SlideShare a Scribd company logo

Computer Fraud - Eric Vanderburg - China Resource Network Conference

Download as PPTX, PDF
Eric Vanderburg
Eric Vanderburg

Eric Vanderburg, Director of Information Systems and Security at JurInnov, presents on computer fraud at the China Resource Network Conference: China – Growing the Mature Market, October, 2012.

Technology
1 of 16
China Resource Network Computer Fraud JurInnov, Ltd. October 5, 2012 © 2012 JurInnov Ltd. All Rights Reserved. PROPRIETARY AND CONFIDENTIAL
Who Are We? JurInnov works with organizations that want to more effectively manage matters involving “Electronically Stored Information” (ESI). – – – – Information Security Electronic Discovery Computer Forensics Document and Case Management 1 © 2012 JurInnov Ltd. All Rights Reserved. PROPRIETARY AND CONFIDENTIAL
Confidence Framework CFStrategy CFAudit CFAssess CFAware CFPolicy © 2012 JurInnov Ltd. All Rights Reserved. PROPRIETARY AND CONFIDENTIAL
Overview • • • • • Case Study Detection Incident response Post-incident activities Prevention 3 © 2012 JurInnov Ltd. All Rights Reserved. PROPRIETARY AND CONFIDENTIAL
Case Study 3. Fake response through open relay 2. Email read & deleted 1. US sends email ? 4. Fake email with alternate address 4 © 2012 JurInnov Ltd. All Rights Reserved. PROPRIETARY AND CONFIDENTIAL
Detection • Separation of duties – Approve requests for information – Validate changes in procedure – Divide sensitive tasks between multiple persons and roles • Awareness – Suspicious activity – Social engineering • Audit 5 © 2012 JurInnov Ltd. All Rights Reserved. PROPRIETARY AND CONFIDENTIAL
Indicators • • • • • • • • • • Use of dormant accounts • Log alteration Presence of malicious code • Notification by partner or • peer • Notification by hacker • Loss of availability • Corrupt files Data breach Violation of policy Violation of law Activity at unexpected times Unusual email traffic Presence of hacker tools Unknown accounts Unusual consumption of computing resources Unusual network activity 6 © 2012 JurInnov Ltd. All Rights Reserved. PROPRIETARY AND CONFIDENTIAL
Incident Response • Validate incident authenticity • Determine scope and severity – Users, data and equipment impacted • Notify team 7 © 2012 JurInnov Ltd. All Rights Reserved. PROPRIETARY AND CONFIDENTIAL
Preservation of evidence • Volatile data – – – – Contents of RAM Current network connections Logon sessions Open files • Non-volatile data – Hard drives – Network device startup configurations • Chain of custody 8 © 2012 JurInnov Ltd. All Rights Reserved. PROPRIETARY AND CONFIDENTIAL
Recovery • • • • Remediate vulnerabilities Restore services Restore data Restore confidence 9 © 2012 JurInnov Ltd. All Rights Reserved. PROPRIETARY AND CONFIDENTIAL
Post-incident activities • Refine plans and processes • Create new IRPs • Debrief (After-action review) 10 © 2012 JurInnov Ltd. All Rights Reserved. PROPRIETARY AND CONFIDENTIAL
Debrief • • • • • • • • Rankless discussion What was the goal? Were goals achievable? Successes Pitfalls Lessons learned Action items and responsibilities Positive summary (high note) 11 © 2012 JurInnov Ltd. All Rights Reserved. PROPRIETARY AND CONFIDENTIAL
Prevention • Perform background checks on key personnel, suppliers and partners • Conduct periodic awareness training • Document and follow procedures 12 © 2012 JurInnov Ltd. All Rights Reserved. PROPRIETARY AND CONFIDENTIAL
Prevention • Technical controls – – – – – – – Antivirus/antimalware Email filtering Web filtering Network Access Control (NAC) Intrusion Prevention System (IPS) Patch management Password management 13 © 2012 JurInnov Ltd. All Rights Reserved. PROPRIETARY AND CONFIDENTIAL
Incident Response Plans • Document procedures for likely incidents • Document steps for a non-specific incident • Prepare resources – Human – Technical • • • • • Is geographic diversity needed? Determine notification procedure Roles and responsibilities Simulation Review and maintenance 14 © 2012 JurInnov Ltd. All Rights Reserved. PROPRIETARY AND CONFIDENTIAL
Action Items • Obtain an overview of information security posture (Security Snapshot) • Consider incident response and create IRPs • Conduct security awareness training • Conduct risk assessment to identify appropriate security controls • Baseline systems to understand normal activity 15 © 2012 JurInnov Ltd. All Rights Reserved. PROPRIETARY AND CONFIDENTIAL

Recommended

Aula 02 - Aplicação de contramedidas de segurança para mitigar ataques malici...
Aula 02 - Aplicação de contramedidas de segurança para mitigar ataques malici...Aula 02 - Aplicação de contramedidas de segurança para mitigar ataques malici...
Aula 02 - Aplicação de contramedidas de segurança para mitigar ataques malici...Leinylson Fontinele
 
Aula 05 - Importância do teste, auditoria e monitoramento
Aula 05 - Importância do teste, auditoria e monitoramentoAula 05 - Importância do teste, auditoria e monitoramento
Aula 05 - Importância do teste, auditoria e monitoramentoLeinylson Fontinele
 
Aula 01 - Fundamentos da segurança dos sistemas de informações
Aula 01 - Fundamentos da segurança dos sistemas de informaçõesAula 01 - Fundamentos da segurança dos sistemas de informações
Aula 01 - Fundamentos da segurança dos sistemas de informaçõesLeinylson Fontinele
 
