SlideShare una empresa de Scribd logo

Risk, regulation and data protection

Shahar Geiger Maor
Shahar Geiger Maor
TecnologíaEconomía y finanzasEmpresariales
1 de 31
Descargar para leer sin conexión
Risk, Regulations and Data Protection Shahar Geiger Maor, Senior Analyst Scan me to your contacts: www.shaharmaor.blogspot.com http://www.facebook.com/shahar.maor http://twitter.com/shaharmaor
What is Risk? Shahar Maor’s work Copyright 2011 @STKI Do not remove source or attribution from any graphic or portion of graphic 2
Risk Management… • Risk management is present in all aspects of life • It is about the everyday trade-off between an expected reward and a potential danger • It is universal, in the sense - it refers to human behaviour in the decision making process 3 Shahar Maor’s work Copyright 2011 @STKI Do not remove source or attribution from any graphic or portion of graphic 3
No Risk… No Gain! Shahar Maor’s work Copyright 2011 @STKI Do not remove source or attribution from any graphic or portion of graphic 4
Benefits of Risk Management increased certainty Supports strategic and fewer Better service And surprises delivery Business planning More efficient Quick grasp use of of new Potential benefits resources opportunities Promotes Reassures continual stakeholders Helps focus improvement internal audit programme 5 Shahar Maor’s work Copyright 2011 @STKI Do not remove source or attribution from any graphic or portion of graphic 5
• ERM is an ongoing process • ERM is an Integral part of how an organization operates • ERM applies to all organizations, not just financial organizations. • Risk applies broadly to all things threatening the achievement of organizational objectives • Risk is not limited to threats, but also refers to opportunities. • The goal of an organization is not “risk mitigation”, but seeking an appropriate “risk-return position.” Shahar Maor’s work Copyright 2011 @STKI Do not remove source or attribution from any graphic or portion of graphic 6
Regulations –The Olympic Minimum Syndrome Shahar Maor’s work Copyright 2011 @STKI Do not remove source or attribution from any graphic or portion of graphic 7
When Regulation is a Good Idea… Shahar Maor’s work Copyright 2011 @STKI Do not remove source or attribution from any graphic or portion of graphic 8
SOX Shahar Maor’s work Copyright 2011 @STKI Do not remove source or attribution from any graphic or portion of graphic 9
Ultimate Liability Countrywide’s Angelo Mozilo, Bear Stearns’ Jimmy Cayne, Lehman Brothers’ Dick Fuld, and Merrill Lynch’s John Thain Shahar Maor’s work Copyright 2011 @STKI Do not remove source or attribution from any graphic or portion of graphic 10
Security Echo-System: Key Roles Senior Management CISO Custodian Data Users owners Shahar Maor’s work Copyright 2011 @STKI Do not remove source or attribution from any graphic or portion of graphic 11
PCI-DSS: Israeli Market and Challenges Requirement 1 Requirement 2 POS Terminals Requirement 3 PIN Pads DSL Router Requirement 4 Network Requirement 5 Requirement 6 Requirement 7 3rd Party Requirement 8 Scan Vendor Requirement 9 Policies Requirement 10 POS Server Requirement 11 Requirement 12 Shahar Maor’s work Copyright 2011 @STKI Do not remove source or attribution from any graphic or portion of graphic 12
Information Security “Threatscape” Shahar Maor’s work Copyright 2011 @STKI Do not remove source or attribution from any graphic or portion of graphic 13
Social Engineering Shahar Maor’s work Copyright 2011 @STKI Do not remove source or attribution from any graphic or portion of graphic 14
Social Engineering Preventing social engineering: • Verify identity • Do not give out passwords • Do not give out employee information • Do not follow commands from unverified sources • Do not distribute dial-in phone numbers to any computer system except to valid users • Do not participate in telephone surveys Reacting to social engineering: • Use Caller ID to document phone number • Take detailed notes • Get person’s name/position • Report incidents Shahar Maor’s work Copyright 2011 @STKI Do not remove source or attribution from any graphic or portion of graphic 15
