Home Events Live from ISACA Conference: Securing your big data

Live from ISACA Conference: Securing your big data

3266

ISACA Sri Lanka chapter aim to sponsor local educational seminars and workshops, conducts regular chapter meetings, and help to further promote and elevate the visibility of the IS audit, control and security profession throughout the area. In line with its mission, ISACA is organising a Confernce on ‘Securing our bid data’. An eminent list of speakers will grace the occasion.  CPE Credits for this event is 7.

The conference is sponsored by Oracle and CICRA Holdings.

We will be bringing updates from the conference so stay tuned in case you missed out on attending the event.

We are live from Hilton Residencies.

admin Sep 18, 20134:39 pm

You can get slides from the conference via this link https://app.box.com/s/n7xswsouh9lkquc7ns7k
And thats it from the BigData conference. Thanks for tuning into the live updates. We will have pictures and video from the event on our fb page shortly.
This is diGIT team signing out.

admin Sep 18, 20134:36 pm

Is there any particular occurrences happening in Singapore – Parakum asks David.
We have data protection act which will come for commercial too. – David

We are almost done it seems as the panel discussion comes to a conclusion and a token of appreciation being given to Mr Chandralal.

One final draw and we have MD of CICRA up on stage again to select the winner from the raffle. And the winner is Mr Yasas Thilakarathne from LOLC.

admin Sep 18, 20134:30 pm

Is there a process in which you get feedback from junior personal on security?

For IT strategy planning, they need to check with the CIO. The board needs backing from the team.
On a bottom up approach, we need suggestion boxes and similar processes. Its not easy, it might not be 100%, we ourselves might have lagging, but ideas need to be looked at. – Chrandralal

admin Sep 18, 20134:23 pm

A glimpse of final part of panel discussion

admin Sep 18, 20134:18 pm

Do services like fb, twitter, skype have their own policiies as to how they will keep the data and record the conversations etc? – asks Chief Manager IT Ms Maldeni from Bank of Ceylon

If its a free service they might not, otherwise it would most likely be recorded – Chandralal

admin Sep 18, 20134:10 pm

We are now onto the final segment for the evening as we have a brief panel discussion

admin Sep 18, 20134:10 pm

With that Chandralal concludes his session

admin Sep 18, 20134:07 pm

Big Data is Here to Stay.

There will be mountains of data
Business would want to maximize the usage

CIOs challenges are
We need to mine for new answers
New collection methods
New delivery systems
While Securing it

We should look at
Turning Big Data Challenges into Opportunities
Innovation, scalability, accessibility, and productivity to gain competitive advantage and create substantial value for the organizations and world economy as a whole

- Chandralal

admin Sep 18, 20134:05 pm

Challenges in Big Data

Managing Non relational data stores (NoSQL)
Handling Unstructured data (text/Video)
Securing data storage & transaction logs (auto-tier)
Endpoint input validation & filtering (SIEM)
Realtime Security / Compliance Monitoring (Access Control)
Privacy in Data Mining / Analytics (pay)
Privacy invasion
Invasive marketing
Reduced civil freedom
Increased control (corporate & state)
Data Access control (sensitivity)
Secure Communication.

- Chandralal

admin Sep 18, 20134:01 pm

Some Challenges Faced by IT

E-Life vs Security Threats
Ease of use vs Enterprise security
Self-service and self-provisioning
IT staff to do higher-value activities than managing user accounts
Multifaceted approach to defense that employs several security technologies
Measuring the effectiveness of Information security
Factors driving Information Security
Hired hackers???.

- Chandralal

admin Sep 18, 20134:00 pm

Security Process Advantages

Change Management – Control the business losses and react or resolve quickly
Incident Management – Identify root causes and plan preventive measures
Availability Management – Plan resources accordingly
Access Management – Design and control business usages, propose business suggestions
IT Configuration Management – Business requirement, Resource planning, Problem identification
Patch management – Prevention of exploits
IT Governance, Risk and Compliance Programmes – Assurance, Collaboration
Strong User Authentication – Protection of Identity
Prevent Insider Attacks – Business Continuity.

