![Page 1: How to Rebuild the Controls and Confidence after Data Exfiltration Occurs](https://reader035.vdocuments.us/reader035/viewer/2022081414/54b350c24a79599c248b45d2/html5/thumbnails/1.jpg)
How to Rebuild the Controls and
Confidence after Data Exfiltration Occurs
Brian BlankenshipOperations Information Security OfficerHeartland Payment Systems
![Page 2: How to Rebuild the Controls and Confidence after Data Exfiltration Occurs](https://reader035.vdocuments.us/reader035/viewer/2022081414/54b350c24a79599c248b45d2/html5/thumbnails/2.jpg)
Dump truck racing = InfoSec Career
![Page 3: How to Rebuild the Controls and Confidence after Data Exfiltration Occurs](https://reader035.vdocuments.us/reader035/viewer/2022081414/54b350c24a79599c248b45d2/html5/thumbnails/3.jpg)
Topics / Agenda
Heartland Payment Systems
– Who is Heartland Payment Systems?
– What Happened in the Heartland Breach?
– What Did We Do About It?
– What Are We Doing Now?
– Key Risk Mitigations
– Information Sharing – how it works
Is your company a target?
– Some current threats
– Breach Statistics
Information Security Perspective
![Page 4: How to Rebuild the Controls and Confidence after Data Exfiltration Occurs](https://reader035.vdocuments.us/reader035/viewer/2022081414/54b350c24a79599c248b45d2/html5/thumbnails/4.jpg)
Topics / Agenda
Heartland Payment Systems
– Who is Heartland Payment Systems?
– What Happened in the Heartland Breach?
– What Did We Do About It?
– What Are We Doing Now?
– Key Risk Mitigations
– Information Sharing – how it works
Is your company a target?
– Some current threats
– Breach Statistics
Information Security Perspective
![Page 5: How to Rebuild the Controls and Confidence after Data Exfiltration Occurs](https://reader035.vdocuments.us/reader035/viewer/2022081414/54b350c24a79599c248b45d2/html5/thumbnails/5.jpg)
5
Heartland – A Full Service Payments Processor
• Card Processing• Credit/debit/prepaid cards:
• Process over 10 million transactions a day• Process over 3.9 billion transactions annually
• Payroll Processing (PlusOne Payroll)• Check Management (Check 21, ExpressFunds, StopLoss)• Online Payment Processing• MicroPayments – Vending, Laundry, Campus Solutions• Gift Cards and Loyalty Processing• Heartland Gives Back
![Page 6: How to Rebuild the Controls and Confidence after Data Exfiltration Occurs](https://reader035.vdocuments.us/reader035/viewer/2022081414/54b350c24a79599c248b45d2/html5/thumbnails/6.jpg)
Heartland – Our People
• HQ: Princeton, NJ• IT: Plano, TX
• 300 employees• Servicing: Louisville, KY
• 800 employees
• Heartland CaresFoundation
![Page 7: How to Rebuild the Controls and Confidence after Data Exfiltration Occurs](https://reader035.vdocuments.us/reader035/viewer/2022081414/54b350c24a79599c248b45d2/html5/thumbnails/7.jpg)
7
Heartland - 15 Years Ago ... and Today
1997 (1st Trans 6/15/97) Today•2,350 clients 255,000 clients•25 employees 3000+ employees•#62 in US #5 processor in U.S.•$0.4 billion portfolio $68 billion portfolio
![Page 8: How to Rebuild the Controls and Confidence after Data Exfiltration Occurs](https://reader035.vdocuments.us/reader035/viewer/2022081414/54b350c24a79599c248b45d2/html5/thumbnails/8.jpg)
2004 2005 2006 2007 2008
Net Revenue Net Income EPS
0.26137,796
8,855
1.08
383,708
41,840
0.50
186,48619,093
0.71
245,652
28,544
0.90
294,771
35,870
Heartland - Financials
![Page 9: How to Rebuild the Controls and Confidence after Data Exfiltration Occurs](https://reader035.vdocuments.us/reader035/viewer/2022081414/54b350c24a79599c248b45d2/html5/thumbnails/9.jpg)
Heartland – EPS in 2009…
Heartland CEO’s granddaughter
