Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Nathaniel Forbes - 2015 AICD Conference - Cyber Security


Published on

The internet has revolutionized how we do business, but being constantly connected brings an increased risk of theft, fraud, and abuse. As an individual, cyber-attacks can compromise your finances, identity, and privacy, while companies and even whole countries face threats to critical infrastructure. Since our way of life depends on digital technology, cybersecurity is rapidly becoming a top priority.

Published in: Business
  • Login to see the comments

  • Be the first to like this

Nathaniel Forbes - 2015 AICD Conference - Cyber Security

  1. 1. .—> r ‘. 'l, '.‘. r:. '. by Nathaniel Forbes Thursday, 21 May 2015 -20_2b Z5‘ FORBES CALAMITY PREVENTION Nathaniel Forbes Handout Terms ”Cyber”: http: //bit. |y/1 EW3g6U The Bizarre Evolution of the Word ”C}/ be/ ' Rootkit: http: //www. webopedia. com/ TERM/ R/rootkit. htmI Stuxnet installed a rootkit first to hide the installation of its components. Zero day vulnerability: http: //bit. |y/1 | wc3fg Stuxnet exploited multiple zero-day vulnerabilities in Windows software. Certificate Authorities (CA): http: //bit. |y/1bmpD7u Stuxnet used legitimate certificates stolen from two Certificate Authorities in Taiwan. Advanced Persistent Threat (APT): http: //bit. ly/7lOFI3y Stuxnet was an (eye—popping) APT. Password entropy: http: //bit. |y/1 IhdYFM A calculated estimate of the difficulty of guessing a password, expressed as ”bits” of entropy. More bits means more difficult. Link includes recommendations for creating passwords. References Cyber-Risk Oversight Handbook, National Association of Corporate Directors (NACD): http: //bit. ly/1EQD4XW 30 pages, including sample questions and risk dashboard Cost of Data Breach 2014 Study (Australia): http: //ibm. co/1F6e|5a AUD $145 per record, AUD $2.8 million per breach Framework for Improving Critical Infrastructure Cyber Security, National Institute of Standards & Technology (USA), February 2014 http: //1.usa. gov/1JGswzc Prioritizing Information Security Risks with Threat Agent Risk Assessment (TA RA), Intel Corp. , January 2010 http: //inte| .|y/1E2vE0v Cybersecurity Initiative sample audit questions, Securities & Exchange Commission (USA) Office of Compliance Inspections & Examinations (OCIE), April 2014, http: //bit. |y/1JGv0gU Expert tips to address third party security risks: http: //www. net—security. org/ secwor| d.php? id=1 8052 10 suggestions from CxOs of large companies Guide to Industrial Control Systems (ICS) Security, National Institute of Standards &Technology (USA), February 2015 http: //1.usa. gov/1HYXujV Reading Book: Countdown to Zero Day: Stuxnet and the Launch of the Worldt First Digital Weapon, by Kim Zetter Amazon link http: //amzn. to/1Q80UUi Article: How Digital Detectives Deciphered Stuxnet, the Most Menacing Malware in History, WIRED magazine, July 2011 http: //wrd. cm/1E2aeQT www. ca| amitrevention. com Contact: chris. tanca| amit. com. s