- Chandralal

admin Sep 18, 20134:00 pm

Technological Advantages of Information Security

DLP – Compliance, Employee awareness, business balance, malicious activity detection, Protection of Intellectual property
SIEM – Compliance Automation, Operational Efficiency, Proactive measure and quick reactions, Dashboards
Mail Gateway – Save time for business users from SPAM emails
Web Gateway – Effective resource planning, controlled business usage
Identity & Access Management – Quick access Provisioning & De-Provisioning
Encrypting data transmission via public networks – Protection of Business Data
Use of licensed software – Reputation, Business Continuity, Legal
Vulnerability Assessment / Penetration Testing – Security Assurance
Intrusion Detection and Prevention – Security Assurance
Network Access Control – Security Assurance
Application Security – Reliable Business usage, protection of data
Remote-Access or Site-to-Site VPN – Agility to business
Device Control – Control business usage, Business data loss prevention
Antivirus – Protection of Assets.

- Chandralal

admin Sep 18, 20133:56 pm

Contingency Plans – Disaster Preparation & Recovery Plan

BCP – time, location & type of disaster based
DRP
BCP/DR Drills
Updating BCP/DR
Outsourcing Providers’ BCP/DR
Service Provider BCP/DR
Back up Service Providers.

- Chandralal

admin Sep 18, 20133:53 pm

Information Security Awareness and Privacy Training Programs

Provide higher level of protection for assets
Improve employee morale
Financial savings
Competitive advantage
Protect and enhance your organization’s reputation and brand
Protect customer and corporate information
Reduce the potential for lawsuits & exposure to prosecution
Disciplinary action against those who don’t comply with information security rules.

- Chandralal

admin Sep 18, 20133:50 pm

Cloud Computing Policies

Security on the network
Identity management
Regulator Compliance
Data integration (encrypting etc)
Vendor lock-in
Vendor viability
Manageability
Availability
Shared resources
Legal challenges.

- Chandralal

admin Sep 18, 20133:47 pm

Social Media Security Policies

Internal & external communication – who maintains it?
Employees wanting to use Facebook, Twitter, YouTube etc
Managing them
Monitoring Tools
Cost vs ???
3rd wave of capitalism
Corporate social media
Enterprise Social Media Strategy
Collaboration & Idea generation.

- Chandralal

admin Sep 18, 20133:44 pm

Mobile Device Security Policies

Whether we like or not employees bring these mobile devices to workplace
Smartphones, BB, iPads, iPhones.. etc
BYOD Policy
Org want people to be productive
Mobile device management – embrace change or be left behind
Mobile workforce management
Mobile device & data security
Mobile applications.

- Chandralal

admin Sep 18, 20133:39 pm

Information Security as part of Business Strategy

- Information Security to be an important part of the IT Strategic Plan
- Information Security Budget
- Justification of IT Security spending % increase against rising costs
- IT Security staff salaries are increasing at a high rate
- Qualified, experienced & up to date IT Security staff?
- Getting the right people in the IT Security team
- In house vs outsourced/contracted
- Board level backing
- Help business managers to ensure that security is a priority in every technology project
- Internal whistleblower policy.

- Chandralal

admin Sep 18, 20133:37 pm

Types of Information Security related Compliances IT Facing today

Regulator – comes down hard on all of us, no negotiation, only thing can be done is maybe extend.

Regulator Agencies – crib
Payments & Settlement Agencies – e.g. swift bureau, nothing negotiable, they tell us what to do
Compliance Function
Risk Function – Operation, market risk
External Auditors
Internal Auditors

These are the challenges faced by CIO and IT team face
- Chandralal

admin Sep 18, 20133:34 pm

How IT Security Add Value to Business

What is Security?
The state of being free from danger or threat.
When do we consider it’s important to focus on Security?
Isn’t it same with IT Security?.

