information security 2015 - mikeliunas

Cómo usar la Tecnología para generar más

Seguridad y Desarrollo local

27 de Marzo 2015

Adrian Mikeliunas, CISSP, CISA Conquest Security

Seguridad y Desarrollo

Agenda ♦ Definiciones ♦ Peligros ♦ Tecnologia y Comunicaciones ♦ Seguridad y Desarrollo

Definiciones ♦ Tecnología ♦ Seguridad ♦ Desarrollo


Adrian Mikeliunas, CISSP Ø  Certified Information System Security Professional (CISSP) Ø  Certified Information Systems Auditor (CISA) Ø  30+ años de Ingeniero de Sistemas

12 años en el Banco Mundial, 4 años en el Fondo Monetario

Ø  7 años de Consultor para AT&T

Mobile: 571-335-5525 [email protected]

4

Identity theft

Labor Action

Trojan Horses Script Kiddies

Industrial Espionage

Human Factor

Backdoor ownership of Host machines

Hackers

Sniffing

Crackers

Process Hijacking

Buffer Overflows

Hostile Java Applets

ECHELON/CARNIVORE – Government Surveillance

Abuse of Civil Authority

Compromise of centralized 3rd Party Data Repositories

Legacy Systems

IP Theft Hostile VB Scripts

Denial of Service Attacks

Foreign Government Espionage

Data Lineage

Rogue Applications

Intrusion to commit a Felony

Virus’s

Worms

Spoofing

New Regulations

Social Engineering Website Attacks

Theft of Trade Secrets Dumpster Diving

Breach of Physical Security

Terrorism

Peligros Externos


Social Engineering

Sniffing

Spam

Gopher

Wireless email

DNS Cache-based Trust

NFS

Poorly Maintained System Security Sensor Misconfiguration

IP Theft

Admin Errors

Privilege Escalation

Sendmail

Too many Services TCP Hijacking

Finger Buffers

External DNS Zone Transfers

Human Factor

Identity theft TFTP FTP

Unauthorized Insider access

Rogue Applications

Sabotage

HTTP Instant Messaging

Education and Awareness

Disgruntled Employees

Modem Hijacking

Bad Application Code

Policy adherence UDP Services News

Patch Management

Peligros Internos


Security Frameworks

Disaster Recovery

Security Awareness

Security Health Checks

Security Policies and Procedures

PKI Readiness Reviews

PKI Infrastructures

Privilege Management

Consultants

Intrusion Detection

Training

Security Infrastructure Network Forensics

Firewalls

Content Management

Secure Email

Legal/Regulatory

Portal Security

Business Continuity Planning

Incident Management

Platform Security

Computer Forensics

Website Protection

HR Policy

Event Monitoring

Domain Security

Wifi

Privacy

Collaboration/Partners

Users Corporate Governance

Risk Assessments

Risk Analysis

Legacy Systems

Security Integration

Virus

Event Correlation

Security in Enterprise Architectures

Malware

Patch Management

Vulnerabilities

Control Standards

Intrusion Protection

The Human Factor

Log Analysis

Security Baselines

Webmail

Data Classification

Asset Classification

Data Lineage

Security Measurement

Mainframe Security

Security Management

¿Podemos Entender Seguridad?


OECD Guidelines for the Security of Information Systems & Networks

Government Information Security Reform Act

Turnbull Report

Higgs Report

Smith Report

EU Privacy Directive

OECD - Corporate Guidelines Governance

HIPAA

GLBA

Sarbanes Oxley

Patriot Act II SB-1386 California

FISMA

GISRA OMB-123

OMB-130

NIST 800 Series Standards Bill C-6

ISO 17799

Basel II

Computer Fraud and Abuse Act 1986

Children's Online Privacy Protection Act of 1998 (COPPA)

Electronic Communications Privacy Act 1986

Foreign Corrupt Practices Act 1977

Freedom of Information Act

Computer Security Act 1987

Digital Millennium Copyright Act 1998

FERPA

National infrastructure Protection Act 1996

UK Data Protection Act

BS 7799 The European Union Directive on Data Protection

Anti-terrorism, Crime and Security Act 2001

The Telecommunications (Data Protection and Privacy) Regulations 1999

FERC

Homeland Security Act

NIST

EU Regulatory Framework for Electronic Communications

BITS FDA

FFIEC

21 CFR part 11

NERC NY Reg. 173

Legislation & Standards



Estado Mundial de Seguridad PASADO

Virus Lola TI era responsable

PRESENTE

Ø Gobiernos que espían China Korea NSA, etc..

Ø Corrupcción Ø SPAM & Malware Usted es responsable


Tecnología y Comunicaciones

♦ El Teléfono – De atadura a liberación [movil]

♦ La Computadora ♦ De atadura a liberación [movil]

♦ La radio y Television – …

Todo implica movilidad!


Seguridad y Ciudadania

♦ ¿Transparencia o Corrupcion? ♦ ¿Elecciones Electronicas?

♦ Reporte de Servicios – DC 311 311.dc.gov – NY 311 www1.nyc.gov/311


Crowdsourcing (colaboracion abierta) ♦ Salud ♦ Educación ♦ Calidad Humana

♦ Ejemplos: – Kickstarter.com –  IndieGogo.com – GoFundMe.com


Desarrollo Sustentable ♦ Proyectos Municipales y Estatales

– Comunicación – Educación – Salud – Seguridad – Trabajo

En un marco de: transparencia y anti-corrucción


Desarrollo Sustentable ♦ Micro Préstamos

– Fondos a pequeñas empresas •  http://www.kiva.org •  https://www.prosper.com


Sumario ♦ Definiciones ♦ Peligros ♦ Tecnologia y Comunicaciones ♦ Seguridad y Desarrollo

information security 2015 - mikeliunas

Documents