To Protect and to Serve
-
Upload
cioeastafrica -
Category
Documents
-
view
224 -
download
0
Transcript of To Protect and to Serve
-
8/3/2019 To Protect and to Serve
1/40
-
8/3/2019 To Protect and to Serve
2/40
Denis Karema
IT Manager, Innovations Lead at Authentic
Twitter;
@254innovative
-
8/3/2019 To Protect and to Serve
3/40
Introduction:
Authentic Technology is a Nairobi Based ICTfirm that prides in developing innovative
technology solutions for businesses andorganizations.
Our Slogan is;
We Innovate. You Benefit
-
8/3/2019 To Protect and to Serve
4/40
-
8/3/2019 To Protect and to Serve
5/40
The best Security Technology in the world wontproduce a good return on investment without thefoundation of Security processes, policies,education.
The Main Goals of IT Security are to achieve;
Confidentiality
Availability
Integrity
-
8/3/2019 To Protect and to Serve
6/40
Latest Technologies are continuing the erosion oforganizational boundaries and are transforming
existing business processes.
At the same time a rapid increase in the numberof parties who are intent on compromising or
destroying organizational information has drivena global increase in the cyber threat level.
This has served to emphasize the importance of
securing an organizations information againstthese threats.
-
8/3/2019 To Protect and to Serve
7/40
Responsibility for protecting enterprise
information assets is a core of the role of the CIO.
However, balancing conflicting priorities in
meeting operational needs and informationprotection is a challenge that cannot be achievedby just one person or even one department.
-
8/3/2019 To Protect and to Serve
8/40
33 percent of IT professionals were most concernedabout data being lost or stolen through USB devices.
39 percent of IT professionals worldwide were moreconcerned about the threat from their own employeesthan the threat from outside hackers.
27 percent of IT professionals admitted that theydid not know the trends of data loss incidents over
the past few years. Mitigating data leakage from insider threats is a
difficult challenge. Businesses must take advantage ofevery opportunity to better understand how employeebehavior and intent relates to security issues, and to
make security a priority in every aspect of businessoperations.
-
8/3/2019 To Protect and to Serve
9/40
Establishing core principles that lie at the heart of
an enterprise strategy for information securitymust start at the top and filter through the entireenterprise creating a culture of security
-
8/3/2019 To Protect and to Serve
10/40
The key role of the CIO is to ensure that
Confidentiality, Integrity, Availability is achieved atall levels.
The enterprises information must at all times
remain within authorized quotas, while beingtransmitted across as well as ensuring thatinformation is available when needed byauthorized parties.
-
8/3/2019 To Protect and to Serve
11/40
Improved Access regulation.
Safeguarding confidential paperwork through a strict filing policy andshredding unnecessary paperwork.
PC Lock policy enforced every time the PC is idle. Physical lockingusing a cable fastened to the desk.
Internet Security application to warn users of the safety of visitedwebsites, reduce pop ups, and monitor downloads.
Proper Use of the Internet. Using web sense filter to block knownmalicious websites as well as websites known to host threats.
Investigating reports of security incidents in order to ensure thatappropriate steps are taken.
-
8/3/2019 To Protect and to Serve
12/40
In a Manufacturing Company with several offices;
Users access the office network, SAP and otherApplications through a VPN Client application.
Antivirus Updates are automated, pushed to clientevery time they are on the network and regular
reports generated e.g Symantec Fibre link as opposed to wireless link between offices.
Monitored entry of staff, restrictions imposed basedon roles.
Regular monitored, encrypted data backups and testrestores.
-
8/3/2019 To Protect and to Serve
13/40
Server Operating system upgrades
Enterprises are shifting to windows server 2008 The Advantages of these are;
Innovative features such as Network AccessProtection (NAP), Federated Rights Management,
and Read-Only Domain Controller (RODC), haveaided in us achieving that goal. In addition,BitLocker and Active Directory RightsManagement improve information protection to
secure sensitive data from being captured andmisused.
-
8/3/2019 To Protect and to Serve
14/40
Cisco Data Loss Protection (DLP)
This helps organizations assess risk and preventdata loss over highest points of risk.
It safeguards proprietary information against
threats due to enhanced employee mobility, newcommunication channels, diverse attacks.
-
8/3/2019 To Protect and to Serve
15/40
Cisco Data Loss Protection (DLP)
This includes;
1. In Motion Data Leakage protection against lossover the web and through email, with policies thatinclude content, context, and destinationknowledge.
2. Protecting at-rest data by encrypting backuptapes and other storage devices.
3. Providing data leakage protection from other
avenues of risk, such as unauthorized physical ornetwork access, malware, and end user actions.
-
8/3/2019 To Protect and to Serve
16/40
Colleges and universities Curb use of unauthorized applications, some being
pirated and others being malware.
