SlideShare a Scribd company logo

Nsa spying gem_2013_final

Download as PPTX, PDF
Claus Cramon Houmann
Claus Cramon Houmann

A presentation describing why companies should take the consequences of the global spying & encryption weakening into account when assessing risks

TechnologyBusiness
1 of 15
Banque Öhman The potential consequences of the NSA (and GHCQ) spying on the mobile enterprise And what you can/should do about it Claus Cramon Houmann 2013-11-14
Banque Öhman 2013-11-14 Key take aways: • The known and the ”feared” extents of the NSA spying & others who spy • Spyware exists which can take full control of any mobile device, not to mention laptops • Defend your enterprise with Defense in depth which includes devices outside the perimeter • Make sure you know which data leaves the perimeter • Do your risk assessments and protect against your REAL threats • Consider any data that leaves the perimeter lost 2 Öhman
Banque Öhman Why am I here presenting this? • June 6th • ..and since then • Truth has been coming out • That affects us all 3 Öhman 2013-11-14
Banque Öhman 2013-11-14 Initial releases from Snowden trove • PRISM, XKEYSCORE, other programs that combined SPY on our lives -> and remove much of our privacy & security – Calls being recorded in the US – private AND corporate – Metadata for all calls and Internet in the US – -> this alone is a quite a risk for companies operating in the US • But THEN started the real revelations that concern any company, worldwide.... 4 Öhman
Banque Öhman 2013-11-14 !Collect everything! • It turns out that the NSA&Partners collect everything (almost) – – – – – Your calls Your metadata Your e-mails Your google searches Your banking transactions – Your social media activity • They are intercepting, analyzing and storing almost all Internet traffic. If they cant decrypt it, it just gets stored longer until they can 5 Öhman
Banque Öhman !Tailored access! • It’s not enough to just collect and store everything • NSA actively hacks states, companies and private individuals • To make this EASIER they have also weakened an unknown amount of cryptographic standards and tools 6 Öhman 2013-11-14
Banque Öhman Red flags – special NSA target areas • • • • • Any bank with a swift code Anyone using encryption Anyone doing anything in the middle east Anything to do with oil or gas (energy) Anyone building security system / Infosec systems 7 Öhman 2013-11-14
Banque Öhman But wait...this doesnt affect my company • Raise your hand if you’re thinking this right now 8 Öhman 2013-11-14
Banque Öhman My guess • Is that around 25% of people present raised their hands • I hope for 0 • If 25% raised their hands, another 25% didnt – only due to normal classroom psychology 9 Öhman 2013-11-14
Banque Öhman 2013-11-14 Why are those raised hands wrong? • Others have the means to exploit cryptographic weaknesses – China, Russia, serious competitors? • The NSA passes information to US Government (and others?), it’s conceivable that information from NSA spying ends up in US corp hands (http://www.zerohedge.com/contributed/2013-10-21/nsabusted-conducting-industrial-espionage-france-mexico-brazilchina-and-all) – This has happened before (echelon anno 2000 in BBC report fx) - Anyone can potentially get at your data! Especially on exposed locations such as mobile devices 10 Öhman
Banque Öhman But then...what can we do? • Risk Management – mitigate the risks to acceptable levels • Defense-in-depth: Defend your data, wherever and whenever appropriate. Follow the booming market for innovative tools – eventually someone will find a way to protect smartphones /tablets acceptably. Laptops already protectable • ENCRYPT. EVERYTHING. NOW. • Manage where your data is. Control that policies are followed. • Awareness training & GRC implementation/improvement 11 Öhman 2013-11-14
Banque Öhman Defense-in-depth. Isnt is simple and beatiful? 12 Öhman 2013-11-14
Banque Öhman 2013-11-14 The future brings.... • European or Global Crypto-standards institute • Advanced malware protection tools (AMP’s), also for phones and tablets • Changes to how NSA spies on US citizens...but how about the rest of us....? • Fortress Europe? Fortress South-america? Fortress Russia? 13 Öhman
Banque Öhman 2013-11-14 About me • Claus Cramon Houmann, 38, married to Tina and I have 3 lovely kids • CISSP, ITIL Certified Expert, Prince2 practitioner • You can contact me anytime: – Skype: Claushj0707 – Twitter: @claushoumann • Sources used: – Richard Stiennon’s presentation: ”How the surveillance state is changing IT security forever” – Tidbits from @mikko’s TEDx presentation recently 14 Öhman
Banque Öhman Questions? 15 Öhman 2013-11-14

