Security and Compliance Panel at the PR TechSummit 2013
•
0 gefällt mir•495 views
Verizon's 2013 Data Breach Report found that 76% of network intrusions exploit weak or stolen credentials, 84% of compromises take minutes or hours, and 66% of breaches lie undiscovered for months. The 2013 Mandiant Report identified the Chinese military group PLA Unit 61398 as the most prolific hacking group and documented the longest persistent attack at 4 years and 10 months. The discussion addressed how to make compliance more effective, get ahead of organized cyber crime, defend against advanced persistent threats from nation states, and whether active defense through hacking back is possible.
Empfohlen
Empfohlen
Weitere ähnliche Inhalte
Was ist angesagt?
Was ist angesagt? (20)
Ähnlich wie Security and Compliance Panel at the PR TechSummit 2013
Ähnlich wie Security and Compliance Panel at the PR TechSummit 2013 (20)
Mehr von Jose L. Quiñones-Borrero
Mehr von Jose L. Quiñones-Borrero (15)
Kürzlich hochgeladen
Kürzlich hochgeladen (20)
Security and Compliance Panel at the PR TechSummit 2013
- 2. Information Security and Compliance José L. Quiñones, BS MCSA, MCT, C|EH, C|EI, GCIH, GPEN, RHCSA University of Puerto Rico – School of Medicine Obsidis Consortia, Inc.
- 3. Panelists Andres Colón-Pérez Office of Management and Budget Arturo Geigel Office of Management and Budget Carlos Pérez-Otero Tenable Network Security Deoscoidy Sánchez Department of the Treasury
- 4. Verizon's 2013 Data Breach Report • “76% of network intrusions exploit weak or stolen credentials." • “84% of compromises take minutes or hours.." • “66% of breaches lie undiscovered for months, increasing the potential damage.” • “69% of breaches are discovered by external parties” • “37% of breaches affect financial organizations”
- 5. 2013 Mandiant Report • The PLA Unit 61398 is identified by the report as the most prolific hacking group inside the Chinese government. • The longest persistent attack documented by Mandiant lasted 4 years and 10 months.
- 6. Compliance • Considering the checklist syndrome that is affecting the compliance industry. –What do your think it should be the role of compliance in today’s enterprise and we can make it effective?
- 7. Information Security • Considering that organize crime has develop a working model for its business with financial fraud and theft, –What can the government and private sector do to get ahead in the game?
- 8. APT • Evidence suggests that other nation states have cyber corps dedicated to IP theft and industrial espionage, –How can we defend our selves for APT attacks?
- 9. Active Defense • Most security solutions today are reactive in nature, we wait for something to happen to react accordingly. –Can we engage in active defense, hacking back or retribution against an attacker?
- 10. Q & A
- 11. Thanks!
Hinweis der Redaktion
- 47,000(+) reported security incidents, 621 confirmed data breaches and at least 44 million compromised records in 201238% of breaches impacted larger organizations and 37% of breaches affect financial organizations (PCI) 10% or greater increase from last year’s report76% of network intrusions exploited weak or stolen credentials52% of breaches used some form of hacking78% of initial intrusions rated as low difficulty66% of breaches took months or more to discover69% of breaches are discovered by external parties
- Case: Jerome Heckenkamp, (eBay Hacker)Callback Word documentsNova for easy honeypot deploymentHoneybadger to geolocate attackersHoneyportsInfinitely recursive web directories