Aula 03 - Controles de acesso apropriados para sistemas, aplicativos e acesso...
Aula 03 - Controles de acesso apropriados para sistemas, aplicativos e acesso...Aula 03 - Controles de acesso apropriados para sistemas, aplicativos e acesso...
Aula 03 - Controles de acesso apropriados para sistemas, aplicativos e acesso...Leinylson Fontinele
 
Aula 04 - Implementação efetiva da política de segurança
Aula 04 - Implementação efetiva da política de segurançaAula 04 - Implementação efetiva da política de segurança
Aula 04 - Implementação efetiva da política de segurançaLeinylson Fontinele
 
Advanced Persistent Threat - Evaluating Effective Responses
Advanced Persistent Threat - Evaluating Effective ResponsesAdvanced Persistent Threat - Evaluating Effective Responses
Advanced Persistent Threat - Evaluating Effective ResponsesNetIQ
 
Mobile Devices and Internet of Things
Mobile Devices and Internet of ThingsMobile Devices and Internet of Things
Mobile Devices and Internet of ThingsPaul Hastings
 
Information Security in the eDiscovery Process
Information Security in the eDiscovery ProcessInformation Security in the eDiscovery Process
Information Security in the eDiscovery ProcessDaegis
 

Recommended

Aula 02 - Aplicação de contramedidas de segurança para mitigar ataques malici...
Aula 02 - Aplicação de contramedidas de segurança para mitigar ataques malici...Aula 02 - Aplicação de contramedidas de segurança para mitigar ataques malici...
Aula 02 - Aplicação de contramedidas de segurança para mitigar ataques malici...Leinylson Fontinele
 
Aula 05 - Importância do teste, auditoria e monitoramento
Aula 05 - Importância do teste, auditoria e monitoramentoAula 05 - Importância do teste, auditoria e monitoramento
Aula 05 - Importância do teste, auditoria e monitoramentoLeinylson Fontinele
 
Aula 01 - Fundamentos da segurança dos sistemas de informações
Aula 01 - Fundamentos da segurança dos sistemas de informaçõesAula 01 - Fundamentos da segurança dos sistemas de informações
Aula 01 - Fundamentos da segurança dos sistemas de informaçõesLeinylson Fontinele
 
Aula 03 - Controles de acesso apropriados para sistemas, aplicativos e acesso...
Aula 03 - Controles de acesso apropriados para sistemas, aplicativos e acesso...Aula 03 - Controles de acesso apropriados para sistemas, aplicativos e acesso...
Aula 03 - Controles de acesso apropriados para sistemas, aplicativos e acesso...Leinylson Fontinele
 
Aula 04 - Implementação efetiva da política de segurança
Aula 04 - Implementação efetiva da política de segurançaAula 04 - Implementação efetiva da política de segurança
Aula 04 - Implementação efetiva da política de segurançaLeinylson Fontinele
 
Advanced Persistent Threat - Evaluating Effective Responses
Advanced Persistent Threat - Evaluating Effective ResponsesAdvanced Persistent Threat - Evaluating Effective Responses
Advanced Persistent Threat - Evaluating Effective ResponsesNetIQ
 
Mobile Devices and Internet of Things
Mobile Devices and Internet of ThingsMobile Devices and Internet of Things
Mobile Devices and Internet of ThingsPaul Hastings
 
Information Security in the eDiscovery Process
Information Security in the eDiscovery ProcessInformation Security in the eDiscovery Process
Information Security in the eDiscovery ProcessDaegis
 
Key Cyber Security Issues for Government Contractors
Key Cyber Security Issues for Government ContractorsKey Cyber Security Issues for Government Contractors
Key Cyber Security Issues for Government ContractorsGovernment Technology and Services Coalition
 
The Future of Cyber Security - Matthew Rosenquist
The Future of Cyber Security - Matthew RosenquistThe Future of Cyber Security - Matthew Rosenquist
The Future of Cyber Security - Matthew RosenquistMatthew Rosenquist
 
Siskinds | Incident Response Plan
Siskinds | Incident Response PlanSiskinds | Incident Response Plan
Siskinds | Incident Response PlanNext Dimension Inc.
 
The internet as a corporate security resource
The internet as a corporate security resourceThe internet as a corporate security resource
The internet as a corporate security resourceDan Michaluk
 
The Definitive Guide to Data Loss Prevention
The Definitive Guide to Data Loss PreventionThe Definitive Guide to Data Loss Prevention
The Definitive Guide to Data Loss PreventionDigital Guardian
 
Energy Industry Organizational Strategies to Increase Cyber Resiliency
Energy Industry Organizational Strategies to Increase Cyber ResiliencyEnergy Industry Organizational Strategies to Increase Cyber Resiliency
Energy Industry Organizational Strategies to Increase Cyber ResiliencyEnergySec
 
Data Leakage Presentation
Data Leakage PresentationData Leakage Presentation
Data Leakage PresentationMike Spaulding
 
Cybercrime: 5 Practical Tips for Law Firms on Avoiding Financial & Reputation...
Cybercrime: 5 Practical Tips for Law Firms on Avoiding Financial & Reputation...Cybercrime: 5 Practical Tips for Law Firms on Avoiding Financial & Reputation...
Cybercrime: 5 Practical Tips for Law Firms on Avoiding Financial & Reputation...Lucien Pierce
 
Cybersecurity Risk Governance
Cybersecurity Risk GovernanceCybersecurity Risk Governance
Cybersecurity Risk GovernanceDan Michaluk
 
