SlideShare a Scribd company logo

Preventing Fraud from Top to Bottom

Download as PPTX, PDF
Eric Vanderburg
Eric Vanderburg

Preventing Fraud from Top to Bottom was presented at the Information Security Summit in 2014 by Dr. Eric Vanderburg and Ramana Gaddamanugu.

Technology
1 of 42
Preventing Fraud from Top to Bottom Information Security Summit October 31, 2014 Session 8: 2:20–3:20 PM Dr. Eric A. Vanderburg Director, Cyber Security JURINNOV Ltd. Ramana Gaddamanugu, CFE Senior Manager, Risk and Compliance JURINNOV Ltd.
Who are we? Dr. Eric A. Vanderburg Director, Cyber Security JURINNOV Ltd. Ramana Gaddamanugu, CFE Senior Manager, Risk and Compliance JURINNOV Ltd. © 2014 Property of JurInnov Ltd. All Rights Reserved
© 2014 Property of JurInnov Ltd. All Rights Reserved Overview • Fraud Risks • Fraud Controls • Anti-Fraud Culture • Awareness • Fraud Incident Response
Fraud Risks • Facts and Figures • Fraud factors • Laws • Case studies • Addressing fraud risk © 2014 Property of JurInnov Ltd. All Rights Reserved
Facts and figures • 65% of fraud cases were discovered by tips or by an employee accidentally stumbling upon them during the course of their job duties.  Average organizational cost $5.5 million per incident -Ponemon Institute Study, March 2012  Financial impact of cybercrime expected to grow 10% per year through 2016 -Gartner top predictions for 2012 © 2014 Property of JurInnov Ltd. All Rights Reserved
Fraud factors Pressures / Incentives: • A situation that is so challenging the person cannot see any other way out • Personal financial pressure • Family pressures • Greed • Pressure to meet goals Rationalization: • A way to justify in the person’s consciousness that the act of fraud is not so bad • Common beliefs: © 2014 Property of JurInnov Ltd. All Rights Reserved • Person is owed this money • Just borrowing until they are able to pay it back • Everyone else is doing it Opportunity: • The set of circumstances that make it possible to commit fraud
© 2014 Property of JurInnov Ltd. All Rights Reserved Laws • The Ribicoff Bill • The Computer Fraud and Abuse Act of 1986 • The Electronic Communications Privacy Act of 1986 • The Communications Decency Act of 1996 • The Sarbanes-Oxley Act of 2002 (Sox) • The Gramm-Leach-Bliley Act (GLBA) • The California Database Security Breach Act (2003) • Identity Theft Enforcement and Restitution Act of 2008
Case studies © 2014 Property of JurInnov Ltd. All Rights Reserved • Example 1 – Pressure – Opportunity – Rationalization
Case studies © 2014 Property of JurInnov Ltd. All Rights Reserved • Example 2 – Pressure – Opportunity – Rationalization
Case studies © 2014 Property of JurInnov Ltd. All Rights Reserved • Example 3 – Pressure – Opportunity – Rationalization
Addressing fraud risk • Performing a fraud risk assessment • Options for dealing with risk © 2014 Property of JurInnov Ltd. All Rights Reserved – Accept – Mitigate – Transfer – Avoid
Addressing risk TRANSFER Impact (Probability * Loss) © 2014 Property of JurInnov Ltd. All Rights Reserved Cost ACCEPT MITIGATE AVOID
Fraud Controls • Access controls • Auditing • Business continuity • Application security • Cryptography • Security management • Governance • Segregation of Duties © 2014 Property of JurInnov Ltd. All Rights Reserved
Ways controls are executed • Manual (performed by people) – Examples: Authorizations, Management reviews • Automatic (embedded in application code) – Examples: Exception reports, Interface controls, System access © 2014 Property of JurInnov Ltd. All Rights Reserved
Control categories © 2014 Property of JurInnov Ltd. All Rights Reserved
Access controls • Least privilege • Types of authentication – What you have – What you are – What you know © 2014 Property of JurInnov Ltd. All Rights Reserved
© 2014 Property of JurInnov Ltd. All Rights Reserved Auditing • Server audit logs are turned on and retained • Proper review of logs and other data • Personnel held accountable
Business continuity • Key systems have uninterruptable power supplies • Backups tested regularly • Disaster recovery plans in place • Business continuity testing for key systems • System maintenance as scheduled © 2014 Property of JurInnov Ltd. All Rights Reserved
Application security • Security patches up to date • Equipment firmware is up to date • No unauthorized programs installed • Corporate applications have up to date security reviews • Antivirus software installed • Virus definitions up to date © 2014 Property of JurInnov Ltd. All Rights Reserved
Cryptography © 2014 Property of JurInnov Ltd. All Rights Reserved • Data at rest – Workstations – Servers – Backups – Laptops – Phones • Data in motion (in transit) – VPN – Web site access – File transfer – Network communication
Encryption example © 2014 Property of JurInnov Ltd. All Rights Reserved
Security management • Configuration changes approved prior to implementation • Incidents handled by incident response plans • Media sanitized before being reused or disposed © 2014 Property of JurInnov Ltd. All Rights Reserved