- Chandralal

admin Sep 18, 20133:33 pm

We had many challenges at Amana Bank. Regulator hurdles. – Chandralal

admin Sep 18, 20133:30 pm

Agenda for this session is as follows:

Amana Bank & Banks CIO Forum
Value delivery from information Security Projects
Compliances IT Facing today
Information Security as a Business Strategy
Information Security Policies and Practices
Information Security Awareness
Contingency Plans
Technological Advantages
Process Advantages
Challenges Faced by IT
Challenges in Big Data
Conclusion

- Chandralal

admin Sep 18, 20133:28 pm

Chandralal reads out the following to the audience:

“Technologies change business rules. Technologies drive innovation. And we, in our IT leadership, must handle these changes while delivering excellence in managing everything else in our technology products and services stacks. We have to be really good at mobile, social, analytics, collaboration, consumerization, etc, while making sure that we don’t let ourselves get bad at network, CRM, ERP, desktop management, service level management, etc. And we somehow have to do all of this faster than ever, lest we slow down the organization by becoming bottlenecks.”
– Niel Nickolaisen CIO

admin Sep 18, 20133:27 pm

We now have Chandralal Wickramapathirana, CIO – Amana Bank with his session on ‘Value Delivery from Information Security Projects’

admin Sep 18, 20133:24 pm

Managing Director of CICRA will now pick from the raffle and the winner is J A Asoka Jayasinghe, Assistant General Manager Bank of Ceylon. Priyantha Bandara also wins from the raffle.

admin Sep 18, 20133:20 pm

A token of appreciation is now being presented to Dhamithra

admin Sep 18, 20133:17 pm

Dhamithra now concludes his session and opens floor for few questions

admin Sep 18, 20133:09 pm

admin Sep 18, 20133:09 pm

What you should consider?

- Single Compliance Dashboard of your DB infrastructure (Heterogynous Support)
- Application Transparent without performance tradeoffs
- Standardize and Automatically Apply Policies (DB Life Cycle)
- Information Life Cycle Management
- Proactively Alerted if Policies are Changed or violated
- Complete, Current, Correct and Secure Audit Data
- Proactive Alerting and Customizable Reporting
- Defense-in-depth

admin Sep 18, 20133:07 pm

admin Sep 18, 20133:04 pm

Customer Pains

Heterogeneous Database versions and brands
Unable to automate DB Policy Application (DB Life Cycle)
10’s to 100’s of databases all with auditing switched on but no time to check logs
Incident happens long before it is detected
Audit logs sit on servers where they can be tampered with – not secure
Database Audits are costly
Managing the audit from source to report is complex with many processes like collecting audit data, cleaning up audit logs, collating information and finally presenting this information in a report.

- Dhamithra

admin Sep 18, 20133:02 pm

admin Sep 18, 20133:01 pm

admin Sep 18, 20133:00 pm

Common Database Threats

Database Vulnerabilities:
- Missing Patches
- Misconfigurations
– Excessive Privileges

External Threats:
– Web application attacks (SQL-injection)
– Insider mistakes
– Weak or non-existent audit controls
– Social engineering

- Dhamithra

admin Sep 18, 20133:00 pm

admin Sep 18, 20132:59 pm

admin Sep 18, 20132:58 pm

admin Sep 18, 20132:56 pm

admin Sep 18, 20132:56 pm

admin Sep 18, 20132:54 pm

admin Sep 18, 20132:54 pm

Moving on to the next topic in the agenda, why audit?
– Compliance Mandates It
- SOX, PCI-DSS, HIPAA, PII/SPI, …..
– You don’t want to end up in the news
– Maintain customer trust
– Your auditor told you to do it

- Dhamithra

admin Sep 18, 20132:52 pm

admin Sep 18, 20132:52 pm

Databases Account For 92% Of Records Stolen!

