garland group - top security threats of 2011
DESCRIPTION
This was a presentation given by Garland Group consultant, Eric Kitchens, in April 2011 where he talks about the latest security trends in banking.TRANSCRIPT
![Page 1: Garland Group - Top Security Threats of 2011](https://reader033.vdocuments.us/reader033/viewer/2022051611/54b47d3e4a79595a5f8b4662/html5/thumbnails/1.jpg)
Top Security Threatsfor 2011
Thursday, March 31, 2011
![Page 2: Garland Group - Top Security Threats of 2011](https://reader033.vdocuments.us/reader033/viewer/2022051611/54b47d3e4a79595a5f8b4662/html5/thumbnails/2.jpg)
Presenter
Eric Kitchens, CISSP/CISA
Thursday, March 31, 2011
![Page 3: Garland Group - Top Security Threats of 2011](https://reader033.vdocuments.us/reader033/viewer/2022051611/54b47d3e4a79595a5f8b4662/html5/thumbnails/3.jpg)
riskkey.com
• IT Audit / Security Testing
• Continuous Compliance
• Collaboration Consulting
Thursday, March 31, 2011
![Page 4: Garland Group - Top Security Threats of 2011](https://reader033.vdocuments.us/reader033/viewer/2022051611/54b47d3e4a79595a5f8b4662/html5/thumbnails/4.jpg)
What Are TheTop Security Threats
for 2011?
Thursday, March 31, 2011
![Page 5: Garland Group - Top Security Threats of 2011](https://reader033.vdocuments.us/reader033/viewer/2022051611/54b47d3e4a79595a5f8b4662/html5/thumbnails/5.jpg)
Something Old, Something New, Something Borrowed...
Thursday, March 31, 2011
![Page 6: Garland Group - Top Security Threats of 2011](https://reader033.vdocuments.us/reader033/viewer/2022051611/54b47d3e4a79595a5f8b4662/html5/thumbnails/6.jpg)
Something Old, Something New, Something Borrowed...
Threats that were big news in the past are still out there.
Thursday, March 31, 2011
![Page 7: Garland Group - Top Security Threats of 2011](https://reader033.vdocuments.us/reader033/viewer/2022051611/54b47d3e4a79595a5f8b4662/html5/thumbnails/7.jpg)
Something Old, Something New, Something Borrowed...
Threats that were big news in the past are still out there.
New and emerging threats often are combinations of “old” threats.
Thursday, March 31, 2011
![Page 8: Garland Group - Top Security Threats of 2011](https://reader033.vdocuments.us/reader033/viewer/2022051611/54b47d3e4a79595a5f8b4662/html5/thumbnails/8.jpg)
Something Old, Something New, Something Borrowed...
Threats that were big news in the past are still out there.
New and emerging threats often are combinations of “old” threats.
It’s never too late to mitigate.
Thursday, March 31, 2011
![Page 9: Garland Group - Top Security Threats of 2011](https://reader033.vdocuments.us/reader033/viewer/2022051611/54b47d3e4a79595a5f8b4662/html5/thumbnails/9.jpg)
Something Old...
Threats that have been with us for many years and will be with us for years to come.
Thursday, March 31, 2011
![Page 10: Garland Group - Top Security Threats of 2011](https://reader033.vdocuments.us/reader033/viewer/2022051611/54b47d3e4a79595a5f8b4662/html5/thumbnails/10.jpg)
Something Old...
Threats that have been with us for many years and will be with us for years to come.
• Mobile Devices
Thursday, March 31, 2011
![Page 11: Garland Group - Top Security Threats of 2011](https://reader033.vdocuments.us/reader033/viewer/2022051611/54b47d3e4a79595a5f8b4662/html5/thumbnails/11.jpg)
Something Old...
Threats that have been with us for many years and will be with us for years to come.