Vulnerability management - beyond scanning
Vulnerability management - beyond scanningVulnerability management - beyond scanning
Vulnerability management - beyond scanningVladimir Jirasek
 
Dynamic Cyber Defense
Dynamic Cyber DefenseDynamic Cyber Defense
Dynamic Cyber DefenseEnergySec
 
Secuntialesse
SecuntialesseSecuntialesse
SecuntialesseAnne Starr
 
Cyber, secrecy and the public body
Cyber, secrecy and the public bodyCyber, secrecy and the public body
Cyber, secrecy and the public bodyDan Michaluk
 
It and-cyber-module-2
It and-cyber-module-2It and-cyber-module-2
It and-cyber-module-2Marneil Sanchez
 
ICS Supply Chain Security: Learning from Recent Incidents and Other Sectors
ICS Supply Chain Security: Learning from Recent Incidents and Other SectorsICS Supply Chain Security: Learning from Recent Incidents and Other Sectors
ICS Supply Chain Security: Learning from Recent Incidents and Other SectorsEnergySec
 
Customer Spotlight: Deploying a Data Protection Program in less than 120 Days
Customer Spotlight: Deploying a Data Protection Program in less than 120 DaysCustomer Spotlight: Deploying a Data Protection Program in less than 120 Days
Customer Spotlight: Deploying a Data Protection Program in less than 120 DaysDigital Guardian
 
International Conference on Cyber Security, Hide and Go Seek
International Conference on Cyber Security, Hide and Go SeekInternational Conference on Cyber Security, Hide and Go Seek
International Conference on Cyber Security, Hide and Go SeekDavid Knox
 
Craft Your Cyber Incident Response Plan (Before It's Too Late)
Craft Your Cyber Incident Response Plan (Before It's Too Late)Craft Your Cyber Incident Response Plan (Before It's Too Late)
Craft Your Cyber Incident Response Plan (Before It's Too Late)Resilient Systems
 
Data Leakage Prevention (DLP)
Data Leakage Prevention (DLP)Data Leakage Prevention (DLP)
Data Leakage Prevention (DLP)Network Intelligence India
 
NESCO Town Hall Workforce Development Presentation
NESCO Town Hall Workforce Development PresentationNESCO Town Hall Workforce Development Presentation
NESCO Town Hall Workforce Development PresentationEnergySec
 
Cybersecurity & Computer Fraud - The Convergence
Cybersecurity & Computer Fraud - The ConvergenceCybersecurity & Computer Fraud - The Convergence
Cybersecurity & Computer Fraud - The ConvergenceShawn Tuma
 
10.2.2015 e commerce fraud final slide show.ppt
10.2.2015 e commerce fraud final slide show.ppt10.2.2015 e commerce fraud final slide show.ppt
10.2.2015 e commerce fraud final slide show.pptshaks9151
 

More Related Content

What's hot

The Future of Cyber Security - Matthew Rosenquist
The Future of Cyber Security - Matthew RosenquistThe Future of Cyber Security - Matthew Rosenquist
The Future of Cyber Security - Matthew RosenquistMatthew Rosenquist
 
Siskinds | Incident Response Plan
Siskinds | Incident Response PlanSiskinds | Incident Response Plan
Siskinds | Incident Response PlanNext Dimension Inc.
 
The internet as a corporate security resource
The internet as a corporate security resourceThe internet as a corporate security resource
The internet as a corporate security resourceDan Michaluk
 
The Definitive Guide to Data Loss Prevention
The Definitive Guide to Data Loss PreventionThe Definitive Guide to Data Loss Prevention
The Definitive Guide to Data Loss PreventionDigital Guardian
 
Energy Industry Organizational Strategies to Increase Cyber Resiliency
Energy Industry Organizational Strategies to Increase Cyber ResiliencyEnergy Industry Organizational Strategies to Increase Cyber Resiliency
Energy Industry Organizational Strategies to Increase Cyber ResiliencyEnergySec
 
Data Leakage Presentation
Data Leakage PresentationData Leakage Presentation
Data Leakage PresentationMike Spaulding
 
Cybercrime: 5 Practical Tips for Law Firms on Avoiding Financial & Reputation...
Cybercrime: 5 Practical Tips for Law Firms on Avoiding Financial & Reputation...Cybercrime: 5 Practical Tips for Law Firms on Avoiding Financial & Reputation...
Cybercrime: 5 Practical Tips for Law Firms on Avoiding Financial & Reputation...Lucien Pierce
 
Cybersecurity Risk Governance
Cybersecurity Risk GovernanceCybersecurity Risk Governance
Cybersecurity Risk GovernanceDan Michaluk
 
Vulnerability management - beyond scanning
Vulnerability management - beyond scanningVulnerability management - beyond scanning
Vulnerability management - beyond scanningVladimir Jirasek
 
Dynamic Cyber Defense
Dynamic Cyber DefenseDynamic Cyber Defense
Dynamic Cyber DefenseEnergySec
 
Cyber, secrecy and the public body
Cyber, secrecy and the public bodyCyber, secrecy and the public body
Cyber, secrecy and the public bodyDan Michaluk
 
ICS Supply Chain Security: Learning from Recent Incidents and Other Sectors
ICS Supply Chain Security: Learning from Recent Incidents and Other SectorsICS Supply Chain Security: Learning from Recent Incidents and Other Sectors
ICS Supply Chain Security: Learning from Recent Incidents and Other SectorsEnergySec
 
