regulation versus regulation versus reality reality
play

Regulation versus Regulation versus Reality Reality Regulatory - PowerPoint PPT Presentation

Feb 02, 2023 •145 likes •726 views

San Francisco Chapter San Francisco Chapter Regulation versus Regulation versus Reality Reality Regulatory Compliance should not be the goal of an Information Security program - it should be the result. Introduction Introduction (thanx

  1. San Francisco Chapter San Francisco Chapter Regulation versus Regulation versus Reality Reality Regulatory Compliance should not be the goal of an Information Security program - it should be the result.

  2. Introduction Introduction (thanx Johnny for the slide) Christian CyberCop CyberWarfare Researcher CISO... San Francisco Chapter San Francisco Chapter

  3. Introduction Introduction  College Instructor - UNIX/Linux/Security San Francisco Chapter San Francisco Chapter

  4. Introduction Introduction  and... always aspiring to be an “International Man of Mystery!” San Francisco Chapter San Francisco Chapter

  5. Introduction Introduction San Francisco Chapter San Francisco Chapter

  6. Introduction Introduction Paul W. Poteete CEH, CISSP, MCSE, CNE, CCA, VCP ppoteete@gmail.com 831.333.9119 San Francisco Chapter San Francisco Chapter

  7. Presentation Outline Presentation Outline  Introduction (complete!)  Information Security Overview  Regulatory Compliance  Security Solutions  Conclusion San Francisco Chapter San Francisco Chapter

  8. Information Security Information Security Methodologies: Methodologies: Confidentiality vs. Disclosure Integrity vs. Alteration Availability vs. Destruction Controlled by: Controlled by: Administrative Actions Technical Solutions Physical Restrictions San Francisco Chapter San Francisco Chapter

  9. Information Security Information Security  Today, companies are more reliant on information technology (data) than ever before. Information Technology has become a critical component of the business architecture. Often, a firms capital budget for technology will exceed all other areas. 
 San Francisco Chapter San Francisco Chapter

  10. Information Security Information Security  The incredible reliance on information technology for business viability requires the implementation and systematic control of new security measures.  Security Governance, Risk Management, and Security Program Management must be intrinsic to business process. San Francisco Chapter San Francisco Chapter

  11. Information Security Information Security Top Security Concerns (2005) Top Security Concerns (2005) 1) Insider threats 2) Spam 3) Viruses 4) Spyware 5) External Hackers 6) Theft or loss of equipment or data 7) Electronic fraud 8) Customer da t a breaches (Pharming, Phishing, Email, etcetera) ‏ San Francisco Chapter San Francisco Chapter 9) DoS attacks

  12. Information Security Information Security Top Security Concerns (2008) Top Security Concerns (2008) 1) Virus 2) Spyware 3) Spam 4) External Hackers 5) Insider threats 6) Auditability/compliance concerns 7) Customer data breaches 8) Theft or loss of data or equipment 9) Cost of administration San Francisco Chapter San Francisco Chapter

  13. Information Security Information Security Who does this stuff? San Francisco Chapter San Francisco Chapter

  14. Information Security Information Security San Francisco Chapter San Francisco Chapter

  15. Information Security Information Security  Yes, the criminal hacker (or the 12 year old down the street) still makes the top 5.  But new concerns are indicating the maturity and understanding of what security truly entails. ◦ Compliance Concerns ◦ Cost of Administration San Francisco Chapter San Francisco Chapter

  16. Information Security Information Security  Costs can skyrocket. The cost of IT and Security for a firm doesn’t start or stop on a price tag.  Basic Cost Functions: ◦ Identify ◦ Acquire ◦ Implement ◦ Maintain ◦ Retire San Francisco Chapter San Francisco Chapter

  17. Regulatory Compliance Regulatory Compliance  Enter the age of Regulatory Compliance Regulatory Compliance! San Francisco Chapter San Francisco Chapter

  18. Regulatory Compliance Regulatory Compliance  Fraud and failures to implement security controls have led to greater regulatory involvement in organizational security governance.  We should be protecting our data from unauthorized disclosure, alteration, and destruction, not piecemeal reforms to meet basic regulatory needs. San Francisco Chapter San Francisco Chapter