Governance • Security policies and procedures in place • Systems have documented security controls • Documented roles and responsibilities © 2014 Property of JurInnov Ltd. All Rights Reserved
Segregation of Duties • Process • Systems • Roles and Authority • Oversight • Audit © 2014 Property of JurInnov Ltd. All Rights Reserved
Test types © 2014 Property of JurInnov Ltd. All Rights Reserved • Inquiry – Interview staff to validate knowledge of a policy or requirement – Inquiry alone is not a sufficient test • Inspection – Review sample of source documents for evidence of control execution – Review exception reports and related documentation to identify preventive control failures and validate for risk occurrence – Reconcile process/system documentation to actual operation • Observation – Monitor personnel to validate execution of manual controls – Observe occurrence of automated controls (e.g. popup warnings) • Re-performing – Enter an illegal transaction to test control operation – Enter a valid transaction to test control operation
Anti-Fraud Culture • Role of leadership • Reinforcing the culture day to day • Business integration • Making it happen © 2014 Property of JurInnov Ltd. All Rights Reserved
Role of leadership • Incenting the behavior • Assignments and accountabilities • Personal contribution reports • Performance reviews • Daily interactions with team members • New system and process deployment © 2014 Property of JurInnov Ltd. All Rights Reserved
Role of leadership • Take a quick pulse • Demonstrate that security is critical • Challenge assumptions of security • Ask about the risks • Monitor, measure, report • Hold everyone accountable • Reward behaviors • Debrief projects including security focus © 2014 Property of JurInnov Ltd. All Rights Reserved
Reinforcing the culture: Day to Day • Monitoring, measuring and reporting • Integrating with business metrics • Weekly management meetings • Monthly dashboard review with employees • Quarterly goals met • Team rewards © 2014 Property of JurInnov Ltd. All Rights Reserved
Business integration Anti-fraud Strategy • Priorities • Roles and responsibilities • Targeted capabilities • Specific goals (timeframe) © 2014 Property of JurInnov Ltd. All Rights Reserved Business Strategy • Core values • Purpose • Capabilities • Client promise • Business targets • Specific goals • Initiatives • Action items • Assignments and accountabilities
Making it happen • Ask where are we today? – High level survey – taking the pulse – Assessment • Define and communicate expectations – Company policies – Employee training – Third party contract requirements © 2014 Property of JurInnov Ltd. All Rights Reserved
Making it happen • Implement changes – Workflow (make it easy) – Technology – Physical • Ask how are we doing? – Checkpoints – Audits © 2014 Property of JurInnov Ltd. All Rights Reserved
Awareness • Types of fraud • Everyone’s responsibility • Recognizing fraud • Who to notify • Whistleblowing policy © 2014 Property of JurInnov Ltd. All Rights Reserved
Fraud Incident Response • Preparation • Identification • Containment • Investigation • Eradication • Recovery © 2014 Property of JurInnov Ltd. All Rights Reserved
Preparation – Document procedures for likely incidents – Document steps for a non-specific incident – Prepare resources © 2014 Property of JurInnov Ltd. All Rights Reserved • Human • Technical – Is geographic diversity needed? – Determine notification procedure – Roles and responsibilities – Simulation – Review and maintenance
Identification • Use of dormant accounts • Log alteration • Notification by partner or © 2014 Property of JurInnov Ltd. All Rights Reserved peer • Violation of policy • Violation of law • Loss of availability • Unusual consumption of computing resources • Unusual network activity • Corrupt files • Data breach • Reported attacks • Activity at unexpected times • Unusual email traffic • Presence of unfamiliar files • Execution of unknown programs
Containment – Assembly – Restrict Access – Preservation – Notification © 2014 Property of JurInnov Ltd. All Rights Reserved
Investigation – Interviewing – Documentation • IP address of compromised system • Time frame • Malicious ports • Flow records • Host file © 2014 Property of JurInnov Ltd. All Rights Reserved – Analysis • Event Logs – Escalation
Eradication • Resolution- all that data should have given you action items. If not, look again – List action items – Rank in terms of risk level and time required – Prioritize – Coordinate and track remediation to completion © 2014 Property of JurInnov Ltd. All Rights Reserved • Validation – Confirm measures successfully remediated the incident
© 2014 Property of JurInnov Ltd. All Rights Reserved Recovery • Remediate vulnerabilities • Restore services • Restore data • Restore confidence
Questions
For assistance or additional information • Phone: 216-664-1100 • Web: www.jurinnov.com JurInnov Ltd. The Idea Center 1375 Euclid Avenue, Suite 400 Cleveland, Ohio 44115 © 2014 Property of JurInnov Ltd. All Rights Reserved