Customer Spotlight: Deploying a Data Protection Program in less than 120 Days
Customer Spotlight: Deploying a Data Protection Program in less than 120 DaysCustomer Spotlight: Deploying a Data Protection Program in less than 120 Days
Customer Spotlight: Deploying a Data Protection Program in less than 120 DaysDigital Guardian
 
International Conference on Cyber Security, Hide and Go Seek
International Conference on Cyber Security, Hide and Go SeekInternational Conference on Cyber Security, Hide and Go Seek
International Conference on Cyber Security, Hide and Go SeekDavid Knox
 
Craft Your Cyber Incident Response Plan (Before It's Too Late)
Craft Your Cyber Incident Response Plan (Before It's Too Late)Craft Your Cyber Incident Response Plan (Before It's Too Late)
Craft Your Cyber Incident Response Plan (Before It's Too Late)Resilient Systems
 
NESCO Town Hall Workforce Development Presentation
NESCO Town Hall Workforce Development PresentationNESCO Town Hall Workforce Development Presentation
NESCO Town Hall Workforce Development PresentationEnergySec
 

What's hot (20)

Key Cyber Security Issues for Government Contractors
Key Cyber Security Issues for Government ContractorsKey Cyber Security Issues for Government Contractors
Key Cyber Security Issues for Government Contractors
 
The Future of Cyber Security - Matthew Rosenquist
The Future of Cyber Security - Matthew RosenquistThe Future of Cyber Security - Matthew Rosenquist
The Future of Cyber Security - Matthew Rosenquist
 
Siskinds | Incident Response Plan
Siskinds | Incident Response PlanSiskinds | Incident Response Plan
Siskinds | Incident Response Plan
 
The internet as a corporate security resource
The internet as a corporate security resourceThe internet as a corporate security resource
The internet as a corporate security resource
 
The Definitive Guide to Data Loss Prevention
The Definitive Guide to Data Loss PreventionThe Definitive Guide to Data Loss Prevention
The Definitive Guide to Data Loss Prevention
 
Energy Industry Organizational Strategies to Increase Cyber Resiliency
Energy Industry Organizational Strategies to Increase Cyber ResiliencyEnergy Industry Organizational Strategies to Increase Cyber Resiliency
Energy Industry Organizational Strategies to Increase Cyber Resiliency
 
Data Leakage Presentation
Data Leakage PresentationData Leakage Presentation
Data Leakage Presentation
 
Cybercrime: 5 Practical Tips for Law Firms on Avoiding Financial & Reputation...
Cybercrime: 5 Practical Tips for Law Firms on Avoiding Financial & Reputation...Cybercrime: 5 Practical Tips for Law Firms on Avoiding Financial & Reputation...
Cybercrime: 5 Practical Tips for Law Firms on Avoiding Financial & Reputation...
 
Cybersecurity Risk Governance
Cybersecurity Risk GovernanceCybersecurity Risk Governance
Cybersecurity Risk Governance
 
Vulnerability management - beyond scanning
Vulnerability management - beyond scanningVulnerability management - beyond scanning
Vulnerability management - beyond scanning
 
Dynamic Cyber Defense
Dynamic Cyber DefenseDynamic Cyber Defense
Dynamic Cyber Defense
 
Secuntialesse
SecuntialesseSecuntialesse
Secuntialesse
 
Cyber, secrecy and the public body
Cyber, secrecy and the public bodyCyber, secrecy and the public body
Cyber, secrecy and the public body
 
It and-cyber-module-2
It and-cyber-module-2It and-cyber-module-2
It and-cyber-module-2
 
ICS Supply Chain Security: Learning from Recent Incidents and Other Sectors
ICS Supply Chain Security: Learning from Recent Incidents and Other SectorsICS Supply Chain Security: Learning from Recent Incidents and Other Sectors
ICS Supply Chain Security: Learning from Recent Incidents and Other Sectors
 
Customer Spotlight: Deploying a Data Protection Program in less than 120 Days
Customer Spotlight: Deploying a Data Protection Program in less than 120 DaysCustomer Spotlight: Deploying a Data Protection Program in less than 120 Days
Customer Spotlight: Deploying a Data Protection Program in less than 120 Days
 
International Conference on Cyber Security, Hide and Go Seek
International Conference on Cyber Security, Hide and Go SeekInternational Conference on Cyber Security, Hide and Go Seek
International Conference on Cyber Security, Hide and Go Seek
 
Craft Your Cyber Incident Response Plan (Before It's Too Late)
Craft Your Cyber Incident Response Plan (Before It's Too Late)Craft Your Cyber Incident Response Plan (Before It's Too Late)
Craft Your Cyber Incident Response Plan (Before It's Too Late)
 
Data Leakage Prevention (DLP)
Data Leakage Prevention (DLP)Data Leakage Prevention (DLP)
Data Leakage Prevention (DLP)
 
NESCO Town Hall Workforce Development Presentation
NESCO Town Hall Workforce Development PresentationNESCO Town Hall Workforce Development Presentation
NESCO Town Hall Workforce Development Presentation
 

Viewers also liked

Cybersecurity & Computer Fraud - The Convergence
Cybersecurity & Computer Fraud - The ConvergenceCybersecurity & Computer Fraud - The Convergence
Cybersecurity & Computer Fraud - The ConvergenceShawn Tuma
 
10.2.2015 e commerce fraud final slide show.ppt
10.2.2015 e commerce fraud final slide show.ppt10.2.2015 e commerce fraud final slide show.ppt
10.2.2015 e commerce fraud final slide show.pptshaks9151
 
ATM Fraud - Ignite Style
ATM Fraud - Ignite StyleATM Fraud - Ignite Style
ATM Fraud - Ignite StyleShane Curtin
 
