SlideShare una empresa de Scribd logo

Security in the News

James Sutter
James Sutter

This document summarizes three major security events that have been in the news over the last 12 months: the Heartbleed vulnerability, large-scale data breaches like the Target breach, and revelations about the NSA from documents leaked by Edward Snowden. For each event, key details are provided about what happened and potential implications for CIOs and companies. Perspective and best practices around data security, insider threats, and legal/policy issues are also discussed.

Internet
1 de 23
Descargar para leer sin conexión
Security In the News Orange County CIO Roundtable July 10, 2014 Jeff Hecht Chief Compliance & Security Officer
Agenda • We’re going to talk about 3 major security events that have been in the news in the last 12 months. • We’ll try to understand a little about what happened and add some perspective about what those things mean for CIOs and other executives going forward. • The three events are: o The Heartbleed vulnerability o The regularity of massive data breaches, most specifically the Target breach o The revelations about the NSA as a result of documents stolen and released by Edward Snowden
Heartbleed - What is it? • Heatbleed is a vulnerability in the OpenSSL cryptographic software library. • This weakness allows stealing the information usually protected by SSL/TLS encryption the primary tool providing communication security and privacy over the Internet. • It’s called Heatbleed because the bug is in OpenSSL's implementation of the TLS/DTLS heartbeat extension. When it is exploited it leads to the leak of memory contents from the server to the client and from the client to the server.
Heartbleed – What does it do? • The information that can be obtained through these leaks is expansive. • Not just an ability to intercept a particular exchange as it’s happening (e.g. a web session that might include confidential information), but user names and passwords and most importantly the encryption keys themselves. • Leaked secret keys allow the attacker to decrypt any past and future traffic to the protected services and to impersonate the service at will. • Any protection given by the encryption and the signatures in the certificates can be bypassed.
Heartbleed – How widespread? • OpenSSL is the most popular open source cryptographic library and TLS implementation used to encrypt traffic on the Internet. • The most notable software using OpenSSL are the open source web servers like Apache and nginx. The combined market share of just those two out of the active sites on the Internet was over 66%. • OpenSSL is also used to protect email servers, chat servers, virtual private networks, network appliances and wide variety of client side software. Many versions of Linux also use OpenSSL. • The bug was introduced to OpenSSL in December 2011 and has been out in the wild since March 2012. OpenSSL 1.0.1g released in April 2014 fixes the bug.
Heartbleed – How widespread? • The vulnerable versions have been out there for over two years now and an estimated 600,000 servers were affected. • The list of major sites affected includes: o Google o Facebook o Twitter o Instagram o YouTube o LinkedIn o Yahoo o Bank of America o Chase o Etrade o TurboTax o Amazon Web Services o DropBox o And many more… Note that because this is primarily a server side issue, it makes no difference whether your client is running Windows, an Apple OS, Android, iOS or what browser or browser version you have. Everyone who might connect to any site using OpenSSL is potentially vulnerable.
Heartbleed – Am I affected? o Almost certainly you as an individual accessed an affected server. o It is pretty much impossible that you don’t have an account somewhere that runs on an affected service, although it’s also nearly impossible to know if your information was actually compromised. o At first there was little you could do until the services were updated. o Now most of the major sites have removed the bug, but you must change your passwords as they may have already been compromised. o An estimated 300,000 servers have yet to be patched so your best defense is to regularly change your log in credentials for any site that may have confidential information about you.
Heartbleed – Is my company affected? o If you use Open Source tools to run web sites (like Linux, Apache, etc.) your company very likely is affected. o Even if you do not use those tools as primary software, you likely have devices attached to your network, like firewalls, routers and switches that use imbedded versions of Open Source software and may contain the OpenSSL library. Some of these may difficult or impossible to patch. o You may be using hosting partners that expose you to risk. o If you rely on cloud based services like Google Apps you will want to ensure all your users have recently changed their passwords. o Recovery for exposure on your infrastructure takes several steps: • Patch the vulnerability with the latest version of OpenSSL • Revocation of compromised keys (may need the help of your Certificate Authority) • Reissue and redistribute new keys • Have all users change their passwords
Heartbleed – Is my company affected? • You can test your web servers at: https://www.ssllabs.com/ssltest/index.html
• Most likely through a malware process know as “RAM scrapping” 40 Million credit and debit card numbers were stolen over a 3 week period in attack on Target POS systems • Also stolen were names, mailing addresses, phone numbers and email addresses of up to 70 million individuals • 46% drop in profits • Stock drops • $200M cost to banks and credit unions to reissue compromised cards • Target CIO out • Target CEO out • Target to invest at least $100M in upgraded POS security (chip and pin) • Neiman Marcus, Michaels, eBay, Sally Beauty, P.F. Chang’s, Paytime and others have had breaches affecting millions • An estimated one in four Americans have had credit card and other sensitive information stolen
Changes in cards • Chip and Pin technologies (also called smart cards or EMV) can have a positive affect on POS breaches and makes duplicating physical credit cards much harder • Widely used in Europe for some time (ironically because their network infrastructure could not support real time verification processing until recently) chip technologies: o Imbed a microchip on credit/debit cards that contains the card number, expiration, etc. in an encrypted format o The decryption takes place with a sophisticated method that is good only for that specific transaction and requires the PIN o That makes the card itself unusable at POS without the PIN and very difficult to duplicate o UK and Canada have seen large drops in fraud through use of chip and pin • Visa and MasterCard have mandated its use by 10/2015. 10/2017 the liability for fraudulent transactions will move to the entity in the chain that has the lowest level of technical security unless they are accepting chip and pin
Changes in cards • The resistance to adoption has been largely cost o POS terminals must be replaced (roughly 10M of them) o Cards containing the chips cost 6 to 8 times as much to make as magnetic strip cards and programming each is expensive o All told the cost goes from roughly 50 cents a card to $2.20 a card o There are approximately 1 Billion cards in the US each year so the extra cost of the cards alone is about $1.7B • Some had hoped chip and pin would be skipped in favor of a jump to directly to smartphones and NFC • Although the technology is there and would seemly avoid many of the costs associated with the chip and pin cards themselves it has not made much penetration
Are they resolving the problem? • Chip and Pin is a good step forward from magnetic based credit cards and makes duplicating physical cards much harder • Target (and Walmart) are trying to get some positive spin by announcing their use but its really Visa/MasterCard who are forcing everyone’s adoption • Whether executed at POS or not most breaches are the result of access through the Internet, perhaps through a third parties administration credentials • It’s hacking, phishing, etc. that pose the biggest threats • One technology that is available today that could help mitigate this is end-to- end encryption o In RAM Scrapping exploits the malware takes advantage of the fact that the encrypted information has to be in clear text at some point in RAM to do the verifications, at this point it can be captured and stolen. With end-to-end encryption the data is never exposed except at the ultimate destination (the card processor) and it remains encrypted and unusable locally . Note that SQUARE is doing this today, for obvious reasons. • But that’s going to be another expense and they are already being forced to spend the money on Chip and Pin so its not likely very soon
What does it mean to my company? • Obviously if you’re in the retail space, Chip and Pin and customer confidence are something you’re probably already dealing with • For everyone else, its about general data security, the basics: o Employee training • IBM Security Services 2014 Cyber Security Intelligence Index estimates 95% of security incidents are “human error” number one cause: phishing o Active monitoring o Updated patching and malware protection o Encryption wherever possible o Regular scanning and prompt remediation o User identity management o Adequate and enforced employee termination procedures o Two factor authentication for remote admin access
NSA Leak • Edward Snowden a former NSA employee released a large number of files he was able to remove from agency computer systems through his position as a Systems Administrator • The information revealed: • Mass-surveillance programs undertaken by the NSA directly accessing the information of US citizens as well as foreign nationals • The agency’s ability to access information stored by major US technology companies, often without individual warrants, and mass-intercepting data from the fiber-optic backbone of global phone and internet networks • They may have worked to undermine the security standards on which the internet, commerce and banking rely • The revelations have raised concerns about growing domestic surveillance, the scale of global monitoring, trustworthiness of the technology sector, whether the agencies can keep their information secure, and the quality of the laws and oversight keeping the agencies in check • The extent to which private companies are cooperating with intelligence agencies has been a source of concern for internet users as has the allegation that the NSA knew about Heartbleed and other vulnerabilities and rather than disclosed them, exploited them.
NSA Leak • Some pundits (notably Bruce Schneier) think these revelations show the NSA has undermined everyone’s security and by forcing commercial companies to build in ways for them to get access make the world inherently less secure • Many think direct access of US citizen’s communications represents warrantless search • Others think spying on the general populace to potentially uncover terrorist activity is within the charter of the NSA, that this is simply moving to a more technologically sophisticated way to spy and that there is adequate (although not publicly shared) oversight • There is no evidence that non-terrorism activities have been targeted or further investigated
NSA Leak – What does it mean to my company? • The issues about the spying itself are worthy of discussion and perhaps changes in the controls around NSA activities – but not something most companies will be able to directly influence • Also unless your company is a provider of communications services you may be unlikely to have to make a decision about cooperating to provide access to the NSA • The questions about whether the NSA or any entity can keep its’ data secure is of interest to all of us and should make us all consider: How is my company exposed to insider threats?
NSA Leak – Insider Threats • Many companies discount insider threats as infrequent events • While they may not be frequent they have the potential to be more serious and devastating to the enterprise • There multiple types of motivation for the insider stealing information: • Someone who believes they are being a good faith whistle blower • Someone with a grudge who wishes to harm the enterprise • Someone interested in profiting – usually quietly and perhaps for a long time – from the information • Detection is difficult. These are users that are supposed to be there and at some point need to access these systems to do their job. Either willfully or by making an mistake insiders can expose an enterprise’s most critical information
NSA Leak – Insider Threats • The basic idea is defense in depth. Multiple rings of security to protect not just the perimeter but the important parts of a network. Some concepts: • Islands of Security • Prevent Unauthorized Copying • Two-Factor Authentication • Separation of Duties and Two-Person Authorization • Creative Use of Encryption • Prevent Removable Media from Leaving the Building • Log Events, Monitor and Alert • Plan for Break-in to Minimize Damage • Periodic Security Audits
Questions & Discussion
Links of interest http://heartbleed.com/ https://www.ssllabs.com/ssltest/index.html (qualys heartbleed tester) http://blog.cryptographyengineering.com/2014/04/attack-of-week-openssl-heartbleed.html http://www.eweek.com/security/slideshows/surprising-trends-emerge-in-threat- landscape.html?kc=EWWHNEMNL04232014STR5&dni=120299005&rni=32883247 http://www.zdnet.com/after-heartbleed-many-open-source-apps-remain-vulnerable- 7000029205/?s_cid=e539&ttag=e539&ftag=TRE17cfd61 http://www.zdnet.com/mistaken-heartbleed-clean-up-efforts-accidentally-leaving-thousands- of-servers-vulnerable-7000029274/?s_cid=e539&ttag=e539&ftag=TRE17cfd61 http://www.eweek.com/security/slideshows/heartbleed-saga-continues-highlights-of- vulnerabilitys-first-30-days.html?kc=EWWHNEMNL05122014STR1&dni=125275543&rni=32883247 http://blog.meldium.com/home/2014/4/10/testing-for-reverse-heartbleed http://www.scmagazine.com/critical-openssl-vulnerability-heartbleed-bug-enables-ssltls- decryption/article/341846/
Links of interest http://www.scmagazine.com/target-leadership-changes-continue-with-resignation-of-ceo/article/345611/2/ https://corporate.target.com/about/payment-card-issue http://finance.yahoo.com/news/sam-club-plans-safer-credit-020201727.html http://www.theguardian.com/commentisfree/2014/may/06/target-credit-card-data-hackers-retail-industry http://krebsonsecurity.com/2014/05/the-target-breach-by-the-numbers/ http://www.scmagazine.com/cyber-security-tasks-that-could-have-saved-ebay-and- target/article/355060/?DCMP=EMC- SCUS_Newswire&spMailingID=8776889&spUserID=NzE4MTE4MjYyMAS2&spJobID=320939864&spReportId=MzIwO TM5ODY0S0 http://www.computerworld.com/s/article/9249037/Target_finally_gets_its_first_CISO?source=CTWNLE_nlt_mgmt _2014-06-12 http://www.smartcardalliance.org/ (lots of information on Chip & Pin, end to end encryption, etc.) http://media.scmagazine.com/documents/82/ibm_cyber_security_intelligenc_20450.pdf (IBM Cyber Security Index)
Links of interest http://www.scmagazine.com/house-committee-passes-bill-to-stop-unbridled-govt-access-to-phone- data/article/346186/?DCMP=EMC- SCUS_Newswire&spMailingID=8563079&spUserID=NzE4MTE4MjYyMAS2&spJobID=300934984&spReportId=MzAw OTM0OTg0S0 http://www.scmagazine.com/how-to-stop-the-next-edward-snowden/article/312257/ http://www.eweek.com/security/slideshows/steps-google-is-taking-to-protect-user-data-from-nsa-cyber- crime.html?kc=EWKNLNAV06062014STR1&dni=130701016&rni=32883247 http://www.businessweek.com/articles/2013-07-03/edward-snowden-and-the-nsa-a-lesson-in-the-insider-threat http://www.computerworld.com/s/article/9243915/Snowden_serves_up_another_lesson_on_insider_threats http://fcw.com/articles/2013/12/17/nsa-41-steps.aspx http://www.tenable.com/blog/detecting-snowden-the-insider-threat http://www.eweek.com/security/slideshows/the-snowden-leaks-one-year-later-key-lessons-cloud-providers- learned.html?kc=EWKNLCLD06122014STR1&dni=133759783&rni=32883247 http://cacm.acm.org/magazines/2014/5/174340-the-nsa-and-snowden/fulltext http://www.zdnet.com/americans-as-vulnerable-to-nsa-surveillance-as-foreigners-despite-fourth-amendment- 7000031045/?s_cid=e589&ttag=e589&ftag=TREc64629f

