ibm vciso sunderland
TRANSCRIPT
@1davidclarke Email [email protected] for list of links
• IBM Interconnect26th March 2015Sunderland Software Centre
"Thank You to the IBM Team for puttng this event together.“http://www.slideshare.net/IBMInterconnect/inter-connect-sunderland-agenda?
qid=cbafb915-e826-4d62-9e21-b1f837afc3fa&v=&b=&from_search=5
Th
@1davidclarke Email [email protected] for list of links
David Clarke• Created CERT on a Financial Intranet trading $3.5
Trillion a day ,CPNI Member 10 Years.
• Managed Global Managed Security Services with a $100-$300 million Global install base 500 + Customers with $3.4 Billion dollar Contracts.
• Created , maintained and improved regulatory and compliance commitments including Global PCI-DSS, ISO 27001 (10,000+ Security Devices/Systems ).
@1davidclarke Email [email protected] for list of links
"The 7 Most Important Steps to Cyber protection for SME's -"
@1davidclarke Email [email protected] for list of links
• "....that can cost less than a Latte and
could get you Enterprise Level
Cyber Security !..."
• Updated List of Software /Service vciso.co/lattesecurity
@1davidclarke Email [email protected] for list of links
Cost Of Latte Around the world
Grande latte in Oslo cost jolting $9.83
@1davidclarke Email [email protected] for list of links
@1davidclarke Email [email protected] for list of links
How does this affect Small Business
• Cyber attacks third biggest risk for UK firms, as supply chain disruption remains top concern - See more at: Jan 15th 2015
• http://www.supplymanagement.com/news/2015/cyber-attacks-third-biggest-risk-for-uk-firms-as-supply-chain-disruption-remains-top#sthash.iHZoSvDS.dpuf
@1davidclarke Email [email protected] for list of links
Impact for Small Business• To Supply IT services to HMG Compliant
with Cyber Essentials.• Potentially Suppliers to suppliers will need
to demonstrate cyber security practices• Suppliers to larger compnanies are
already being asked.
@1davidclarke Email [email protected] for list of links
What can Small business do to level The playing field.
@1davidclarke Email [email protected] for list of links
1. System Misconfiguration2. Patch Management3. Default Passwords4. Easy to Guess Passwords5. Lost Devices6. Disclosure of info via incorrect email address7. Double Clicking Attachment/URL
@1davidclarke Email [email protected] for list of links
Re- Arrange this List1. Easy to Guess Passwords2. Default Passwords3. Disclosure of info via incorrect email address4. Patch Management5. Lost Devices6. Double Clicking Attachment/URL7. System Misconfiguration
@1davidclarke Email [email protected] for list of links
PasswordsTwo Main Types Types
• Master PasswordsAccess to PC's and Servers and Appliances <10• Constant Use PasswordsEmail,Ebay,Dropbox etc >100's
@1davidclarke Email [email protected] for list of links
Master Passwords
If you have this Card nothing to remember Cost One Time <£5.00
https://www.qwertycards.com/
@1davidclarke Email [email protected] for list of links
Constant Use Passwords
If you have this Software nothing to remember Cost Yearly $12.00
Auto FillCreates Password Saves SiteFree$12/Year for Mobile
@1davidclarke Email [email protected] for list of links
If you have a Large Team
If you have this Software nothing to remember Cost Monthly about $10
Auto FillCreates Password Saves Site$10/A month
@1davidclarke Email [email protected] for list of links
Email Passwords• Gmail 2 Stage Authentication• Password and a text
• Yahoo On time password • They will text you new password
• If you have this Software nothing to remember FREE
@1davidclarke Email [email protected] for list of links
List 11. Easy to Guess Passwords2. Default Passwords3. Disclosure of info via incorrect email address4. Patch Management5. Lost Devices6. Double Clicking Attachment/URL7. System Misconfiguration
@1davidclarke Email [email protected] for list of links
Disclosure of Information• https://www.prot-on.com/tryIt.html
Basic Version is FreeEasy to use ,QuickCreate a list of people allowed to see document.
@1davidclarke Email [email protected] for list of links
List 31. Easy to Guess Passwords2. Default Passwords3. Disclosure of info via incorrect email address4. Patch Management5. Lost Devices6. Double Clicking Attachment/URL7. System Misconfiguration
@1davidclarke Email [email protected] for list of links
Patch Managment• http://secunia.com/products/
@1davidclarke Email [email protected] for list of links
List 41. Easy to Guess Passwords2. Default Passwords3. Disclosure of info via incorrect email address4. Patch Management5. Lost Devices6. Double Clicking Attachment/URL7. System Misconfiguration
@1davidclarke Email [email protected] for list of links
Lost Devices• Mobile Phones• Apple Icloud • Lock/Phone/Track Phone
• Android • Lock/Phone/Track Ring, Lock, or Erase AVG/Google• https://www.avgmobilation.com/
@1davidclarke Email [email protected] for list of links
Lost PC's
• Dropbox• Sugarsync• Google Drive
• Real Time Back Up • Use Cloud encryption
PerfectCloud.io to Encrypt Free Account
@1davidclarke Email [email protected] for list of links
List 51. Easy to Guess Passwords2. Default Passwords3. Disclosure of info via incorrect email address4. Patch Management5. Lost Devices6. Double Clicking Attachment/URL7. System Misconfiguration
@1davidclarke Email [email protected] for list of links
Double Clicking Attachment/URL• Use Gmail/Yahoo to filter out the Worst.• Panda Security Plugin warns against sites• http://www.pandasecurity.com/homeusers/downloads/wot/ • Chrome Safe Browsing enabled
@1davidclarke Email [email protected] for list of links
Who are You Going To Call?• https://www.cert.gov.uk/what-we-do/
responding-to-a-cyber-issue/getting-help/
@1davidclarke Email [email protected] for list of links
What Are you Going to do?• https://www.malwarebytes.org/• http://housecall.trendmicro.com/uk/
Am I really Vulnerable?https://breachalarm.comBreachAlarm monitors the Internet for your passwords being compromised and posted online.
@1davidclarke Email [email protected] for list of links
Appendix
@1davidclarke Email [email protected] for list of links
Bonus Slide• Kids, Controlling Access.• http://www.netgenie.net/global/ Around £100
• Free SIEM Security Incident Event Managment• https://siemless.com/
• Take Credit Cards with Free CC Reader• https://www.izettle.com/gb/service
• Free Invoicing on The Web• https://www.waveapps.com/
@1davidclarke Email [email protected] for list of links
• Breach Legislation, IT or Legal?
• " the proposed regulation of up to 5% of annual worldwide turnover, or €100"
@1davidclarke Email [email protected] for list of links
• Information Sharing , Who,When, How• "The ICO has imposed a monetary penalty
of £200000 on the British Pregnancy Advice Service (BPAS) for exposing thousands of personal"
@1davidclarke Email [email protected] for list of links
• Compliance is the best protection?• "Resistance is futile" Gartner• "Brighton and Sussex University Hospitals NHS
Trust fined £325k after hard drives with highly-sensitive patient data were sold on eBay, - "
@1davidclarke Email [email protected] for list of links
• Best Practice or is this Compliance ?• "The ICO can issue fines of up to
£500,000 for serious breaches of the Data Protection Act and Privacy and Electronic Communications Regulations." ICO
@1davidclarke Email [email protected] for list of links
• Incident Response,Strategy
• "There are two kinds of big companies in the U.S. Those who’ve been hacked by the Chinese and those who don’t know they’ve been hacked.”
FBI