- Dhamithra

admin Sep 18, 20132:51 pm

Organizations are not Protecting Themselves

96% of breaches in 2009 were avoidable through simple controls
79% of organizations with credit card data breaches in 2009 failed their last PCI audit
41% of successful attacks in 2009 involved script kiddie skills or less.
85% “not considered highly difficult”
48% of attacks were insiders abusing privileges
70% were executed by non-technical employees

- Dhamithra

admin Sep 18, 20132:50 pm

Dhamithra Jayasuriya presenting at the conference

admin Sep 18, 20132:48 pm

We need to protect the data at the source – Dhamithra

admin Sep 18, 20132:47 pm

What are the technologies deployed

admin Sep 18, 20132:45 pm

Landscape Looking Ahead

IT Landscape
– Vanishing perimeter dissolves insider/outsider differences
– Data Consolidation, Big Data Iniitiatives
– Public/private cloud, partner, Globalization
Threat Landscape
– Sophisticated hacking tools, bot networks, hacker supply chains
– Cyber terrorism and warfare sponsored by nation states
– Databases to become a prime target
Security Landscape
– Focus on protecting data at the source
– Defense in depth
Regulatory Landscape
– Moving from Detective controls to Preventive Controls
– All countries and states joining in protecting PII data

- Dhamithra

admin Sep 18, 20132:44 pm

The 2000-2010 Decade Landscape

IT Landscape
- Almost all applications online, highly available and scalable
- Centralized applications, Outsourcing, offshoring, Third Party Service Providers
Threat Landscape
– First SQL Server Database worm (SQL Slammer, 2003); SQL Injection introduced (Oct 2000)
– Advanced Persistent Threats (APT); Automated SQL injection attacks; DIY tools
– Heartland (100M+), TJ Maxx (45M+), RockYou pwd database (32M)
Security Landscape
– Predominantly desktop (anti-spam, anti-virus, laptop encryption) & perimeter (FW, SSL, VPN)
– Multiple isolated point security solutions
Regulatory Landscape
– SOX (2002), C-SOX (2003), J-SOX (2006), Australian CLERP-9 (2004), …
– Payment Card Industry (PCI-DSS 1.0 in 2004; 2.0 in Oct 2010)
– California’s breach disclosure laws (2003); MA passes Data Privacy Law (Mar 2010)

- Dhamithra

admin Sep 18, 20132:43 pm

2000 Landscape

IT Landscape
– Applications quickly getting web enabled without security considerations
– World moving from 2-tier to 3-tier
Threat Landscape
– Hackers driven by fame
– Well-trusted insiders
Security Landscape
– Network firewall
– Anti virus software
Regulatory Landscape
– HIPAA (1996), Privacy rule 2003, Stronger provisions with HITECH (2009)
– European Union Data Protection Directives (1995, 2000, 2002, 2005): Personal data a fundamental right

- Dhamithra

admin Sep 18, 20132:42 pm

Agenda for Dhamithra’s session is as follows:

Walking through the threat lane
Technologies Deployed
Why Audit?
What needs to be audited?
Addressing the Challengers
Q&A

admin Sep 18, 20132:35 pm

We just had a raffle draw and Madushani Attanayaka from Sri Lankan airlines just walked away with the prize.

admin Sep 18, 20132:33 pm

We are back after the lunch break. We have Dhamithra Jayasuriya, Senior Solutions Consultant with presentation on ‘Database Auditing & Security Best Practices’

admin Sep 18, 20132:29 pm

We are back after a heavy lunch. We have 2 more speakers and then a panel discussion.

admin Sep 18, 20131:15 pm

A token of apprecition now given to the people in the panel disucssion. And with that we break for lunch! We should be back in about 30-45 mins. Do join with us then.

admin Sep 18, 20131:14 pm

We are almost done with the panel discussion

admin Sep 18, 20131:14 pm

You can’t classify everything as confidential, is my lunch with friend organised via email confidential? So we need to identify all that we have done and see which ones need to classified. We also need to look at encrption. That is the ecosystem needed. – Sujit

admin Sep 18, 20131:10 pm

We should focus on detection, u need to enforce implementation. With Oracle, we focus on the back end – David

admin Sep 18, 20131:02 pm

Privacy, good thing to talk about, but enforcing is tough- Sujit

admin Sep 18, 20131:01 pm

Central Bank is already creating guidelines so that you can do banking using your sim. – Sujit

admin Sep 18, 201312:58 pm

Should there be a social media policy?