Ais Romney 2006 Slides 05 Computer Fraud And Abuse
Ais Romney 2006 Slides 05 Computer Fraud And AbuseAis Romney 2006 Slides 05 Computer Fraud And Abuse
Ais Romney 2006 Slides 05 Computer Fraud And Abusesharing notes123
 
Integral Ad Science Digital Ad Fraud Presentation
Integral Ad Science Digital Ad Fraud PresentationIntegral Ad Science Digital Ad Fraud Presentation
Integral Ad Science Digital Ad Fraud PresentationIntegral Ad Science
 
e commerce security and fraud protection
e commerce security and fraud protectione commerce security and fraud protection
e commerce security and fraud protectiontumetr1
 

Viewers also liked (8)

Cybersecurity & Computer Fraud - The Convergence
Cybersecurity & Computer Fraud - The ConvergenceCybersecurity & Computer Fraud - The Convergence
Cybersecurity & Computer Fraud - The Convergence
 
10.2.2015 e commerce fraud final slide show.ppt
10.2.2015 e commerce fraud final slide show.ppt10.2.2015 e commerce fraud final slide show.ppt
10.2.2015 e commerce fraud final slide show.ppt
 
Romney ch05
Romney ch05Romney ch05
Romney ch05
 
ATM Fraud - Ignite Style
ATM Fraud - Ignite StyleATM Fraud - Ignite Style
ATM Fraud - Ignite Style
 
Ais Romney 2006 Slides 05 Computer Fraud And Abuse
Ais Romney 2006 Slides 05 Computer Fraud And AbuseAis Romney 2006 Slides 05 Computer Fraud And Abuse
Ais Romney 2006 Slides 05 Computer Fraud And Abuse
 
Computer crime
Computer crimeComputer crime
Computer crime
 
Integral Ad Science Digital Ad Fraud Presentation
Integral Ad Science Digital Ad Fraud PresentationIntegral Ad Science Digital Ad Fraud Presentation
Integral Ad Science Digital Ad Fraud Presentation
 
e commerce security and fraud protection
e commerce security and fraud protectione commerce security and fraud protection
e commerce security and fraud protection
 

Similar to Computer Fraud - Eric Vanderburg - China Resource Network Conference

Applied data analytics_v1_6.23
Applied data analytics_v1_6.23Applied data analytics_v1_6.23
Applied data analytics_v1_6.23John C. Havens
 
GDPR Part 2: Quest Relevance
GDPR Part 2: Quest RelevanceGDPR Part 2: Quest Relevance
GDPR Part 2: Quest RelevanceAdrian Dumitrescu
 
Privacy & Data Breach: 2012 Recap, 2013 Predictions
Privacy & Data Breach: 2012 Recap, 2013 PredictionsPrivacy & Data Breach: 2012 Recap, 2013 Predictions
Privacy & Data Breach: 2012 Recap, 2013 PredictionsResilient Systems
 
Security Awareness: 360 empowerment for cyber defense - JurInnov - Eric Vande...
Security Awareness: 360 empowerment for cyber defense - JurInnov - Eric Vande...Security Awareness: 360 empowerment for cyber defense - JurInnov - Eric Vande...
Security Awareness: 360 empowerment for cyber defense - JurInnov - Eric Vande...Eric Vanderburg
 
Jms secure data presentation
Jms secure data presentationJms secure data presentation
Jms secure data presentationJMS Secure Data
 
Gain Visibility & Control of IT Assets in a Perimeterless World
Gain Visibility & Control of IT Assets in a Perimeterless WorldGain Visibility & Control of IT Assets in a Perimeterless World
Gain Visibility & Control of IT Assets in a Perimeterless WorldQualys
 
2014 ota databreach3
2014 ota databreach32014 ota databreach3
2014 ota databreach3Meg Weber
 
Information Security Assessment Offering
Information Security Assessment OfferingInformation Security Assessment Offering
Information Security Assessment Offeringeeaches
 
Jms secure data presentation
Jms secure data presentationJms secure data presentation
Jms secure data presentationJMS Secure Data
 
3rd Party Risk: Practical Considerations for Privacy & Security Due Diligence
3rd Party Risk: Practical Considerations for Privacy & Security Due Diligence3rd Party Risk: Practical Considerations for Privacy & Security Due Diligence
3rd Party Risk: Practical Considerations for Privacy & Security Due DiligenceResilient Systems
 
Security And Legal In The Cloud Ats V2
Security And Legal In The Cloud Ats V2Security And Legal In The Cloud Ats V2
Security And Legal In The Cloud Ats V2dbarton944
 
Top Strategies to Capture Security Intelligence for Applications
Top Strategies to Capture Security Intelligence for ApplicationsTop Strategies to Capture Security Intelligence for Applications
Top Strategies to Capture Security Intelligence for ApplicationsDenim Group
 
Understanding GDPR: Myths & Reality of Compliance
Understanding GDPR: Myths & Reality of ComplianceUnderstanding GDPR: Myths & Reality of Compliance
Understanding GDPR: Myths & Reality of ComplianceVeridium
 
Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016
Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016
Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016centralohioissa
 
Archiving and e-Discovery for Novell GroupWise
Archiving and e-Discovery for Novell GroupWiseArchiving and e-Discovery for Novell GroupWise
Archiving and e-Discovery for Novell GroupWiseNovell
 
Anatomy Of A Breach: The Good, The Bad & The Ugly
Anatomy Of A Breach: The Good, The Bad & The UglyAnatomy Of A Breach: The Good, The Bad & The Ugly
Anatomy Of A Breach: The Good, The Bad & The UglyResilient Systems
 
