View
215
Download
1
Category
Tags:
Preview:
Citation preview
SAC HDI – BIG EVENT“NOT ANOTHER BLEAK SECURITY TALK…”Jeff Williams
2015
AGENDA
IntroAwesome Times Security BriefingService with Security
INTRO Deloitte & Touché consultant during Y2K Santa Clara County Office of Education
Supported Payroll, financial and human resource systems in 44 district, in two counties
California State University 9 year in Information Security and resent appoint to Director of Customer
Service
Security experience from briefings (e.g. state, Infragard, Verizon), trainings (e.g. CISA, CISSP and Incident Handler), books (e.g. ) and most important from experience
Philosophy & MBA All views, misquotes and materials out of context are the solely my fault; I’m here to paint you a picture and encourage you to grow
AWESOME TIMES
Meet the business goal
with Changing Technology
that is FragileThree stories
Big DataTed Talks on Machine Learning
Geekonomics
BIG DATEEven Data Changes
3rd Millennium BC 12th-16th century 14th century
BIG DATAWe solve our problems with the tools availableRigid exactitude CorrelationWhat, not why
TED.COM“The wonderful and terrifying implication of computers that can learn”
Jeremy Howard
AND THE WINNER IS…
THE LINCOLN FALLACY (MY TITLE)
Psst, share the diagnoses story
GEEKONOMICSPortland CementNo Virtual Crash Test Dummies
SO IF WE ARE ALL ON THE SAME PAGE…Meet the business goal
WITHChanging Technology
THATIs Fragile
SECURITY BRIEFING Infragard BriefingsVerizon Report and BriefingsDell SecureWorks BriefingsMicrosoft BriefingsSANS.org training and Briefings
SECURITY BRIEFING
THREAT – (NOT IN THE REPORT) Pre-2008 – The lone wolfs…wolves are pack animals
2008 - roll up high profile Hackers 2009 - China hires Russian Hackers
steals cyber attack IP
2010 - Move to single high value target - multi-verification 2011 – Russian Hackers become patriots 2012 - Iran (mother of all cyber attacks, DDoS US banks)
Iran provided $$$ to hackers to DDoS; ineffective but lots of $$$
2014 – Disruption: data theft; Anonymous, protest to disrupted and embarrass; - Recon in network that to them are USA - relations between RU, China, Iran, N.K.; same code
WHY ENCRYPTION HAS NOT SAVED US…Malicious actors go after those who have access to the data
Poor key implementation and management
YOU ARE FIGHTING OTHER PEOPLESpear phishingSocial EngineeringChanging direct depositsDownloading your emailsHumans can pivot and explore
SERVICE TO SECURITYWhat is the business goal?What are the risks?What are the threats?What are the right security controls?
SERVICE TO SECURITYNOT ALL CONTROLS ARE EQUALWhat they protect
Confidentiality IntegrityAvailability
How they protect
DeterPreventDetectRecoverReduce
CONCLUSION
We Live in Awesome Times
Thank You
Recommended