Yes policy guidelines should be there with the guidelines, all depends on the sector and field. How fast you want to respond, what action to take, accountability, all these need to be defined – Parakum

admin Sep 18, 201312:54 pm

The panel discussion happening now

admin Sep 18, 201312:52 pm

Cost benefit analysis is what we need to look at. regulations are also important, regulatory monitoring is also expensive – Sujit answering the question raised by @MUZ_N.
What an organisation needs to know is to understand the framework and learn the points so that they can do one step by step so that Bigdata can be used to best effect.

admin Sep 18, 201312:49 pm

Question from twitter follower
how capable is our IT infrastructure in SL to capitalize on #BigDataLK ?if its advanced – which sector is most geared?Telco, Banks? – @MUZ_N

admin Sep 18, 201312:45 pm

Now we move onto the panel discussion

admin Sep 18, 201312:41 pm

Sujit concludes his session with a quote by President Abraham Lincoln
“The dogmas of the quiet past are inadequate to the stormy present. The occasion is piled high with difficulty and we must rise with the occasion. As our cause is new, we must think anew and act anew.”

admin Sep 18, 201312:41 pm

So in summary “Big data is the frontier of a organization’s ability to store, process, and access (SPA) all the data it needs to operate effectively, make decisions, reduce risks, and serve customers.”

- Sujit

admin Sep 18, 201312:40 pm

admin Sep 18, 201312:36 pm

Sujith says that big data enhances identity verification

admin Sep 18, 201312:34 pm

Sujit presenting to the audience

admin Sep 18, 201312:29 pm

Now Sujit shows a Doomsday Preppers video to the audience. Its pretty interesting video about NSA activities.

admin Sep 18, 201312:19 pm

How to Solve the “Big Data” Security Problem

How Does a Security Organization Handle Exponential Growth in Data?
More granular data required to address APTs and other threats
New categories of data – performance, network traffic, and more
Data from new applications, systems and technologies
Data over longer periods, both to satisfy compliance and detect patterns

- Sujit

admin Sep 18, 201312:10 pm

admin Sep 18, 201312:07 pm

Sujit talks about Gauss.

Gauss is designed to collect information and send the data collected to its command-and-control servers. Information is collected using various modules, each of which has its own unique functionality:

- Injecting its own modules into different browsers in order to intercept user sessions and steal passwords
cookies and browser history
- Collecting information about the computer’s network connections
- Collecting information about processes and folders
- Collecting information about BIOS, CMOS RAM
- Collecting information about local, network and removable drives
- Infecting USB drives with a spy module in order to steal information from other computers
- Installing the custom Palida Narrow font (purpose unknown)
- Ensuring the entire toolkit’s loading and operation
- Interacting with the command and control server, sending the information collected to it, downloading additional modules

- Sujit

admin Sep 18, 201312:00 pm

The prelude to “destructive” attacks are “disruptive” attacks, which incidentally appear to be coming from nations that sponsor terror

admin Sep 18, 201311:59 am

Big Data is about the ability to extract meaning from massive volumes of disparate data.
It is so much more than just having a lot of your or someone else’s data.

- Sujit

admin Sep 18, 201311:57 am

Size matters.
THE CHALLENGE IS TO DERIVE MEANING FROM 100% OF BIG DATA
You cannot disregard any information saying its not valuable.
- Sujit

admin Sep 18, 201311:55 am

Big Data is made of structured and unstructured information

- Structured information is the data in the databases and is about 10% of the story
- Unstructured information is 90% of Big Data and is human information like emails, videos, tweets, Facebook posts, call center conversations, CCTV Footage, mobile phone calls, web clicks

- Sujit

admin Sep 18, 201311:54 am

What is big data?