  19. Regulatory Compliance Regulatory Compliance San Francisco Chapter San Francisco Chapter

  20. Regulatory Compliance Regulatory Compliance Oh yeah. He’s also logging Oh yeah. He’s also logging everything you do on everything you do on WORM media at a remote WORM media at a remote location with requirements location with requirements to divulge your to divulge your information to third information to third parties or law enforcement parties or law enforcement if requested. if requested. San Francisco Chapter San Francisco Chapter

  21. Regulatory Compliance Regulatory Compliance  How many regulations are there?  Thousands San Francisco Chapter San Francisco Chapter

  22. Regulatory Compliance Regulatory Compliance  What are some of the more popular regulations? What are some of the more popular regulations? ◦ SEC 17a (3,4) ◦ NASD 2210 ◦ NASD 2711 ◦ NASD 3010 ◦ NASD 3012 ◦ NASD 3013 ◦ NASD 3110 ◦ Sarbanes-Oxley ◦ Investment Advisors Act ◦ IDA (The Investment Dealers Association of Canada) ◦ OCC Advisory: Electronic record Keeping ◦ FDIC Advisory: Information Technology Risk Mgmt Program ◦ Basel II ◦ Gramm-Leach Bliley Act ◦ California Privacy Law SB1386 ◦ Federal Rules of Civil Procedure San Francisco Chapter San Francisco Chapter

  23. Regulatory Compliance Regulatory Compliance SEC 17a(3,4) SEC 17a(3,4) 1) You must preserve documents and records for three to six years, the first two years of which, they must be in an accessible place. 2) All documents and records must be time-stamped, stored in a non-rewriteable/non-erasable format, organized and indexed, with a duplicate copy stored separately from the original. 3) The indexes should be also duplicated and stored separately from the original, and they should be available for examination and preserved as long as the documents and records. San Francisco Chapter San Francisco Chapter

  24. Regulatory Compliance Regulatory Compliance Sarbanes-Oxley Act Sarbanes-Oxley Act 1) Requires public companies save all business records, including electronic records and messages, for no less than five years. 2) All relevant audit-related documentation (including email records) must be retained for seven years. 3) Section 404 also requires companies to report on the effectiveness of internal controls over financial reporting. San Francisco Chapter San Francisco Chapter

  25. Regulatory Compliance Regulatory Compliance FDIC Advisory FDIC Advisory: Information Technology Risk Mgmt Program 1) Requires encryption of electronic customer information while in transit or in storage. Basel II Basel II 1) Banks must create internal processes to control, supervise and enforce risk management practices, including those involving internal communications. San Francisco Chapter San Francisco Chapter

  26. Regulatory Compliance Regulatory Compliance Gramm-Leach Bliley Act Gramm-Leach Bliley Act 1) Financial institutions must ensure the security of non-public personal information; as such, they are required to maintain and store these communications in compliance with the SEC's Rule 240.17a-4 and... 2) NASD's rules 3010 and 3110 (all emails be preserved for a period of not less than six years, with the first two years in an easily accessible place.) San Francisco Chapter San Francisco Chapter

  27. Regulatory Compliance Regulatory Compliance California Privacy Law SB1386 California Privacy Law SB1386 1) Businesses are required to notify California residents if personal information stored on computer systems has been breached. This regulation applies to any organization that conducts business with California residents. - A company is exempt from the notification requirement of California SB 1386 if the personal information is stored in encrypted format. San Francisco Chapter San Francisco Chapter

  28. Regulatory Compliance Regulatory Compliance San Francisco Chapter San Francisco Chapter

  29. Regulatory Compliance Regulatory Compliance  PCI-DSS PCI-DSS ◦ Install and maintain a firewall to protect sensitive company data ◦ Do not use vendor-supplied default passwords & security parameters ◦ Protect stored sensitive company data ◦ Encrypt transmission of sensitive company data on public networks ◦ Use and regularly update anti-virus software ◦ Develop and maintain secure systems and applications San Francisco Chapter San Francisco Chapter

