'

2011 Cyber Security & Social Technology

Понравилась презентация – покажи это...





Слайд 0

2011 Cyber Security & Social Technology


Слайд 1

Donald E. Hester CISSP, CISA, CAP, MCT, MCITP, MCTS, MCSE Security, Security+, CTT+ Director, Maze & Associates University of San Francisco / San Diego City College www.LearnSecurity.org | www.linkedin.com/in/donaldehester | www.facebook.com/LearnSec | www.twitter.com/sobca DonaldH@MazeAssociates.com


Слайд 2

Rev2/28/2011 © 2011 Maze & Associates 3


Слайд 3

Pervasive By Nature Rev2/28/2011 © 2011 Maze & Associates 4


Слайд 4

Social Tech Issues Rev2/28/2011 © 2011 Maze & Associates 5


Слайд 5

Marketing & Branding Uses Rev2/28/2011 © 2011 Maze & Associates 6


Слайд 6

Brand Protection - Concerns Fear of losing control Fear of losing customers Fear of losing money Fear of customers speaking up Avoiding social media Fear of the unknown Thinking it is a fade Not understanding social media How will you measure impact Rev2/28/2011 © 2011 Maze & Associates 7


Слайд 7

Brand Issues Rev2/28/2011 © 2011 Maze & Associates 8


Слайд 8

Monitor Social Media for your Brand Rev2/28/2011 © 2011 Maze & Associates 9


Слайд 9

Social Shopping Rev2/28/2011 © 2011 Maze & Associates 10


Слайд 10

How to get started Social Technology The train has left the building, are you on it? Get informed Get help (technical and soft skills) Develop a social media marketing strategic plan Create short term goals Execute and Adapt Rev2/28/2011 © 2011 Maze & Associates 11


Слайд 11

Marketing Manger's Guide to Social Media by Scott Klososky The FaceBook Era by Clara Shih Facebook Marketing: An Hour a Day by Chris Treadaway and Mari Smith New Rules of Marketing and PR by David Meerman Scott The Zen of Social Media Marketing: An Easier Way to Build Credibility, Generate Buzz, and Increase Revenue by Shama Kabani and Chris Brogan Rev2/28/2011 © 2011 Maze & Associates 12


Слайд 12

Establish Brand in Social Media Rev2/28/2011 © 2011 Maze & Associates 13


Слайд 13

Market Saturation Rev2/28/2011 © 2011 Maze & Associates 14


Слайд 14

Integration Rev2/28/2011 © 2011 Maze & Associates 15


Слайд 15

Deceptive Marketing Rev2/28/2011 © 2011 Maze & Associates 16


Слайд 16

Endorsements If you are being paid to endorse a product, you must make that clear to consumers. Rev2/28/2011 © 2011 Maze & Associates 17 http://www.ftc.gov/opa/2009/10/endortest.shtm


Слайд 17

Human Resources Uses Rev2/28/2011 © 2011 Maze & Associates 18


Слайд 18

Social Media Uses in HR The use of social media outside of personal lives has increased and continues to increase Concern that potential employers will misconstrue what is seen Used for monitoring current employees Used for screening job applicants Employees see it as a good way to “get to know” the applicant Rev2/28/2011 © 2011 Maze & Associates 19


Слайд 19

http://www.ajc.com/news/barrow-teacher-fired-over-733625.html Rev2/28/2011 © 2011 Maze & Associates 20


Слайд 20

http://www.dailyfinance.com/story/media/facebook-spying-costs-canadian-woman-her-health-benefits/19250917/ Rev2/28/2011 © 2011 Maze & Associates 21


Слайд 21

Rev2/28/2011 © 2011 Maze & Associates 22 http://smallbiztrends.com/2009/09/social-media-background-checks.html


Слайд 22

Horns of a dilemma If employers use social media to do background checks on employees The company is open to discrimination charges The candidates is vulnerable to discrimination Rev2/28/2011 © 2011 Maze & Associates 23


Слайд 23

Horns of a dilemma If employers don’t use social media to do background checks on employees The company is open to negligent hires Good candidates are missed Bad candidates are hired Rev2/28/2011 © 2011 Maze & Associates 24


Слайд 24

Use of Social Media at Work Does your company have a social media policy? How much time do employees use social media? Does it effect employee productivity? How much cross over between work / home life? Rev2/28/2011 © 2011 Maze & Associates 25


Слайд 25

Personal Uses Rev2/28/2011 © 2011 Maze & Associates 26


Слайд 26

Computer Security: Malware Rev2/28/2011 © 2011 Maze & Associates 27


Слайд 27

Online Privacy Do you have control of what is posted? Not all fame is good! People use anonymity to post stuff about others! Embarrassing, loss of credibility Rev2/28/2011 © 2011 Maze & Associates 28