Recomendados

NTXISSACSC2 - Bring Your Own Device: The Great Debate by Brandon Swain
NTXISSACSC2 - Bring Your Own Device: The Great Debate by Brandon SwainNTXISSACSC2 - Bring Your Own Device: The Great Debate by Brandon Swain
NTXISSACSC2 - Bring Your Own Device: The Great Debate by Brandon SwainNorth Texas Chapter of the ISSA
 
MT 117 Key Innovations in Cybersecurity
MT 117 Key Innovations in CybersecurityMT 117 Key Innovations in Cybersecurity
MT 117 Key Innovations in CybersecurityDell EMC World
 
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
Alex Hanway - Securing the Breach: Using a Holistic Data Protection FrameworkAlex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Frameworkcentralohioissa
 
SANS Critical Security Controls Summit London 2013
SANS Critical Security Controls Summit London 2013SANS Critical Security Controls Summit London 2013
SANS Critical Security Controls Summit London 2013Wolfgang Kandek
 
Scrubbing Your Active Directory Squeaky Clean
Scrubbing Your Active Directory Squeaky CleanScrubbing Your Active Directory Squeaky Clean
Scrubbing Your Active Directory Squeaky CleanNetIQ
 
NTXISSACSC1 Conference - Cybersecurity 2014 by Andrea Almeida
NTXISSACSC1 Conference - Cybersecurity 2014 by Andrea AlmeidaNTXISSACSC1 Conference - Cybersecurity 2014 by Andrea Almeida
NTXISSACSC1 Conference - Cybersecurity 2014 by Andrea AlmeidaNorth Texas Chapter of the ISSA
 
MT74 - Is Your Tech Support Keeping Up with Your Instr Tech
MT74 - Is Your Tech Support Keeping Up with Your Instr TechMT74 - Is Your Tech Support Keeping Up with Your Instr Tech
MT74 - Is Your Tech Support Keeping Up with Your Instr TechDell EMC World
 
Alpha & Omega's Managed Security
Alpha & Omega's Managed SecurityAlpha & Omega's Managed Security
Alpha & Omega's Managed SecurityDarryl Santa
 