  30. Regulatory Compliance Regulatory Compliance  PCI-DSS PCI-DSS ◦ Restrict access to sensitive company data based on need-to-know ◦ Assign a unique ID to each person with computer access ◦ Restrict physical access to sensitive company data ◦ Track and monitor all access to network resources and sensitive company data ◦ Regularly test security systems and processes ◦ Maintain a policy that addresses information security San Francisco Chapter San Francisco Chapter

  31. Regulatory Compliance Regulatory Compliance  In the preceding slides, do you believe that it may be possible to meet the letter of the regulation and still leave your firm vulnerable to attack and abuse?  The PCI-DSS can point to obscure references to prove that you are out of compliance. ◦ If you have a data breach; do you think that you'll pass a post-breach audit? San Francisco Chapter San Francisco Chapter

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Reality versus Virtual So Yeong (F14FA0705) Mei Yu (F14FA0677) Janice (F14FA0041) Yun Yi

Reality versus Virtual So Yeong (F14FA0705) Mei Yu (F14FA0677) Janice (F14FA0041) Yun Yi

REAVIRE Reality versus Virtual So Yeong (F14FA0705) Mei Yu (F14FA0677) Janice (F14FA0041) Yun Yi (F14FA0271) Xiao Min (F14FA0712) CONTENTS 1. ARTIST BIOGRAPHY 2. INTRODUCTION 3. SELECTION PROCESS 4. CONCEPT AIM 5. REFERENCES 6.

489 views • 19 slides
versus the reality of eTP implementation By Kyaw K. Htat Supervisors: A/Prof Trish Williams

versus the reality of eTP implementation By Kyaw K. Htat Supervisors: A/Prof Trish Williams

Edith Cowan University School of Computer and Security Science & eHealth Research Group The hare and the tortoise: the potential versus the reality of eTP implementation By Kyaw K. Htat Supervisors: A/Prof Trish Williams & Dr Vincent

538 views • 16 slides
OPEN PROBLEMS IN STAR FORMATION OUTLINE OUTLINE: THE BIG QUESTIONS Regulation of the star

OPEN PROBLEMS IN STAR FORMATION OUTLINE OUTLINE: THE BIG QUESTIONS Regulation of the star

MARK KRUMHOLZ OPEN PROBLEMS IN STAR FORMATION OUTLINE OUTLINE: THE BIG QUESTIONS Regulation of the star formation rate Global vs. local regulation Universal versus variable efficiency Bound clusters versus unbound associations

681 views • 32 slides
T hey could easily provide plot lines for a novel series of reality shows. They pit Davids versus

T hey could easily provide plot lines for a novel series of reality shows. They pit Davids versus

EMINENT DOMAIN: EMINENTLY POWERFUL By Ilene Dorf Manahan, Contributing Writer T hey could easily provide plot lines for a novel series of reality shows. They pit Davids versus Goliaths powerful government entities against the every-man

248 views • 4 slides
2008 Payments Conference Payments Fraud: Perception versus Reality Payments Fraud: Perception

2008 Payments Conference Payments Fraud: Perception versus Reality Payments Fraud: Perception

2008 Payments Conference Payments Fraud: Perception versus Reality Payments Fraud: Perception versus Reality Public and Private Responses to Payments Fraud: Public and Private Responses to Payments Fraud: Consumer Protection Laws J dith

213 views • 19 slides
IDEALS VERSUS THE REALITY: HAS ISLAMIC FINANCE FULFILLED ITS PROMISE? Mehmet Asutay &

IDEALS VERSUS THE REALITY: HAS ISLAMIC FINANCE FULFILLED ITS PROMISE? Mehmet Asutay &

IDEALS VERSUS THE REALITY: HAS ISLAMIC FINANCE FULFILLED ITS PROMISE? Mehmet Asutay & Ercument Aksak First Workshop on the Development of Islamic Finance in Europe: Business in-Between Cultures University of Sarajevo, Bosnia

459 views • 27 slides
Rhetoric versus Reality: Examining New Regionalism in Rural Canada Kelly Vodden, Memorial

Rhetoric versus Reality: Examining New Regionalism in Rural Canada Kelly Vodden, Memorial