![Page 10: How to Rebuild the Controls and Confidence after Data Exfiltration Occurs](https://reader035.vdocuments.us/reader035/viewer/2022081414/54b350c24a79599c248b45d2/html5/thumbnails/10.jpg)
10
Heartland – The Recovery• 2009
• Total Revenues $1,652 m (up 6.93%*)• Net Income -52 m (down 224%)• EPS -1.38 (down 223%)
• 2010• Total Revenues $1,864 m (up 12.8%)• Net Income 35 m (up 167%)• EPS 0.88 (up 163%)
• 2011• Total Revenues $1,996 m (up 7.1%)• Net Income 44 m (up 25.7%)• EPS 1.09 (up 23.9%)
*All percentages year-over-year
![Page 11: How to Rebuild the Controls and Confidence after Data Exfiltration Occurs](https://reader035.vdocuments.us/reader035/viewer/2022081414/54b350c24a79599c248b45d2/html5/thumbnails/11.jpg)
Topics / Agenda
Heartland Payment Systems
– Who is Heartland Payment Systems?
– What Happened in the Heartland Breach?
– What Did We Do About It?
– What Are We Doing Now?
– Key Risk Mitigations
– Information Sharing – how it works
Is your company a target?
– Some current threats
– Breach Statistics
Information Security Perspective
![Page 12: How to Rebuild the Controls and Confidence after Data Exfiltration Occurs](https://reader035.vdocuments.us/reader035/viewer/2022081414/54b350c24a79599c248b45d2/html5/thumbnails/12.jpg)
The Threat
It’s all about the money ….
![Page 13: How to Rebuild the Controls and Confidence after Data Exfiltration Occurs](https://reader035.vdocuments.us/reader035/viewer/2022081414/54b350c24a79599c248b45d2/html5/thumbnails/13.jpg)
What Happened? – The Penetration Very Late 2007 – SQL Injection via a customer facing web page in our
corporate (non-payments) environment. Bad guys were in our corporate network.
Early 2008 – Hired largest approved QSA to perform penetration testing of corporate environment
Spring 2008 – CEO learned of Sniffer Attack on Hannaford’s , Created a Dedicated Chief Security Officer Position and filled that position
April 30, 2008 – Passed 6th Consecutive “Annual Review” by Largest QSA
Very Late 2007 – Mid-May 2008 – Unknown period but it is possible that bad guys were studying the corporate network
Mid-May 2008 – Penetration of our Payments Network
![Page 14: How to Rebuild the Controls and Confidence after Data Exfiltration Occurs](https://reader035.vdocuments.us/reader035/viewer/2022081414/54b350c24a79599c248b45d2/html5/thumbnails/14.jpg)
What Happened?
The Investigation and The Announcement Late October 2008 – Informed by a card brand that several issuers
suspected a potential breach of one or more processors. We received sample fraud transactions to help us determine if there was a problem in our payments network. Many of these transactions never touched our payments network.
No evidence could be found of an intrusion despite vigorous efforts by HPS employees and then two forensics companies to find a problem.
January 9, 2009 – We were told by QIRA that “no problems were found” and that a final report reflecting that opinion would be forthcoming.
January 12, 2009 – January 20, 2009 – Learned of breach, notified card brands, notified law enforcement and made public announcement.
![Page 15: How to Rebuild the Controls and Confidence after Data Exfiltration Occurs](https://reader035.vdocuments.us/reader035/viewer/2022081414/54b350c24a79599c248b45d2/html5/thumbnails/15.jpg)
Why I came to Heartland…
• The way the breach was handled
• High degree of transparency
• Knew that security would be #1 priority
• Heartland was changing the perception of breaches, and how they should be handled
![Page 16: How to Rebuild the Controls and Confidence after Data Exfiltration Occurs](https://reader035.vdocuments.us/reader035/viewer/2022081414/54b350c24a79599c248b45d2/html5/thumbnails/16.jpg)
Topics / Agenda
Heartland Payment Systems
– Who is Heartland Payment Systems?
