Embed Size (px)
Citation preview
Hidden Pitfalls: Identify and Manage the Latent
Risk in Your Organization
Fernando Martinez Ph.D. CISSP CISM CISA
Defined: LATENT RISK
Risk that is present and capable of emerging or
developing but not visible, obvious or active
Why speak about it or focus on it?
[Enter]
Collusion and Willful Neglect
“51% of employees said
they would go around any policy that restricted their use of their own devices or
use of cloud storage” Elizabeth Weise, USA Today, August 26th 2014, Money – Cybersecurity for Business, Pg. 3B. Citing data from 2014 Fortinet study.
Approach??
IoT
Distributed Data
Cloud Storage
What “Data Breach Fatigue” Could Mean for the Privacy
Profession
June 6, 2014
(https://privacyassociation.org/news/a/what-data-breach-fatigue-could-mean-for-the-privacy-profession/)
Data breach notification fatigue: Do consumers (eventually) tune out? Data breach notifications are flying en masse following the Epsilon Interactive breach, but are they doing customers any good? By George V. Hulme CSO | Apr 12, 2011 8:00 AM http://www.csoonline.com/article/2127999/data-protection/data-breach-notification-fatigue--do-consumers--eventually--tune-out-.html
• Close to 50% - 110 Million – of all adults • In the last 12 months! • Conservative figure – several large
organizations are not “fully transparent” http://money.cnn.com/2014/05/28/technology/security/hack-data-breach/
BYOD aka Consumerization
Social Engineering
Identity Management
Two Factor
Identity Management
Multi Factor
Latent Risk - Summarized
1. Internet of Things (IoT) 2. Distributed Data 3. Cloud Storage 4. Consumerization 5. Social Engineering 6. Challenge/Response for identity
management 7. Data breach fatigue
There is no Silver Bullet
Abstraction
Fernando Martinez, PhD Senior Vice President and CIO
Parkland Health and Hospital System [email protected]