“Data sets whose size is beyond the ability of commonly used software tools to capture, manage and process the data within a tolerable elapsed time”

- Sujit

admin Sep 18, 201311:53 am

Big Data = Big Exposure
- Sujit

admin Sep 18, 201311:49 am

Now we have Sujit Christy,Director – Professional Services, Layers-7 Seguro Consultorίa Private Limited

admin Sep 18, 201311:47 am

With that Parakum concludes his presentation. And now we have a raffle draw, a ISACA tshirt for one lucky person in the audience. And David is selecting the winner, and the winner is Samantha Siriwardene from John Keells Stock Brokers

admin Sep 18, 201311:46 am

U post all of your drama on facebook then get upset when people judge u? U must be special kind of stupid.

admin Sep 18, 201311:43 am

The realities

We use it professionally and personally
Inability to control
What if we don’t use it
We fear what we don’t know?
TMI?

- Parakum

admin Sep 18, 201311:39 am

Parakum shares a video of John Mcafee (viewer discretion advised)

admin Sep 18, 201311:36 am

Parakum tells about how some items you put on facebook are there permanently. He says ‘go on facebook, upload a few pics to an album, see the permanent link of it, then delete the albums. Now put the permanent link and you will notice that the pic would still be there most likely.

admin Sep 18, 201311:31 am

admin Sep 18, 201311:24 am

Parakum mentions about an MIT project – Immersion – a people-centric view of your email life https://immersion.media.mit.edu/

admin Sep 18, 201311:22 am

Parakum shows to the audience the power of Facebook graph search and how privacy is affected

admin Sep 18, 201311:16 am

Parakum shares a google glass demo video

admin Sep 18, 201311:14 am

Parakum says you can see what google has about you. He shares some of the info that google keeps track of

admin Sep 18, 201311:09 am

Parakum shares a pic.U might have noticed this image regarding the jokes about NSA activities :)

admin Sep 18, 201311:04 am

Parakum addressing the audience at the conference

admin Sep 18, 201311:02 am

Parakum shares info that was uttered by Eric Schmidt @ the Techonoloy confab in 2010
- “There was 5 exabytes of information created between the dawn of civilization through 2003…… but that much information is now created every 2 days, and the pace is increasing…People aren’t ready for the technology revolution that’s going to happen to them….“
- “If I look at enough of your messaging and your location, and use Artificial Intelligence,” Schmidt said, “we can predict where you are going to go.”
- “Show us 14 photos of yourself and we can identify who you are. You think you don’t have 14 photos of yourself on the internet? You’ve got Facebook photos! People will find it’s very useful to have devices that remember what you want to do, because you forgot…But society isn’t ready for questions that will be raised as result of user-generated content.”

admin Sep 18, 201311:00 am

Who is Parakum Pathirana?

admin Sep 18, 201310:57 am

We are back after the break. And the compere is introducing the Vice President of ISACA Parakum Pathirana, Head of IT Security & Compliance/ Principal Consultant – LOC Technologies

admin Sep 18, 201310:28 am

And with that David concludes his session as we go in for a short break, back soon

admin Sep 18, 201310:23 am

A summary of the database security, a good image for anyone looking into securing big data

admin Sep 18, 201310:22 am

Administrative controls

admin Sep 18, 201310:21 am

Detective controls

admin Sep 18, 201310:20 am

Preventive approach

admin Sep 18, 201310:19 am

Approach is Prevention, Detection, Administration
- David

admin Sep 18, 201310:18 am

From mistakes to attacks

admin Sep 18, 201310:15 am

Some of the audience attending the conference today

admin Sep 18, 201310:13 am

admin Sep 18, 201310:12 am

How secure are databases?
66% sensitive data resides in relational databases

- David (IOUG Survey Results 2012)

admin Sep 18, 201310:11 am

admin Sep 18, 201310:09 am

David highlights about the security layers which will protect from the attacks that are coming

admin Sep 18, 201310:09 am

Now David moves onto ‘Defense-in-Depth Approach’

admin Sep 18, 201310:07 am

David is now showing a clip from ‘Lord of the Rings’ to the audience!

admin Sep 18, 201310:06 am

A privacy movement is happening and should come to your area too soon. Many countries have started it.

admin Sep 18, 201310:03 am

If you noticed our updates from yesterday’s speech by Prof Induruwa, he mentioned Stuxnet, here again David enlightens about stuxnet worm

admin Sep 18, 201310:00 am

Anonymous Steals 40GB User Data from AAPT
Message from Anonymous – “You want to trust these ISPs with your data? When they can’t even keep it secured?! If I were you, I wouldn’t trust anyone but myself with my data.”

admin Sep 18, 20139:59 am

admin Sep 18, 20139:57 am

David shows a news item which is eye opening to many in the banking sector.

