hidden pitfalls: identify and manage the latent risk in your … · 2014-06-06  · hidden...

Hidden Pitfalls: Identify and Manage the Latent

Risk in Your Organization

Fernando Martinez Ph.D. CISSP CISM CISA

Defined: LATENT RISK

Risk that is present and capable of emerging or

developing but not visible, obvious or active

Why speak about it or focus on it?

[Enter]

Collusion and Willful Neglect

“51% of employees said

they would go around any policy that restricted their use of their own devices or

use of cloud storage” Elizabeth Weise, USA Today, August 26th 2014, Money – Cybersecurity for Business, Pg. 3B. Citing data from 2014 Fortinet study.

Approach??

IoT

Distributed Data

Cloud Storage

What “Data Breach Fatigue” Could Mean for the Privacy

Profession

June 6, 2014

(https://privacyassociation.org/news/a/what-data-breach-fatigue-could-mean-for-the-privacy-profession/)

Data breach notification fatigue: Do consumers (eventually) tune out? Data breach notifications are flying en masse following the Epsilon Interactive breach, but are they doing customers any good? By George V. Hulme CSO | Apr 12, 2011 8:00 AM http://www.csoonline.com/article/2127999/data-protection/data-breach-notification-fatigue--do-consumers--eventually--tune-out-.html

• Close to 50% - 110 Million – of all adults • In the last 12 months! • Conservative figure – several large

organizations are not “fully transparent” http://money.cnn.com/2014/05/28/technology/security/hack-data-breach/

BYOD aka Consumerization

Social Engineering

Identity Management

Two Factor

Identity Management

Multi Factor

Latent Risk - Summarized

1. Internet of Things (IoT) 2. Distributed Data 3. Cloud Storage 4. Consumerization 5. Social Engineering 6. Challenge/Response for identity

management 7. Data breach fatigue

There is no Silver Bullet

Abstraction

Fernando Martinez, PhD Senior Vice President and CIO

Parkland Health and Hospital System CIO@PHHS.ORG