Recommended

ADW#21 La Veille à l’heure des médias sociaux
ADW#21 La Veille à l’heure des médias sociauxADW#21 La Veille à l’heure des médias sociaux
ADW#21 La Veille à l’heure des médias sociauxAtlantic 2.0
 
Rapport crédit agricole erep 25012014 final
Rapport crédit agricole erep 25012014 finalRapport crédit agricole erep 25012014 final
Rapport crédit agricole erep 25012014 finalRenaud Bourasset
 
Spotter Presentation 2009 : anticipez les situations sensibles ...
Spotter Presentation 2009 : anticipez les situations sensibles ...Spotter Presentation 2009 : anticipez les situations sensibles ...
Spotter Presentation 2009 : anticipez les situations sensibles ...Arnaud VELTEN (BUSINESS COMMANDO)
 
La geolocalisation: Etat de la situation dec 2013
La geolocalisation: Etat de la situation dec 2013La geolocalisation: Etat de la situation dec 2013
La geolocalisation: Etat de la situation dec 2013Bionopsys
 
Diffuser La Veille
Diffuser La VeilleDiffuser La Veille
Diffuser La VeilleThomas Chaimbault-Petitjean
 
Rapport etonnement Gfaure
Rapport etonnement GfaureRapport etonnement Gfaure
Rapport etonnement GfaureStéphane VINCENT
 
Orangina : les retombées du buzz analysées par Dynvibe
Orangina : les retombées du buzz analysées par DynvibeOrangina : les retombées du buzz analysées par Dynvibe
Orangina : les retombées du buzz analysées par DynvibePetit Web
 
La Veille sur Internet
La Veille sur InternetLa Veille sur Internet
La Veille sur InternetSemaweb
 

Recommended

ADW#21 La Veille à l’heure des médias sociaux
ADW#21 La Veille à l’heure des médias sociauxADW#21 La Veille à l’heure des médias sociaux
ADW#21 La Veille à l’heure des médias sociauxAtlantic 2.0
 
Rapport crédit agricole erep 25012014 final
Rapport crédit agricole erep 25012014 finalRapport crédit agricole erep 25012014 final
Rapport crédit agricole erep 25012014 finalRenaud Bourasset
 
Spotter Presentation 2009 : anticipez les situations sensibles ...
Spotter Presentation 2009 : anticipez les situations sensibles ...Spotter Presentation 2009 : anticipez les situations sensibles ...
Spotter Presentation 2009 : anticipez les situations sensibles ...Arnaud VELTEN (BUSINESS COMMANDO)
 
La geolocalisation: Etat de la situation dec 2013
La geolocalisation: Etat de la situation dec 2013La geolocalisation: Etat de la situation dec 2013
La geolocalisation: Etat de la situation dec 2013Bionopsys
 
Diffuser La Veille
Diffuser La VeilleDiffuser La Veille
Diffuser La VeilleThomas Chaimbault-Petitjean
 
Rapport etonnement Gfaure
Rapport etonnement GfaureRapport etonnement Gfaure
Rapport etonnement GfaureStéphane VINCENT
 
Orangina : les retombées du buzz analysées par Dynvibe
Orangina : les retombées du buzz analysées par DynvibeOrangina : les retombées du buzz analysées par Dynvibe
Orangina : les retombées du buzz analysées par DynvibePetit Web
 
La Veille sur Internet
La Veille sur InternetLa Veille sur Internet
La Veille sur InternetSemaweb
 
La veille, c'est quoi ? Intro
La veille, c'est quoi ? IntroLa veille, c'est quoi ? Intro
La veille, c'est quoi ? Introanne.wiener
 
Introduction à la veille technologique S1E01
Introduction à la veille technologique S1E01Introduction à la veille technologique S1E01
Introduction à la veille technologique S1E01Alain Marois
 
Automatiser la diffusion de sa veille pole documentation.fr
Automatiser la diffusion de sa veille pole documentation.frAutomatiser la diffusion de sa veille pole documentation.fr
Automatiser la diffusion de sa veille pole documentation.frPoleDocumentation.fr
 
Traiter, partager, diffuser et capitaliser sa veille
Traiter, partager, diffuser et capitaliser sa veilleTraiter, partager, diffuser et capitaliser sa veille
Traiter, partager, diffuser et capitaliser sa veilleDujol Lionel
 