Слайд 28

Information about you online Do I have control of what is posted about me? Look yourself up! All but one of these is about me. One of these I was completely unaware of. Even if you are not on the web, you may be on the web! Do what you can to control what is out there. What is you social relevancy (Reputation)? Rev2/28/2011 © 2011 Maze & Associates 29


Слайд 29

Sony Play Station Network Breach Rev2/28/2011 © 2011 Maze & Associates 30


Слайд 30

Social Media & Politics Rev2/28/2011 © 2011 Maze & Associates 31


Слайд 31

Elections Rev2/28/2011 © 2011 Maze & Associates 32


Слайд 32

Social Media and Politics Rev2/28/2011 © 2011 Maze & Associates 33


Слайд 33

Identity Theft Rev2/28/2011 © 2011 Maze & Associates 34


Слайд 34

Social Media (Web 2.0) Services are extremely popular and useful Almost a must today, (if you are not in, you are out) People post too much information about themselves or their kids Be aware of your aggregate information The key is to be aware of what you are sharing Rev2/28/2011 © 2011 Maze & Associates 35


Слайд 35

Online Privacy Would you invite a stranger into your house to look at your children's photo album? Public v. Private Aggregate information sources could give someone more information than intended. Rev2/28/2011 © 2011 Maze & Associates 36


Слайд 36

Situation Why does someone want your personal information? In an information age information becomes a commodity Information has a value Some information has a greater value Your personal information is potentially worth more than you think Rev2/28/2011 © 2011 Maze & Associates 37


Слайд 37

What is PII Personally Identifiable Information Name and account number Name and social security number Name and address Credit Card Number Where you might find it Tax files Account Statements Records (Medical, Public and other) Businesses you do business with Rev2/28/2011 © 2011 Maze & Associates 38


Слайд 38

ID Theft vs. ID Fraud “Identity fraud," consists mainly of someone making unauthorized charges to your credit card. “Identity theft,” is when someone gathers your personal information and assumes your identity as their own. "Identify theft is one of the fastest growing crimes in the US." John Ashcroft 79th US Attorney General Rev2/28/2011 © 2011 Maze & Associates 39


Слайд 39

March 20th 2001, MSNBC reported the first identity theft case to gain widespread public attention Thief assumed the identities of Oprah Winfrey and Martha Stewart, took out new credit cards in their names, and accessed their bank accounts Stole more than $7 million from 200 of the world’s super rich - Warren Buffet and George Soros, tech tycoons Paul Allen and Larry Ellison Used a library computer, public records, a cell phone, a fax machine, a PO Box, and a copy of Forbes Richest People 32-year-old Abraham Abdallah was described as “a high school dropout, a New York City busboy, a pudgy, disheveled, career petty criminal.” The Busboy That Started It All Rev2/28/2011 © 2011 Maze & Associates 40


Слайд 40

ID Theft & Fraud PII exposed by others (Data Breaches) PII exposed by ourselves (online & others) Malware (Spyware, Viruses, etc…) Social Engineering Phone Internet (Phishing, social websites etc…) In Person (at your door, in a restaurant etc…) Physical theft Mail box Trash (Dumpster diving) ATMs (skimming) Home break-ins Rev2/28/2011 © 2011 Maze & Associates 41


Слайд 41

What do they do with stolen IDs? Rev2/28/2011 © 2011 Maze & Associates 42


Слайд 42

Drug Trafficking and ID Theft Meth users see mail theft and check washing as a low risk way to pay for their habit. The same chemicals used in Meth production are used in check washing. Meth users, dealers and fraudsters are partners in crime. Rev2/28/2011 © 2011 Maze & Associates 43


Слайд 43

FTC 2009 Stats Top counties with ID theft Solano County 18 out of 375 Average per victim loss $10,000 Total complaints filed in 2009 1.3 Million Rev2/28/2011 © 2011 Maze & Associates 44 FTC http://www.ftc.gov/opa/2010/02/2009fraud.shtm


Слайд 44

How might you expose your PII Rev2/28/2011 © 2011 Maze & Associates 45


Слайд 45

Watch what you put online Rev2/28/2011 © 2011 Maze & Associates 46 http://www.youtube.com/watch?v=Soq3jzttwiA


Слайд 46

Can someone use what you post against you? Rev2/28/2011 © 2011 Maze & Associates 47


Слайд 47

P2P (Peer to Peer file sharing) Napster used to fit in this category Used to ‘share’ computer files Legal issues with copyright Malware issues, often the P2P software will install adware or tracking software. Privacy issues, do you know what you are sharing? Rev2/28/2011 © 2011 Maze & Associates 48