Recomendados

NTXISSACSC2 - Bring Your Own Device: The Great Debate by Brandon Swain
NTXISSACSC2 - Bring Your Own Device: The Great Debate by Brandon SwainNTXISSACSC2 - Bring Your Own Device: The Great Debate by Brandon Swain
NTXISSACSC2 - Bring Your Own Device: The Great Debate by Brandon SwainNorth Texas Chapter of the ISSA
 
MT 117 Key Innovations in Cybersecurity
MT 117 Key Innovations in CybersecurityMT 117 Key Innovations in Cybersecurity
MT 117 Key Innovations in CybersecurityDell EMC World
 
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
Alex Hanway - Securing the Breach: Using a Holistic Data Protection FrameworkAlex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Frameworkcentralohioissa
 
SANS Critical Security Controls Summit London 2013
SANS Critical Security Controls Summit London 2013SANS Critical Security Controls Summit London 2013
SANS Critical Security Controls Summit London 2013Wolfgang Kandek
 
Scrubbing Your Active Directory Squeaky Clean
Scrubbing Your Active Directory Squeaky CleanScrubbing Your Active Directory Squeaky Clean
Scrubbing Your Active Directory Squeaky CleanNetIQ
 
NTXISSACSC1 Conference - Cybersecurity 2014 by Andrea Almeida
NTXISSACSC1 Conference - Cybersecurity 2014 by Andrea AlmeidaNTXISSACSC1 Conference - Cybersecurity 2014 by Andrea Almeida
NTXISSACSC1 Conference - Cybersecurity 2014 by Andrea AlmeidaNorth Texas Chapter of the ISSA
 
MT74 - Is Your Tech Support Keeping Up with Your Instr Tech
MT74 - Is Your Tech Support Keeping Up with Your Instr TechMT74 - Is Your Tech Support Keeping Up with Your Instr Tech
MT74 - Is Your Tech Support Keeping Up with Your Instr TechDell EMC World
 
Alpha & Omega's Managed Security
Alpha & Omega's Managed SecurityAlpha & Omega's Managed Security
Alpha & Omega's Managed SecurityDarryl Santa
 
Ruben Melendez - Economically Justifying IT Security Initiatives
Ruben Melendez - Economically Justifying IT Security InitiativesRuben Melendez - Economically Justifying IT Security Initiatives
Ruben Melendez - Economically Justifying IT Security Initiativescentralohioissa
 
Lisa Guess - Embracing the Cloud
Lisa Guess - Embracing the CloudLisa Guess - Embracing the Cloud
Lisa Guess - Embracing the Cloudcentralohioissa
 
Jervis Hui - No Tradeoffs: Cloud Security & Privacy Don't Need To Be At Odds
Jervis Hui - No Tradeoffs: Cloud Security & Privacy Don't Need To Be At OddsJervis Hui - No Tradeoffs: Cloud Security & Privacy Don't Need To Be At Odds
Jervis Hui - No Tradeoffs: Cloud Security & Privacy Don't Need To Be At Oddscentralohioissa
 
Jeffrey Sweet - Third Party Risk Governance - Why? and How?
Jeffrey Sweet - Third Party Risk Governance - Why? and How?Jeffrey Sweet - Third Party Risk Governance - Why? and How?
Jeffrey Sweet - Third Party Risk Governance - Why? and How?centralohioissa
 
Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...
Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...
Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...centralohioissa
 
Bil Harmer - Myths of Cloud Security Debunked!
Bil Harmer - Myths of Cloud Security Debunked!Bil Harmer - Myths of Cloud Security Debunked!
Bil Harmer - Myths of Cloud Security Debunked!centralohioissa
 
Cybersercurity Resource Allocation & Efficacy Index: 2020 - 2021 Trends
Cybersercurity Resource Allocation & Efficacy Index: 2020 - 2021 TrendsCybersercurity Resource Allocation & Efficacy Index: 2020 - 2021 Trends
Cybersercurity Resource Allocation & Efficacy Index: 2020 - 2021 TrendsIvanti
 
RSA ASIA 2014 - Internet of Things
RSA ASIA 2014 - Internet of Things RSA ASIA 2014 - Internet of Things
RSA ASIA 2014 - Internet of Things Wolfgang Kandek
 
Brian Henger - Psychological Warfare: How Cyber Criminals Mess With Your Mind
Brian Henger - Psychological Warfare: How Cyber Criminals Mess With Your MindBrian Henger - Psychological Warfare: How Cyber Criminals Mess With Your Mind
Brian Henger - Psychological Warfare: How Cyber Criminals Mess With Your Mindcentralohioissa
 
User management - the next-gen of authentication meetup 27012022
User management - the next-gen of authentication meetup 27012022User management - the next-gen of authentication meetup 27012022
User management - the next-gen of authentication meetup 27012022lior mazor
 
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...centralohioissa
 
A Smarter, More Secure Internet of Things
A Smarter, More Secure Internet of Things A Smarter, More Secure Internet of Things
A Smarter, More Secure Internet of Things NetIQ
 
Webinar: 12 Tips to Stay Safer Online - 2018-10-16
Webinar: 12 Tips to Stay Safer Online - 2018-10-16Webinar: 12 Tips to Stay Safer Online - 2018-10-16
Webinar: 12 Tips to Stay Safer Online - 2018-10-16TechSoup
 
Helen Patton - Cross-Industry Collaboration
Helen Patton - Cross-Industry CollaborationHelen Patton - Cross-Industry Collaboration
Helen Patton - Cross-Industry Collaborationcentralohioissa
 
MT81 Keys to Successful Enterprise IoT Initiatives
MT81 Keys to Successful Enterprise IoT InitiativesMT81 Keys to Successful Enterprise IoT Initiatives
MT81 Keys to Successful Enterprise IoT InitiativesDell EMC World
 
The Future of Technology Operations
The Future of Technology OperationsThe Future of Technology Operations
The Future of Technology OperationsIvanti
 
How Vulnerable is Your Critical Data?
How Vulnerable is Your Critical Data?How Vulnerable is Your Critical Data?
How Vulnerable is Your Critical Data?IBM Security
 
NTXISSACSC2 - The Role of Threat Intelligence and Layered Security for Intrus...
NTXISSACSC2 - The Role of Threat Intelligence and Layered Security for Intrus...NTXISSACSC2 - The Role of Threat Intelligence and Layered Security for Intrus...
NTXISSACSC2 - The Role of Threat Intelligence and Layered Security for Intrus...North Texas Chapter of the ISSA
 
2014 the future evolution of cybersecurity
2014 the future evolution of cybersecurity2014 the future evolution of cybersecurity
2014 the future evolution of cybersecurityMatthew Rosenquist
 
#MFSummit2016 Secure: How Security and Identity Analytics can Drive Adaptive ...
#MFSummit2016 Secure: How Security and Identity Analytics can Drive Adaptive ...#MFSummit2016 Secure: How Security and Identity Analytics can Drive Adaptive ...
#MFSummit2016 Secure: How Security and Identity Analytics can Drive Adaptive ...Micro Focus
 
Future of intelligent transportation CIO Roundtable 080214
Future of intelligent transportation CIO Roundtable 080214Future of intelligent transportation CIO Roundtable 080214
Future of intelligent transportation CIO Roundtable 080214James Sutter
 
Microsoft roadmap fall 2010
Microsoft roadmap fall 2010Microsoft roadmap fall 2010
Microsoft roadmap fall 2010James Sutter
 

Más contenido relacionado

La actualidad más candente

Ruben Melendez - Economically Justifying IT Security Initiatives
Ruben Melendez - Economically Justifying IT Security InitiativesRuben Melendez - Economically Justifying IT Security Initiatives
Ruben Melendez - Economically Justifying IT Security Initiativescentralohioissa
 
Lisa Guess - Embracing the Cloud
Lisa Guess - Embracing the CloudLisa Guess - Embracing the Cloud
Lisa Guess - Embracing the Cloudcentralohioissa
 
Jervis Hui - No Tradeoffs: Cloud Security & Privacy Don't Need To Be At Odds
Jervis Hui - No Tradeoffs: Cloud Security & Privacy Don't Need To Be At OddsJervis Hui - No Tradeoffs: Cloud Security & Privacy Don't Need To Be At Odds
Jervis Hui - No Tradeoffs: Cloud Security & Privacy Don't Need To Be At Oddscentralohioissa
 