Curb unauthorized physical and network access.
Misuse of passwords by either sharing or havingsimple passwords.
To reduce data leakage , institutions must integratesecurity into the culture of the students and
consistently evaluate the risks of every interactionwith networks, devices, applications and of courseother users.
-
8/3/2019 To Protect and to Serve
17/40
Financial Institutions
The same measures of security are beingimplemented in banking. The banks databaseintegrity is key to banking transactions.
For Banking clients the security they need is to
know that their money is safe and accessible toonly them.
ATM related fraud is on its peak, a new systemhas just been developed that ensures that not all
the funds are lost when an ATM card and PIN arecompromised.
-
8/3/2019 To Protect and to Serve
18/40
The application Mirrors the existing Database but with pre
set restrictions.
so if I as a client of my bank , in a case where I am underduress choose I wish to not lose more than say 4,600.Theinterface of my account once my ATM is inserted andsafetyPIN entered will show a summery cash availability of4,600.
This application opens an avenue for banks to usebankassurance since they can pre determine losses ofcash due to ATM fraud.
The application has been tested, copyrighted and patentfor the process filed.
-
8/3/2019 To Protect and to Serve
19/40
Social Media - the #1 Vehicle for Malware
LinkedIn Users now Targets
-
8/3/2019 To Protect and to Serve
20/40
Social Media - the #1 Vehicle for Malware
Facebook stillhighly insecure
-
8/3/2019 To Protect and to Serve
21/40
Social Media - the #1 Vehicle for Malware
Social Media is now a legitimate business tool
Webfilters are barriers to productivity and burden on IT
Cannot keep up with known malicious URLs
-
8/3/2019 To Protect and to Serve
22/40
Fake Antivirus
-
8/3/2019 To Protect and to Serve
23/40
Spam Its BAAAACK!!
-
8/3/2019 To Protect and to Serve
24/40
Spear Phishing
Also known as Advanced Persistent Threats
Target Corporate Data
-
8/3/2019 To Protect and to Serve
25/40
Spear Phishing
Typical Attack More sophisticated
Objective is to getvictim to click a linkor download file
Malware infects thevictims PC and
opens back door forhackers to access
company data
-
8/3/2019 To Protect and to Serve
26/40
Attack Kits - are bundles of malicious code toolsused to facilitate the launch of concerted and
widespread attacks on networked computers.
-
8/3/2019 To Protect and to Serve
27/40
Attack Kits Making malware easy!
-
8/3/2019 To Protect and to Serve
28/40
Loss of Revenue
Cost to Remediate
Loss of Productivity
Loss of Data
Loss of Reputation
Loss of Customers
-
8/3/2019 To Protect and to Serve
29/40
Threats Continue to increase
-
8/3/2019 To Protect and to Serve
30/40
Epsilon Marketing
Customer lists include7 of the Fortune 10
-
8/3/2019 To Protect and to Serve
31/40
Layers, layers and more layers
-
8/3/2019 To Protect and to Serve
32/40
-
8/3/2019 To Protect and to Serve
33/40
TheFaronicsLayered Security Approach
-
8/3/2019 To Protect and to Serve
34/40
TheFaronicsLayered Security Approach
-
8/3/2019 To Protect and to Serve
35/40
Guard corporate data as if it were your mostimportant possession
Teach employees that corporate data isessentially money: Losing or leaking corporate
data is like throwing money away and letting thepeople who pose the biggest threat to you pick itup and use it against you.
-
8/3/2019 To Protect and to Serve
36/40
Know your data and manage it well
understand how people interact with data everyday so that you can establish tools and processesthat track your data's movement so you know
where it is stored, how it is accessed, and who isusing it.
-
8/3/2019 To Protect and to Serve
37/40
Institutionalize standard codes from secureconduct in your business.
Information security policies are integral to acompany's code of business conduct and need to
be read, understood, and followed. ITprofessionals should think globally and act locallyby setting global policy objectives and creatinglocalized education that is tailored to a country's
culture and threat landscape.
-
8/3/2019 To Protect and to Serve
38/40
Foster a culture and environment of opennessand trust.
-Employees must feel comfortable with thecorporate security landscape in order to
implement security directives. They should knowthe appropriate security organization forreporting suspicious behavior, recognizableattacks, or security incidents (even if they were
the cause), and feel comfortable initiating thatcontact.
-
8/3/2019 To Protect and to Serve
39/40
Establish security awareness and educationpractice in your business.
Creating an awareness of security issues is vital
to obtaining employee support. Employees whobelieve that security programs are important aremore likely to follow specific procedures.
-
8/3/2019 To Protect and to Serve
40/40
Preventing data leakage is a business widechallenge.
The more people who understand that challenge,
from IT professionals to executives to employeesat every level or responsibility, the moresuccessful a company will be in protecting itscrucial assets.