• Mobile Devices
• Cloud Computing & Virtualization
Thursday, March 31, 2011
![Page 12: Garland Group - Top Security Threats of 2011](https://reader033.vdocuments.us/reader033/viewer/2022051611/54b47d3e4a79595a5f8b4662/html5/thumbnails/12.jpg)
Something Old...
Threats that have been with us for many years and will be with us for years to come.
• Mobile Devices
• Cloud Computing & Virtualization
• Application Vulnerabilities
Thursday, March 31, 2011
![Page 13: Garland Group - Top Security Threats of 2011](https://reader033.vdocuments.us/reader033/viewer/2022051611/54b47d3e4a79595a5f8b4662/html5/thumbnails/13.jpg)
Mobile Devices
Thursday, March 31, 2011
![Page 14: Garland Group - Top Security Threats of 2011](https://reader033.vdocuments.us/reader033/viewer/2022051611/54b47d3e4a79595a5f8b4662/html5/thumbnails/14.jpg)
Mobile Devices
• Various Platforms
Thursday, March 31, 2011
![Page 15: Garland Group - Top Security Threats of 2011](https://reader033.vdocuments.us/reader033/viewer/2022051611/54b47d3e4a79595a5f8b4662/html5/thumbnails/15.jpg)
Mobile Devices
• Various Platforms
• Mal-Ware in the AppStore
Thursday, March 31, 2011
![Page 16: Garland Group - Top Security Threats of 2011](https://reader033.vdocuments.us/reader033/viewer/2022051611/54b47d3e4a79595a5f8b4662/html5/thumbnails/16.jpg)
Mobile Devices
• Various Platforms
• Mal-Ware in the AppStore
• Merging Business & Personal Use
Thursday, March 31, 2011
![Page 17: Garland Group - Top Security Threats of 2011](https://reader033.vdocuments.us/reader033/viewer/2022051611/54b47d3e4a79595a5f8b4662/html5/thumbnails/17.jpg)
Mobile Devices
• Various Platforms
• Mal-Ware in the AppStore
• Merging Business & Personal Use
• Lost or Stolen Devices & Data
Thursday, March 31, 2011
![Page 18: Garland Group - Top Security Threats of 2011](https://reader033.vdocuments.us/reader033/viewer/2022051611/54b47d3e4a79595a5f8b4662/html5/thumbnails/18.jpg)
Cloud Computing
Thursday, March 31, 2011
![Page 19: Garland Group - Top Security Threats of 2011](https://reader033.vdocuments.us/reader033/viewer/2022051611/54b47d3e4a79595a5f8b4662/html5/thumbnails/19.jpg)
Cloud Computing
• Expanding Scope of Virtualization
Thursday, March 31, 2011
![Page 20: Garland Group - Top Security Threats of 2011](https://reader033.vdocuments.us/reader033/viewer/2022051611/54b47d3e4a79595a5f8b4662/html5/thumbnails/20.jpg)
Cloud Computing
• Expanding Scope of Virtualization
• Outsourced Applications and Services
Thursday, March 31, 2011
![Page 21: Garland Group - Top Security Threats of 2011](https://reader033.vdocuments.us/reader033/viewer/2022051611/54b47d3e4a79595a5f8b4662/html5/thumbnails/21.jpg)
Application Vulnerabilities
Thursday, March 31, 2011
![Page 22: Garland Group - Top Security Threats of 2011](https://reader033.vdocuments.us/reader033/viewer/2022051611/54b47d3e4a79595a5f8b4662/html5/thumbnails/22.jpg)
Application Vulnerabilities
• Operating System Vulnerabilities are Decreasing
Thursday, March 31, 2011
![Page 23: Garland Group - Top Security Threats of 2011](https://reader033.vdocuments.us/reader033/viewer/2022051611/54b47d3e4a79595a5f8b4662/html5/thumbnails/23.jpg)
Application Vulnerabilities
• Operating System Vulnerabilities are Decreasing
• Application Specific Vulnerabilities are on the Rise
Thursday, March 31, 2011
![Page 24: Garland Group - Top Security Threats of 2011](https://reader033.vdocuments.us/reader033/viewer/2022051611/54b47d3e4a79595a5f8b4662/html5/thumbnails/24.jpg)