Oracle Database 11g Security and Compliance Solutions - By Tom Kyte
Oracle Database 11g Security and Compliance Solutions - By Tom KyteOracle Database 11g Security and Compliance Solutions - By Tom Kyte
Oracle Database 11g Security and Compliance Solutions - By Tom KyteEdgar Alejandro Villegas
 
GDPR Privacy Introduction
GDPR Privacy IntroductionGDPR Privacy Introduction
GDPR Privacy IntroductionNiclasGranqvist
 
Data security in the cloud
Data security in the cloud Data security in the cloud
Data security in the cloud IBM Security
 

Similar to Computer Fraud - Eric Vanderburg - China Resource Network Conference (20)

Applied data analytics_v1_6.23
Applied data analytics_v1_6.23Applied data analytics_v1_6.23
Applied data analytics_v1_6.23
 
GDPR Part 2: Quest Relevance
GDPR Part 2: Quest RelevanceGDPR Part 2: Quest Relevance
GDPR Part 2: Quest Relevance
 
Privacy & Data Breach: 2012 Recap, 2013 Predictions
Privacy & Data Breach: 2012 Recap, 2013 PredictionsPrivacy & Data Breach: 2012 Recap, 2013 Predictions
Privacy & Data Breach: 2012 Recap, 2013 Predictions
 
Security Awareness: 360 empowerment for cyber defense - JurInnov - Eric Vande...
Security Awareness: 360 empowerment for cyber defense - JurInnov - Eric Vande...Security Awareness: 360 empowerment for cyber defense - JurInnov - Eric Vande...
Security Awareness: 360 empowerment for cyber defense - JurInnov - Eric Vande...
 
Jms secure data presentation
Jms secure data presentationJms secure data presentation
Jms secure data presentation
 
Gain Visibility & Control of IT Assets in a Perimeterless World
Gain Visibility & Control of IT Assets in a Perimeterless WorldGain Visibility & Control of IT Assets in a Perimeterless World
Gain Visibility & Control of IT Assets in a Perimeterless World
 
2014 ota databreach3
2014 ota databreach32014 ota databreach3
2014 ota databreach3
 
Information Security Assessment Offering
Information Security Assessment OfferingInformation Security Assessment Offering
Information Security Assessment Offering
 
Jms secure data presentation
Jms secure data presentationJms secure data presentation
Jms secure data presentation
 
3rd Party Risk: Practical Considerations for Privacy & Security Due Diligence
3rd Party Risk: Practical Considerations for Privacy & Security Due Diligence3rd Party Risk: Practical Considerations for Privacy & Security Due Diligence
3rd Party Risk: Practical Considerations for Privacy & Security Due Diligence
 
Security And Legal In The Cloud Ats V2
Security And Legal In The Cloud Ats V2Security And Legal In The Cloud Ats V2
Security And Legal In The Cloud Ats V2
 
Top Strategies to Capture Security Intelligence for Applications
Top Strategies to Capture Security Intelligence for ApplicationsTop Strategies to Capture Security Intelligence for Applications
Top Strategies to Capture Security Intelligence for Applications
 
Understanding GDPR: Myths & Reality of Compliance
Understanding GDPR: Myths & Reality of ComplianceUnderstanding GDPR: Myths & Reality of Compliance
Understanding GDPR: Myths & Reality of Compliance
 
Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016
Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016
Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016
 
Forecast 2014: eDiscovery and Forensics
Forecast 2014: eDiscovery and Forensics Forecast 2014: eDiscovery and Forensics
Forecast 2014: eDiscovery and Forensics
 
Archiving and e-Discovery for Novell GroupWise
Archiving and e-Discovery for Novell GroupWiseArchiving and e-Discovery for Novell GroupWise
Archiving and e-Discovery for Novell GroupWise
 
Anatomy Of A Breach: The Good, The Bad & The Ugly
Anatomy Of A Breach: The Good, The Bad & The UglyAnatomy Of A Breach: The Good, The Bad & The Ugly
Anatomy Of A Breach: The Good, The Bad & The Ugly
 
Oracle Database 11g Security and Compliance Solutions - By Tom Kyte
Oracle Database 11g Security and Compliance Solutions - By Tom KyteOracle Database 11g Security and Compliance Solutions - By Tom Kyte
Oracle Database 11g Security and Compliance Solutions - By Tom Kyte
 
GDPR Privacy Introduction
GDPR Privacy IntroductionGDPR Privacy Introduction
GDPR Privacy Introduction
 
Data security in the cloud
Data security in the cloud Data security in the cloud
Data security in the cloud
 

More from Eric Vanderburg

GDPR, Data Privacy and Cybersecurity - MIT Symposium
GDPR, Data Privacy and Cybersecurity - MIT SymposiumGDPR, Data Privacy and Cybersecurity - MIT Symposium
GDPR, Data Privacy and Cybersecurity - MIT SymposiumEric Vanderburg
 
Modern Security the way Equifax Should Have
Modern Security the way Equifax Should HaveModern Security the way Equifax Should Have
Modern Security the way Equifax Should HaveEric Vanderburg
 
Cybercrime and Cyber Threats - CBLA - Eric Vanderburg
Cybercrime and Cyber Threats - CBLA - Eric VanderburgCybercrime and Cyber Threats - CBLA - Eric Vanderburg
Cybercrime and Cyber Threats - CBLA - Eric VanderburgEric Vanderburg
 
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...Eric Vanderburg
 
Mobile Forensics and Cybersecurity
Mobile Forensics and CybersecurityMobile Forensics and Cybersecurity
Mobile Forensics and CybersecurityEric Vanderburg
 