Recommended

Untangled Conference - November 8, 2014 - Security Awareness
Untangled Conference - November 8, 2014 - Security AwarenessUntangled Conference - November 8, 2014 - Security Awareness
Untangled Conference - November 8, 2014 - Security AwarenessEric Vanderburg
 
Security Awareness: 360 empowerment for cyber defense - JurInnov - Eric Vande...
Security Awareness: 360 empowerment for cyber defense - JurInnov - Eric Vande...Security Awareness: 360 empowerment for cyber defense - JurInnov - Eric Vande...
Security Awareness: 360 empowerment for cyber defense - JurInnov - Eric Vande...Eric Vanderburg
 
St. Mark Lutheran Cyber safety seminar - JurInnov - Eric Vanderburg
St. Mark Lutheran Cyber safety seminar - JurInnov - Eric VanderburgSt. Mark Lutheran Cyber safety seminar - JurInnov - Eric Vanderburg
St. Mark Lutheran Cyber safety seminar - JurInnov - Eric VanderburgEric Vanderburg
 
WFH Cybersecurity Basics Employees and Employers
WFH Cybersecurity Basics Employees and Employers WFH Cybersecurity Basics Employees and Employers
WFH Cybersecurity Basics Employees and Employers Dinesh O Bareja
 
Internet Issues (How to Deal on Internet Security)
Internet Issues (How to Deal on Internet Security)Internet Issues (How to Deal on Internet Security)
Internet Issues (How to Deal on Internet Security)Hannah Jane del Castillo
 
Information Security Awareness: at Work, at Home, and For Your Kids
Information Security Awareness: at Work, at Home, and For Your Kids Information Security Awareness: at Work, at Home, and For Your Kids
Information Security Awareness: at Work, at Home, and For Your Kids Nicholas Davis
 
Internet Security
Internet SecurityInternet Security
Internet SecurityMitesh Gupta
 
Cyber security and crime
Cyber security and crimeCyber security and crime
Cyber security and crimeMd. Sarowar Alam Saidi
 

Recommended

Untangled Conference - November 8, 2014 - Security Awareness
Untangled Conference - November 8, 2014 - Security AwarenessUntangled Conference - November 8, 2014 - Security Awareness
Untangled Conference - November 8, 2014 - Security AwarenessEric Vanderburg
 