$45 million stolen in 21st century bank heist
10 May 2013 1:38 PM
NEW YORK: Cyber thieves around the world stole $45 million by
hackinsg ointpohdeisbit iccaradtceodmphanaiecsk, secrasppaingdwitohdrrgawaanl ilizmeitsdand
helping themselves from cash machines, US authorities said
Thursday.
criminal cells whose role is to withdraw
the cash as quickly as possible.“
In the initial stage, taking several months, sophisticated hackers
allegedHlyoinwfiletravtedr,crtehdeit ycagrdapvroecessoomrs’ecoimdpeuateronfetwhoerks,
looking into databases of prepaid debit cards, a tool used often by scope of the alleged crime by thanking
employers and aid organizations.
authorities from more than a dozen Breaking into the system, the hackers eliminated withdrawal limits imposed by banks. The hackers next
countries: Belgium, Britain, Canada, the distributed the debit card numbers to its street associates called “cashers,” who loaded other magnetic
stripe cards, like gift cards, with the stolen data. Finally, the cashers were given stolen PIN numbers and Dominican Republic, Estonia, France,
sent to harvest the loot, going from ATM to ATM and withdrawing as much as cash as they could for the
Germany, Italy, Japan, Latvia, Malaysia,
organization.
Mexico, Romania, Spain, Thailand, and the In the space of 10 hours, casher cells in 24 countries conducted some 36,000 transactions, withdrawing
$40 million from ATMs.

admin Sep 18, 20139:55 am

David enlightens about shadowcrew

admin Sep 18, 20139:51 am

Cybercriminals
- Delivery vs. Development : Moving from perpetrating breaches to building tools for attacks. 63% of all malware customized for attack
- Opportunity & Automation : 83% “Targets of opportunity”. “Higher proportion of automation” in attacks
- Breaches vs. Records :Movement away from records delivery ..
- David

admin Sep 18, 20139:47 am

David moves only ‘Security and Privacy Challenges’

admin Sep 18, 20139:46 am

“In digital age, data is the crown jewel that represents a substantial portion of the organization’s asset value”
- David

admin Sep 18, 20139:46 am

admin Sep 18, 20139:41 am

From a data simulation we move to what makes it big data.

admin Sep 18, 20139:39 am

Data is the compass, analytics is the map

admin Sep 18, 20139:37 am

admin Sep 18, 20139:35 am

In the 2012 presidential election

Obama had 14 million email addresses, 12 million twitter, 25 million facebook fans.
On the other hand Romney had 1.5 million facebook fans and 375,000 on twitter.

Big data came to play

- David

admin Sep 18, 20139:32 am

Onto another case study is the US Presidential campaign in 2008.

Obama was an underdog in the campaign so with a limited budget he grew his popularity starting with just a few people gathering to having 1000s of people. How did they join in. They had a website where they got people to register and spread the word. Through the information gathered they were able to target specific. How was this possible? Big data at play

- David

admin Sep 18, 20139:28 am

David mentions a case study where ‘Target’ figured out a teen girl was pregnant.. before her father did

Target used data mining on purchase history to determine if a woman is pregnant long before she starts to buy diapers

admin Sep 18, 20139:19 am

And we have our first speaker, David Warnowidodo, Senior Manager, Enterprise Security – ASEAN + SAGE

admin Sep 18, 20139:18 am

A glimpse of the podium

admin Sep 18, 20139:16 am

We are about to get things underway. Stay tuned for regular updates

Comments

comments

NO COMMENTS

Leave a Reply