Mailchimp : créer des lettres d'information (newsletters) alimentées automati...
Mailchimp : créer des lettres d'information (newsletters) alimentées automati...Mailchimp : créer des lettres d'information (newsletters) alimentées automati...
Mailchimp : créer des lettres d'information (newsletters) alimentées automati...Serge Courrier
 
Diffuser les résultats de la veille avec les outils de "curation" : Scoop.it,...
Diffuser les résultats de la veille avec les outils de "curation" : Scoop.it,...Diffuser les résultats de la veille avec les outils de "curation" : Scoop.it,...
Diffuser les résultats de la veille avec les outils de "curation" : Scoop.it,...URFIST de Rennes
 
RDV des Jeunes Entrepreneurs : veille concurrentielle
RDV des Jeunes Entrepreneurs : veille concurrentielle RDV des Jeunes Entrepreneurs : veille concurrentielle
RDV des Jeunes Entrepreneurs : veille concurrentielle COMPETITIC
 
Mise En Oeuvre Dune Cellule De Veille 2.0 (Linked In)
Mise En Oeuvre Dune Cellule De Veille 2.0 (Linked In)Mise En Oeuvre Dune Cellule De Veille 2.0 (Linked In)
Mise En Oeuvre Dune Cellule De Veille 2.0 (Linked In)Charbel Lahoud
 
I am the Cavalry (The Cavalry Is Us) Sourceconf September 2015
I am the Cavalry (The Cavalry Is Us) Sourceconf September 2015I am the Cavalry (The Cavalry Is Us) Sourceconf September 2015
I am the Cavalry (The Cavalry Is Us) Sourceconf September 2015Claus Cramon Houmann
 
Keynote at the Cyber Security Summit Prague 2015
Keynote at the Cyber Security Summit Prague 2015Keynote at the Cyber Security Summit Prague 2015
Keynote at the Cyber Security Summit Prague 2015Claus Cramon Houmann
 
Keynote Information Security days Luxembourg 2015
Keynote Information Security days Luxembourg 2015Keynote Information Security days Luxembourg 2015
Keynote Information Security days Luxembourg 2015Claus Cramon Houmann
 
Presentation infra and_datacentrre_dialogue_v2
Presentation infra and_datacentrre_dialogue_v2Presentation infra and_datacentrre_dialogue_v2
Presentation infra and_datacentrre_dialogue_v2Claus Cramon Houmann
 
Defending Enterprise IT - beating assymetricality
Defending Enterprise IT - beating assymetricalityDefending Enterprise IT - beating assymetricality
Defending Enterprise IT - beating assymetricalityClaus Cramon Houmann
 
The cavalry is us i tdays-luxembourg 2014.11.20 v1.0
The cavalry is us i tdays-luxembourg 2014.11.20 v1.0The cavalry is us i tdays-luxembourg 2014.11.20 v1.0
The cavalry is us i tdays-luxembourg 2014.11.20 v1.0Claus Cramon Houmann
 
Thought Leader Global 2014 Amsterdam: Taking Security seriously -> Going beyo...
Thought Leader Global 2014 Amsterdam: Taking Security seriously -> Going beyo...Thought Leader Global 2014 Amsterdam: Taking Security seriously -> Going beyo...
Thought Leader Global 2014 Amsterdam: Taking Security seriously -> Going beyo...Claus Cramon Houmann
 
The unspeakable-pitfalls of mobile security
The unspeakable-pitfalls of mobile securityThe unspeakable-pitfalls of mobile security
The unspeakable-pitfalls of mobile securityClaus Cramon Houmann
 
Defensive strategies
Defensive strategiesDefensive strategies
Defensive strategiesClaus Cramon Houmann
 
Mitigating the clicker
Mitigating the clickerMitigating the clicker
Mitigating the clickerClaus Cramon Houmann
 
Css 2013 claushoumann Building comprehensively for IT Security
Css 2013 claushoumann Building comprehensively for IT SecurityCss 2013 claushoumann Building comprehensively for IT Security
Css 2013 claushoumann Building comprehensively for IT SecurityClaus Cramon Houmann
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 

More Related Content

Viewers also liked

La veille, c'est quoi ? Intro
La veille, c'est quoi ? IntroLa veille, c'est quoi ? Intro
La veille, c'est quoi ? Introanne.wiener
 
Introduction à la veille technologique S1E01
Introduction à la veille technologique S1E01Introduction à la veille technologique S1E01
Introduction à la veille technologique S1E01Alain Marois
 