Rhetoric versus Reality: Examining New Regionalism in Rural Canada Kelly Vodden, Memorial University; David Douglas, University of Guelph; Sean Markey, Simon Fraser University; Bill Reimer, Concordia University and Research Team New

825 views • 16 slides
From regulation to reality challenges in translation of gene therapy and cell-based medicinal

From regulation to reality challenges in translation of gene therapy and cell-based medicinal

From regulation to reality challenges in translation of gene therapy and cell-based medicinal products Gene therapy case study: ADA-SCID Alessandro Aiuti Jonathan Appleby HSR-TIGET is focused on the implementation of basic and clinical

772 views • 11 slides
I t is often said that Washington, D.C. is 69 square miles sur rounded by reality.

I t is often said that Washington, D.C. is 69 square miles sur rounded by reality.

Cyber Security Regulation is Coming Here! Presentation delivered to the 12 th Annual RSA Security Conference April 15, 2003 by Bruce J. Heiman I t is often said that Washington, D.C. is 69 square miles sur rounded by reality. Unfortunately,

713 views • 3 slides
EXPERIENCE VIRTUAL REALITY VIRTUAL REALITY MARKET VR will be bigger than TV Virtual

EXPERIENCE VIRTUAL REALITY VIRTUAL REALITY MARKET VR will be bigger than TV Virtual

VIRTUAL REALITY HEADSET FOR SMARTPHONES EXPERIENCE VIRTUAL REALITY VIRTUAL REALITY MARKET VR will be bigger than TV Virtual reality is a medium, a Virtual reality was once the in 10 years. means by which humans can dream of

535 views • 16 slides
Spatial Illusions: From Mirrors to Virtual Reality David Chalmers Virtual Reality Virtual

Spatial Illusions: From Mirrors to Virtual Reality David Chalmers Virtual Reality Virtual

Spatial Illusions: From Mirrors to Virtual Reality David Chalmers Virtual Reality Virtual reality technology: produces experiences as of an external reality grounded in a computer simulation. Virtual Reality and Philosophy

1.01k views • 76 slides
Rockem Reality Rockem Reality | Punch Detection Method Hand Acceleration Measurement

Rockem Reality Rockem Reality | Punch Detection Method Hand Acceleration Measurement

Purple A Mockup Review Rockem Reality Rockem Reality | Punch Detection Method Hand Acceleration Measurement Rockem Reality | Robot Punching Emulation Rockem Reality | Mockup Product: User Input Accelerometer Gloves Rockem Reality |

568 views • 18 slides
EON Company Overview 2017 Knut Henrik Aas CEO, EON Reality Norway AS EON Reality, Inc.| M: +47

EON Company Overview 2017 Knut Henrik Aas CEO, EON Reality Norway AS EON Reality, Inc.| M: +47

EON Company Overview 2017 Knut Henrik Aas CEO, EON Reality Norway AS EON Reality, Inc.| M: +47 934 00 154 skype: knuthenrikaas Facebook | Twitter | LinkedIn | Instagram Click to watch video About EON Reality Principles Global Leader in VR

516 views • 18 slides
Challenges in Networking to Support Augmented Reality and Virtual Reality Cedric Westphal

Challenges in Networking to Support Augmented Reality and Virtual Reality Cedric Westphal

Challenges in Networking to Support Augmented Reality and Virtual Reality Cedric Westphal Huawei IETF98- ICNRG Meeting Thursday 3/30/17 Trends in AR/VR Augmented Reality and Virtual Reality are going to create tremendous growth in

632 views • 15 slides
AUGMENTED REALITY A complete overview of what augmented reality is and how it will revolutionize

AUGMENTED REALITY A complete overview of what augmented reality is and how it will revolutionize

AUGMENTS ESSENTIAL GUIDE TO AUGMENTED REALITY A complete overview of what augmented reality is and how it will revolutionize business. INTRODUCTION This ebook offers helpful insight on augmented reality and how it applies to business from

562 views • 31 slides
Online Regulation Policy Introduction Overview of High level review of the old policy

Online Regulation Policy Introduction Overview of High level review of the old policy