Application Vulnerabilities
• Operating System Vulnerabilities are Decreasing
• Application Specific Vulnerabilities are on the Rise
• Evaluate Automated Patching Tools for All Applications & Systems
Thursday, March 31, 2011
![Page 25: Garland Group - Top Security Threats of 2011](https://reader033.vdocuments.us/reader033/viewer/2022051611/54b47d3e4a79595a5f8b4662/html5/thumbnails/25.jpg)
Something New...Not “new” but emerging and evolving into new problems
Thursday, March 31, 2011
![Page 26: Garland Group - Top Security Threats of 2011](https://reader033.vdocuments.us/reader033/viewer/2022051611/54b47d3e4a79595a5f8b4662/html5/thumbnails/26.jpg)
Something New...Not “new” but emerging and evolving into new problems
• Advanced Persistent Threats
Thursday, March 31, 2011
![Page 27: Garland Group - Top Security Threats of 2011](https://reader033.vdocuments.us/reader033/viewer/2022051611/54b47d3e4a79595a5f8b4662/html5/thumbnails/27.jpg)
Something New...Not “new” but emerging and evolving into new problems
• Advanced Persistent Threats
• Hacktivisim
Thursday, March 31, 2011
![Page 28: Garland Group - Top Security Threats of 2011](https://reader033.vdocuments.us/reader033/viewer/2022051611/54b47d3e4a79595a5f8b4662/html5/thumbnails/28.jpg)
Something New...Not “new” but emerging and evolving into new problems
• Advanced Persistent Threats
• Hacktivisim
• Cyberterrorism
Thursday, March 31, 2011
![Page 29: Garland Group - Top Security Threats of 2011](https://reader033.vdocuments.us/reader033/viewer/2022051611/54b47d3e4a79595a5f8b4662/html5/thumbnails/29.jpg)
Advanced Persistent Threats
Thursday, March 31, 2011
![Page 30: Garland Group - Top Security Threats of 2011](https://reader033.vdocuments.us/reader033/viewer/2022051611/54b47d3e4a79595a5f8b4662/html5/thumbnails/30.jpg)
Advanced Persistent Threats
• Google and RSA Are Recent Examples
Thursday, March 31, 2011
![Page 31: Garland Group - Top Security Threats of 2011](https://reader033.vdocuments.us/reader033/viewer/2022051611/54b47d3e4a79595a5f8b4662/html5/thumbnails/31.jpg)
Advanced Persistent Threats
• Google and RSA Are Recent Examples
• Executed Over Extended Period of Time
Thursday, March 31, 2011
![Page 32: Garland Group - Top Security Threats of 2011](https://reader033.vdocuments.us/reader033/viewer/2022051611/54b47d3e4a79595a5f8b4662/html5/thumbnails/32.jpg)
Advanced Persistent Threats
• Google and RSA Are Recent Examples
• Executed Over Extended Period of Time
• Adapts to Defenses and Mitigation Strategies
Thursday, March 31, 2011
![Page 33: Garland Group - Top Security Threats of 2011](https://reader033.vdocuments.us/reader033/viewer/2022051611/54b47d3e4a79595a5f8b4662/html5/thumbnails/33.jpg)
Advanced Persistent Threats
• Google and RSA Are Recent Examples
• Executed Over Extended Period of Time
• Adapts to Defenses and Mitigation Strategies
• Baselining and Monitoring are Essential for Defense
Thursday, March 31, 2011
![Page 34: Garland Group - Top Security Threats of 2011](https://reader033.vdocuments.us/reader033/viewer/2022051611/54b47d3e4a79595a5f8b4662/html5/thumbnails/34.jpg)
Cyber-Terrorism & Hacktivism
Thursday, March 31, 2011
![Page 35: Garland Group - Top Security Threats of 2011](https://reader033.vdocuments.us/reader033/viewer/2022051611/54b47d3e4a79595a5f8b4662/html5/thumbnails/35.jpg)
Cyber-Terrorism & Hacktivism
• DoS of Visa and MasterCard from WikiLeaks Supporters are Prime Examples.