Automatiser la diffusion de sa veille pole documentation.fr
Automatiser la diffusion de sa veille pole documentation.frAutomatiser la diffusion de sa veille pole documentation.fr
Automatiser la diffusion de sa veille pole documentation.frPoleDocumentation.fr
 
Traiter, partager, diffuser et capitaliser sa veille
Traiter, partager, diffuser et capitaliser sa veilleTraiter, partager, diffuser et capitaliser sa veille
Traiter, partager, diffuser et capitaliser sa veilleDujol Lionel
 
Mailchimp : créer des lettres d'information (newsletters) alimentées automati...
Mailchimp : créer des lettres d'information (newsletters) alimentées automati...Mailchimp : créer des lettres d'information (newsletters) alimentées automati...
Mailchimp : créer des lettres d'information (newsletters) alimentées automati...Serge Courrier
 
Diffuser les résultats de la veille avec les outils de "curation" : Scoop.it,...
Diffuser les résultats de la veille avec les outils de "curation" : Scoop.it,...Diffuser les résultats de la veille avec les outils de "curation" : Scoop.it,...
Diffuser les résultats de la veille avec les outils de "curation" : Scoop.it,...URFIST de Rennes
 
RDV des Jeunes Entrepreneurs : veille concurrentielle
RDV des Jeunes Entrepreneurs : veille concurrentielle RDV des Jeunes Entrepreneurs : veille concurrentielle
RDV des Jeunes Entrepreneurs : veille concurrentielle COMPETITIC
 
Mise En Oeuvre Dune Cellule De Veille 2.0 (Linked In)
Mise En Oeuvre Dune Cellule De Veille 2.0 (Linked In)Mise En Oeuvre Dune Cellule De Veille 2.0 (Linked In)
Mise En Oeuvre Dune Cellule De Veille 2.0 (Linked In)Charbel Lahoud
 

Viewers also liked (8)

La veille, c'est quoi ? Intro
La veille, c'est quoi ? IntroLa veille, c'est quoi ? Intro
La veille, c'est quoi ? Intro
 
Introduction à la veille technologique S1E01
Introduction à la veille technologique S1E01Introduction à la veille technologique S1E01
Introduction à la veille technologique S1E01
 
Automatiser la diffusion de sa veille pole documentation.fr
Automatiser la diffusion de sa veille pole documentation.frAutomatiser la diffusion de sa veille pole documentation.fr
Automatiser la diffusion de sa veille pole documentation.fr
 
Traiter, partager, diffuser et capitaliser sa veille
Traiter, partager, diffuser et capitaliser sa veilleTraiter, partager, diffuser et capitaliser sa veille
Traiter, partager, diffuser et capitaliser sa veille
 
Mailchimp : créer des lettres d'information (newsletters) alimentées automati...
Mailchimp : créer des lettres d'information (newsletters) alimentées automati...Mailchimp : créer des lettres d'information (newsletters) alimentées automati...
Mailchimp : créer des lettres d'information (newsletters) alimentées automati...
 
Diffuser les résultats de la veille avec les outils de "curation" : Scoop.it,...
Diffuser les résultats de la veille avec les outils de "curation" : Scoop.it,...Diffuser les résultats de la veille avec les outils de "curation" : Scoop.it,...
Diffuser les résultats de la veille avec les outils de "curation" : Scoop.it,...
 
RDV des Jeunes Entrepreneurs : veille concurrentielle
RDV des Jeunes Entrepreneurs : veille concurrentielle RDV des Jeunes Entrepreneurs : veille concurrentielle
RDV des Jeunes Entrepreneurs : veille concurrentielle
 
Mise En Oeuvre Dune Cellule De Veille 2.0 (Linked In)
Mise En Oeuvre Dune Cellule De Veille 2.0 (Linked In)Mise En Oeuvre Dune Cellule De Veille 2.0 (Linked In)
Mise En Oeuvre Dune Cellule De Veille 2.0 (Linked In)
 

More from Claus Cramon Houmann

I am the Cavalry (The Cavalry Is Us) Sourceconf September 2015
I am the Cavalry (The Cavalry Is Us) Sourceconf September 2015I am the Cavalry (The Cavalry Is Us) Sourceconf September 2015
I am the Cavalry (The Cavalry Is Us) Sourceconf September 2015Claus Cramon Houmann
 
Keynote at the Cyber Security Summit Prague 2015
Keynote at the Cyber Security Summit Prague 2015Keynote at the Cyber Security Summit Prague 2015
Keynote at the Cyber Security Summit Prague 2015Claus Cramon Houmann
 