Online Regulation Policy Introduction Overview of High level review of the old policy versus the updated policy changes Discussion of significant changes Understanding UGC and show it should be dealt with Complaints process for

379 views • 16 slides
P Y T O R C H A N D T H E N E W C H A L L E N G E S O F M L LeCuns Law and the Rise of

P Y T O R C H A N D T H E N E W C H A L L E N G E S O F M L LeCuns Law and the Rise of

P Y T O R C H A N D T H E N E W C H A L L E N G E S O F M L LeCuns Law and the Rise of Deep Learning Gradient-Based Learning Applied to Document Recognition, LeCun et al., 1998 6,000 5371 4,800 Citation Count 3711 3,600 2472 2,400

1.31k views • 87 slides
Assignment 6: Photo Essay Presentation Overview: For this assignment, you will present your

Assignment 6: Photo Essay Presentation Overview: For this assignment, you will present your

Unit 3: Multimodal Rhetoric Remix Assignment 6: Photo Essay Presentation Overview: For this assignment, you will present your Photo Essay to your peers. You will give your presentation on one of the following days: o Friday, December 9 th o The

159 views • 5 slides
Logical Frameworks Lilongwe, Malawi 23-27 May 2011 Session Objectives Understand what

Logical Frameworks Lilongwe, Malawi 23-27 May 2011 Session Objectives Understand what

Logical Frameworks Lilongwe, Malawi 23-27 May 2011 Session Objectives Understand what logical frameworks are and Understand what logical frameworks are and their role in helping to define and articulate a projects design.

768 views • 11 slides
Tatsuhiro Nakada Yoshiro Sato, Yasushi Hara, Shigehisa Sugiyama, Takaaki Ogata and Yasuhiro Aoki

Tatsuhiro Nakada Yoshiro Sato, Yasushi Hara, Shigehisa Sugiyama, Takaaki Ogata and Yasuhiro Aoki

conference & convention enabling the next generation of networks & services FULLY FLEXIBLE AND AUTOMATED SUBMARINE LINE TERMINATING EQUIPMENT FOR ADVANCED DWDM SYSTEMS FOR ADVANCED DWDM SYSTEMS Tatsuhiro Nakada Yoshiro Sato, Yasushi

566 views • 18 slides
Cyber Security Research on Industrial Control Systems SM Yiu Department of Computer Science The

Cyber Security Research on Industrial Control Systems SM Yiu Department of Computer Science The

Cyber Security Research on Industrial Control Systems SM Yiu Department of Computer Science The University of Hong Kong Cyber-security for industry 4.0 conference 23 June, 2017 1 Will the followings only be seen in movies? Movies: Cyber

510 views • 28 slides
Assessment of the Effects of the Living Your Values Workshop THE UNIVERSITY OF CONNECTICUT

Assessment of the Effects of the Living Your Values Workshop THE UNIVERSITY OF CONNECTICUT

Assessment of the Effects of the Living Your Values Workshop THE UNIVERSITY OF CONNECTICUT - DEPARTMENT OF STUDENT AFFAIRS DANNY ARROYO, ALEX CARRIER, STEPHANIE FLEITAS, JODY MIELE, BRYCEN WATERS Presentation Agenda Introduction

669 views • 66 slides
Validus Holdings, Ltd. Investor Presentation Third Quarter 2016 1 Cautionary Note Regarding

Validus Holdings, Ltd. Investor Presentation Third Quarter 2016 1 Cautionary Note Regarding

Validus Holdings, Ltd. Investor Presentation Third Quarter 2016 1 Cautionary Note Regarding Forward-looking Statements This presentation may include forward-looking statements, both with respect to us and our industry, that reflect our

617 views • 42 slides
Nuclear war cannot be won and must never be fought. OK then, how about agreeing never to

Nuclear war cannot be won and must never be fought. OK then, how about agreeing never to

Nuclear war cannot be won and must never be fought. OK then, how about agreeing never to start one? [Aaron Tovish, Zona Libre, April 2019] Reagan coined the phrase and Gorbachev endorse it at their Geneva Summit. Yet, at that time, and to

443 views • 3 slides

More recommend