5/thumbnails/26.jpg)
SIMPLE SECURITY MODEL - ANIMAL EXERCISE
26Cheetah, Elephant, Gazelle, Giraffe, Gnu (wildebeest), Gorilla, Hippopotamus, Lion, Ostrich, Rhinoceros
1. What are you securing? Using your animal (think of one if need be). Your animal is what you are securing.2. Define the World. What is the world the animal lives in?3. Define the Threats. What will compromise the animal?4. Define the Loss. What bad stuff can happen (include extremes)?5. Define the Security Measures (Spend or Mitigation). What has the animal developed to deal with these threats and losses?6. Define what will not be Secured (Spent Mitigated). What will the animal not worry about?
Work by yourself, 1:1, groups, please take 3 minutes to talk and work out this exercise…
![Page 27: DISCLAIMER: Opinions or points of view expressed are those ...€¦ · For more see: ‘Learning from the Octopus – How Secrets from Nature can fight terrorist attacks, natural](https://reader036.vdocuments.us/reader036/viewer/2022071003/5fc05e4381affe3c881cc238/html5/thumbnails/27.jpg)
27
Work by yourself, 1:1, groups, please take 3 minutes to talk and work out this exercise…
SIMPLE SECURITY MODEL - ANIMAL EXERCISE1. What are you securing? Using your animal (think of one if need be). Your animal is what you are securing.2. Define the World. What is the world the animal lives in?3. Define the Threats. What will compromise the animal?4. Define the Loss. What bad stuff can happen (include extremes)?5. Define the Security Measures (Spend or Mitigation). What has the animal developed to deal with these threats and losses?6. Define what will not be Secured (Spent Mitigated). What will the animal not worry about?
Cheetah, Elephant, Gazelle, Giraffe, Gnu (wildebeest), Gorilla, Hippopotamus, Lion, Ostrich, Rhinoceros
![Page 28: DISCLAIMER: Opinions or points of view expressed are those ...€¦ · For more see: ‘Learning from the Octopus – How Secrets from Nature can fight terrorist attacks, natural](https://reader036.vdocuments.us/reader036/viewer/2022071003/5fc05e4381affe3c881cc238/html5/thumbnails/28.jpg)
28
By using security lessons from nature we realize that animals are only secure enough for the world they live in…and sometimes they do go extinct….but they are extremely resilient and adapt when faced with unknowns….and have 3B years of lessons for us to learn from.
• Define the Security Measures (mitigation):• Size: The largest lion was recorded to be nearly 700
pounds and nearly 11 foot long.• Age: The oldest lion on record was nearly 29 years
old.• Vision: A lion's eyesight is five times better than a
human being.• Hearing: A lion can hear prey from a mile away.• Smell: Lions can smell nearby prey and estimate
how long it was in the area.• Sound: A lion's roar can be heard from five miles
away.• Diet: Lions can go four days without drinking.• Humans and conservation projects (extra)
• Define what will not be Secured.• Humans & Guns• Habitat Reduction
Sample Results: Lion• Define the World:
• African Plains & Jungle• Define the Threats:
• Humans & Guns• Loss of Habitat• Drought• Hunger• Other Lions & Animals
• Define the Loss:• Death• Capture• Extinction
For more see: ‘Learning from the Octopus – How Secrets from Nature can fight terrorist attacks, natural disasters, and disease’ – Rafe Sagarin
SIMPLE SECURITY MODEL - ANIMAL EXERCISE1. What are you securing? Using your animal (think of one if need be). Your animal is what you are securing.2. Define the World. What is the world the animal lives in?3. Define the Threats. What will compromise the animal?4. Define the Loss. What bad stuff can happen (include extremes)?5. Define the Security Measures (Spend or Mitigation). What has the animal developed to deal with these threats and losses?6. Define what will not be Secured (Spent Mitigated). What will the animal not worry about?
![Page 29: DISCLAIMER: Opinions or points of view expressed are those ...€¦ · For more see: ‘Learning from the Octopus – How Secrets from Nature can fight terrorist attacks, natural](https://reader036.vdocuments.us/reader036/viewer/2022071003/5fc05e4381affe3c881cc238/html5/thumbnails/29.jpg)
BUT ANIMALS ARE NOT COMPUTERS…
Idea, object, door, window, document, computer, laptop, tablet, person, place, thing, formula, etc:• Cell phones • Databases• Intellectual property• Employee records• Patient records• Internet Connectivity• Insiders• Etc.
29
1. What are you securing? Using your <object> (think of one if need be). Your <object> is what you are securing.2. Define the World. What is the world the <object> lives in?3. Define the Threats. What will compromise the <object>?4. Define the Loss. What bad stuff can happen (include extremes)?5. Define the Security Measures (Spend or Mitigation). What has the <object> developed to deal with these threats and losses?6. Define what will not be Secured (Spent Mitigated). What will the <object> not worry about?
If the security program cannot tie back to the object being secured, then the program
must change.