– What Happened in the Heartland Breach?
– What Did We Do About It?
– What Are We Doing Now?
– Key Risk Mitigations
– Information Sharing – how it works
Is your company a target?
– Some current threats
– Breach Statistics
Information Security Perspective
![Page 17: How to Rebuild the Controls and Confidence after Data Exfiltration Occurs](https://reader035.vdocuments.us/reader035/viewer/2022081414/54b350c24a79599c248b45d2/html5/thumbnails/17.jpg)
PANIC
DENIAL
ANGER
BARGAINING
DEPRESSION
ACCEPTANCE
FIX THE PROBLEM
![Page 18: How to Rebuild the Controls and Confidence after Data Exfiltration Occurs](https://reader035.vdocuments.us/reader035/viewer/2022081414/54b350c24a79599c248b45d2/html5/thumbnails/18.jpg)
Vectors of Trust
• After any major incident, there are multiple vectors of trust that have to be rebuilt– Trust from your customers– Trust from your investors– Trust from your own employees– Trust from your competitors
• Heartland has worked hard to rebuild these
![Page 19: How to Rebuild the Controls and Confidence after Data Exfiltration Occurs](https://reader035.vdocuments.us/reader035/viewer/2022081414/54b350c24a79599c248b45d2/html5/thumbnails/19.jpg)
The Real Response
1/20/09 - Call to arms of all Heartland employees to visit clients and talk to partners
HPY share price drops from $15.16 on 1/16 to $8.18 on 1/22
HPY 4Q08 Earnings Call – HPY drops to $3.43 on March 12; a 77.6% drop since the breach announcement
3/14/09 – Delisted from Visa list of approved vendors
4/30/09 – Certified PCI compliant by VeriSign and reinstated on Visa list of approved vendors
5/11/12 – HPY Closed at $30.41
![Page 20: How to Rebuild the Controls and Confidence after Data Exfiltration Occurs](https://reader035.vdocuments.us/reader035/viewer/2022081414/54b350c24a79599c248b45d2/html5/thumbnails/20.jpg)
Topics / Agenda
Heartland Payment Systems
– Who is Heartland Payment Systems?
– What Happened in the Heartland Breach?
– What Did We Do About It?
– What Are We Doing Now?
– Key Risk Mitigations
– Information Sharing – how it works
Is your company a target?
– Some current threats
– Breach Statistics
Information Security Perspective
![Page 21: How to Rebuild the Controls and Confidence after Data Exfiltration Occurs](https://reader035.vdocuments.us/reader035/viewer/2022081414/54b350c24a79599c248b45d2/html5/thumbnails/21.jpg)
Industry Security Advancements
• Chip & PIN (EMV)– Helps authenticate the card
• Tokenization – Reduces risk of storing card data
• Both help, but don’t address datain transit
![Page 22: How to Rebuild the Controls and Confidence after Data Exfiltration Occurs](https://reader035.vdocuments.us/reader035/viewer/2022081414/54b350c24a79599c248b45d2/html5/thumbnails/22.jpg)
Heartland Approach to E3
•End to End Encryption
•Continuous protection of the confidentiality and integrity of transmitted information by encrypting at the origin and decrypting at the destination.
E3 Security Model
•Build devices that use Tamper Resistant Security Modules to encrypt payment data at the point of swipe or data entry.
•Collaborate with existing device vendors and encryption solution providers.
E3 Device
Strategy
•Protect cardholder and merchant data wherever it resides on Heartland’s systems.
• Directly influence industry security standards and practices to strengthen data protection.