Security Awareness: 360 empowerment for cyber defense - JurInnov - Eric Vande...
Security Awareness: 360 empowerment for cyber defense - JurInnov - Eric Vande...Security Awareness: 360 empowerment for cyber defense - JurInnov - Eric Vande...
Security Awareness: 360 empowerment for cyber defense - JurInnov - Eric Vande...Eric Vanderburg
 
St. Mark Lutheran Cyber safety seminar - JurInnov - Eric Vanderburg
St. Mark Lutheran Cyber safety seminar - JurInnov - Eric VanderburgSt. Mark Lutheran Cyber safety seminar - JurInnov - Eric Vanderburg
St. Mark Lutheran Cyber safety seminar - JurInnov - Eric VanderburgEric Vanderburg
 
WFH Cybersecurity Basics Employees and Employers
WFH Cybersecurity Basics Employees and Employers WFH Cybersecurity Basics Employees and Employers
WFH Cybersecurity Basics Employees and Employers Dinesh O Bareja
 
Internet Issues (How to Deal on Internet Security)
Internet Issues (How to Deal on Internet Security)Internet Issues (How to Deal on Internet Security)
Internet Issues (How to Deal on Internet Security)Hannah Jane del Castillo
 
Information Security Awareness: at Work, at Home, and For Your Kids
Information Security Awareness: at Work, at Home, and For Your Kids Information Security Awareness: at Work, at Home, and For Your Kids
Information Security Awareness: at Work, at Home, and For Your Kids Nicholas Davis
 
Internet Security
Internet SecurityInternet Security
Internet SecurityMitesh Gupta
 
Cyber security and crime
Cyber security and crimeCyber security and crime
Cyber security and crimeMd. Sarowar Alam Saidi
 
Internet security
Internet securityInternet security
Internet securityPokanati SatyaPraveen
 
Ethical hacking and cyber security intro
Ethical hacking and cyber security introEthical hacking and cyber security intro
Ethical hacking and cyber security introAbhilash Ak
 
Cyber Security Awareness (Reduce Personal & Business Risk)
Cyber Security Awareness (Reduce Personal & Business Risk)Cyber Security Awareness (Reduce Personal & Business Risk)
Cyber Security Awareness (Reduce Personal & Business Risk)Gian Gentile
 
Cyber security awareness training by cyber security infotech(csi)
Cyber security awareness training by cyber security infotech(csi)Cyber security awareness training by cyber security infotech(csi)
Cyber security awareness training by cyber security infotech(csi)Cyber Security Infotech
 
Cyber security awareness for students
Cyber security awareness for students Cyber security awareness for students
Cyber security awareness for studentsAkhil Nadh PC
 
Cyber-Espionage: Understanding the Advanced Threat Landscape
Cyber-Espionage: Understanding the Advanced Threat LandscapeCyber-Espionage: Understanding the Advanced Threat Landscape
Cyber-Espionage: Understanding the Advanced Threat LandscapeAaron White
 
Cyber security awareness
Cyber security awarenessCyber security awareness
Cyber security awarenessJason Murray
 
Seguridad de la Información y Controles contra Hackers - Getting hacked 101 ...
Seguridad de la Información y Controles contra Hackers - Getting hacked 101 ...Seguridad de la Información y Controles contra Hackers - Getting hacked 101 ...
Seguridad de la Información y Controles contra Hackers - Getting hacked 101 ...Asociación de Ejecutivos de Cooperativas de Puerto Rico
 
Network Security
Network SecurityNetwork Security
Network SecurityManoj Singh
 
Computer & internet Security
Computer & internet SecurityComputer & internet Security
Computer & internet SecurityGerard Lamusse
 
Internet security powerpoint
Internet security powerpointInternet security powerpoint
Internet security powerpointArifa Ali
 
Corporate Espionage: Technical Surveillance Threats
Corporate Espionage: Technical Surveillance ThreatsCorporate Espionage: Technical Surveillance Threats
Corporate Espionage: Technical Surveillance Threatspattcom
 