Phishing • A social engineering scam • A scam that uses email or websites to deceive you into disclosing sensitive information • How does it work? – You receive an email or pop-up message – The message usually says that you need to update or validate your account information – It might threaten some dire consequence if you don’t respond – The message directs you to a bogus website – You type sensitive info….and that’s it… Shahar Maor’s work Copyright 2011 @STKI Do not remove source or attribution from any graphic or portion of graphic 16
Technologies Categorization 20102011 Cyber Warfare “Social” Market Curiosity Security Mobile Sec IT Project Major Changes DLP IRM Size of figure = Application complexity/ Security Cloud cost of project Security Security Endpoint Management Security Data Network Protection Security Using Implementing Looking Market Maturity Source: STKI Shahar Maor’s work Copyright 2011 @STKI Do not remove source or attribution from any graphic or portion of graphic 17
Cyber-Warfare http://edmahoney.wordpress.com/2010/01/13/cyber-war-home-theater/ Shahar Maor’s work Copyright 2011 @STKI Do not remove source or attribution from any graphic or portion of graphic 18
Mobile sec Shahar Maor’s work Copyright 2011 @STKI Do not remove source or attribution from any graphic or portion of graphic 19
“Social Security” Shahar Maor’s work Copyright 2011 @STKI Do not remove source or attribution from any graphic or portion of graphic 20
Data Centric Approach Build a wall – “perimeter “Business of Security” – Security security” is built into the business process Shahar Maor’s work Copyright 2011 @STKI Do not remove source or attribution from any graphic or portion of graphic 21
Data Security Domain Source: Securosis Shahar Maor’s work Copyright 2011 @STKI Do not remove source or attribution from any graphic or portion of graphic 22
STKI Index-20102011 –Top Queries to STKI SIEM/SOC Miscellaneous Encryption Regulations 3% 2% 1% 7% Vendor/Product EPS/mobile 8% 14% Market/Trends DB/DC SEC 13% 9% Access/Authenti DCS cation 9% 12% GW Network Sec 10% 12% Source: STKI Shahar Maor’s work Copyright 2011 @STKI Do not remove source or attribution from any graphic or portion of graphic 23
Internal vs. External Human Threats Shahar Maor’s work Copyright 2011 @STKI Do not remove source or attribution from any graphic or portion of graphic 24
Leakage Mitigation in Israel AwarenessMethodology IRMVaultingMail Protection DB protection GW protection Encryption Device Control Endpoint DLP Shahar Maor’s work Copyright 2011 @STKI Do not remove source or attribution from any graphic or portion of graphic 25
Protect your data • Data Loss Prevention- Network • Data Loss Prevention- Endpoint • Data Loss Prevention- Storage • Full Drive Encryption • Access Management • USB/Media • Entitlement Management Encryption/Device Control • Network Segregation • Enterprise Digital Rights • Server/Endpoint Hardening Management • USB/Media • Data Masking Encryption/Device Control • Entitlement Management • Database Encryption • DAM • Storage Encryption • Application Encryption • Email Filtering Shahar Maor’s work Copyright 2011 @STKI Do not remove source or attribution from any graphic or portion of graphic 26
Top Insights • Most organizations still rely heavily on “traditional” security controls like system hardening, email filtering, access management, and network segregation to protect data. • Most organizations see unstructured data storage as their main security concern • Most organizations must meet at least 1 regulatory or contractual compliance requirement. Shahar Maor’s work Copyright 2011 @STKI Do not remove source or attribution from any graphic or portion of graphic 27
Top Insights –con… • Many organizations tend “not to touch” their prod DB. DB protection: Estimated Technology Penetration EvaluatingNot Using this using technology 48% 52% Shahar Maor’s work Copyright 2011 @STKI Do not remove source or attribution from any graphic or portion of graphic 28
Identity and Access Management Shahar Maor’s work Copyright 2011 @STKI Do not remove source or attribution from any graphic or portion of graphic 29
Identity and Access Management this is where most activity occurs A Leper Colony – keep away!!! Shahar Maor’s work Copyright 2011 @STKI Do not remove source or attribution from any graphic or portion of graphic 30
Thank you! Download this presentation: Shahar Maor’s work Copyright 2011 @STKI Do not remove source or attribution from any graphic or portion of graphic 31