![Page 30: DISCLAIMER: Opinions or points of view expressed are those ...€¦ · For more see: ‘Learning from the Octopus – How Secrets from Nature can fight terrorist attacks, natural](https://reader036.vdocuments.us/reader036/viewer/2022071003/5fc05e4381affe3c881cc238/html5/thumbnails/30.jpg)
30
![Page 31: DISCLAIMER: Opinions or points of view expressed are those ...€¦ · For more see: ‘Learning from the Octopus – How Secrets from Nature can fight terrorist attacks, natural](https://reader036.vdocuments.us/reader036/viewer/2022071003/5fc05e4381affe3c881cc238/html5/thumbnails/31.jpg)
WRAP UP
31
1. What are you securing? Must always start here.2. Define the World. 3. Define the Threats.4. Define the Loss.5. Define the Security Measures (Spend or Mitigation).6. Define what will not be Secured (Spent or Mitigated).
If the security program cannot tie back to the object being secured, then the program
must change.
![Page 32: DISCLAIMER: Opinions or points of view expressed are those ...€¦ · For more see: ‘Learning from the Octopus – How Secrets from Nature can fight terrorist attacks, natural](https://reader036.vdocuments.us/reader036/viewer/2022071003/5fc05e4381affe3c881cc238/html5/thumbnails/32.jpg)
![Page 33: DISCLAIMER: Opinions or points of view expressed are those ...€¦ · For more see: ‘Learning from the Octopus – How Secrets from Nature can fight terrorist attacks, natural](https://reader036.vdocuments.us/reader036/viewer/2022071003/5fc05e4381affe3c881cc238/html5/thumbnails/33.jpg)
EXTRA LESSON TIME - ANIMALS (INSECTS)DDoS (DNS Re-routing lesson from ants):
“When an established path to a food source is blocked by an obstacle, the foragers leave the path to explore new routes. If an ant is successful, it leaves a new trail marking the shortest route on its return. Successful trails are followed by more ants, reinforcing better routes and gradually identifying the best [new] path.”
-Goss S, Aron S, Deneubourg JL, Pasteels JM (1989). "Self-organized shortcuts in the Argentine ant"
Under Attack (Information sharing lesson from ants):“Ants use pheromones for more than just making trails. A crushed ant emits an alarm pheromone that sends ants into an attack frenzy and attracts more ants from farther away. “
-D'Ettorre P, Heinze J (2001). "Sociobiology of slave-making ants".
33
![Page 34: DISCLAIMER: Opinions or points of view expressed are those ...€¦ · For more see: ‘Learning from the Octopus – How Secrets from Nature can fight terrorist attacks, natural](https://reader036.vdocuments.us/reader036/viewer/2022071003/5fc05e4381affe3c881cc238/html5/thumbnails/34.jpg)
SLIDE REFERENCES
34
3:
http://farm4.static.flickr.com/3103/2853985315_b8805e2eb6.jpg
http://www.secmeme.com/2011/03/too-much-security.html
http://eveopportunist.blogspot.com/2013/01/corp-security-part-1-risks-without.html
6:
http://www.scenicreflections.com/media/522287/forrest_trail_Wallpaper/
http://pixdaus.com/files/items/pics/1/90/274190_2a5dba1dae456cf9576bfad78d36438f_large.jpg
http://www.altaplanning.com/App_Content/images/fp_img/pacific_crest_trail_fld.jpg
http://www.wallpaperhi.com/thumbnails/detail/20111201/fall_trail.jpg
http://www.ganeshbhandari.com/wp-content/uploads/2011/07/Mount-Everest-1.jpg
7:
http://teachersites.schoolworld.com/webpages/KJordan1/imageGallery/DinosaursRef1.gif
http://upload.wikimedia.org/wikipedia/commons/f/f1/Maginot_Line_ln-en.jpg
http://www.reuters.com/article/2012/09/12/us-usa-security-nuclear-idUSBRE88B06E20120912
8:
Source: http://money.cnn.com/galleries/2011/technology/1107/gallery.cyber_security_costs/4.html
Source: http://datalossdb.org/statistics
Source: http://en.community.dell.com/dell-groups/dell_it_efficiency_metrics/w/overall_it_performance_metrics/it-spending-as-a-percent-of-overall-revenue.aspx
Source: http://www.computerworld.com/s/article/9187239/How_much_should_you_spend_on_IT_security_
16:https://www.asis2012.org/news/announcements/Documents/Utility%20Smart%20Grid%20Security.pdf?Mobile=1&Source=%2Fnews%2Fannouncements%2F_layouts%2Fmobile%2Fview.aspx%3FList%3D05cf25b5-c813-402e-8766-26867cdd4b7a%26View%3D8779b205-936e-4b86-aabb-f36578c11b8e%26CurrentPage%3D1
http://energy.gov/sites/prod/files/oeprod/DocumentsandMedia/SCADA_Procurement_Language.pdf
20:http://thumbs.dreamstime.com/z/nfl-football-field-eps-16199956.jpg
http://www.popularmechanics.com
_Model_T_-_back_view.jpg
http://en.wikipedia.org/wiki/File:Collision_Warning_Brake_Support.jpg
27:http://www.brecknock.com/colimonb
28:http://www.lions.org/lion-the-animal-more.html