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...Eric Vanderburg
 
Ransomware: 2016's Greatest Malware Threat
Ransomware: 2016's Greatest Malware ThreatRansomware: 2016's Greatest Malware Threat
Ransomware: 2016's Greatest Malware ThreatEric Vanderburg
 
Emerging Technologies: Japan’s Position
Emerging Technologies: Japan’s PositionEmerging Technologies: Japan’s Position
Emerging Technologies: Japan’s PositionEric Vanderburg
 
Principles of technology management
Principles of technology managementPrinciples of technology management
Principles of technology managementEric Vanderburg
 
Japanese railway technology
Japanese railway technologyJapanese railway technology
Japanese railway technologyEric Vanderburg
 
Evaluating japanese technological competitiveness
Evaluating japanese technological competitivenessEvaluating japanese technological competitiveness
Evaluating japanese technological competitivenessEric Vanderburg
 
Japanese current and future technology management challenges
Japanese current and future technology management challengesJapanese current and future technology management challenges
Japanese current and future technology management challengesEric Vanderburg
 
Technology management in Japan: Robotics
Technology management in Japan: RoboticsTechnology management in Japan: Robotics
Technology management in Japan: RoboticsEric Vanderburg
 
Incident response table top exercises
Incident response table top exercisesIncident response table top exercises
Incident response table top exercisesEric Vanderburg
 
The Prescription for Protection - Avoid Treatment Errors To The Malware Problem
The Prescription for Protection - Avoid Treatment Errors To The Malware ProblemThe Prescription for Protection - Avoid Treatment Errors To The Malware Problem
The Prescription for Protection - Avoid Treatment Errors To The Malware ProblemEric Vanderburg
 
Cloud Storage and Security: Solving Compliance Challenges
Cloud Storage and Security: Solving Compliance ChallengesCloud Storage and Security: Solving Compliance Challenges
Cloud Storage and Security: Solving Compliance ChallengesEric Vanderburg
 
Hacktivism: Motivations, Tactics and Threats
Hacktivism: Motivations, Tactics and ThreatsHacktivism: Motivations, Tactics and Threats
Hacktivism: Motivations, Tactics and ThreatsEric Vanderburg
 
Correct the most common web development security mistakes - Eric Vanderburg
Correct the most common web development security mistakes - Eric VanderburgCorrect the most common web development security mistakes - Eric Vanderburg
Correct the most common web development security mistakes - Eric VanderburgEric Vanderburg
 
Deconstructing website attacks - Eric Vanderburg
Deconstructing website attacks - Eric VanderburgDeconstructing website attacks - Eric Vanderburg
Deconstructing website attacks - Eric VanderburgEric Vanderburg
 
Countering malware threats - Eric Vanderburg
Countering malware threats - Eric VanderburgCountering malware threats - Eric Vanderburg
Countering malware threats - Eric VanderburgEric Vanderburg
 

More from Eric Vanderburg (20)

GDPR, Data Privacy and Cybersecurity - MIT Symposium
GDPR, Data Privacy and Cybersecurity - MIT SymposiumGDPR, Data Privacy and Cybersecurity - MIT Symposium
GDPR, Data Privacy and Cybersecurity - MIT Symposium
 
Modern Security the way Equifax Should Have
Modern Security the way Equifax Should HaveModern Security the way Equifax Should Have
Modern Security the way Equifax Should Have
 
Cybercrime and Cyber Threats - CBLA - Eric Vanderburg
Cybercrime and Cyber Threats - CBLA - Eric VanderburgCybercrime and Cyber Threats - CBLA - Eric Vanderburg
Cybercrime and Cyber Threats - CBLA - Eric Vanderburg
 
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...
 
Mobile Forensics and Cybersecurity
Mobile Forensics and CybersecurityMobile Forensics and Cybersecurity
Mobile Forensics and Cybersecurity
 
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
 
Ransomware: 2016's Greatest Malware Threat
Ransomware: 2016's Greatest Malware ThreatRansomware: 2016's Greatest Malware Threat
Ransomware: 2016's Greatest Malware Threat
 
Emerging Technologies: Japan’s Position
Emerging Technologies: Japan’s PositionEmerging Technologies: Japan’s Position
Emerging Technologies: Japan’s Position
 
Principles of technology management
Principles of technology managementPrinciples of technology management
Principles of technology management
 
Japanese railway technology
Japanese railway technologyJapanese railway technology
Japanese railway technology
 
Evaluating japanese technological competitiveness
Evaluating japanese technological competitivenessEvaluating japanese technological competitiveness
Evaluating japanese technological competitiveness
 
Japanese current and future technology management challenges
Japanese current and future technology management challengesJapanese current and future technology management challenges
Japanese current and future technology management challenges
 
Technology management in Japan: Robotics
Technology management in Japan: RoboticsTechnology management in Japan: Robotics
Technology management in Japan: Robotics
 
Incident response table top exercises
Incident response table top exercisesIncident response table top exercises
Incident response table top exercises
 
The Prescription for Protection - Avoid Treatment Errors To The Malware Problem
The Prescription for Protection - Avoid Treatment Errors To The Malware ProblemThe Prescription for Protection - Avoid Treatment Errors To The Malware Problem
The Prescription for Protection - Avoid Treatment Errors To The Malware Problem
 
Cloud Storage and Security: Solving Compliance Challenges
Cloud Storage and Security: Solving Compliance ChallengesCloud Storage and Security: Solving Compliance Challenges
Cloud Storage and Security: Solving Compliance Challenges
 
Hacktivism: Motivations, Tactics and Threats
Hacktivism: Motivations, Tactics and ThreatsHacktivism: Motivations, Tactics and Threats
Hacktivism: Motivations, Tactics and Threats
 
Correct the most common web development security mistakes - Eric Vanderburg
Correct the most common web development security mistakes - Eric VanderburgCorrect the most common web development security mistakes - Eric Vanderburg
Correct the most common web development security mistakes - Eric Vanderburg
 
Deconstructing website attacks - Eric Vanderburg
Deconstructing website attacks - Eric VanderburgDeconstructing website attacks - Eric Vanderburg
Deconstructing website attacks - Eric Vanderburg
 
Countering malware threats - Eric Vanderburg
Countering malware threats - Eric VanderburgCountering malware threats - Eric Vanderburg
Countering malware threats - Eric Vanderburg
 

Recently uploaded

Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embeddingZilliz
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesZilliz
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 

Recently uploaded (20)

Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embedding
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector Databases
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 

Computer Fraud - Eric Vanderburg - China Resource Network Conference

  • 1. China Resource Network Computer Fraud JurInnov, Ltd. October 5, 2012 © 2012 JurInnov Ltd. All Rights Reserved. PROPRIETARY AND CONFIDENTIAL
  • 2. Who Are We? JurInnov works with organizations that want to more effectively manage matters involving “Electronically Stored Information” (ESI). – – – – Information Security Electronic Discovery Computer Forensics Document and Case Management 1 © 2012 JurInnov Ltd. All Rights Reserved. PROPRIETARY AND CONFIDENTIAL
  • 3. Confidence Framework CFStrategy CFAudit CFAssess CFAware CFPolicy © 2012 JurInnov Ltd. All Rights Reserved. PROPRIETARY AND CONFIDENTIAL
  • 4. Overview • • • • • Case Study Detection Incident response Post-incident activities Prevention 3 © 2012 JurInnov Ltd. All Rights Reserved. PROPRIETARY AND CONFIDENTIAL
  • 5. Case Study 3. Fake response through open relay 2. Email read & deleted 1. US sends email ? 4. Fake email with alternate address 4 © 2012 JurInnov Ltd. All Rights Reserved. PROPRIETARY AND CONFIDENTIAL
  • 6. Detection • Separation of duties – Approve requests for information – Validate changes in procedure – Divide sensitive tasks between multiple persons and roles • Awareness – Suspicious activity – Social engineering • Audit 5 © 2012 JurInnov Ltd. All Rights Reserved. PROPRIETARY AND CONFIDENTIAL
  • 7. Indicators • • • • • • • • • • Use of dormant accounts • Log alteration Presence of malicious code • Notification by partner or • peer • Notification by hacker • Loss of availability • Corrupt files Data breach Violation of policy Violation of law Activity at unexpected times Unusual email traffic Presence of hacker tools Unknown accounts Unusual consumption of computing resources Unusual network activity 6 © 2012 JurInnov Ltd. All Rights Reserved. PROPRIETARY AND CONFIDENTIAL
  • 8. Incident Response • Validate incident authenticity • Determine scope and severity – Users, data and equipment impacted • Notify team 7 © 2012 JurInnov Ltd. All Rights Reserved. PROPRIETARY AND CONFIDENTIAL
  • 9. Preservation of evidence • Volatile data – – – – Contents of RAM Current network connections Logon sessions Open files • Non-volatile data – Hard drives – Network device startup configurations • Chain of custody 8 © 2012 JurInnov Ltd. All Rights Reserved. PROPRIETARY AND CONFIDENTIAL
  • 10. Recovery • • • • Remediate vulnerabilities Restore services Restore data Restore confidence 9 © 2012 JurInnov Ltd. All Rights Reserved. PROPRIETARY AND CONFIDENTIAL
  • 11. Post-incident activities • Refine plans and processes • Create new IRPs • Debrief (After-action review) 10 © 2012 JurInnov Ltd. All Rights Reserved. PROPRIETARY AND CONFIDENTIAL
  • 12. Debrief • • • • • • • • Rankless discussion What was the goal? Were goals achievable? Successes Pitfalls Lessons learned Action items and responsibilities Positive summary (high note) 11 © 2012 JurInnov Ltd. All Rights Reserved. PROPRIETARY AND CONFIDENTIAL
  • 13. Prevention • Perform background checks on key personnel, suppliers and partners • Conduct periodic awareness training • Document and follow procedures 12 © 2012 JurInnov Ltd. All Rights Reserved. PROPRIETARY AND CONFIDENTIAL
  • 14. Prevention • Technical controls – – – – – – – Antivirus/antimalware Email filtering Web filtering Network Access Control (NAC) Intrusion Prevention System (IPS) Patch management Password management 13 © 2012 JurInnov Ltd. All Rights Reserved. PROPRIETARY AND CONFIDENTIAL
  • 15. Incident Response Plans • Document procedures for likely incidents • Document steps for a non-specific incident • Prepare resources – Human – Technical • • • • • Is geographic diversity needed? Determine notification procedure Roles and responsibilities Simulation Review and maintenance 14 © 2012 JurInnov Ltd. All Rights Reserved. PROPRIETARY AND CONFIDENTIAL
  • 16. Action Items • Obtain an overview of information security posture (Security Snapshot) • Consider incident response and create IRPs • Conduct security awareness training • Conduct risk assessment to identify appropriate security controls • Baseline systems to understand normal activity 15 © 2012 JurInnov Ltd. All Rights Reserved. PROPRIETARY AND CONFIDENTIAL