Recomendados

Cpm Introduction
Cpm IntroductionCpm Introduction
Cpm Introduction
Eric Kuo
 
Market outlook 19th July 2011
Market outlook 19th July 2011Market outlook 19th July 2011
Market outlook 19th July 2011
Angel Broking
 
Eric on economic capital modeling
Eric on economic capital modelingEric on economic capital modeling
Eric on economic capital modeling
Eric Kuo
 
Market Outlook 25 03 10
Market Outlook 25 03 10Market Outlook 25 03 10
Market Outlook 25 03 10
Angel Broking
 
Market Outlook -July 30, 2010
Market Outlook -July 30, 2010Market Outlook -July 30, 2010
Market Outlook -July 30, 2010
Angel Broking
 
Market Outlook - August 2, 2010
Market Outlook - August 2, 2010Market Outlook - August 2, 2010
Market Outlook - August 2, 2010
Angel Broking
 
Market Outlook 12th July 2011
Market Outlook 12th July 2011Market Outlook 12th July 2011
Market Outlook 12th July 2011
Angel Broking
 
Market outlook 26 04-10
Market outlook 26 04-10Market outlook 26 04-10
Market outlook 26 04-10
Angel Broking
 

Recomendados

Cpm Introduction
Cpm IntroductionCpm Introduction
Cpm Introduction
Eric Kuo
 
Market outlook 19th July 2011
Market outlook 19th July 2011Market outlook 19th July 2011
Market outlook 19th July 2011
Angel Broking
 
Eric on economic capital modeling
Eric on economic capital modelingEric on economic capital modeling
Eric on economic capital modeling
Eric Kuo
 
Market Outlook 25 03 10
Market Outlook 25 03 10Market Outlook 25 03 10
Market Outlook 25 03 10
Angel Broking
 
Market Outlook -July 30, 2010
Market Outlook -July 30, 2010Market Outlook -July 30, 2010
Market Outlook -July 30, 2010
Angel Broking
 
Market Outlook - August 2, 2010
Market Outlook - August 2, 2010Market Outlook - August 2, 2010
Market Outlook - August 2, 2010
Angel Broking
 
Market Outlook 12th July 2011
Market Outlook 12th July 2011Market Outlook 12th July 2011
Market Outlook 12th July 2011
Angel Broking
 
Market outlook 26 04-10
Market outlook 26 04-10Market outlook 26 04-10
Market outlook 26 04-10
Angel Broking
 
Networking stki summit 2012 -shahar geiger maor
Networking stki summit 2012 -shahar geiger maorNetworking stki summit 2012 -shahar geiger maor
Networking stki summit 2012 -shahar geiger maor
Shahar Geiger Maor
 
Mobile payment v3
Mobile payment v3Mobile payment v3
Mobile payment v3
Shahar Geiger Maor
 
Endpoints stki summit 2012-shahar geiger maor
Endpoints stki summit 2012-shahar geiger maorEndpoints stki summit 2012-shahar geiger maor
Endpoints stki summit 2012-shahar geiger maor
Shahar Geiger Maor
 
STKI Mobile brainstorming -MDM Panel
STKI Mobile brainstorming -MDM PanelSTKI Mobile brainstorming -MDM Panel
STKI Mobile brainstorming -MDM Panel
Shahar Geiger Maor
 
Information security stki summit 2012-shahar geiger maor
Information security stki summit 2012-shahar geiger maorInformation security stki summit 2012-shahar geiger maor
Information security stki summit 2012-shahar geiger maor
Shahar Geiger Maor
 
Cloud Security CISO club -April 2011 v2
Cloud Security CISO club -April 2011 v2Cloud Security CISO club -April 2011 v2
Cloud Security CISO club -April 2011 v2
Shahar Geiger Maor
 
Cyber economics v2 -Measuring the true cost of Cybercrime
Cyber economics v2 -Measuring the true cost of CybercrimeCyber economics v2 -Measuring the true cost of Cybercrime
Cyber economics v2 -Measuring the true cost of Cybercrime
Shahar Geiger Maor
 
PCI Challenges
PCI ChallengesPCI Challenges
PCI Challenges
Shahar Geiger Maor
 
How to Organize and Prioritize Requirements
How to Organize and Prioritize RequirementsHow to Organize and Prioritize Requirements
How to Organize and Prioritize Requirements
Patrick van Abbema, PMP, CBAP, CSP
 
Jaime fitzgerald on data driven customer experience in financial services and...
Jaime fitzgerald on data driven customer experience in financial services and...Jaime fitzgerald on data driven customer experience in financial services and...
Jaime fitzgerald on data driven customer experience in financial services and...
Jaime Fitzgerald
 
Customer Experience: Data-Driven Customer Satisfaction at TD Ameritrade
Customer Experience: Data-Driven Customer Satisfaction at TD AmeritradeCustomer Experience: Data-Driven Customer Satisfaction at TD Ameritrade
Customer Experience: Data-Driven Customer Satisfaction at TD Ameritrade
Jaime Fitzgerald
 
Jaime Fitzgerald on Data-Driven Customer Experience in Financial Services and...
Jaime Fitzgerald on Data-Driven Customer Experience in Financial Services and...Jaime Fitzgerald on Data-Driven Customer Experience in Financial Services and...
Jaime Fitzgerald on Data-Driven Customer Experience in Financial Services and...
Fitzgerald Analytics, Inc.
 
