View
733
Download
0
Embed Size (px)
DESCRIPTION
During Heinz College Reunion 2009, alumni gathered for a presentation titled “Transforming Communities: IT, Civic Engagement and Economic Development.” The panel was moderated by Rick Stafford, MSPPM 1972, Heinz College Distinguished Service Professor of Public Policy. Panelists shared examples of their application of policy and technology to advance cities, government and businesses.
Citation preview
Transforming Communities:
IT, Civic Engagement, and Economic Development
- IT and the Need for Regulation
October 31, 2009
Deepa SaldanhaCISA, CISSP, QSA
Agenda
• Technology as the Enabler – the Trust DNA
• Threats and Drivers
• Observation from the Frontlines
• Regulatory Trends
• Conclusion
2 Confidential
Technology as the Enabler
4 Confidential
Can you Trust what you see on your screen?- Phishing
5 Confidential
In addition to being a phishing page and stealing the individual’s identity, the page automatically forces the user to download what looks to be a software package of Adobe Player. If downloaded and executed, the individual’s computer is Trojaned and joined to a botnet for use in one or more illicit actions.
Can you Trust what you see on your screen?-More Phishing
6
Citibank_phishing_czech-republic.bmp – Sophisticated phishing attack on Citibank Business cards. If the long URL (to the Czech Republic) doesn’t give away that it is a phishing site, there is little else that would clue in users to avoid submitting their credentials.
7
New Threats
www.information-security-resources.com
How much is data worth?
8
Breaches as of Today
Major Breaches
10
http://www.privacyrights.org/ar/ChronDataBreaches.htm
How many data breaches have been reported in the month of October?
16
Verizon Data Breach Statistics 2009
11
12
Verizon Data Breach Statistics 2009
1970-1980
1980-1990
1990-2000
2000-
Present
A Brief History of
Regulatory Time
Computer Security Act of 1987
EU Data Protection HIPAA FDA 21CFR Part 11 C6-Canada GLBA
COPPA USA Patriot Act 2001 CAN-SPAM Act FISMA Sarbanes Oxley (SOX) CIPA 2002 Basel II NERC 1200 (2003) CISP State Privacy Laws (i.e.
California SB1386) Payment Card Industry (PCI) FTC Red Flags Rules HITECH CIP
Regulatory Trends
13
What’s your Top Priority?
14
Do we need more regulation?
Questions?
Deepa Saldanha
Coalfire Systems, Inc.
Senior Security Auditor
Phone: 206-335-1063
15