Keynote Information Security days Luxembourg 2015
Keynote Information Security days Luxembourg 2015Keynote Information Security days Luxembourg 2015
Keynote Information Security days Luxembourg 2015Claus Cramon Houmann
 
Presentation infra and_datacentrre_dialogue_v2
Presentation infra and_datacentrre_dialogue_v2Presentation infra and_datacentrre_dialogue_v2
Presentation infra and_datacentrre_dialogue_v2Claus Cramon Houmann
 
Defending Enterprise IT - beating assymetricality
Defending Enterprise IT - beating assymetricalityDefending Enterprise IT - beating assymetricality
Defending Enterprise IT - beating assymetricalityClaus Cramon Houmann
 
The cavalry is us i tdays-luxembourg 2014.11.20 v1.0
The cavalry is us i tdays-luxembourg 2014.11.20 v1.0The cavalry is us i tdays-luxembourg 2014.11.20 v1.0
The cavalry is us i tdays-luxembourg 2014.11.20 v1.0Claus Cramon Houmann
 
Thought Leader Global 2014 Amsterdam: Taking Security seriously -> Going beyo...
Thought Leader Global 2014 Amsterdam: Taking Security seriously -> Going beyo...Thought Leader Global 2014 Amsterdam: Taking Security seriously -> Going beyo...
Thought Leader Global 2014 Amsterdam: Taking Security seriously -> Going beyo...Claus Cramon Houmann
 
The unspeakable-pitfalls of mobile security
The unspeakable-pitfalls of mobile securityThe unspeakable-pitfalls of mobile security
The unspeakable-pitfalls of mobile securityClaus Cramon Houmann
 
Css 2013 claushoumann Building comprehensively for IT Security
Css 2013 claushoumann Building comprehensively for IT SecurityCss 2013 claushoumann Building comprehensively for IT Security
Css 2013 claushoumann Building comprehensively for IT SecurityClaus Cramon Houmann
 

More from Claus Cramon Houmann (11)

I am the Cavalry (The Cavalry Is Us) Sourceconf September 2015
I am the Cavalry (The Cavalry Is Us) Sourceconf September 2015I am the Cavalry (The Cavalry Is Us) Sourceconf September 2015
I am the Cavalry (The Cavalry Is Us) Sourceconf September 2015
 
Keynote at the Cyber Security Summit Prague 2015
Keynote at the Cyber Security Summit Prague 2015Keynote at the Cyber Security Summit Prague 2015
Keynote at the Cyber Security Summit Prague 2015
 
Keynote Information Security days Luxembourg 2015
Keynote Information Security days Luxembourg 2015Keynote Information Security days Luxembourg 2015
Keynote Information Security days Luxembourg 2015
 
Presentation infra and_datacentrre_dialogue_v2
Presentation infra and_datacentrre_dialogue_v2Presentation infra and_datacentrre_dialogue_v2
Presentation infra and_datacentrre_dialogue_v2
 
Defending Enterprise IT - beating assymetricality
Defending Enterprise IT - beating assymetricalityDefending Enterprise IT - beating assymetricality
Defending Enterprise IT - beating assymetricality
 
The cavalry is us i tdays-luxembourg 2014.11.20 v1.0
The cavalry is us i tdays-luxembourg 2014.11.20 v1.0The cavalry is us i tdays-luxembourg 2014.11.20 v1.0
The cavalry is us i tdays-luxembourg 2014.11.20 v1.0
 
Thought Leader Global 2014 Amsterdam: Taking Security seriously -> Going beyo...
Thought Leader Global 2014 Amsterdam: Taking Security seriously -> Going beyo...Thought Leader Global 2014 Amsterdam: Taking Security seriously -> Going beyo...
Thought Leader Global 2014 Amsterdam: Taking Security seriously -> Going beyo...
 