Coinsquad_ppt_deck_v1
Coinsquad_ppt_deck_v1Coinsquad_ppt_deck_v1
Coinsquad_ppt_deck_v1
Frederic Rough
 
Zero Trust : How to Get Started
Zero Trust : How to Get StartedZero Trust : How to Get Started
Zero Trust : How to Get Started
EyesOpen Association
 
Micro segmentation and zero trust for security and compliance - Guardicore an...
Micro segmentation and zero trust for security and compliance - Guardicore an...Micro segmentation and zero trust for security and compliance - Guardicore an...
Micro segmentation and zero trust for security and compliance - Guardicore an...
YouAttestSlideshare
 
enableIT Presentation- Capital Markets
enableIT Presentation- Capital MarketsenableIT Presentation- Capital Markets
enableIT Presentation- Capital Markets
Sammy Chowdhury, PMP, CSM, CISA
 
OIA administration
OIA administrationOIA administration
OIA administration
techmeonline
 
Open Banking UK “Identity Product” Internals #fapisum - Japan/UK Open Banking...
Open Banking UK “Identity Product” Internals #fapisum - Japan/UK Open Banking...Open Banking UK “Identity Product” Internals #fapisum - Japan/UK Open Banking...
Open Banking UK “Identity Product” Internals #fapisum - Japan/UK Open Banking...
FinTechLabs.io
 
Business Healthcheck Service By John Capper & Co
Business Healthcheck Service By John Capper & CoBusiness Healthcheck Service By John Capper & Co
Business Healthcheck Service By John Capper & Co
John Capper & Co
 
Zd sap - predictive analytics - 3-26-13 r1
Zd sap - predictive analytics - 3-26-13 r1Zd sap - predictive analytics - 3-26-13 r1
Zd sap - predictive analytics - 3-26-13 r1
Richard Lee
 
Reunião com investidores ing
Reunião com investidores ingReunião com investidores ing
Reunião com investidores ing
CSURIWEB
 
Reunião com investidores somente em inglês
Reunião com investidores somente em inglêsReunião com investidores somente em inglês
Reunião com investidores somente em inglês
CSURIWEB
 

Más contenido relacionado

Destacado

Networking stki summit 2012 -shahar geiger maor
Networking stki summit 2012 -shahar geiger maorNetworking stki summit 2012 -shahar geiger maor
Networking stki summit 2012 -shahar geiger maor
Shahar Geiger Maor
 
Endpoints stki summit 2012-shahar geiger maor
Endpoints stki summit 2012-shahar geiger maorEndpoints stki summit 2012-shahar geiger maor
Endpoints stki summit 2012-shahar geiger maor
Shahar Geiger Maor
 
Information security stki summit 2012-shahar geiger maor
Information security stki summit 2012-shahar geiger maorInformation security stki summit 2012-shahar geiger maor
Information security stki summit 2012-shahar geiger maor
Shahar Geiger Maor
 
Cyber economics v2 -Measuring the true cost of Cybercrime
Cyber economics v2 -Measuring the true cost of CybercrimeCyber economics v2 -Measuring the true cost of Cybercrime
Cyber economics v2 -Measuring the true cost of Cybercrime
Shahar Geiger Maor
 

Destacado (7)

Networking stki summit 2012 -shahar geiger maor
Networking stki summit 2012 -shahar geiger maorNetworking stki summit 2012 -shahar geiger maor
Networking stki summit 2012 -shahar geiger maor
 
Mobile payment v3
Mobile payment v3Mobile payment v3
Mobile payment v3
 
Endpoints stki summit 2012-shahar geiger maor
Endpoints stki summit 2012-shahar geiger maorEndpoints stki summit 2012-shahar geiger maor
Endpoints stki summit 2012-shahar geiger maor
 
STKI Mobile brainstorming -MDM Panel
STKI Mobile brainstorming -MDM PanelSTKI Mobile brainstorming -MDM Panel
STKI Mobile brainstorming -MDM Panel
 
Information security stki summit 2012-shahar geiger maor
Information security stki summit 2012-shahar geiger maorInformation security stki summit 2012-shahar geiger maor
Information security stki summit 2012-shahar geiger maor
 
Cloud Security CISO club -April 2011 v2
Cloud Security CISO club -April 2011 v2Cloud Security CISO club -April 2011 v2
Cloud Security CISO club -April 2011 v2
 
Cyber economics v2 -Measuring the true cost of Cybercrime
Cyber economics v2 -Measuring the true cost of CybercrimeCyber economics v2 -Measuring the true cost of Cybercrime
Cyber economics v2 -Measuring the true cost of Cybercrime
 

