jamie s. herman, c|ciso, cism, cissp manager of information security ropes & gray llp

JAMIE S. HERMAN, C|CISO, CISM, CISSPMANAGER OF INFORMATION SECURITY

ROPES & GRAY LLP

Navigating an Ever-Changing Security

Landscape

The Reality

50% - attacks on companies with fewer than 2500 employees

1719 – Average number of attacks per 1000 users

80 – FBI estimates more than 80 major US law firms were compromised in 2011

Exponential growth – 6x more malicious links (2012)

Malware

Software that interferes with normal operation of your computer

Generally executes without your knowledge or consent

Can damage or disable your computer, or steal firm information

Includes viruses, trojans, works, and spyware

The How

Phishing campaign

Social Engineering

Unencrypted Media

Elevated privileges

Malicious websites

Perception…

Data Classification

Critical aspect of Information Security Client/Matter intake

How can you protect what you don’t know?

Many flavors (government, industry, business model)

Role Based Access Control (RBAC)

Need to know

Data Vaults

Auditing

Visibility

Data Leak Prevention (DLP)

Reporting

Client protection and retention

Compliance and competitive advantage

Hot Topics

Secure file sharing

Email encryption

Removable Media Encryption

Social media/personal email access

Mobile devices (BYOD)

Resources

http://www.darkreading.com

http://www.infosecisland.com

http://www.threatpost.com

http://www.krebsonsecurity.com

http://www.dhs.gov/dhs-daily-open-source-infrastructure-report

http://www.us-cert.gov/ncas/current-activity

https://isc.sans.edu/ https://isc.sans.edu/reportfakecall.html

Remember

Security is Everyone's responsibility!

Sec-U-R-IT-y………You Are It!

Questions