Jeffrey Sweet - Third Party Risk Governance - Why? and How?
Jeffrey Sweet - Third Party Risk Governance - Why? and How?Jeffrey Sweet - Third Party Risk Governance - Why? and How?
Jeffrey Sweet - Third Party Risk Governance - Why? and How?centralohioissa
 
Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...
Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...
Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...centralohioissa
 
Bil Harmer - Myths of Cloud Security Debunked!
Bil Harmer - Myths of Cloud Security Debunked!Bil Harmer - Myths of Cloud Security Debunked!
Bil Harmer - Myths of Cloud Security Debunked!centralohioissa
 
Cybersercurity Resource Allocation & Efficacy Index: 2020 - 2021 Trends
Cybersercurity Resource Allocation & Efficacy Index: 2020 - 2021 TrendsCybersercurity Resource Allocation & Efficacy Index: 2020 - 2021 Trends
Cybersercurity Resource Allocation & Efficacy Index: 2020 - 2021 TrendsIvanti
 
RSA ASIA 2014 - Internet of Things
RSA ASIA 2014 - Internet of Things RSA ASIA 2014 - Internet of Things
RSA ASIA 2014 - Internet of Things Wolfgang Kandek
 
Brian Henger - Psychological Warfare: How Cyber Criminals Mess With Your Mind
Brian Henger - Psychological Warfare: How Cyber Criminals Mess With Your MindBrian Henger - Psychological Warfare: How Cyber Criminals Mess With Your Mind
Brian Henger - Psychological Warfare: How Cyber Criminals Mess With Your Mindcentralohioissa
 
User management - the next-gen of authentication meetup 27012022
User management - the next-gen of authentication meetup 27012022User management - the next-gen of authentication meetup 27012022
User management - the next-gen of authentication meetup 27012022lior mazor
 
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...centralohioissa
 
A Smarter, More Secure Internet of Things
A Smarter, More Secure Internet of Things A Smarter, More Secure Internet of Things
A Smarter, More Secure Internet of Things NetIQ
 
Webinar: 12 Tips to Stay Safer Online - 2018-10-16
Webinar: 12 Tips to Stay Safer Online - 2018-10-16Webinar: 12 Tips to Stay Safer Online - 2018-10-16
Webinar: 12 Tips to Stay Safer Online - 2018-10-16TechSoup
 
Helen Patton - Cross-Industry Collaboration
Helen Patton - Cross-Industry CollaborationHelen Patton - Cross-Industry Collaboration
Helen Patton - Cross-Industry Collaborationcentralohioissa
 
MT81 Keys to Successful Enterprise IoT Initiatives
MT81 Keys to Successful Enterprise IoT InitiativesMT81 Keys to Successful Enterprise IoT Initiatives
MT81 Keys to Successful Enterprise IoT InitiativesDell EMC World
 
The Future of Technology Operations
The Future of Technology OperationsThe Future of Technology Operations
The Future of Technology OperationsIvanti
 
How Vulnerable is Your Critical Data?
How Vulnerable is Your Critical Data?How Vulnerable is Your Critical Data?
How Vulnerable is Your Critical Data?IBM Security
 
NTXISSACSC2 - The Role of Threat Intelligence and Layered Security for Intrus...
NTXISSACSC2 - The Role of Threat Intelligence and Layered Security for Intrus...NTXISSACSC2 - The Role of Threat Intelligence and Layered Security for Intrus...
NTXISSACSC2 - The Role of Threat Intelligence and Layered Security for Intrus...North Texas Chapter of the ISSA
 
2014 the future evolution of cybersecurity
2014 the future evolution of cybersecurity2014 the future evolution of cybersecurity
2014 the future evolution of cybersecurityMatthew Rosenquist
 
#MFSummit2016 Secure: How Security and Identity Analytics can Drive Adaptive ...
#MFSummit2016 Secure: How Security and Identity Analytics can Drive Adaptive ...#MFSummit2016 Secure: How Security and Identity Analytics can Drive Adaptive ...
#MFSummit2016 Secure: How Security and Identity Analytics can Drive Adaptive ...Micro Focus
 

La actualidad más candente (20)

Ruben Melendez - Economically Justifying IT Security Initiatives
Ruben Melendez - Economically Justifying IT Security InitiativesRuben Melendez - Economically Justifying IT Security Initiatives
Ruben Melendez - Economically Justifying IT Security Initiatives
 
Lisa Guess - Embracing the Cloud
Lisa Guess - Embracing the CloudLisa Guess - Embracing the Cloud
Lisa Guess - Embracing the Cloud
 
Jervis Hui - No Tradeoffs: Cloud Security & Privacy Don't Need To Be At Odds
Jervis Hui - No Tradeoffs: Cloud Security & Privacy Don't Need To Be At OddsJervis Hui - No Tradeoffs: Cloud Security & Privacy Don't Need To Be At Odds
Jervis Hui - No Tradeoffs: Cloud Security & Privacy Don't Need To Be At Odds
 
Jeffrey Sweet - Third Party Risk Governance - Why? and How?
Jeffrey Sweet - Third Party Risk Governance - Why? and How?Jeffrey Sweet - Third Party Risk Governance - Why? and How?
Jeffrey Sweet - Third Party Risk Governance - Why? and How?
 
Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...
Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...
Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...
 
Bil Harmer - Myths of Cloud Security Debunked!
Bil Harmer - Myths of Cloud Security Debunked!Bil Harmer - Myths of Cloud Security Debunked!
Bil Harmer - Myths of Cloud Security Debunked!
 
Cybersercurity Resource Allocation & Efficacy Index: 2020 - 2021 Trends
Cybersercurity Resource Allocation & Efficacy Index: 2020 - 2021 TrendsCybersercurity Resource Allocation & Efficacy Index: 2020 - 2021 Trends
Cybersercurity Resource Allocation & Efficacy Index: 2020 - 2021 Trends
 
RSA ASIA 2014 - Internet of Things
RSA ASIA 2014 - Internet of Things RSA ASIA 2014 - Internet of Things
RSA ASIA 2014 - Internet of Things
 
Brian Henger - Psychological Warfare: How Cyber Criminals Mess With Your Mind
Brian Henger - Psychological Warfare: How Cyber Criminals Mess With Your MindBrian Henger - Psychological Warfare: How Cyber Criminals Mess With Your Mind
Brian Henger - Psychological Warfare: How Cyber Criminals Mess With Your Mind
 
User management - the next-gen of authentication meetup 27012022
User management - the next-gen of authentication meetup 27012022User management - the next-gen of authentication meetup 27012022
User management - the next-gen of authentication meetup 27012022
 
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...
 
A Smarter, More Secure Internet of Things
A Smarter, More Secure Internet of Things A Smarter, More Secure Internet of Things
A Smarter, More Secure Internet of Things
 
Webinar: 12 Tips to Stay Safer Online - 2018-10-16
Webinar: 12 Tips to Stay Safer Online - 2018-10-16Webinar: 12 Tips to Stay Safer Online - 2018-10-16
Webinar: 12 Tips to Stay Safer Online - 2018-10-16
 
Helen Patton - Cross-Industry Collaboration
Helen Patton - Cross-Industry CollaborationHelen Patton - Cross-Industry Collaboration
Helen Patton - Cross-Industry Collaboration
 
MT81 Keys to Successful Enterprise IoT Initiatives
MT81 Keys to Successful Enterprise IoT InitiativesMT81 Keys to Successful Enterprise IoT Initiatives
MT81 Keys to Successful Enterprise IoT Initiatives
 
The Future of Technology Operations
The Future of Technology OperationsThe Future of Technology Operations
The Future of Technology Operations
 
How Vulnerable is Your Critical Data?
How Vulnerable is Your Critical Data?How Vulnerable is Your Critical Data?
How Vulnerable is Your Critical Data?
 
NTXISSACSC2 - The Role of Threat Intelligence and Layered Security for Intrus...
NTXISSACSC2 - The Role of Threat Intelligence and Layered Security for Intrus...NTXISSACSC2 - The Role of Threat Intelligence and Layered Security for Intrus...
NTXISSACSC2 - The Role of Threat Intelligence and Layered Security for Intrus...
 