Similar a Risk, regulation and data protection

Jaime fitzgerald on data driven customer experience in financial services and...
Jaime fitzgerald on data driven customer experience in financial services and...Jaime fitzgerald on data driven customer experience in financial services and...
Jaime fitzgerald on data driven customer experience in financial services and...
Jaime Fitzgerald
 
Customer Experience: Data-Driven Customer Satisfaction at TD Ameritrade
Customer Experience: Data-Driven Customer Satisfaction at TD AmeritradeCustomer Experience: Data-Driven Customer Satisfaction at TD Ameritrade
Customer Experience: Data-Driven Customer Satisfaction at TD Ameritrade
Jaime Fitzgerald
 
Jaime Fitzgerald on Data-Driven Customer Experience in Financial Services and...
Jaime Fitzgerald on Data-Driven Customer Experience in Financial Services and...Jaime Fitzgerald on Data-Driven Customer Experience in Financial Services and...
Jaime Fitzgerald on Data-Driven Customer Experience in Financial Services and...
Fitzgerald Analytics, Inc.
 
Zd sap - predictive analytics - 3-26-13 r1
Zd sap - predictive analytics - 3-26-13 r1Zd sap - predictive analytics - 3-26-13 r1
Zd sap - predictive analytics - 3-26-13 r1
Richard Lee
 
Reunião com investidores ing
Reunião com investidores ingReunião com investidores ing
Reunião com investidores ing
CSURIWEB
 
Reunião com investidores somente em inglês
Reunião com investidores somente em inglêsReunião com investidores somente em inglês
Reunião com investidores somente em inglês
CSURIWEB
 
Reuniao investidores 2007
Reuniao investidores 2007Reuniao investidores 2007
Reuniao investidores 2007
CSURIWEB
 
Investors meeting
Investors meetingInvestors meeting
Investors meeting
CSURIWEB
 
Investors´ meeting
Investors´ meetingInvestors´ meeting
Investors´ meeting
CSURIWEB
 
090119 Enabling Strategic Sourcing
090119 Enabling Strategic Sourcing090119 Enabling Strategic Sourcing
090119 Enabling Strategic Sourcing
Han Driessen
 

Similar a Risk, regulation and data protection (20)

PCI Challenges
PCI ChallengesPCI Challenges
PCI Challenges
 
How to Organize and Prioritize Requirements
How to Organize and Prioritize RequirementsHow to Organize and Prioritize Requirements
How to Organize and Prioritize Requirements
 
Jaime fitzgerald on data driven customer experience in financial services and...
Jaime fitzgerald on data driven customer experience in financial services and...Jaime fitzgerald on data driven customer experience in financial services and...
Jaime fitzgerald on data driven customer experience in financial services and...
 
Customer Experience: Data-Driven Customer Satisfaction at TD Ameritrade
Customer Experience: Data-Driven Customer Satisfaction at TD AmeritradeCustomer Experience: Data-Driven Customer Satisfaction at TD Ameritrade
Customer Experience: Data-Driven Customer Satisfaction at TD Ameritrade
 
Jaime Fitzgerald on Data-Driven Customer Experience in Financial Services and...
Jaime Fitzgerald on Data-Driven Customer Experience in Financial Services and...Jaime Fitzgerald on Data-Driven Customer Experience in Financial Services and...
Jaime Fitzgerald on Data-Driven Customer Experience in Financial Services and...
 
Coinsquad_ppt_deck_v1
Coinsquad_ppt_deck_v1Coinsquad_ppt_deck_v1
Coinsquad_ppt_deck_v1
 
Zero Trust : How to Get Started
Zero Trust : How to Get StartedZero Trust : How to Get Started
Zero Trust : How to Get Started
 
Micro segmentation and zero trust for security and compliance - Guardicore an...
Micro segmentation and zero trust for security and compliance - Guardicore an...Micro segmentation and zero trust for security and compliance - Guardicore an...
Micro segmentation and zero trust for security and compliance - Guardicore an...
 
enableIT Presentation- Capital Markets
enableIT Presentation- Capital MarketsenableIT Presentation- Capital Markets
enableIT Presentation- Capital Markets
 
OIA administration
OIA administrationOIA administration
OIA administration
 
Open Banking UK “Identity Product” Internals #fapisum - Japan/UK Open Banking...
Open Banking UK “Identity Product” Internals #fapisum - Japan/UK Open Banking...Open Banking UK “Identity Product” Internals #fapisum - Japan/UK Open Banking...
Open Banking UK “Identity Product” Internals #fapisum - Japan/UK Open Banking...
 