The unspeakable-pitfalls of mobile security
The unspeakable-pitfalls of mobile securityThe unspeakable-pitfalls of mobile security
The unspeakable-pitfalls of mobile security
 
Defensive strategies
Defensive strategiesDefensive strategies
Defensive strategies
 
Mitigating the clicker
Mitigating the clickerMitigating the clicker
Mitigating the clicker
 
Css 2013 claushoumann Building comprehensively for IT Security
Css 2013 claushoumann Building comprehensively for IT SecurityCss 2013 claushoumann Building comprehensively for IT Security
Css 2013 claushoumann Building comprehensively for IT Security
 

Recently uploaded

08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 

Recently uploaded (20)

08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 

Nsa spying gem_2013_final

  • 1. Banque Öhman The potential consequences of the NSA (and GHCQ) spying on the mobile enterprise And what you can/should do about it Claus Cramon Houmann 2013-11-14
  • 2. Banque Öhman 2013-11-14 Key take aways: • The known and the ”feared” extents of the NSA spying & others who spy • Spyware exists which can take full control of any mobile device, not to mention laptops • Defend your enterprise with Defense in depth which includes devices outside the perimeter • Make sure you know which data leaves the perimeter • Do your risk assessments and protect against your REAL threats • Consider any data that leaves the perimeter lost 2 Öhman
  • 3. Banque Öhman Why am I here presenting this? • June 6th • ..and since then • Truth has been coming out • That affects us all 3 Öhman 2013-11-14
  • 4. Banque Öhman 2013-11-14 Initial releases from Snowden trove • PRISM, XKEYSCORE, other programs that combined SPY on our lives -> and remove much of our privacy & security – Calls being recorded in the US – private AND corporate – Metadata for all calls and Internet in the US – -> this alone is a quite a risk for companies operating in the US • But THEN started the real revelations that concern any company, worldwide.... 4 Öhman
  • 5. Banque Öhman 2013-11-14 !Collect everything! • It turns out that the NSA&Partners collect everything (almost) – – – – – Your calls Your metadata Your e-mails Your google searches Your banking transactions – Your social media activity • They are intercepting, analyzing and storing almost all Internet traffic. If they cant decrypt it, it just gets stored longer until they can 5 Öhman
  • 6. Banque Öhman !Tailored access! • It’s not enough to just collect and store everything • NSA actively hacks states, companies and private individuals • To make this EASIER they have also weakened an unknown amount of cryptographic standards and tools 6 Öhman 2013-11-14
  • 7. Banque Öhman Red flags – special NSA target areas • • • • • Any bank with a swift code Anyone using encryption Anyone doing anything in the middle east Anything to do with oil or gas (energy) Anyone building security system / Infosec systems 7 Öhman 2013-11-14
  • 8. Banque Öhman But wait...this doesnt affect my company • Raise your hand if you’re thinking this right now 8 Öhman 2013-11-14
  • 9. Banque Öhman My guess • Is that around 25% of people present raised their hands • I hope for 0 • If 25% raised their hands, another 25% didnt – only due to normal classroom psychology 9 Öhman 2013-11-14
  • 10. Banque Öhman 2013-11-14 Why are those raised hands wrong? • Others have the means to exploit cryptographic weaknesses – China, Russia, serious competitors? • The NSA passes information to US Government (and others?), it’s conceivable that information from NSA spying ends up in US corp hands (http://www.zerohedge.com/contributed/2013-10-21/nsabusted-conducting-industrial-espionage-france-mexico-brazilchina-and-all) – This has happened before (echelon anno 2000 in BBC report fx) - Anyone can potentially get at your data! Especially on exposed locations such as mobile devices 10 Öhman
  • 11. Banque Öhman But then...what can we do? • Risk Management – mitigate the risks to acceptable levels • Defense-in-depth: Defend your data, wherever and whenever appropriate. Follow the booming market for innovative tools – eventually someone will find a way to protect smartphones /tablets acceptably. Laptops already protectable • ENCRYPT. EVERYTHING. NOW. • Manage where your data is. Control that policies are followed. • Awareness training & GRC implementation/improvement 11 Öhman 2013-11-14
  • 12. Banque Öhman Defense-in-depth. Isnt is simple and beatiful? 12 Öhman 2013-11-14
  • 13. Banque Öhman 2013-11-14 The future brings.... • European or Global Crypto-standards institute • Advanced malware protection tools (AMP’s), also for phones and tablets • Changes to how NSA spies on US citizens...but how about the rest of us....? • Fortress Europe? Fortress South-america? Fortress Russia? 13 Öhman
  • 14. Banque Öhman 2013-11-14 About me • Claus Cramon Houmann, 38, married to Tina and I have 3 lovely kids • CISSP, ITIL Certified Expert, Prince2 practitioner • You can contact me anytime: – Skype: Claushj0707 – Twitter: @claushoumann • Sources used: – Richard Stiennon’s presentation: ”How the surveillance state is changing IT security forever” – Tidbits from @mikko’s TEDx presentation recently 14 Öhman