E3 Data
Strategy
![Page 23: How to Rebuild the Controls and Confidence after Data Exfiltration Occurs](https://reader035.vdocuments.us/reader035/viewer/2022081414/54b350c24a79599c248b45d2/html5/thumbnails/23.jpg)
Merchant Bill of Rights, Sales Professional Bill of Rights, Durbin
http://www.spbor.com/http://www.merchantbillofrights.org/http://getyourdurbindollars.com/
![Page 24: How to Rebuild the Controls and Confidence after Data Exfiltration Occurs](https://reader035.vdocuments.us/reader035/viewer/2022081414/54b350c24a79599c248b45d2/html5/thumbnails/24.jpg)
Topics / Agenda
Heartland Payment Systems
– Who is Heartland Payment Systems?
– What Happened in the Heartland Breach?
– What Did We Do About It?
– What Are We Doing Now?
– Key Risk Mitigations
– Information Sharing – how it works
Is your company a target?
– Some current threats
– Breach Statistics
Information Security Perspective
![Page 25: How to Rebuild the Controls and Confidence after Data Exfiltration Occurs](https://reader035.vdocuments.us/reader035/viewer/2022081414/54b350c24a79599c248b45d2/html5/thumbnails/25.jpg)
Key Risk Mitigations
Data Loss Prevention
Network and Application Penetration Testing
Platform Security
Static and Dynamic Code Analysis
![Page 26: How to Rebuild the Controls and Confidence after Data Exfiltration Occurs](https://reader035.vdocuments.us/reader035/viewer/2022081414/54b350c24a79599c248b45d2/html5/thumbnails/26.jpg)
Topics / Agenda
Heartland Payment Systems
– Who is Heartland Payment Systems?
– What Happened in the Heartland Breach?
– What Did We Do About It?
– What Are We Doing Now?
– Key Risk Mitigations
– Information Sharing – how it works
Is your company a target?
– Some current threats
– Breach Statistics
Information Security Perspective
![Page 27: How to Rebuild the Controls and Confidence after Data Exfiltration Occurs](https://reader035.vdocuments.us/reader035/viewer/2022081414/54b350c24a79599c248b45d2/html5/thumbnails/27.jpg)
27
The New Paradigm
• During investigation of Heartland breach• Found other processors knew of the
breach indicators• Several had seen or know about them• No one shared that information
• Started the PPISC (Payment ProcessorsInformation Sharing Council) in 2009
• Charter – bring processors to tableto discuss threat indicators and tactics
• Avoid any discussion on business related topics to avoidanti-trust
• Everyone brings to table topics that they are seeing through their various intel sources (internal and external)
![Page 28: How to Rebuild the Controls and Confidence after Data Exfiltration Occurs](https://reader035.vdocuments.us/reader035/viewer/2022081414/54b350c24a79599c248b45d2/html5/thumbnails/28.jpg)
Intelligence Sharing – PPISC
Malware signatures currently being shared with input of Secret Service and other agencies
Participation in threat exercises (CAPP – Cyber Attack Against Payment Processes)
![Page 29: How to Rebuild the Controls and Confidence after Data Exfiltration Occurs](https://reader035.vdocuments.us/reader035/viewer/2022081414/54b350c24a79599c248b45d2/html5/thumbnails/29.jpg)
Changes in Breach Perceptions
• For Heartland, the impact was immediate and very high
• People have come to understand that any company can be breached
• Acceptance becoming the norm
![Page 30: How to Rebuild the Controls and Confidence after Data Exfiltration Occurs](https://reader035.vdocuments.us/reader035/viewer/2022081414/54b350c24a79599c248b45d2/html5/thumbnails/30.jpg)
Topics / Agenda
Heartland Payment Systems
– Who is Heartland Payment Systems
– What Happened in the Heartland Breach
– What Did We Do About It?
– What Are We Doing Now?
– Key Risk Mitigations
– Information Sharing – how it works
Is your company a target?
– Some current threats
– Breach Statistics
Information Security Perspective
![Page 31: How to Rebuild the Controls and Confidence after Data Exfiltration Occurs](https://reader035.vdocuments.us/reader035/viewer/2022081414/54b350c24a79599c248b45d2/html5/thumbnails/31.jpg)
Targeted Attacks
Is your company a target…?
![Page 32: How to Rebuild the Controls and Confidence after Data Exfiltration Occurs](https://reader035.vdocuments.us/reader035/viewer/2022081414/54b350c24a79599c248b45d2/html5/thumbnails/32.jpg)
![Page 33: How to Rebuild the Controls and Confidence after Data Exfiltration Occurs](https://reader035.vdocuments.us/reader035/viewer/2022081414/54b350c24a79599c248b45d2/html5/thumbnails/33.jpg)
SpyEye: targets financial institutions
northerntrust.com treasury.pncbank.com ssl.selectpayment.com svbconnect.com onlinebanking.banksterling.com texascapitalbank.com web-access.com nashvillecitizensbank.com singlepoint.usbank.com sso.unionbank.com commercial.wachovia.com wellsoffice.wellsfargo.com mandtbank.com online.corp.westpac.com paymentech.com appliedbank.com
heartlandmerchantcenter.com reporting.worldpay.us firstnational.com merchante-solutions.com portal.mercurypay.com 1fbusa.com logon.merrickbank.com mybmwcard.com gotomycard.com cardmemberservices.net nordstromcard.comstatefarm.com tnbonlinebanking.com accountcentralonline.com chase.com wellsfargofinancialcards.com credit.compassbank.com rcam.target.com partnercardservices.com accessmycardonline.com creditcards.citi.com commercebank.com hsbccreditcard.com neteller.com mypremiercreditcard.com
penfed.org bankofamerica.com hsbc.com huntington.com usaa.com citibank.com paypal.com
![Page 34: How to Rebuild the Controls and Confidence after Data Exfiltration Occurs](https://reader035.vdocuments.us/reader035/viewer/2022081414/54b350c24a79599c248b45d2/html5/thumbnails/34.jpg)
34
Adversary Attributes
• Advanced• Well funded adversary• Advanced technical capabilities• Ability to identify zero-day exploits• Weaponize exploits• Trained professionals • Backing of nation state or organized crime
• Persistent• Sustained presence with target organization• Remains undetected • Takes time needed reach objective and exfiltrate information
• Threat• Covert threat or alteration of sensitive information
• Political or military advantage• Strategic or tactical advantage• Economic advantage or financial gain
![Page 35: How to Rebuild the Controls and Confidence after Data Exfiltration Occurs](https://reader035.vdocuments.us/reader035/viewer/2022081414/54b350c24a79599c248b45d2/html5/thumbnails/35.jpg)
Can a system be completely secure?
“The only secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards – and even then I have my doubts.”
Gene Spafford – Purdue University
![Page 36: How to Rebuild the Controls and Confidence after Data Exfiltration Occurs](https://reader035.vdocuments.us/reader035/viewer/2022081414/54b350c24a79599c248b45d2/html5/thumbnails/36.jpg)
Getting in can be easy…
![Page 37: How to Rebuild the Controls and Confidence after Data Exfiltration Occurs](https://reader035.vdocuments.us/reader035/viewer/2022081414/54b350c24a79599c248b45d2/html5/thumbnails/37.jpg)
The malware code was obfuscated:
![Page 38: How to Rebuild the Controls and Confidence after Data Exfiltration Occurs](https://reader035.vdocuments.us/reader035/viewer/2022081414/54b350c24a79599c248b45d2/html5/thumbnails/38.jpg)
Encoded: Zero AV Detection
![Page 39: How to Rebuild the Controls and Confidence after Data Exfiltration Occurs](https://reader035.vdocuments.us/reader035/viewer/2022081414/54b350c24a79599c248b45d2/html5/thumbnails/39.jpg)
Decoded: detected by 8 of 43 AV engines
![Page 40: How to Rebuild the Controls and Confidence after Data Exfiltration Occurs](https://reader035.vdocuments.us/reader035/viewer/2022081414/54b350c24a79599c248b45d2/html5/thumbnails/40.jpg)
Blackhole Explotation Kit
![Page 41: How to Rebuild the Controls and Confidence after Data Exfiltration Occurs](https://reader035.vdocuments.us/reader035/viewer/2022081414/54b350c24a79599c248b45d2/html5/thumbnails/41.jpg)
Social Engineering:
• Manipulating people into performing actions or divulging confidential information
• Pretexting: creating an invented story to engage a target in a way that makes them more likely to divulge the desired information.