Cyber Security and Cyber Awareness
Cyber Security and Cyber Awareness Cyber Security and Cyber Awareness
Cyber Security and Cyber Awareness Jay Nagar
 
Phone Hacking: A lucrative, but largely hidden history
Phone Hacking: A lucrative, but largely hidden historyPhone Hacking: A lucrative, but largely hidden history
Phone Hacking: A lucrative, but largely hidden historyDavid Rogers
 
Cyber Security Awareness Training by Win-Pro
Cyber Security Awareness Training by Win-ProCyber Security Awareness Training by Win-Pro
Cyber Security Awareness Training by Win-ProRonald Soh
 
Ppt on cyber security
Ppt on cyber securityPpt on cyber security
Ppt on cyber securityAvani Patel
 
Internet Security
Internet SecurityInternet Security
Internet SecurityPeter R. Egli
 
Social media threats and risks: corporate espionage
Social media threats and risks: corporate espionageSocial media threats and risks: corporate espionage
Social media threats and risks: corporate espionageHHSome
 
Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security AwarenessInnocent Korie
 
Internet Security
Internet SecurityInternet Security
Internet Securitymjelson
 
Ransomware: 2016's Greatest Malware Threat
Ransomware: 2016's Greatest Malware ThreatRansomware: 2016's Greatest Malware Threat
Ransomware: 2016's Greatest Malware ThreatEric Vanderburg
 
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...Eric Vanderburg
 

More Related Content

What's hot

Ethical hacking and cyber security intro
Ethical hacking and cyber security introEthical hacking and cyber security intro
Ethical hacking and cyber security introAbhilash Ak
 
Cyber Security Awareness (Reduce Personal & Business Risk)
Cyber Security Awareness (Reduce Personal & Business Risk)Cyber Security Awareness (Reduce Personal & Business Risk)
Cyber Security Awareness (Reduce Personal & Business Risk)Gian Gentile
 
Cyber security awareness training by cyber security infotech(csi)
Cyber security awareness training by cyber security infotech(csi)Cyber security awareness training by cyber security infotech(csi)
Cyber security awareness training by cyber security infotech(csi)Cyber Security Infotech
 
Cyber security awareness for students
Cyber security awareness for students Cyber security awareness for students
Cyber security awareness for studentsAkhil Nadh PC
 
Cyber-Espionage: Understanding the Advanced Threat Landscape
Cyber-Espionage: Understanding the Advanced Threat LandscapeCyber-Espionage: Understanding the Advanced Threat Landscape
Cyber-Espionage: Understanding the Advanced Threat LandscapeAaron White
 
Cyber security awareness
Cyber security awarenessCyber security awareness
Cyber security awarenessJason Murray
 
Network Security
Network SecurityNetwork Security
Network SecurityManoj Singh
 
Computer & internet Security
Computer & internet SecurityComputer & internet Security
Computer & internet SecurityGerard Lamusse
 
Internet security powerpoint
Internet security powerpointInternet security powerpoint
Internet security powerpointArifa Ali
 
Corporate Espionage: Technical Surveillance Threats
Corporate Espionage: Technical Surveillance ThreatsCorporate Espionage: Technical Surveillance Threats
Corporate Espionage: Technical Surveillance Threatspattcom
 
Cyber Security and Cyber Awareness
Cyber Security and Cyber Awareness Cyber Security and Cyber Awareness
Cyber Security and Cyber Awareness Jay Nagar
 
Phone Hacking: A lucrative, but largely hidden history
Phone Hacking: A lucrative, but largely hidden historyPhone Hacking: A lucrative, but largely hidden history
Phone Hacking: A lucrative, but largely hidden historyDavid Rogers
 
Cyber Security Awareness Training by Win-Pro
Cyber Security Awareness Training by Win-ProCyber Security Awareness Training by Win-Pro
Cyber Security Awareness Training by Win-ProRonald Soh
 
Ppt on cyber security
Ppt on cyber securityPpt on cyber security
Ppt on cyber securityAvani Patel
 