2014 the future evolution of cybersecurity
2014 the future evolution of cybersecurity2014 the future evolution of cybersecurity
2014 the future evolution of cybersecurity
 
#MFSummit2016 Secure: How Security and Identity Analytics can Drive Adaptive ...
#MFSummit2016 Secure: How Security and Identity Analytics can Drive Adaptive ...#MFSummit2016 Secure: How Security and Identity Analytics can Drive Adaptive ...
#MFSummit2016 Secure: How Security and Identity Analytics can Drive Adaptive ...
 

Destacado

Future of intelligent transportation CIO Roundtable 080214
Future of intelligent transportation CIO Roundtable 080214Future of intelligent transportation CIO Roundtable 080214
Future of intelligent transportation CIO Roundtable 080214James Sutter
 
Microsoft roadmap fall 2010
Microsoft roadmap fall 2010Microsoft roadmap fall 2010
Microsoft roadmap fall 2010James Sutter
 
CIO Roundtable 10-12
CIO Roundtable 10-12CIO Roundtable 10-12
CIO Roundtable 10-12James Sutter
 
Interactive Internet
Interactive InternetInteractive Internet
Interactive InternetJames Sutter
 
Oc cio roundtable mooney management imperatives for realizing value from clou...
Oc cio roundtable mooney management imperatives for realizing value from clou...Oc cio roundtable mooney management imperatives for realizing value from clou...
Oc cio roundtable mooney management imperatives for realizing value from clou...James Sutter
 
Peer group itsm presentation 6.12
Peer group itsm presentation 6.12Peer group itsm presentation 6.12
Peer group itsm presentation 6.12James Sutter
 

Destacado (8)

Future of intelligent transportation CIO Roundtable 080214
Future of intelligent transportation CIO Roundtable 080214Future of intelligent transportation CIO Roundtable 080214
Future of intelligent transportation CIO Roundtable 080214
 
Microsoft roadmap fall 2010
Microsoft roadmap fall 2010Microsoft roadmap fall 2010
Microsoft roadmap fall 2010
 
CIO Roundtable 10-12
CIO Roundtable 10-12CIO Roundtable 10-12
CIO Roundtable 10-12
 
Interactive Internet
Interactive InternetInteractive Internet
Interactive Internet
 
Occio
OccioOccio
Occio
 
Oc cio roundtable mooney management imperatives for realizing value from clou...
Oc cio roundtable mooney management imperatives for realizing value from clou...Oc cio roundtable mooney management imperatives for realizing value from clou...
Oc cio roundtable mooney management imperatives for realizing value from clou...
 
Mobility
MobilityMobility
Mobility
 
Peer group itsm presentation 6.12
Peer group itsm presentation 6.12Peer group itsm presentation 6.12
Peer group itsm presentation 6.12
 

Similar a Security in the News

Wfh security risks - Ed Adams, President, Security Innovation
Wfh security risks - Ed Adams, President, Security InnovationWfh security risks - Ed Adams, President, Security Innovation
Wfh security risks - Ed Adams, President, Security InnovationPriyanka Aash
 
Cyber security-1.pptx
Cyber security-1.pptxCyber security-1.pptx
Cyber security-1.pptxCharithraaAR
 
Protecting Your Business From Cybercrime
Protecting Your Business From CybercrimeProtecting Your Business From Cybercrime
Protecting Your Business From CybercrimeDavid J Rosenthal
 
CyberSecurityPPdddsdsddssdsdssaT_V3_1.pptx
CyberSecurityPPdddsdsddssdsdssaT_V3_1.pptxCyberSecurityPPdddsdsddssdsdssaT_V3_1.pptx
CyberSecurityPPdddsdsddssdsdssaT_V3_1.pptxprtabal_25
 
Cybersecurity about Phishing and Secutity awareness
Cybersecurity about Phishing and Secutity awarenessCybersecurity about Phishing and Secutity awareness
Cybersecurity about Phishing and Secutity awarenessImran Khan
 
DEF CON 23 - Weston Hecker - goodbye memory scraping malware
DEF CON 23 - Weston Hecker - goodbye memory scraping malwareDEF CON 23 - Weston Hecker - goodbye memory scraping malware
DEF CON 23 - Weston Hecker - goodbye memory scraping malwareFelipe Prado
 
Law Firm Cybersecurity: Practical Tips for Protecting Your Data
Law Firm Cybersecurity: Practical Tips for Protecting Your DataLaw Firm Cybersecurity: Practical Tips for Protecting Your Data
Law Firm Cybersecurity: Practical Tips for Protecting Your DataAccellis Technology Group
 
Iron Bastion: How to Manage Your Clients' Data Responsibly
Iron Bastion: How to Manage Your Clients' Data ResponsiblyIron Bastion: How to Manage Your Clients' Data Responsibly
Iron Bastion: How to Manage Your Clients' Data ResponsiblyGabor Szathmari
 
Anomaly Detection and You
Anomaly Detection and YouAnomaly Detection and You
Anomaly Detection and YouMary Kelly Rich
 
Marcos de Pedro Neoris authenware_cybersecurity step1
Marcos de Pedro Neoris authenware_cybersecurity step1Marcos de Pedro Neoris authenware_cybersecurity step1
Marcos de Pedro Neoris authenware_cybersecurity step1Marcos De Pedro
 
Lumension Security - Adjusting our defenses for 2012
Lumension Security - Adjusting our defenses for 2012Lumension Security - Adjusting our defenses for 2012
Lumension Security - Adjusting our defenses for 2012Andris Soroka
 
CLASS 2022 - Marty Edwards (Tenable) - O perigo crescente de ransomware crimi...
CLASS 2022 - Marty Edwards (Tenable) - O perigo crescente de ransomware crimi...CLASS 2022 - Marty Edwards (Tenable) - O perigo crescente de ransomware crimi...
CLASS 2022 - Marty Edwards (Tenable) - O perigo crescente de ransomware crimi...TI Safe
 
2014CyberSecurityProject
2014CyberSecurityProject2014CyberSecurityProject
2014CyberSecurityProjectKaley Hair
 
Info Session on Cybersecurity & Cybersecurity Study Jams
Info Session on Cybersecurity & Cybersecurity Study JamsInfo Session on Cybersecurity & Cybersecurity Study Jams
Info Session on Cybersecurity & Cybersecurity Study JamsGDSCCVR
 
Heartbleed Bug Vulnerability: Discovery, Impact and Solution
Heartbleed Bug Vulnerability: Discovery, Impact and SolutionHeartbleed Bug Vulnerability: Discovery, Impact and Solution
Heartbleed Bug Vulnerability: Discovery, Impact and SolutionCASCouncil
 
Keeping your business safe online cosy club
Keeping your business safe online cosy clubKeeping your business safe online cosy club
Keeping your business safe online cosy clubGet up to Speed
 
Introduction to Cyber Forensics Module 1
Introduction to Cyber Forensics Module 1Introduction to Cyber Forensics Module 1
Introduction to Cyber Forensics Module 1Anpumathews
 
EverSec + Cyphort: Big Trends in Cybersecurity
EverSec + Cyphort: Big Trends in CybersecurityEverSec + Cyphort: Big Trends in Cybersecurity
EverSec + Cyphort: Big Trends in CybersecurityCyphort
 
Introduction To Computer Security
Introduction To Computer SecurityIntroduction To Computer Security
Introduction To Computer SecurityVibrant Event
 

Similar a Security in the News (20)

Wfh security risks - Ed Adams, President, Security Innovation
Wfh security risks - Ed Adams, President, Security InnovationWfh security risks - Ed Adams, President, Security Innovation
Wfh security risks - Ed Adams, President, Security Innovation
 
Cloud security
Cloud securityCloud security
Cloud security
 
Cyber security-1.pptx
Cyber security-1.pptxCyber security-1.pptx
Cyber security-1.pptx
 
Protecting Your Business From Cybercrime
Protecting Your Business From CybercrimeProtecting Your Business From Cybercrime
Protecting Your Business From Cybercrime
 
CyberSecurityPPdddsdsddssdsdssaT_V3_1.pptx
CyberSecurityPPdddsdsddssdsdssaT_V3_1.pptxCyberSecurityPPdddsdsddssdsdssaT_V3_1.pptx
CyberSecurityPPdddsdsddssdsdssaT_V3_1.pptx
 
