Ibm vciso sunderland

34
@1davidclarke Email [email protected] for list of links • IBM Interconnect 26 th March 2015 Sunderland Software Centre "Thank You to the IBM Team for puttng this event together.“ http://www.slideshare.net/IBMInterconnect/inter-connect-sunderland- agenda?qid=cbafb915-e826-4d62-9e21- b1f837afc3fa&v=&b=&from_search=5 Th

Transcript of Ibm vciso sunderland

Page 1: Ibm vciso sunderland

@1davidclarke Email [email protected] for list of links

• IBM Interconnect26th March 2015Sunderland Software Centre

"Thank You to the IBM Team for puttng this event together.“http://www.slideshare.net/IBMInterconnect/inter-connect-sunderland-agenda?

qid=cbafb915-e826-4d62-9e21-b1f837afc3fa&v=&b=&from_search=5

Th

Page 2: Ibm vciso sunderland

@1davidclarke Email [email protected] for list of links

David Clarke• Created CERT on a Financial Intranet trading $3.5

Trillion a day ,CPNI Member 10 Years.

• Managed Global Managed Security Services with a $100-$300 million Global install base 500 + Customers with $3.4 Billion dollar Contracts.

• Created , maintained and improved regulatory and compliance commitments including Global PCI-DSS, ISO 27001 (10,000+ Security Devices/Systems ).

Page 3: Ibm vciso sunderland

@1davidclarke Email [email protected] for list of links

"The 7 Most Important Steps to Cyber protection for SME's -"

Page 4: Ibm vciso sunderland

@1davidclarke Email [email protected] for list of links

• "....that can cost less than a Latte and

could get you Enterprise Level

Cyber Security !..."

• Updated List of Software /Service vciso.co/lattesecurity

Page 5: Ibm vciso sunderland

@1davidclarke Email [email protected] for list of links

Cost Of Latte Around the world

Grande latte in Oslo cost jolting $9.83

Page 6: Ibm vciso sunderland

@1davidclarke Email [email protected] for list of links

Page 7: Ibm vciso sunderland

@1davidclarke Email [email protected] for list of links

How does this affect Small Business

• Cyber attacks third biggest risk for UK firms, as supply chain disruption remains top concern - See more at: Jan 15th 2015

• http://www.supplymanagement.com/news/2015/cyber-attacks-third-biggest-risk-for-uk-firms-as-supply-chain-disruption-remains-top#sthash.iHZoSvDS.dpuf

Page 8: Ibm vciso sunderland

@1davidclarke Email [email protected] for list of links

Impact for Small Business• To Supply IT services to HMG Compliant

with Cyber Essentials.• Potentially Suppliers to suppliers will need

to demonstrate cyber security practices• Suppliers to larger compnanies are

already being asked.

Page 9: Ibm vciso sunderland

@1davidclarke Email [email protected] for list of links

What can Small business do to level The playing field.

Page 10: Ibm vciso sunderland

@1davidclarke Email [email protected] for list of links

1. System Misconfiguration2. Patch Management3. Default Passwords4. Easy to Guess Passwords5. Lost Devices6. Disclosure of info via incorrect email address7. Double Clicking Attachment/URL

Page 11: Ibm vciso sunderland

@1davidclarke Email [email protected] for list of links

Re- Arrange this List1. Easy to Guess Passwords2. Default Passwords3. Disclosure of info via incorrect email address4. Patch Management5. Lost Devices6. Double Clicking Attachment/URL7. System Misconfiguration

Page 12: Ibm vciso sunderland

@1davidclarke Email [email protected] for list of links

PasswordsTwo Main Types Types

• Master PasswordsAccess to PC's and Servers and Appliances <10• Constant Use PasswordsEmail,Ebay,Dropbox etc >100's

Page 13: Ibm vciso sunderland

@1davidclarke Email [email protected] for list of links

Master Passwords

If you have this Card nothing to remember Cost One Time <£5.00

https://www.qwertycards.com/

Page 14: Ibm vciso sunderland

@1davidclarke Email [email protected] for list of links

Constant Use Passwords

If you have this Software nothing to remember Cost Yearly $12.00

Auto FillCreates Password Saves SiteFree$12/Year for Mobile

Page 15: Ibm vciso sunderland

@1davidclarke Email [email protected] for list of links

If you have a Large Team

If you have this Software nothing to remember Cost Monthly about $10

Auto FillCreates Password Saves Site$10/A month

Page 16: Ibm vciso sunderland

@1davidclarke Email [email protected] for list of links

Email Passwords• Gmail 2 Stage Authentication• Password and a text

• Yahoo On time password • They will text you new password

• If you have this Software nothing to remember FREE

Page 17: Ibm vciso sunderland

@1davidclarke Email [email protected] for list of links

List 11. Easy to Guess Passwords2. Default Passwords3. Disclosure of info via incorrect email address4. Patch Management5. Lost Devices6. Double Clicking Attachment/URL7. System Misconfiguration

Page 18: Ibm vciso sunderland

@1davidclarke Email [email protected] for list of links

Disclosure of Information• https://www.prot-on.com/tryIt.html

Basic Version is FreeEasy to use ,QuickCreate a list of people allowed to see document.

