cómo usar la tecnología para generar más seguridad y desarrollo local

Cómo usar la Tecnología para generar más

Seguridad y Desarrollo local

27 de Marzo 2015

Adrian Mikeliunas, CISSP, CISA

Conquest Security

Seguridad y Desarrollo

Agenda

♦ Definiciones♦ Peligros♦ Tecnologia y Comunicaciones♦ Seguridad y Desarrollo

Definiciones

♦ Tecnología♦ Seguridad♦ Desarrollo


Adrian Mikeliunas, CISSP Certified Information System Security Professional (CISSP) Certified Information Systems Auditor (CISA) 30+ años de Ingeniero de Sistemas

12 años en el Banco Mundial, 4 años en el Fondo Monetario

7 años de Consultor para AT&T

Mobile: 571-335-5525

[email protected]

4

Identity theftIdentity theft

Labor ActionLabor Action

Trojan HorsesTrojan HorsesScript KiddiesScript Kiddies

Industrial EspionageIndustrial Espionage

Human FactorHuman Factor

Backdoor ownership of Host machinesBackdoor ownership of Host machines

HackersHackers

SniffingSniffing

CrackersCrackers

Process HijackingProcess Hijacking

Buffer OverflowsBuffer Overflows

Hostile Java AppletsHostile Java Applets

ECHELON/CARNIVORE – Government SurveillanceECHELON/CARNIVORE – Government Surveillance

Abuse of Civil AuthorityAbuse of Civil Authority

Compromise of centralized 3Compromise of centralized 3rdrd Party Data Repositories Party Data Repositories

Legacy Systems

IP TheftIP TheftHostile VB ScriptsHostile VB Scripts

Denial of Service AttacksDenial of Service Attacks

Foreign Government EspionageForeign Government Espionage

Data Lineage

Rogue ApplicationsRogue Applications

Intrusion to commit a FelonyIntrusion to commit a Felony

Virus’sVirus’s

Worms

Spoofing

New Regulations

Social EngineeringSocial EngineeringWebsite AttacksWebsite Attacks

Theft of Trade SecretsTheft of Trade Secrets

Dumpster DivingDumpster Diving

Breach of Physical SecurityBreach of Physical Security

Terrorism

Peligros ExternosPeligros Externos


Social EngineeringSocial Engineering

SniffingSniffing

SpamSpam

GopherGopher

WirelessWirelessemailemail

DNS Cache-based TrustDNS Cache-based Trust

NFSNFS

Poorly Maintained SystemPoorly Maintained SystemSecurity Sensor MisconfigurationSecurity Sensor Misconfiguration

IP TheftIP Theft

Admin ErrorsAdmin Errors

Privilege EscalationPrivilege Escalation

SendmailSendmail

Too many ServicesToo many Services TCP HijackingTCP Hijacking

Finger BuffersFinger Buffers

External DNS Zone TransfersExternal DNS Zone Transfers

Human FactorHuman Factor

Identity theftIdentity theftTFTPTFTP FTPFTP

Unauthorized Insider accessUnauthorized Insider access

Rogue ApplicationsRogue Applications

SabotageSabotage

HTTPHTTPInstant

Messaging

Education and AwarenessEducation and Awareness

Disgruntled EmployeesDisgruntled Employees

Modem Hijacking

Bad Application Code

Policy adherencePolicy adherence

UDP ServicesUDP Services NewsNews

Patch Management

Peligros InternosPeligros Internos


Security Frameworks

Disaster Recovery

Security AwarenessSecurity Awareness

Security Health Checks

Security Policies and Procedures

PKI Readiness Reviews

PKI Infrastructures

Privilege Management

ConsultantsConsultants

Intrusion Detection

Training

Security InfrastructureNetwork Forensics

Firewalls

Content Management

Secure Email

Legal/Regulatory

Portal Security

Business Continuity Planning

Incident Management

Platform Security

Computer Forensics

Website Protection

HR Policy

Event Monitoring

Domain Security

Wifi

Privacy

Collaboration/Partners

UsersCorporate Governance

Risk Assessments

Risk Analysis

Legacy Systems

Security Integration

Virus

Event Correlation

Security in Enterprise Architectures

Malware

Patch Management

Vulnerabilities

Control Standards

Intrusion Protection

The Human Factor

Log Analysis

Security Baselines

Webmail

Data Classification

Asset ClassificationAsset Classification

Data Lineage

Security Measurement

Mainframe Security

Security Management

¿Podemos Entender Seguridad?


OECD Guidelines for the Security of Information Systems & Networks

Government Information Security Reform Act

Turnbull Report

Higgs Report

Smith Report

EU Privacy Directive

OECD - Corporate Guidelines GovernanceOECD - Corporate Guidelines Governance

HIPAA

GLBA

Sarbanes Oxley

Patriot Act IISB-1386 California

FISMA

GISRAOMB-123

OMB-130

NIST 800 Series Standards

Bill C-6

ISO 17799

Basel II

Computer Fraud and Abuse Act 1986

Children's Online Privacy Protection Act of 1998 (COPPA)

Electronic Communications Privacy Act 1986

Foreign Corrupt Practices Act 1977

Freedom of Information ActFreedom of Information Act

Computer Security Act 1987Computer Security Act 1987

Digital Millennium Copyright Act 1998

FERPA

National infrastructure Protection Act 1996

UK Data Protection Act

BS 7799BS 7799The European Union Directive on Data Protection

Anti-terrorism, Crime and Security Act 2001

The Telecommunications (Data Protection and Privacy) Regulations 1999

FERC

Homeland Security Act

NIST

EU Regulatory Framework for Electronic Communications

BITS FDA

FFIEC

21 CFR part 11

NERCNERCNY Reg. 173NY Reg. 173

Legislation & Standards



Estado Mundial de Seguridad

PASADO

Virus

Lola

TI era responsable

PRESENTE

Gobiernos que espíanChina KoreaNSA, etc..

Corrupcción SPAM & Malware

Usted es responsable


Tecnología y Comunicaciones

♦ El Teléfono – De atadura a liberación [movil]

♦ La Computadora♦ De atadura a liberación [movil]

♦La radio y Television– …

Todo implica movilidad!


Seguridad y Ciudadania

♦ ¿Transparencia o Corrupcion?♦ ¿Elecciones Electronicas?

♦ Reporte de Servicios– DC 311 311.dc.gov– NY 311 www1.nyc.gov/311


Crowdsourcing (colaboracion abierta)

♦ Salud♦ Educación♦ Calidad Humana

♦ Ejemplos:– Kickstarter.com – IndieGogo.com– GoFundMe.com


Desarrollo Sustentable

♦ Proyectos Municipales y Estatales– Comunicación– Educación– Salud– Seguridad– Trabajo

En un marco de: transparencia y anti-corrucción


Desarrollo Sustentable

♦ Micro Préstamos– Fondos a pequeñas empresas

• http://www.kiva.org

• https://www.prosper.com


Sumario

♦ Definiciones♦ Peligros♦ Tecnologia y Comunicaciones♦ Seguridad y Desarrollo

cómo usar la tecnología para generar más seguridad y desarrollo local

Government & Nonprofit