• Usually involves: sympathy, intimidation, flattery, or fear
• Most companies are vulnerable to SE
![Page 42: How to Rebuild the Controls and Confidence after Data Exfiltration Occurs](https://reader035.vdocuments.us/reader035/viewer/2022081414/54b350c24a79599c248b45d2/html5/thumbnails/42.jpg)
Example SE scenario…
What would you do if…• Receive call from your Helpdesk• Caller ID shows correct number• Said there is suspicious activity coming
from your computer, need you to run a scan by visiting the following URL.
• http://onlinesecurityscanner.com
![Page 43: How to Rebuild the Controls and Confidence after Data Exfiltration Occurs](https://reader035.vdocuments.us/reader035/viewer/2022081414/54b350c24a79599c248b45d2/html5/thumbnails/43.jpg)
• After the scan runs, you are informed that your system checked out fine. Sorry for the inconvenience.
For more info on Social Engineering: http://social-engineer.org
Example SE scenario…
![Page 44: How to Rebuild the Controls and Confidence after Data Exfiltration Occurs](https://reader035.vdocuments.us/reader035/viewer/2022081414/54b350c24a79599c248b45d2/html5/thumbnails/44.jpg)
Topics / Agenda
Heartland Payment Systems
– Who is Heartland Payment Systems?
– What Happened in the Heartland Breach?
– What Did We Do About It?
– What Are We Doing Now?
– Key Risk Mitigations
– Information Sharing – how it works
Is your company a target?
– Some current threats
– Breach Statistics
Information Security Perspective
![Page 45: How to Rebuild the Controls and Confidence after Data Exfiltration Occurs](https://reader035.vdocuments.us/reader035/viewer/2022081414/54b350c24a79599c248b45d2/html5/thumbnails/45.jpg)
Are attacks on the rise?
• Increased media coverage over the last year– Much like “shark attack” coverage
• New motivations– Political– Limelight / Ego– Embarrassment– Retaliation
![Page 46: How to Rebuild the Controls and Confidence after Data Exfiltration Occurs](https://reader035.vdocuments.us/reader035/viewer/2022081414/54b350c24a79599c248b45d2/html5/thumbnails/46.jpg)
Are attacks on the rise…???
The number of incidents reported has been increasing
• 2010 – 800 new compromise incidents
• 2004-09 - just over 900
source: 2011 Verizon DBIR
![Page 47: How to Rebuild the Controls and Confidence after Data Exfiltration Occurs](https://reader035.vdocuments.us/reader035/viewer/2022081414/54b350c24a79599c248b45d2/html5/thumbnails/47.jpg)
Records Compromised
• The total number of records compromised annually has declined
2011 – 4 million 2010 – 144 million 2009 – 361 million
source: 2011 Verizon DBIR
![Page 48: How to Rebuild the Controls and Confidence after Data Exfiltration Occurs](https://reader035.vdocuments.us/reader035/viewer/2022081414/54b350c24a79599c248b45d2/html5/thumbnails/48.jpg)
Who is behind data breaches?
• 92% - stemmed from external agents (+22%)
• 17% - implicated insiders (-31%)
• <1% - resulted from business partners (-10%)
source: 2011 Verizon DBIR
![Page 49: How to Rebuild the Controls and Confidence after Data Exfiltration Occurs](https://reader035.vdocuments.us/reader035/viewer/2022081414/54b350c24a79599c248b45d2/html5/thumbnails/49.jpg)
How do breaches occur?
• 50% utilized some form of hacking (+10%)
• 49% incorporated malware (+11%)
• 29% involved physical attacks (+14%)
• 17% resulted from privilege misuse (-31%)
• 11% employed social tactics (-17%)
source: 2011 Verizon DBIR
![Page 50: How to Rebuild the Controls and Confidence after Data Exfiltration Occurs](https://reader035.vdocuments.us/reader035/viewer/2022081414/54b350c24a79599c248b45d2/html5/thumbnails/50.jpg)
How do breaches occur?