Business Healthcheck Service By John Capper & Co
Business Healthcheck Service By John Capper & CoBusiness Healthcheck Service By John Capper & Co
Business Healthcheck Service By John Capper & Co
 
Zd sap - predictive analytics - 3-26-13 r1
Zd sap - predictive analytics - 3-26-13 r1Zd sap - predictive analytics - 3-26-13 r1
Zd sap - predictive analytics - 3-26-13 r1
 
Reunião com investidores ing
Reunião com investidores ingReunião com investidores ing
Reunião com investidores ing
 
Reunião com investidores somente em inglês
Reunião com investidores somente em inglêsReunião com investidores somente em inglês
Reunião com investidores somente em inglês
 
Reuniao investidores 2007
Reuniao investidores 2007Reuniao investidores 2007
Reuniao investidores 2007
 
Investors meeting
Investors meetingInvestors meeting
Investors meeting
 
Investors´ meeting
Investors´ meetingInvestors´ meeting
Investors´ meeting
 
SME Lending
SME LendingSME Lending
SME Lending
 
090119 Enabling Strategic Sourcing
090119 Enabling Strategic Sourcing090119 Enabling Strategic Sourcing
090119 Enabling Strategic Sourcing
 

Más de Shahar Geiger Maor

Infrastructure Trends -Jan 2010
Infrastructure Trends -Jan 2010Infrastructure Trends -Jan 2010
Infrastructure Trends -Jan 2010
Shahar Geiger Maor
 
Info Sec C T O Forum Nov 2009 V1
Info Sec C T O Forum Nov 2009 V1Info Sec C T O Forum Nov 2009 V1
Info Sec C T O Forum Nov 2009 V1
Shahar Geiger Maor
 
Green IT Trends in Israel July 2008
Green IT Trends in Israel July 2008Green IT Trends in Israel July 2008
Green IT Trends in Israel July 2008
Shahar Geiger Maor
 

Más de Shahar Geiger Maor (20)

From creeper to stuxnet
From creeper to stuxnetFrom creeper to stuxnet
From creeper to stuxnet
 
Social Sec infosec -pptx
Social Sec infosec -pptxSocial Sec infosec -pptx
Social Sec infosec -pptx
 
Summit 2011 trends in information security
Summit 2011 trends in information securitySummit 2011 trends in information security
Summit 2011 trends in information security
 
Summit 2011 trends in infrastructure services
Summit 2011 trends in infrastructure servicesSummit 2011 trends in infrastructure services
Summit 2011 trends in infrastructure services
 
DLP Trends -Dec 2010
DLP Trends -Dec 2010DLP Trends -Dec 2010
DLP Trends -Dec 2010
 
כנס אבטחת מידע מוטו תקשורת V2
כנס אבטחת מידע מוטו תקשורת V2כנס אבטחת מידע מוטו תקשורת V2
כנס אבטחת מידע מוטו תקשורת V2
 
Cloud security v2
Cloud security v2Cloud security v2
Cloud security v2
 
Stki Summit 2010 Infra Services V8
Stki Summit 2010 Infra Services V8Stki Summit 2010 Infra Services V8
Stki Summit 2010 Infra Services V8
 
Infrastructure Trends -Jan 2010
Infrastructure Trends -Jan 2010Infrastructure Trends -Jan 2010
Infrastructure Trends -Jan 2010
 
Info Sec C T O Forum Nov 2009 V1
Info Sec C T O Forum Nov 2009 V1Info Sec C T O Forum Nov 2009 V1
Info Sec C T O Forum Nov 2009 V1
 
Security Summit July 2009
Security Summit July 2009Security Summit July 2009
Security Summit July 2009
 
Green Security
Green SecurityGreen Security
Green Security
 
IPv6
IPv6IPv6
IPv6
 
STKI Summit 2009 -Infrastructure Services Trends
STKI Summit 2009 -Infrastructure Services TrendsSTKI Summit 2009 -Infrastructure Services Trends
STKI Summit 2009 -Infrastructure Services Trends
 
Trends In The Israeli Information Security Market 2008
Trends In The Israeli Information Security Market 2008Trends In The Israeli Information Security Market 2008
Trends In The Israeli Information Security Market 2008
 
Trends in the World and Israeli Green Data Centers (2008)
Trends in the World and Israeli Green Data Centers (2008)Trends in the World and Israeli Green Data Centers (2008)
Trends in the World and Israeli Green Data Centers (2008)
 