Page 19: Ibm vciso sunderland

@1davidclarke Email [email protected] for list of links

List 31. Easy to Guess Passwords2. Default Passwords3. Disclosure of info via incorrect email address4. Patch Management5. Lost Devices6. Double Clicking Attachment/URL7. System Misconfiguration

Page 20: Ibm vciso sunderland

@1davidclarke Email [email protected] for list of links

Patch Managment• http://secunia.com/products/

Page 21: Ibm vciso sunderland

@1davidclarke Email [email protected] for list of links

List 41. Easy to Guess Passwords2. Default Passwords3. Disclosure of info via incorrect email address4. Patch Management5. Lost Devices6. Double Clicking Attachment/URL7. System Misconfiguration

Page 22: Ibm vciso sunderland

@1davidclarke Email [email protected] for list of links

Lost Devices• Mobile Phones• Apple Icloud • Lock/Phone/Track Phone

• Android • Lock/Phone/Track Ring, Lock, or Erase AVG/Google• https://www.avgmobilation.com/

Page 23: Ibm vciso sunderland

@1davidclarke Email [email protected] for list of links

Lost PC's

• Dropbox• Sugarsync• Google Drive

• Real Time Back Up • Use Cloud encryption

PerfectCloud.io to Encrypt Free Account

Page 24: Ibm vciso sunderland

@1davidclarke Email [email protected] for list of links

List 51. Easy to Guess Passwords2. Default Passwords3. Disclosure of info via incorrect email address4. Patch Management5. Lost Devices6. Double Clicking Attachment/URL7. System Misconfiguration

Page 25: Ibm vciso sunderland

@1davidclarke Email [email protected] for list of links

Double Clicking Attachment/URL• Use Gmail/Yahoo to filter out the Worst.• Panda Security Plugin warns against sites• http://www.pandasecurity.com/homeusers/downloads/wot/ • Chrome Safe Browsing enabled

Page 26: Ibm vciso sunderland

@1davidclarke Email [email protected] for list of links

Who are You Going To Call?• https://www.cert.gov.uk/what-we-do/

responding-to-a-cyber-issue/getting-help/

Page 27: Ibm vciso sunderland

@1davidclarke Email [email protected] for list of links

What Are you Going to do?• https://www.malwarebytes.org/• http://housecall.trendmicro.com/uk/

Am I really Vulnerable?https://breachalarm.comBreachAlarm monitors the Internet for your passwords being compromised and posted online.

Page 28: Ibm vciso sunderland

@1davidclarke Email [email protected] for list of links

Appendix

Page 29: Ibm vciso sunderland

@1davidclarke Email [email protected] for list of links

Bonus Slide• Kids, Controlling Access.• http://www.netgenie.net/global/ Around £100

• Free SIEM Security Incident Event Managment• https://siemless.com/

• Take Credit Cards with Free CC Reader• https://www.izettle.com/gb/service

• Free Invoicing on The Web• https://www.waveapps.com/

Page 30: Ibm vciso sunderland

@1davidclarke Email [email protected] for list of links

• Breach Legislation, IT or Legal?

• " the proposed regulation of up to 5% of annual worldwide turnover, or €100"

Page 31: Ibm vciso sunderland

@1davidclarke Email [email protected] for list of links

• Information Sharing , Who,When, How• "The ICO has imposed a monetary penalty

of £200000 on the British Pregnancy Advice Service (BPAS) for exposing thousands of personal"

Page 32: Ibm vciso sunderland

@1davidclarke Email [email protected] for list of links

• Compliance is the best protection?• "Resistance is futile" Gartner• "Brighton and Sussex University Hospitals NHS

Trust fined £325k after hard drives with highly-sensitive patient data were sold on eBay, - "

Page 33: Ibm vciso sunderland

@1davidclarke Email [email protected] for list of links

• Best Practice or is this Compliance ?• "The ICO can issue fines of up to

£500,000 for serious breaches of the Data Protection Act and Privacy and Electronic Communications Regulations." ICO

Page 34: Ibm vciso sunderland

@1davidclarke Email [email protected] for list of links

• Incident Response,Strategy

• "There are two kinds of big companies in the U.S. Those who’ve been hacked by the Chinese and those who don’t know they’ve been hacked.”

FBI