83% of victims were targets of opportunity
92% of attacks were not highly difficult (+7%)
76% of all data was compromised from servers (-22%)
86% were discovered by a third party (+25%)
96% of breaches were avoidable through simple or intermediate controls
89% of victims subject to PCI-DSS had not achieved compliance (+10%)
source: 2011 Verizon DBIR
![Page 51: How to Rebuild the Controls and Confidence after Data Exfiltration Occurs](https://reader035.vdocuments.us/reader035/viewer/2022081414/54b350c24a79599c248b45d2/html5/thumbnails/51.jpg)
Where should mitigations be focused?
Eliminate unnecessary dataEnsure essential controls are metCheck the above againAssess remote access servicesTest and review web applicationsAudit user accounts and monitor privileged
activityMonitor and mine event logsExamine ATMs and other payment card input
devices for tampering
source: 2011 Verizon DBIR
![Page 52: How to Rebuild the Controls and Confidence after Data Exfiltration Occurs](https://reader035.vdocuments.us/reader035/viewer/2022081414/54b350c24a79599c248b45d2/html5/thumbnails/52.jpg)
Topics / Agenda
Heartland Payment Systems
– Who is Heartland Payment Systems?
– What Happened in the Heartland Breach?
– What Did We Do About It?
– What Are We Doing Now?
– Key Risk Mitigations
– Information Sharing – how it works
Is your company a target?
– Some current threats
– Breach Statistics
Information Security Perspective
![Page 53: How to Rebuild the Controls and Confidence after Data Exfiltration Occurs](https://reader035.vdocuments.us/reader035/viewer/2022081414/54b350c24a79599c248b45d2/html5/thumbnails/53.jpg)
Ever work with a security guy like this?
![Page 54: How to Rebuild the Controls and Confidence after Data Exfiltration Occurs](https://reader035.vdocuments.us/reader035/viewer/2022081414/54b350c24a79599c248b45d2/html5/thumbnails/54.jpg)
Information Security Balance
Purpose is to secure assets without adversely affecting business functions.
Ultimate Security
Needs of a Business
![Page 55: How to Rebuild the Controls and Confidence after Data Exfiltration Occurs](https://reader035.vdocuments.us/reader035/viewer/2022081414/54b350c24a79599c248b45d2/html5/thumbnails/55.jpg)
Con
fiden
tialit
y
Availability
Integrity
Information Security Balance
CIATriad
![Page 56: How to Rebuild the Controls and Confidence after Data Exfiltration Occurs](https://reader035.vdocuments.us/reader035/viewer/2022081414/54b350c24a79599c248b45d2/html5/thumbnails/56.jpg)
Security Systems
Firewalls IPSFIMSoftware AgentsMalware AppliancesStatic/Dynamic Code Analyzers Vulnerability ScannersWAFDLPSIEMAnti-Virus
![Page 57: How to Rebuild the Controls and Confidence after Data Exfiltration Occurs](https://reader035.vdocuments.us/reader035/viewer/2022081414/54b350c24a79599c248b45d2/html5/thumbnails/57.jpg)
Security Systems
• Purchasing a “checklist” of security devices is not enough..!
• You need skilled personnel to manage these devices.
• Most of these technologies require a large amount of time to manage effectively.
![Page 58: How to Rebuild the Controls and Confidence after Data Exfiltration Occurs](https://reader035.vdocuments.us/reader035/viewer/2022081414/54b350c24a79599c248b45d2/html5/thumbnails/58.jpg)
58
Summary
• Businesses can recover from a major breach• HPS has recovered and is growing• PCI Security Standards Council Board of Advisors• FS-ISAC Board of Directors
• Every company is a target, make yours a hard one• Assume you have been compromised• Focus on detection, data elimination
• Get involved• Information Sharing (FS-ISAC, PPISC, Infragard)• Local security chapters
ISSA, ISACA, OWASP