Trends in the Israeli Infrastructure Services/STKI Summit -Update June 2008
Trends in the Israeli Infrastructure Services/STKI Summit -Update June 2008Trends in the Israeli Infrastructure Services/STKI Summit -Update June 2008
Trends in the Israeli Infrastructure Services/STKI Summit -Update June 2008
 
Green IT Trends in Israel July 2008
Green IT Trends in Israel July 2008Green IT Trends in Israel July 2008
Green IT Trends in Israel July 2008
 
Round Tables Summary
Round Tables SummaryRound Tables Summary
Round Tables Summary
 
Green IT Trends in Israel
Green IT Trends in IsraelGreen IT Trends in Israel
Green IT Trends in Israel
 

Último

Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
Overkill Security
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Angeliki Cooney
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
 

Último (20)

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 

Risk, regulation and data protection

  • 1. Risk, Regulations and Data Protection Shahar Geiger Maor, Senior Analyst Scan me to your contacts: www.shaharmaor.blogspot.com http://www.facebook.com/shahar.maor http://twitter.com/shaharmaor
  • 2. What is Risk? Shahar Maor’s work Copyright 2011 @STKI Do not remove source or attribution from any graphic or portion of graphic 2
  • 3. Risk Management… • Risk management is present in all aspects of life • It is about the everyday trade-off between an expected reward and a potential danger • It is universal, in the sense - it refers to human behaviour in the decision making process 3 Shahar Maor’s work Copyright 2011 @STKI Do not remove source or attribution from any graphic or portion of graphic 3
  • 4. No Risk… No Gain! Shahar Maor’s work Copyright 2011 @STKI Do not remove source or attribution from any graphic or portion of graphic 4
  • 5. Benefits of Risk Management increased certainty Supports strategic and fewer Better service And surprises delivery Business planning More efficient Quick grasp use of of new Potential benefits resources opportunities Promotes Reassures continual stakeholders Helps focus improvement internal audit programme 5 Shahar Maor’s work Copyright 2011 @STKI Do not remove source or attribution from any graphic or portion of graphic 5
  • 6. • ERM is an ongoing process • ERM is an Integral part of how an organization operates • ERM applies to all organizations, not just financial organizations. • Risk applies broadly to all things threatening the achievement of organizational objectives • Risk is not limited to threats, but also refers to opportunities. • The goal of an organization is not “risk mitigation”, but seeking an appropriate “risk-return position.” Shahar Maor’s work Copyright 2011 @STKI Do not remove source or attribution from any graphic or portion of graphic 6
  • 7. Regulations –The Olympic Minimum Syndrome Shahar Maor’s work Copyright 2011 @STKI Do not remove source or attribution from any graphic or portion of graphic 7
  • 8. When Regulation is a Good Idea… Shahar Maor’s work Copyright 2011 @STKI Do not remove source or attribution from any graphic or portion of graphic 8
  • 9. SOX Shahar Maor’s work Copyright 2011 @STKI Do not remove source or attribution from any graphic or portion of graphic 9
  • 10. Ultimate Liability Countrywide’s Angelo Mozilo, Bear Stearns’ Jimmy Cayne, Lehman Brothers’ Dick Fuld, and Merrill Lynch’s John Thain Shahar Maor’s work Copyright 2011 @STKI Do not remove source or attribution from any graphic or portion of graphic 10
  • 11. Security Echo-System: Key Roles Senior Management CISO Custodian Data Users owners Shahar Maor’s work Copyright 2011 @STKI Do not remove source or attribution from any graphic or portion of graphic 11
  • 12. PCI-DSS: Israeli Market and Challenges Requirement 1 Requirement 2 POS Terminals Requirement 3 PIN Pads DSL Router Requirement 4 Network Requirement 5 Requirement 6 Requirement 7 3rd Party Requirement 8 Scan Vendor Requirement 9 Policies Requirement 10 POS Server Requirement 11 Requirement 12 Shahar Maor’s work Copyright 2011 @STKI Do not remove source or attribution from any graphic or portion of graphic 12
  • 13. Information Security “Threatscape” Shahar Maor’s work Copyright 2011 @STKI Do not remove source or attribution from any graphic or portion of graphic 13
  • 14. Social Engineering Shahar Maor’s work Copyright 2011 @STKI Do not remove source or attribution from any graphic or portion of graphic 14
  • 15. Social Engineering Preventing social engineering: • Verify identity • Do not give out passwords • Do not give out employee information • Do not follow commands from unverified sources • Do not distribute dial-in phone numbers to any computer system except to valid users • Do not participate in telephone surveys Reacting to social engineering: • Use Caller ID to document phone number • Take detailed notes • Get person’s name/position • Report incidents Shahar Maor’s work Copyright 2011 @STKI Do not remove source or attribution from any graphic or portion of graphic 15