Cybersecurity about Phishing and Secutity awareness
Cybersecurity about Phishing and Secutity awarenessCybersecurity about Phishing and Secutity awareness
Cybersecurity about Phishing and Secutity awareness
 
DEF CON 23 - Weston Hecker - goodbye memory scraping malware
DEF CON 23 - Weston Hecker - goodbye memory scraping malwareDEF CON 23 - Weston Hecker - goodbye memory scraping malware
DEF CON 23 - Weston Hecker - goodbye memory scraping malware
 
Law Firm Cybersecurity: Practical Tips for Protecting Your Data
Law Firm Cybersecurity: Practical Tips for Protecting Your DataLaw Firm Cybersecurity: Practical Tips for Protecting Your Data
Law Firm Cybersecurity: Practical Tips for Protecting Your Data
 
Iron Bastion: How to Manage Your Clients' Data Responsibly
Iron Bastion: How to Manage Your Clients' Data ResponsiblyIron Bastion: How to Manage Your Clients' Data Responsibly
Iron Bastion: How to Manage Your Clients' Data Responsibly
 
Anomaly Detection and You
Anomaly Detection and YouAnomaly Detection and You
Anomaly Detection and You
 
Marcos de Pedro Neoris authenware_cybersecurity step1
Marcos de Pedro Neoris authenware_cybersecurity step1Marcos de Pedro Neoris authenware_cybersecurity step1
Marcos de Pedro Neoris authenware_cybersecurity step1
 
Lumension Security - Adjusting our defenses for 2012
Lumension Security - Adjusting our defenses for 2012Lumension Security - Adjusting our defenses for 2012
Lumension Security - Adjusting our defenses for 2012
 
CLASS 2022 - Marty Edwards (Tenable) - O perigo crescente de ransomware crimi...
CLASS 2022 - Marty Edwards (Tenable) - O perigo crescente de ransomware crimi...CLASS 2022 - Marty Edwards (Tenable) - O perigo crescente de ransomware crimi...
CLASS 2022 - Marty Edwards (Tenable) - O perigo crescente de ransomware crimi...
 
2014CyberSecurityProject
2014CyberSecurityProject2014CyberSecurityProject
2014CyberSecurityProject
 
Info Session on Cybersecurity & Cybersecurity Study Jams
Info Session on Cybersecurity & Cybersecurity Study JamsInfo Session on Cybersecurity & Cybersecurity Study Jams
Info Session on Cybersecurity & Cybersecurity Study Jams
 
Heartbleed Bug Vulnerability: Discovery, Impact and Solution
Heartbleed Bug Vulnerability: Discovery, Impact and SolutionHeartbleed Bug Vulnerability: Discovery, Impact and Solution
Heartbleed Bug Vulnerability: Discovery, Impact and Solution
 
Keeping your business safe online cosy club
Keeping your business safe online cosy clubKeeping your business safe online cosy club
Keeping your business safe online cosy club
 
Introduction to Cyber Forensics Module 1
Introduction to Cyber Forensics Module 1Introduction to Cyber Forensics Module 1
Introduction to Cyber Forensics Module 1
 
EverSec + Cyphort: Big Trends in Cybersecurity
EverSec + Cyphort: Big Trends in CybersecurityEverSec + Cyphort: Big Trends in Cybersecurity
EverSec + Cyphort: Big Trends in Cybersecurity
 
Introduction To Computer Security
Introduction To Computer SecurityIntroduction To Computer Security
Introduction To Computer Security
 

Más de James Sutter

3-D Printing_feb_13_2014
3-D Printing_feb_13_20143-D Printing_feb_13_2014
3-D Printing_feb_13_2014James Sutter
 
Scrum Agile by David Mann
Scrum Agile by David Mann Scrum Agile by David Mann
Scrum Agile by David MannJames Sutter
 
It Governance OC CIO Nov,2013
It Governance OC CIO Nov,2013It Governance OC CIO Nov,2013
It Governance OC CIO Nov,2013James Sutter
 
CIO evolution 10102013
CIO evolution 10102013CIO evolution 10102013
CIO evolution 10102013James Sutter
 
CIO RoundtableIot IOT
CIO RoundtableIot IOTCIO RoundtableIot IOT
CIO RoundtableIot IOTJames Sutter
 
Technology business management_7.13
Technology business management_7.13Technology business management_7.13
Technology business management_7.13James Sutter
 
Erp governance methodology and case studies v rjt
Erp governance methodology and case studies v rjtErp governance methodology and case studies v rjt
Erp governance methodology and case studies v rjtJames Sutter
 
Controlling project costs
Controlling project costsControlling project costs
Controlling project costsJames Sutter
 
Google apps CIO Peer Group presentation
Google apps CIO Peer Group presentationGoogle apps CIO Peer Group presentation
Google apps CIO Peer Group presentationJames Sutter
 
CIO presentation aug 2012
CIO presentation aug 2012 CIO presentation aug 2012
CIO presentation aug 2012 James Sutter
 
Mobile security v2
Mobile security v2Mobile security v2
Mobile security v2James Sutter
 
Google apps cio peer group presentation
Google apps cio peer group presentationGoogle apps cio peer group presentation
Google apps cio peer group presentationJames Sutter
 
Cio roundtable microsoft update - 9-8-11
Cio roundtable microsoft update - 9-8-11 Cio roundtable microsoft update - 9-8-11
Cio roundtable microsoft update - 9-8-11 James Sutter
 
Cloud computing present
Cloud computing presentCloud computing present
Cloud computing presentJames Sutter
 
Enterprise social networking v1.2
Enterprise social networking v1.2Enterprise social networking v1.2
Enterprise social networking v1.2James Sutter
 

Más de James Sutter (20)

Mobile Security
Mobile Security Mobile Security
Mobile Security
 
3-D Printing_feb_13_2014
3-D Printing_feb_13_20143-D Printing_feb_13_2014
3-D Printing_feb_13_2014
 
Scrum Agile by David Mann
Scrum Agile by David Mann Scrum Agile by David Mann
Scrum Agile by David Mann
 
It Governance OC CIO Nov,2013
It Governance OC CIO Nov,2013It Governance OC CIO Nov,2013
It Governance OC CIO Nov,2013
 
CIO evolution 10102013
CIO evolution 10102013CIO evolution 10102013
CIO evolution 10102013
 
OC CIO BYOD
OC CIO BYODOC CIO BYOD
OC CIO BYOD
 
CIO RoundtableIot IOT
CIO RoundtableIot IOTCIO RoundtableIot IOT
CIO RoundtableIot IOT
 
Technology business management_7.13
Technology business management_7.13Technology business management_7.13
Technology business management_7.13
 
Erp governance methodology and case studies v rjt
Erp governance methodology and case studies v rjtErp governance methodology and case studies v rjt
Erp governance methodology and case studies v rjt
 
Controlling project costs
Controlling project costsControlling project costs
Controlling project costs
 
CIO Branding
CIO BrandingCIO Branding
CIO Branding
 
Google apps CIO Peer Group presentation
Google apps CIO Peer Group presentationGoogle apps CIO Peer Group presentation
Google apps CIO Peer Group presentation
 
CIO presentation aug 2012
CIO presentation aug 2012 CIO presentation aug 2012
CIO presentation aug 2012
 
Mobile security v2
Mobile security v2Mobile security v2
Mobile security v2
 
CIO Value Issue
CIO Value IssueCIO Value Issue
CIO Value Issue
 
Google apps cio peer group presentation
Google apps cio peer group presentationGoogle apps cio peer group presentation
Google apps cio peer group presentation
 
Rjt analytics
Rjt analyticsRjt analytics
Rjt analytics
 
Cio roundtable microsoft update - 9-8-11
Cio roundtable microsoft update - 9-8-11 Cio roundtable microsoft update - 9-8-11
Cio roundtable microsoft update - 9-8-11
 
Cloud computing present
Cloud computing presentCloud computing present
Cloud computing present
 
Enterprise social networking v1.2
Enterprise social networking v1.2Enterprise social networking v1.2
Enterprise social networking v1.2
 