Слайд 48

How bad guys might get your PII Rev2/28/2011 © 2011 Maze & Associates 49


Слайд 49

Malware Malware (Viruses, Worms, Spyware, etc…) 1999 Melissa, Kevin Mitnick, 2000 Mafiaboy, DoS Assault, 2001 Code Red, Nimda, 2002 Root Rot, Slapper, 2003 SQL Slammer, 2004 MyDoom, BerBew, 2005 Samy (MySpace), 2007 Storm Worm, Botnets, etc.. Malware has cost trillions of dollars in the last decade Rev2/28/2011 © 2011 Maze & Associates 50


Слайд 50

Viruses In the past they were primarily destructive Today they focus on stealing information Using your computer as a Bot (Zombie) to send out SPAM Rev2/28/2011 © 2011 Maze & Associates 51


Слайд 51

Phishing: Internet Fraud Oldest trick in the book, there are examples in the 1500s One particular fraud is called the “Nigerian 419” scam or “Advanced Fee Fraud” Started as a letter, then it showed up in faxes and now it is sent by email. Many variations on the story the message contains http://www.secretservice.gov/fraud_email_advisory.shtml Rev2/28/2011 © 2011 Maze & Associates 52


Слайд 52

Rev2/28/2011 © 2011 Maze & Associates 53


Слайд 53

Phishing Example Rev2/28/2011 © 2011 Maze & Associates 54


Слайд 54

Spyware Rev2/28/2011 © 2011 Maze & Associates 55


Слайд 55

Cell Phone Spyware Rev2/28/2011 © 2011 Maze & Associates 56 http://www.youtube.com/watch?v=uCyKcoDaofg http://news.rutgers.edu/medrel/news-releases/2010/02/rutgers-researchers-20100222 http://www.youtube.com/watch?v=UZgf32wVTd4


Слайд 56

Physical theft Dumpster diving ATM – Credit Card skimming Mailbox Home Break-in Rev2/28/2011 © 2011 Maze & Associates 57


Слайд 57

Close to Home Rev2/28/2011 © 2011 Maze & Associates 58


Слайд 58

“Lock Bumping” http://cbs11tv.com/seenon/Bump.Key.Safety.2.499252.html Rev2/28/2011 © 2011 Maze & Associates 59


Слайд 59

ATM Skimming Rev2/28/2011 © 2011 Maze & Associates 60 http://www.youtube.com/watch?v=m3qK46L2b_c


Слайд 60

Credit Card Skimming Rev2/28/2011 © 2011 Maze & Associates 61


Слайд 61

Credit Card Skimming Stats SOURCE: CALIFORNIA RESTAURANT ASSOCIATION, VISA USA, UNITED STATES SECRET SERVICE Rev2/28/2011 © 2011 Maze & Associates 62


Слайд 62

Credit Card Skimming Stats SOURCE: CALIFORNIA RESTAURANT ASSOCIATION, VISA USA, UNITED STATES SECRET SERVICE Rev2/28/2011 © 2011 Maze & Associates 63


Слайд 63

How others might expose your PII Rev2/28/2011 © 2011 Maze & Associates 64


Слайд 64

How others might expose your PII Data Breach Lack of security on the part of businesses Organization may post information online Loss of a laptop, hard drive or paper work Data loss by a third party Hacker (Organized Crime & Nation State) Organizations may break into your computer Rev2/28/2011 © 2011 Maze & Associates 65


Слайд 65

Sony PlayStaion Network Breach Rev2/28/2011 © 2011 Maze & Associates 66


Слайд 66

Public Records Rev2/28/2011 © 2011 Maze & Associates 67 “The federal government is the biggest offender.” Paul Stephens Privacy Rights Clearinghouse


Слайд 67

Others losing your ID 4.2 million customer card transactions were compromised by hackers Rev2/28/2011 © 2011 Maze & Associates 68


Слайд 68

Unknown Exposure Rev2/28/2011 © 2011 Maze & Associates 69


Слайд 69

Top 10 Largest Breaches* Rev2/28/2011 © 2011 Maze & Associates 70 *Top ten data breaches as of 22 Feb 2010. Data provided by DataLoss db. 725,797,885 breached records out of 2466 reported incidents.


Слайд 70

Repeat Offenders* Rev2/28/2011 © 2011 Maze & Associates 71 *As of 22 Feb 2010. Data provided by DataLoss db. 725,797,885 breached records out of 2466 reported incidents.


Слайд 71

Sony Root kit Sony, in its efforts to preserve control over its product, installed root kits on consumers computers Consumers were not aware it was installed (on copy-protected CDs) Gave Sony and potentially hackers the ability to remotely control your computer Removal of software disabled CD drives on consumers computers http://www.cnet.com/4520-6033_1-6376177-1.html?tag=nl.e501 Rev2/28/2011 © 2011 Maze & Associates 72


×

HTML:





Ссылка: