Embed Size (px)
DESCRIPTION
This was a presentation given by Garland Group consultant, Eric Kitchens, in April 2011 where he talks about the latest security trends in banking.
Citation preview
Top Security Threatsfor 2011
Thursday, March 31, 2011
Presenter
Eric Kitchens, CISSP/CISA
Thursday, March 31, 2011
riskkey.com
• IT Audit / Security Testing
• Continuous Compliance
• Collaboration Consulting
Thursday, March 31, 2011
What Are TheTop Security Threats
for 2011?
Thursday, March 31, 2011
Something Old, Something New, Something Borrowed...
Thursday, March 31, 2011
Something Old, Something New, Something Borrowed...
Threats that were big news in the past are still out there.
Thursday, March 31, 2011
Something Old, Something New, Something Borrowed...
Threats that were big news in the past are still out there.
New and emerging threats often are combinations of “old” threats.
Thursday, March 31, 2011
Something Old, Something New, Something Borrowed...
Threats that were big news in the past are still out there.
New and emerging threats often are combinations of “old” threats.
It’s never too late to mitigate.
Thursday, March 31, 2011
Something Old...
Threats that have been with us for many years and will be with us for years to come.
Thursday, March 31, 2011
Something Old...
Threats that have been with us for many years and will be with us for years to come.
• Mobile Devices
Thursday, March 31, 2011
Something Old...
Threats that have been with us for many years and will be with us for years to come.
• Mobile Devices
• Cloud Computing & Virtualization
Thursday, March 31, 2011
Something Old...
Threats that have been with us for many years and will be with us for years to come.
• Mobile Devices
• Cloud Computing & Virtualization
• Application Vulnerabilities
Thursday, March 31, 2011
Mobile Devices
Thursday, March 31, 2011
Mobile Devices
• Various Platforms
Thursday, March 31, 2011
Mobile Devices
• Various Platforms
• Mal-Ware in the AppStore
Thursday, March 31, 2011
Mobile Devices
• Various Platforms
• Mal-Ware in the AppStore
• Merging Business & Personal Use
Thursday, March 31, 2011
Mobile Devices
• Various Platforms
• Mal-Ware in the AppStore
• Merging Business & Personal Use
• Lost or Stolen Devices & Data
Thursday, March 31, 2011
Cloud Computing
Thursday, March 31, 2011
Cloud Computing
• Expanding Scope of Virtualization
Thursday, March 31, 2011
Cloud Computing
• Expanding Scope of Virtualization
• Outsourced Applications and Services
Thursday, March 31, 2011
Application Vulnerabilities
Thursday, March 31, 2011
Application Vulnerabilities
• Operating System Vulnerabilities are Decreasing
Thursday, March 31, 2011
Application Vulnerabilities
• Operating System Vulnerabilities are Decreasing
• Application Specific Vulnerabilities are on the Rise
Thursday, March 31, 2011
Application Vulnerabilities
• Operating System Vulnerabilities are Decreasing
• Application Specific Vulnerabilities are on the Rise
• Evaluate Automated Patching Tools for All Applications & Systems
Thursday, March 31, 2011
Something New...Not “new” but emerging and evolving into new problems
Thursday, March 31, 2011
Something New...Not “new” but emerging and evolving into new problems
• Advanced Persistent Threats
Thursday, March 31, 2011
Something New...Not “new” but emerging and evolving into new problems
• Advanced Persistent Threats
• Hacktivisim
Thursday, March 31, 2011
Something New...Not “new” but emerging and evolving into new problems
• Advanced Persistent Threats
• Hacktivisim
• Cyberterrorism
Thursday, March 31, 2011
Advanced Persistent Threats
Thursday, March 31, 2011
Advanced Persistent Threats
• Google and RSA Are Recent Examples
Thursday, March 31, 2011
Advanced Persistent Threats
• Google and RSA Are Recent Examples
• Executed Over Extended Period of Time
Thursday, March 31, 2011
Advanced Persistent Threats
• Google and RSA Are Recent Examples
• Executed Over Extended Period of Time
• Adapts to Defenses and Mitigation Strategies
Thursday, March 31, 2011
Advanced Persistent Threats
• Google and RSA Are Recent Examples
• Executed Over Extended Period of Time
• Adapts to Defenses and Mitigation Strategies
• Baselining and Monitoring are Essential for Defense
Thursday, March 31, 2011
Cyber-Terrorism & Hacktivism
Thursday, March 31, 2011
Cyber-Terrorism & Hacktivism
• DoS of Visa and MasterCard from WikiLeaks Supporters are Prime Examples.
Thursday, March 31, 2011
Cyber-Terrorism & Hacktivism
• DoS of Visa and MasterCard from WikiLeaks Supporters are Prime Examples.
• Disrupting Services for Ideological Purposes
Thursday, March 31, 2011
Cyber-Terrorism & Hacktivism
• DoS of Visa and MasterCard from WikiLeaks Supporters are Prime Examples.
• Tools are Freely Available to Non-Technical Users
• Disrupting Services for Ideological Purposes
Thursday, March 31, 2011
Cyber-Terrorism & Hacktivism
• DoS of Visa and MasterCard from WikiLeaks Supporters are Prime Examples.
• Be Aware of Outsourced Relationships and Higher Risk Customers They Service
• Tools are Freely Available to Non-Technical Users
• Disrupting Services for Ideological Purposes
Thursday, March 31, 2011
Something Borrowed...
Thursday, March 31, 2011
Something Borrowed...“I swear, I meant to return all the confidential data on my USB drive
after I was done ‘borrowing’ it!”
Thursday, March 31, 2011
Something Borrowed...“I swear, I meant to return all the confidential data on my USB drive
after I was done ‘borrowing’ it!”
• Insider Threats
Thursday, March 31, 2011
Something Borrowed...“I swear, I meant to return all the confidential data on my USB drive
after I was done ‘borrowing’ it!”
• Insider Threats
• Data Classification and Control
Thursday, March 31, 2011
Something Borrowed...“I swear, I meant to return all the confidential data on my USB drive
after I was done ‘borrowing’ it!”
• Insider Threats
• Data Classification and Control
• USB Storage Devices
Thursday, March 31, 2011
Questions & Answers
Thursday, March 31, 2011