Último

Top 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptxTop 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptxDyna Gilbert
 
Elevate Your Business with Our IT Expertise in New Orleans
Elevate Your Business with Our IT Expertise in New OrleansElevate Your Business with Our IT Expertise in New Orleans
Elevate Your Business with Our IT Expertise in New Orleanscorenetworkseo
 
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)Dana Luther
 
SCM Symposium PPT Format Customer loyalty is predi
SCM Symposium PPT Format Customer loyalty is prediSCM Symposium PPT Format Customer loyalty is predi
SCM Symposium PPT Format Customer loyalty is predieusebiomeyer
 
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书rnrncn29
 
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书zdzoqco
 
Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...Excelmac1
 
Film cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasaFilm cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasa494f574xmv
 
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一Fs
 
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170Sonam Pathan
 
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作ys8omjxb
 
Q4-1-Illustrating-Hypothesis-Testing.pptx
Q4-1-Illustrating-Hypothesis-Testing.pptxQ4-1-Illustrating-Hypothesis-Testing.pptx
Q4-1-Illustrating-Hypothesis-Testing.pptxeditsforyah
 
Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24Paul Calvano
 
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一Fs
 
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一z xss
 
PHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 DocumentationPHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 DocumentationLinaWolf1
 
Contact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New DelhiContact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New Delhimiss dipika
 
Git and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMGit and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMgdsc13
 

Último (20)

Top 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptxTop 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptx
 
Elevate Your Business with Our IT Expertise in New Orleans
Elevate Your Business with Our IT Expertise in New OrleansElevate Your Business with Our IT Expertise in New Orleans
Elevate Your Business with Our IT Expertise in New Orleans
 
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
 
SCM Symposium PPT Format Customer loyalty is predi
SCM Symposium PPT Format Customer loyalty is prediSCM Symposium PPT Format Customer loyalty is predi
SCM Symposium PPT Format Customer loyalty is predi
 
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
 
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
 
Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...
 
Film cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasaFilm cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasa
 
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
 
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
 
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
 
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
 
Q4-1-Illustrating-Hypothesis-Testing.pptx
Q4-1-Illustrating-Hypothesis-Testing.pptxQ4-1-Illustrating-Hypothesis-Testing.pptx
Q4-1-Illustrating-Hypothesis-Testing.pptx
 
Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24
 
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
 
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
 
PHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 DocumentationPHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 Documentation
 
Contact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New DelhiContact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New Delhi
 
Git and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMGit and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITM
 
