JAMIE S. HERMAN, C|CISO, CISM, CISSP MANAGER OF INFORMATION SECURITY ROPES & GRAY LLP.
-
Upload
annabel-jennings -
Category
Documents
-
view
220 -
download
0
Transcript of JAMIE S. HERMAN, C|CISO, CISM, CISSP MANAGER OF INFORMATION SECURITY ROPES & GRAY LLP.
![Page 1: JAMIE S. HERMAN, C|CISO, CISM, CISSP MANAGER OF INFORMATION SECURITY ROPES & GRAY LLP.](https://reader035.fdocuments.in/reader035/viewer/2022062408/56649e9e5503460f94ba0415/html5/thumbnails/1.jpg)
JAMIE S. HERMAN, C|CISO, CISM, CISSPMANAGER OF INFORMATION SECURITY
ROPES & GRAY LLP
Navigating an Ever-Changing Security
Landscape
![Page 2: JAMIE S. HERMAN, C|CISO, CISM, CISSP MANAGER OF INFORMATION SECURITY ROPES & GRAY LLP.](https://reader035.fdocuments.in/reader035/viewer/2022062408/56649e9e5503460f94ba0415/html5/thumbnails/2.jpg)
The Reality
50% - attacks on companies with fewer than 2500 employees
1719 – Average number of attacks per 1000 users
80 – FBI estimates more than 80 major US law firms were compromised in 2011
Exponential growth – 6x more malicious links (2012)
![Page 3: JAMIE S. HERMAN, C|CISO, CISM, CISSP MANAGER OF INFORMATION SECURITY ROPES & GRAY LLP.](https://reader035.fdocuments.in/reader035/viewer/2022062408/56649e9e5503460f94ba0415/html5/thumbnails/3.jpg)
![Page 4: JAMIE S. HERMAN, C|CISO, CISM, CISSP MANAGER OF INFORMATION SECURITY ROPES & GRAY LLP.](https://reader035.fdocuments.in/reader035/viewer/2022062408/56649e9e5503460f94ba0415/html5/thumbnails/4.jpg)
Malware
Software that interferes with normal operation of your computer
Generally executes without your knowledge or consent
Can damage or disable your computer, or steal firm information
Includes viruses, trojans, works, and spyware
![Page 5: JAMIE S. HERMAN, C|CISO, CISM, CISSP MANAGER OF INFORMATION SECURITY ROPES & GRAY LLP.](https://reader035.fdocuments.in/reader035/viewer/2022062408/56649e9e5503460f94ba0415/html5/thumbnails/5.jpg)
The How
Phishing campaign
Social Engineering
Unencrypted Media
Elevated privileges
Malicious websites
![Page 6: JAMIE S. HERMAN, C|CISO, CISM, CISSP MANAGER OF INFORMATION SECURITY ROPES & GRAY LLP.](https://reader035.fdocuments.in/reader035/viewer/2022062408/56649e9e5503460f94ba0415/html5/thumbnails/6.jpg)
![Page 7: JAMIE S. HERMAN, C|CISO, CISM, CISSP MANAGER OF INFORMATION SECURITY ROPES & GRAY LLP.](https://reader035.fdocuments.in/reader035/viewer/2022062408/56649e9e5503460f94ba0415/html5/thumbnails/7.jpg)
![Page 8: JAMIE S. HERMAN, C|CISO, CISM, CISSP MANAGER OF INFORMATION SECURITY ROPES & GRAY LLP.](https://reader035.fdocuments.in/reader035/viewer/2022062408/56649e9e5503460f94ba0415/html5/thumbnails/8.jpg)
![Page 9: JAMIE S. HERMAN, C|CISO, CISM, CISSP MANAGER OF INFORMATION SECURITY ROPES & GRAY LLP.](https://reader035.fdocuments.in/reader035/viewer/2022062408/56649e9e5503460f94ba0415/html5/thumbnails/9.jpg)
Perception…
![Page 10: JAMIE S. HERMAN, C|CISO, CISM, CISSP MANAGER OF INFORMATION SECURITY ROPES & GRAY LLP.](https://reader035.fdocuments.in/reader035/viewer/2022062408/56649e9e5503460f94ba0415/html5/thumbnails/10.jpg)
Data Classification
Critical aspect of Information Security Client/Matter intake
How can you protect what you don’t know?
Many flavors (government, industry, business model)
Role Based Access Control (RBAC)
Need to know
Data Vaults
![Page 11: JAMIE S. HERMAN, C|CISO, CISM, CISSP MANAGER OF INFORMATION SECURITY ROPES & GRAY LLP.](https://reader035.fdocuments.in/reader035/viewer/2022062408/56649e9e5503460f94ba0415/html5/thumbnails/11.jpg)
Auditing
Visibility
Data Leak Prevention (DLP)
Reporting
Client protection and retention
Compliance and competitive advantage
![Page 12: JAMIE S. HERMAN, C|CISO, CISM, CISSP MANAGER OF INFORMATION SECURITY ROPES & GRAY LLP.](https://reader035.fdocuments.in/reader035/viewer/2022062408/56649e9e5503460f94ba0415/html5/thumbnails/12.jpg)
Hot Topics
Secure file sharing
Email encryption
Removable Media Encryption
Social media/personal email access
Mobile devices (BYOD)
![Page 13: JAMIE S. HERMAN, C|CISO, CISM, CISSP MANAGER OF INFORMATION SECURITY ROPES & GRAY LLP.](https://reader035.fdocuments.in/reader035/viewer/2022062408/56649e9e5503460f94ba0415/html5/thumbnails/13.jpg)
![Page 14: JAMIE S. HERMAN, C|CISO, CISM, CISSP MANAGER OF INFORMATION SECURITY ROPES & GRAY LLP.](https://reader035.fdocuments.in/reader035/viewer/2022062408/56649e9e5503460f94ba0415/html5/thumbnails/14.jpg)
![Page 15: JAMIE S. HERMAN, C|CISO, CISM, CISSP MANAGER OF INFORMATION SECURITY ROPES & GRAY LLP.](https://reader035.fdocuments.in/reader035/viewer/2022062408/56649e9e5503460f94ba0415/html5/thumbnails/15.jpg)
Resources
http://www.darkreading.com
http://www.infosecisland.com
http://www.threatpost.com
http://www.krebsonsecurity.com
http://www.dhs.gov/dhs-daily-open-source-infrastructure-report
http://www.us-cert.gov/ncas/current-activity
https://isc.sans.edu/ https://isc.sans.edu/reportfakecall.html
![Page 16: JAMIE S. HERMAN, C|CISO, CISM, CISSP MANAGER OF INFORMATION SECURITY ROPES & GRAY LLP.](https://reader035.fdocuments.in/reader035/viewer/2022062408/56649e9e5503460f94ba0415/html5/thumbnails/16.jpg)
Remember
Security is Everyone's responsibility!
Sec-U-R-IT-y………You Are It!
![Page 17: JAMIE S. HERMAN, C|CISO, CISM, CISSP MANAGER OF INFORMATION SECURITY ROPES & GRAY LLP.](https://reader035.fdocuments.in/reader035/viewer/2022062408/56649e9e5503460f94ba0415/html5/thumbnails/17.jpg)
Questions