Social media threats and risks: corporate espionage
Social media threats and risks: corporate espionageSocial media threats and risks: corporate espionage
Social media threats and risks: corporate espionageHHSome
 
Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security AwarenessInnocent Korie
 
Internet Security
Internet SecurityInternet Security
Internet Securitymjelson
 

What's hot (20)

Internet security
Internet securityInternet security
Internet security
 
Ethical hacking and cyber security intro
Ethical hacking and cyber security introEthical hacking and cyber security intro
Ethical hacking and cyber security intro
 
Cyber Security Awareness (Reduce Personal & Business Risk)
Cyber Security Awareness (Reduce Personal & Business Risk)Cyber Security Awareness (Reduce Personal & Business Risk)
Cyber Security Awareness (Reduce Personal & Business Risk)
 
Cyber security awareness training by cyber security infotech(csi)
Cyber security awareness training by cyber security infotech(csi)Cyber security awareness training by cyber security infotech(csi)
Cyber security awareness training by cyber security infotech(csi)
 
Cyber security awareness for students
Cyber security awareness for students Cyber security awareness for students
Cyber security awareness for students
 
Cyber-Espionage: Understanding the Advanced Threat Landscape
Cyber-Espionage: Understanding the Advanced Threat LandscapeCyber-Espionage: Understanding the Advanced Threat Landscape
Cyber-Espionage: Understanding the Advanced Threat Landscape
 
Cyber security awareness
Cyber security awarenessCyber security awareness
Cyber security awareness
 
Seguridad de la Información y Controles contra Hackers - Getting hacked 101 ...
Seguridad de la Información y Controles contra Hackers - Getting hacked 101 ...Seguridad de la Información y Controles contra Hackers - Getting hacked 101 ...
Seguridad de la Información y Controles contra Hackers - Getting hacked 101 ...
 
Network Security
Network SecurityNetwork Security
Network Security
 
Computer & internet Security
Computer & internet SecurityComputer & internet Security
Computer & internet Security
 
Internet security powerpoint
Internet security powerpointInternet security powerpoint
Internet security powerpoint
 
Corporate Espionage: Technical Surveillance Threats
Corporate Espionage: Technical Surveillance ThreatsCorporate Espionage: Technical Surveillance Threats
Corporate Espionage: Technical Surveillance Threats
 
Cyber Security and Cyber Awareness
Cyber Security and Cyber Awareness Cyber Security and Cyber Awareness
Cyber Security and Cyber Awareness
 
Phone Hacking: A lucrative, but largely hidden history
Phone Hacking: A lucrative, but largely hidden historyPhone Hacking: A lucrative, but largely hidden history
Phone Hacking: A lucrative, but largely hidden history
 
Cyber Security Awareness Training by Win-Pro
Cyber Security Awareness Training by Win-ProCyber Security Awareness Training by Win-Pro
Cyber Security Awareness Training by Win-Pro
 
Ppt on cyber security
Ppt on cyber securityPpt on cyber security
Ppt on cyber security
 
Internet Security
Internet SecurityInternet Security
Internet Security
 
Social media threats and risks: corporate espionage
Social media threats and risks: corporate espionageSocial media threats and risks: corporate espionage
Social media threats and risks: corporate espionage
 
Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security Awareness
 
Internet Security
Internet SecurityInternet Security
Internet Security
 

Viewers also liked

Ransomware: 2016's Greatest Malware Threat
Ransomware: 2016's Greatest Malware ThreatRansomware: 2016's Greatest Malware Threat
Ransomware: 2016's Greatest Malware ThreatEric Vanderburg
 
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...Eric Vanderburg
 
Cloud Storage and Security: Solving Compliance Challenges
Cloud Storage and Security: Solving Compliance ChallengesCloud Storage and Security: Solving Compliance Challenges
Cloud Storage and Security: Solving Compliance ChallengesEric Vanderburg
 
Correct the most common web development security mistakes - Eric Vanderburg
Correct the most common web development security mistakes - Eric VanderburgCorrect the most common web development security mistakes - Eric Vanderburg
Correct the most common web development security mistakes - Eric VanderburgEric Vanderburg
 