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
 

Security in the News

  • 1. Security In the News Orange County CIO Roundtable July 10, 2014 Jeff Hecht Chief Compliance & Security Officer
  • 2. Agenda • We’re going to talk about 3 major security events that have been in the news in the last 12 months. • We’ll try to understand a little about what happened and add some perspective about what those things mean for CIOs and other executives going forward. • The three events are: o The Heartbleed vulnerability o The regularity of massive data breaches, most specifically the Target breach o The revelations about the NSA as a result of documents stolen and released by Edward Snowden
  • 3. Heartbleed - What is it? • Heatbleed is a vulnerability in the OpenSSL cryptographic software library. • This weakness allows stealing the information usually protected by SSL/TLS encryption the primary tool providing communication security and privacy over the Internet. • It’s called Heatbleed because the bug is in OpenSSL's implementation of the TLS/DTLS heartbeat extension. When it is exploited it leads to the leak of memory contents from the server to the client and from the client to the server.
  • 4. Heartbleed – What does it do? • The information that can be obtained through these leaks is expansive. • Not just an ability to intercept a particular exchange as it’s happening (e.g. a web session that might include confidential information), but user names and passwords and most importantly the encryption keys themselves. • Leaked secret keys allow the attacker to decrypt any past and future traffic to the protected services and to impersonate the service at will. • Any protection given by the encryption and the signatures in the certificates can be bypassed.
  • 5. Heartbleed – How widespread? • OpenSSL is the most popular open source cryptographic library and TLS implementation used to encrypt traffic on the Internet. • The most notable software using OpenSSL are the open source web servers like Apache and nginx. The combined market share of just those two out of the active sites on the Internet was over 66%. • OpenSSL is also used to protect email servers, chat servers, virtual private networks, network appliances and wide variety of client side software. Many versions of Linux also use OpenSSL. • The bug was introduced to OpenSSL in December 2011 and has been out in the wild since March 2012. OpenSSL 1.0.1g released in April 2014 fixes the bug.
  • 6. Heartbleed – How widespread? • The vulnerable versions have been out there for over two years now and an estimated 600,000 servers were affected. • The list of major sites affected includes: o Google o Facebook o Twitter o Instagram o YouTube o LinkedIn o Yahoo o Bank of America o Chase o Etrade o TurboTax o Amazon Web Services o DropBox o And many more… Note that because this is primarily a server side issue, it makes no difference whether your client is running Windows, an Apple OS, Android, iOS or what browser or browser version you have. Everyone who might connect to any site using OpenSSL is potentially vulnerable.
  • 7. Heartbleed – Am I affected? o Almost certainly you as an individual accessed an affected server. o It is pretty much impossible that you don’t have an account somewhere that runs on an affected service, although it’s also nearly impossible to know if your information was actually compromised. o At first there was little you could do until the services were updated. o Now most of the major sites have removed the bug, but you must change your passwords as they may have already been compromised. o An estimated 300,000 servers have yet to be patched so your best defense is to regularly change your log in credentials for any site that may have confidential information about you.
  • 8. Heartbleed – Is my company affected? o If you use Open Source tools to run web sites (like Linux, Apache, etc.) your company very likely is affected. o Even if you do not use those tools as primary software, you likely have devices attached to your network, like firewalls, routers and switches that use imbedded versions of Open Source software and may contain the OpenSSL library. Some of these may difficult or impossible to patch. o You may be using hosting partners that expose you to risk. o If you rely on cloud based services like Google Apps you will want to ensure all your users have recently changed their passwords. o Recovery for exposure on your infrastructure takes several steps: • Patch the vulnerability with the latest version of OpenSSL • Revocation of compromised keys (may need the help of your Certificate Authority) • Reissue and redistribute new keys • Have all users change their passwords
  • 9. Heartbleed – Is my company affected? • You can test your web servers at: https://www.ssllabs.com/ssltest/index.html
  • 10. • Most likely through a malware process know as “RAM scrapping” 40 Million credit and debit card numbers were stolen over a 3 week period in attack on Target POS systems • Also stolen were names, mailing addresses, phone numbers and email addresses of up to 70 million individuals • 46% drop in profits • Stock drops • $200M cost to banks and credit unions to reissue compromised cards • Target CIO out • Target CEO out • Target to invest at least $100M in upgraded POS security (chip and pin) • Neiman Marcus, Michaels, eBay, Sally Beauty, P.F. Chang’s, Paytime and others have had breaches affecting millions • An estimated one in four Americans have had credit card and other sensitive information stolen
  • 11. Changes in cards • Chip and Pin technologies (also called smart cards or EMV) can have a positive affect on POS breaches and makes duplicating physical credit cards much harder • Widely used in Europe for some time (ironically because their network infrastructure could not support real time verification processing until recently) chip technologies: o Imbed a microchip on credit/debit cards that contains the card number, expiration, etc. in an encrypted format o The decryption takes place with a sophisticated method that is good only for that specific transaction and requires the PIN o That makes the card itself unusable at POS without the PIN and very difficult to duplicate o UK and Canada have seen large drops in fraud through use of chip and pin • Visa and MasterCard have mandated its use by 10/2015. 10/2017 the liability for fraudulent transactions will move to the entity in the chain that has the lowest level of technical security unless they are accepting chip and pin
  • 12. Changes in cards • The resistance to adoption has been largely cost o POS terminals must be replaced (roughly 10M of them) o Cards containing the chips cost 6 to 8 times as much to make as magnetic strip cards and programming each is expensive o All told the cost goes from roughly 50 cents a card to $2.20 a card o There are approximately 1 Billion cards in the US each year so the extra cost of the cards alone is about $1.7B • Some had hoped chip and pin would be skipped in favor of a jump to directly to smartphones and NFC • Although the technology is there and would seemly avoid many of the costs associated with the chip and pin cards themselves it has not made much penetration
  • 13. Are they resolving the problem? • Chip and Pin is a good step forward from magnetic based credit cards and makes duplicating physical cards much harder • Target (and Walmart) are trying to get some positive spin by announcing their use but its really Visa/MasterCard who are forcing everyone’s adoption • Whether executed at POS or not most breaches are the result of access through the Internet, perhaps through a third parties administration credentials • It’s hacking, phishing, etc. that pose the biggest threats • One technology that is available today that could help mitigate this is end-to- end encryption o In RAM Scrapping exploits the malware takes advantage of the fact that the encrypted information has to be in clear text at some point in RAM to do the verifications, at this point it can be captured and stolen. With end-to-end encryption the data is never exposed except at the ultimate destination (the card processor) and it remains encrypted and unusable locally . Note that SQUARE is doing this today, for obvious reasons. • But that’s going to be another expense and they are already being forced to spend the money on Chip and Pin so its not likely very soon
  • 14. What does it mean to my company? • Obviously if you’re in the retail space, Chip and Pin and customer confidence are something you’re probably already dealing with • For everyone else, its about general data security, the basics: o Employee training • IBM Security Services 2014 Cyber Security Intelligence Index estimates 95% of security incidents are “human error” number one cause: phishing o Active monitoring o Updated patching and malware protection o Encryption wherever possible o Regular scanning and prompt remediation o User identity management o Adequate and enforced employee termination procedures o Two factor authentication for remote admin access
  • 15. NSA Leak • Edward Snowden a former NSA employee released a large number of files he was able to remove from agency computer systems through his position as a Systems Administrator • The information revealed: • Mass-surveillance programs undertaken by the NSA directly accessing the information of US citizens as well as foreign nationals • The agency’s ability to access information stored by major US technology companies, often without individual warrants, and mass-intercepting data from the fiber-optic backbone of global phone and internet networks • They may have worked to undermine the security standards on which the internet, commerce and banking rely • The revelations have raised concerns about growing domestic surveillance, the scale of global monitoring, trustworthiness of the technology sector, whether the agencies can keep their information secure, and the quality of the laws and oversight keeping the agencies in check • The extent to which private companies are cooperating with intelligence agencies has been a source of concern for internet users as has the allegation that the NSA knew about Heartbleed and other vulnerabilities and rather than disclosed them, exploited them.
  • 16. NSA Leak • Some pundits (notably Bruce Schneier) think these revelations show the NSA has undermined everyone’s security and by forcing commercial companies to build in ways for them to get access make the world inherently less secure • Many think direct access of US citizen’s communications represents warrantless search • Others think spying on the general populace to potentially uncover terrorist activity is within the charter of the NSA, that this is simply moving to a more technologically sophisticated way to spy and that there is adequate (although not publicly shared) oversight • There is no evidence that non-terrorism activities have been targeted or further investigated
  • 17. NSA Leak – What does it mean to my company? • The issues about the spying itself are worthy of discussion and perhaps changes in the controls around NSA activities – but not something most companies will be able to directly influence • Also unless your company is a provider of communications services you may be unlikely to have to make a decision about cooperating to provide access to the NSA • The questions about whether the NSA or any entity can keep its’ data secure is of interest to all of us and should make us all consider: How is my company exposed to insider threats?
  • 18. NSA Leak – Insider Threats • Many companies discount insider threats as infrequent events • While they may not be frequent they have the potential to be more serious and devastating to the enterprise • There multiple types of motivation for the insider stealing information: • Someone who believes they are being a good faith whistle blower • Someone with a grudge who wishes to harm the enterprise • Someone interested in profiting – usually quietly and perhaps for a long time – from the information • Detection is difficult. These are users that are supposed to be there and at some point need to access these systems to do their job. Either willfully or by making an mistake insiders can expose an enterprise’s most critical information
  • 19. NSA Leak – Insider Threats • The basic idea is defense in depth. Multiple rings of security to protect not just the perimeter but the important parts of a network. Some concepts: • Islands of Security • Prevent Unauthorized Copying • Two-Factor Authentication • Separation of Duties and Two-Person Authorization • Creative Use of Encryption • Prevent Removable Media from Leaving the Building • Log Events, Monitor and Alert • Plan for Break-in to Minimize Damage • Periodic Security Audits
  • 21. Links of interest http://heartbleed.com/ https://www.ssllabs.com/ssltest/index.html (qualys heartbleed tester) http://blog.cryptographyengineering.com/2014/04/attack-of-week-openssl-heartbleed.html http://www.eweek.com/security/slideshows/surprising-trends-emerge-in-threat- landscape.html?kc=EWWHNEMNL04232014STR5&dni=120299005&rni=32883247 http://www.zdnet.com/after-heartbleed-many-open-source-apps-remain-vulnerable- 7000029205/?s_cid=e539&ttag=e539&ftag=TRE17cfd61 http://www.zdnet.com/mistaken-heartbleed-clean-up-efforts-accidentally-leaving-thousands- of-servers-vulnerable-7000029274/?s_cid=e539&ttag=e539&ftag=TRE17cfd61 http://www.eweek.com/security/slideshows/heartbleed-saga-continues-highlights-of- vulnerabilitys-first-30-days.html?kc=EWWHNEMNL05122014STR1&dni=125275543&rni=32883247 http://blog.meldium.com/home/2014/4/10/testing-for-reverse-heartbleed http://www.scmagazine.com/critical-openssl-vulnerability-heartbleed-bug-enables-ssltls- decryption/article/341846/
  • 22. Links of interest http://www.scmagazine.com/target-leadership-changes-continue-with-resignation-of-ceo/article/345611/2/ https://corporate.target.com/about/payment-card-issue http://finance.yahoo.com/news/sam-club-plans-safer-credit-020201727.html http://www.theguardian.com/commentisfree/2014/may/06/target-credit-card-data-hackers-retail-industry http://krebsonsecurity.com/2014/05/the-target-breach-by-the-numbers/ http://www.scmagazine.com/cyber-security-tasks-that-could-have-saved-ebay-and- target/article/355060/?DCMP=EMC- SCUS_Newswire&spMailingID=8776889&spUserID=NzE4MTE4MjYyMAS2&spJobID=320939864&spReportId=MzIwO TM5ODY0S0 http://www.computerworld.com/s/article/9249037/Target_finally_gets_its_first_CISO?source=CTWNLE_nlt_mgmt _2014-06-12 http://www.smartcardalliance.org/ (lots of information on Chip & Pin, end to end encryption, etc.) http://media.scmagazine.com/documents/82/ibm_cyber_security_intelligenc_20450.pdf (IBM Cyber Security Index)
  • 23. Links of interest http://www.scmagazine.com/house-committee-passes-bill-to-stop-unbridled-govt-access-to-phone- data/article/346186/?DCMP=EMC- SCUS_Newswire&spMailingID=8563079&spUserID=NzE4MTE4MjYyMAS2&spJobID=300934984&spReportId=MzAw OTM0OTg0S0 http://www.scmagazine.com/how-to-stop-the-next-edward-snowden/article/312257/ http://www.eweek.com/security/slideshows/steps-google-is-taking-to-protect-user-data-from-nsa-cyber- crime.html?kc=EWKNLNAV06062014STR1&dni=130701016&rni=32883247 http://www.businessweek.com/articles/2013-07-03/edward-snowden-and-the-nsa-a-lesson-in-the-insider-threat http://www.computerworld.com/s/article/9243915/Snowden_serves_up_another_lesson_on_insider_threats http://fcw.com/articles/2013/12/17/nsa-41-steps.aspx http://www.tenable.com/blog/detecting-snowden-the-insider-threat http://www.eweek.com/security/slideshows/the-snowden-leaks-one-year-later-key-lessons-cloud-providers- learned.html?kc=EWKNLCLD06122014STR1&dni=133759783&rni=32883247 http://cacm.acm.org/magazines/2014/5/174340-the-nsa-and-snowden/fulltext http://www.zdnet.com/americans-as-vulnerable-to-nsa-surveillance-as-foreigners-despite-fourth-amendment- 7000031045/?s_cid=e589&ttag=e589&ftag=TREc64629f