Thursday, March 31, 2011
![Page 36: Garland Group - Top Security Threats of 2011](https://reader033.vdocuments.us/reader033/viewer/2022051611/54b47d3e4a79595a5f8b4662/html5/thumbnails/36.jpg)
Cyber-Terrorism & Hacktivism
• DoS of Visa and MasterCard from WikiLeaks Supporters are Prime Examples.
• Disrupting Services for Ideological Purposes
Thursday, March 31, 2011
![Page 37: Garland Group - Top Security Threats of 2011](https://reader033.vdocuments.us/reader033/viewer/2022051611/54b47d3e4a79595a5f8b4662/html5/thumbnails/37.jpg)
Cyber-Terrorism & Hacktivism
• DoS of Visa and MasterCard from WikiLeaks Supporters are Prime Examples.
• Tools are Freely Available to Non-Technical Users
• Disrupting Services for Ideological Purposes
Thursday, March 31, 2011
![Page 38: Garland Group - Top Security Threats of 2011](https://reader033.vdocuments.us/reader033/viewer/2022051611/54b47d3e4a79595a5f8b4662/html5/thumbnails/38.jpg)
Cyber-Terrorism & Hacktivism
• DoS of Visa and MasterCard from WikiLeaks Supporters are Prime Examples.
• Be Aware of Outsourced Relationships and Higher Risk Customers They Service
• Tools are Freely Available to Non-Technical Users
• Disrupting Services for Ideological Purposes
Thursday, March 31, 2011
![Page 39: Garland Group - Top Security Threats of 2011](https://reader033.vdocuments.us/reader033/viewer/2022051611/54b47d3e4a79595a5f8b4662/html5/thumbnails/39.jpg)
Something Borrowed...
Thursday, March 31, 2011
![Page 40: Garland Group - Top Security Threats of 2011](https://reader033.vdocuments.us/reader033/viewer/2022051611/54b47d3e4a79595a5f8b4662/html5/thumbnails/40.jpg)
Something Borrowed...“I swear, I meant to return all the confidential data on my USB drive
after I was done ‘borrowing’ it!”
Thursday, March 31, 2011
![Page 41: Garland Group - Top Security Threats of 2011](https://reader033.vdocuments.us/reader033/viewer/2022051611/54b47d3e4a79595a5f8b4662/html5/thumbnails/41.jpg)
Something Borrowed...“I swear, I meant to return all the confidential data on my USB drive
after I was done ‘borrowing’ it!”
• Insider Threats
Thursday, March 31, 2011
![Page 42: Garland Group - Top Security Threats of 2011](https://reader033.vdocuments.us/reader033/viewer/2022051611/54b47d3e4a79595a5f8b4662/html5/thumbnails/42.jpg)
Something Borrowed...“I swear, I meant to return all the confidential data on my USB drive
after I was done ‘borrowing’ it!”
• Insider Threats
• Data Classification and Control
Thursday, March 31, 2011
![Page 43: Garland Group - Top Security Threats of 2011](https://reader033.vdocuments.us/reader033/viewer/2022051611/54b47d3e4a79595a5f8b4662/html5/thumbnails/43.jpg)
Something Borrowed...“I swear, I meant to return all the confidential data on my USB drive
after I was done ‘borrowing’ it!”
• Insider Threats
• Data Classification and Control
• USB Storage Devices
Thursday, March 31, 2011
![Page 44: Garland Group - Top Security Threats of 2011](https://reader033.vdocuments.us/reader033/viewer/2022051611/54b47d3e4a79595a5f8b4662/html5/thumbnails/44.jpg)
Questions & Answers
Thursday, March 31, 2011