Escolar Documentos
Profissional Documentos
Cultura Documentos
JustinDrain jdrain@computer.org
June6,2012 RaisingSecurityIQ
<PresenterName>
Disclaimer
Theviewsandopinionsexpressedduringthisconferencearethoseof thespeakersanddonotnecessarilyreflecttheviewsandopinions heldbytheInformationSystemsSecurityAssociation(ISSA),the SiliconValleyISSA,theSanFranciscoISSAortheSanFranciscoBay AreaInfraGardMembersAlliance(IMA). NeitherISSA,InfraGard,nor anyofitschapterswarrantstheaccuracy,timelinessorcompleteness oftheinformationpresented. Nothinginthisconferenceshouldbe construedasprofessionalorlegaladviceorascreatingaprofessional customerorattorneyclientrelationship. Ifprofessional,legal,or otherexpertassistanceisrequired,theservicesofacompetent professionalshouldbesought. TheseviewsandopinionsarealsodonotreflectthoseofFremont Bancorp.
June6,2012 RaisingSecurityIQ
<PresenterName>
June1,2011
Introductions
JustinDrain,CISM,CRISC,CISSP
DataSecurityManager FremontBank
SecurityExperience:banking,aerospace,federal government,medical
June6,2012 RaisingSecurityIQ
<PresenterName>
Agenda
CloudByAnyOtherName CloudUp! Uh,Why?(WhyNot?) UncomfortableDiscovery HandlingtheTruth Recovery WinningtheWarNextTime Recap&TakeAWays
June6,2012 RaisingSecurityIQ
<PresenterName>
June1,2011
Cloud ByAnyOtherName
Buzzwords SaaS (softwareasaservice) PaaS (platformasaservice) IaaS (infrastructureasaservice)
June6,2012 RaisingSecurityIQ
<PresenterName>
June6,2012 RaisingSecurityIQ
<PresenterName>
June1,2011
CloudServiceModels
PrivateCloud
o CompanyOwnedOrLeased o InSomeCases OnSite
PublicCloud
o LargeScaleInfrastructureforPublicSale
CommunityCloud
o SharedInfrastructureCommunity
HybridCloud
o ComposedOfMultipleClouds
June6,2012 RaisingSecurityIQ
<PresenterName>
CloudAdvantages
WhatDoYouGet?
FinancialCostSavings ImprovedComputingAndNetwork
<PresenterName>
June1,2011
DontBe
TheNail
Enable,NotBlock
<PresenterName>
June6,2012 RaisingSecurityIQ
CloudUp! Uh,Why?/WhyNot?
RiskofnotCloudingUp WhyBiggerIsBetter WhyBiggerIsNotAlwaysBetter NotPerformance Risk
June6,2012 RaisingSecurityIQ
<PresenterName>
10
June1,2011
UncomfortableDiscovery (orDude,WheresOurData?)
StopMeIfYouveHeardThisOne
RequestonanidleThursday CousinJoeysoft Staging VendorManagement? UnfamiliarBreachnotice?
June6,2012 RaisingSecurityIQ
<PresenterName>
11
HandlingtheTruth
FiveStagesofIncidentDiscovery
1.Denial 2.Anger 3.Bargaining 4.Depression 5.Acceptance
June6,2012 RaisingSecurityIQ
<PresenterName>
12
June1,2011
VirtualProblems RealAnswers
Acceptance
June1,2011
<PresenterName>
13
Recovery BandAids&Bullets
WhatCan/ShouldBeDone(asidefrom
<PresenterName>
14
June1,2011
WinningTheWarNextTime
WeDontKnowWhatWeDontKnow.
June6,2012 RaisingSecurityIQ
<PresenterName>
15
WinningTheWarNextTime
PlayingThe
June6,2012 RaisingSecurityIQ
16
June1,2011
WinningTheWarNextTime
WheresMyLawyer? RiskAssessmentIn/From/ToTheCloud? IncidentResponse? Encryption,Duh! SecurityBypassed(BeIntheRoom still)
June6,2012 RaisingSecurityIQ
<PresenterName>
17
RecapandTakeaways
BePrepared 3Rs(WhatsYOURPolicy?) DontBetheNail
FearISanOptionSometimes
DontForgetTheBasics
June6,2012 RaisingSecurityIQ
<PresenterName>
18
June1,2011
FinalThought
The state of mind which enables a man to
do work of this kind is akin to that of the religious worshiper or the lover; the daily effort comes from no deliberate intention or program, but straight from the heart.
-Albert Einstein
Physical Society address, 1918
<PresenterName>
June6,2012 RaisingSecurityIQ
19
June6,2012 RaisingSecurityIQ
<PresenterName>
20
10