  • 16. Phishing • A social engineering scam • A scam that uses email or websites to deceive you into disclosing sensitive information • How does it work? – You receive an email or pop-up message – The message usually says that you need to update or validate your account information – It might threaten some dire consequence if you don’t respond – The message directs you to a bogus website – You type sensitive info….and that’s it… Shahar Maor’s work Copyright 2011 @STKI Do not remove source or attribution from any graphic or portion of graphic 16
  • 17. Technologies Categorization 20102011 Cyber Warfare “Social” Market Curiosity Security Mobile Sec IT Project Major Changes DLP IRM Size of figure = Application complexity/ Security Cloud cost of project Security Security Endpoint Management Security Data Network Protection Security Using Implementing Looking Market Maturity Source: STKI Shahar Maor’s work Copyright 2011 @STKI Do not remove source or attribution from any graphic or portion of graphic 17
  • 18. Cyber-Warfare http://edmahoney.wordpress.com/2010/01/13/cyber-war-home-theater/ Shahar Maor’s work Copyright 2011 @STKI Do not remove source or attribution from any graphic or portion of graphic 18
  • 19. Mobile sec Shahar Maor’s work Copyright 2011 @STKI Do not remove source or attribution from any graphic or portion of graphic 19
  • 20. “Social Security” Shahar Maor’s work Copyright 2011 @STKI Do not remove source or attribution from any graphic or portion of graphic 20
  • 21. Data Centric Approach Build a wall – “perimeter “Business of Security” – Security security” is built into the business process Shahar Maor’s work Copyright 2011 @STKI Do not remove source or attribution from any graphic or portion of graphic 21
  • 22. Data Security Domain Source: Securosis Shahar Maor’s work Copyright 2011 @STKI Do not remove source or attribution from any graphic or portion of graphic 22
  • 23. STKI Index-20102011 –Top Queries to STKI SIEM/SOC Miscellaneous Encryption Regulations 3% 2% 1% 7% Vendor/Product EPS/mobile 8% 14% Market/Trends DB/DC SEC 13% 9% Access/Authenti DCS cation 9% 12% GW Network Sec 10% 12% Source: STKI Shahar Maor’s work Copyright 2011 @STKI Do not remove source or attribution from any graphic or portion of graphic 23
  • 24. Internal vs. External Human Threats Shahar Maor’s work Copyright 2011 @STKI Do not remove source or attribution from any graphic or portion of graphic 24
  • 25. Leakage Mitigation in Israel AwarenessMethodology IRMVaultingMail Protection DB protection GW protection Encryption Device Control Endpoint DLP Shahar Maor’s work Copyright 2011 @STKI Do not remove source or attribution from any graphic or portion of graphic 25
  • 26. Protect your data • Data Loss Prevention- Network • Data Loss Prevention- Endpoint • Data Loss Prevention- Storage • Full Drive Encryption • Access Management • USB/Media • Entitlement Management Encryption/Device Control • Network Segregation • Enterprise Digital Rights • Server/Endpoint Hardening Management • USB/Media • Data Masking Encryption/Device Control • Entitlement Management • Database Encryption • DAM • Storage Encryption • Application Encryption • Email Filtering Shahar Maor’s work Copyright 2011 @STKI Do not remove source or attribution from any graphic or portion of graphic 26
  • 27. Top Insights • Most organizations still rely heavily on “traditional” security controls like system hardening, email filtering, access management, and network segregation to protect data. • Most organizations see unstructured data storage as their main security concern • Most organizations must meet at least 1 regulatory or contractual compliance requirement. Shahar Maor’s work Copyright 2011 @STKI Do not remove source or attribution from any graphic or portion of graphic 27
  • 28. Top Insights –con… • Many organizations tend “not to touch” their prod DB. DB protection: Estimated Technology Penetration EvaluatingNot Using this using technology 48% 52% Shahar Maor’s work Copyright 2011 @STKI Do not remove source or attribution from any graphic or portion of graphic 28
  • 29. Identity and Access Management Shahar Maor’s work Copyright 2011 @STKI Do not remove source or attribution from any graphic or portion of graphic 29
  • 30. Identity and Access Management this is where most activity occurs A Leper Colony – keep away!!! Shahar Maor’s work Copyright 2011 @STKI Do not remove source or attribution from any graphic or portion of graphic 30
  • 31. Thank you! Download this presentation: Shahar Maor’s work Copyright 2011 @STKI Do not remove source or attribution from any graphic or portion of graphic 31