The Prescription for Protection - Avoid Treatment Errors To The Malware Problem
The Prescription for Protection - Avoid Treatment Errors To The Malware ProblemThe Prescription for Protection - Avoid Treatment Errors To The Malware Problem
The Prescription for Protection - Avoid Treatment Errors To The Malware ProblemEric Vanderburg
 
Hacktivism: Motivations, Tactics and Threats
Hacktivism: Motivations, Tactics and ThreatsHacktivism: Motivations, Tactics and Threats
Hacktivism: Motivations, Tactics and ThreatsEric Vanderburg
 
Countering malware threats - Eric Vanderburg
Countering malware threats - Eric VanderburgCountering malware threats - Eric Vanderburg
Countering malware threats - Eric VanderburgEric Vanderburg
 
A Guide to Secure Remote Access - Eric Vanderburg
A Guide to Secure Remote Access - Eric VanderburgA Guide to Secure Remote Access - Eric Vanderburg
A Guide to Secure Remote Access - Eric VanderburgEric Vanderburg
 
Computer Security Primer - Eric Vanderburg - JURINNOV
Computer Security Primer - Eric Vanderburg - JURINNOVComputer Security Primer - Eric Vanderburg - JURINNOV
Computer Security Primer - Eric Vanderburg - JURINNOVEric Vanderburg
 
IT Professional Development - HDI Keynote - Eric Vanderburg
IT Professional Development - HDI Keynote - Eric VanderburgIT Professional Development - HDI Keynote - Eric Vanderburg
IT Professional Development - HDI Keynote - Eric VanderburgEric Vanderburg
 
Server Hardening Primer - Eric Vanderburg - JURINNOV
Server Hardening Primer - Eric Vanderburg - JURINNOVServer Hardening Primer - Eric Vanderburg - JURINNOV
Server Hardening Primer - Eric Vanderburg - JURINNOVEric Vanderburg
 
Physical security primer - JURINNOV - Eric Vanderburg
Physical security primer - JURINNOV - Eric VanderburgPhysical security primer - JURINNOV - Eric Vanderburg
Physical security primer - JURINNOV - Eric VanderburgEric Vanderburg
 
Kubernetes @ Nanit by Chen Fisher
Kubernetes @ Nanit by Chen FisherKubernetes @ Nanit by Chen Fisher
Kubernetes @ Nanit by Chen FisherDoiT International
 
Quality Software Development LifeCycle
Quality Software Development LifeCycleQuality Software Development LifeCycle
Quality Software Development LifeCycleConsulthinkspa
 
Increasing Android app security for free - Roberto Gassirà, Roberto Piccirill...
Increasing Android app security for free - Roberto Gassirà, Roberto Piccirill...Increasing Android app security for free - Roberto Gassirà, Roberto Piccirill...
Increasing Android app security for free - Roberto Gassirà, Roberto Piccirill...Consulthinkspa
 
Understanding computer attacks and attackers - Eric Vanderburg - JURINNOV
Understanding computer attacks and attackers - Eric Vanderburg - JURINNOVUnderstanding computer attacks and attackers - Eric Vanderburg - JURINNOV
Understanding computer attacks and attackers - Eric Vanderburg - JURINNOVEric Vanderburg
 
Security Governance Primer - Eric Vanderburg - JURINNOV
Security Governance Primer - Eric Vanderburg - JURINNOVSecurity Governance Primer - Eric Vanderburg - JURINNOV
Security Governance Primer - Eric Vanderburg - JURINNOVEric Vanderburg
 
PRESENTACION DE SERVICIOS CORPORATIVOS
PRESENTACION DE SERVICIOS CORPORATIVOSPRESENTACION DE SERVICIOS CORPORATIVOS
PRESENTACION DE SERVICIOS CORPORATIVOSQuinta Esencia Spa
 

Viewers also liked (20)

Ransomware: 2016's Greatest Malware Threat
Ransomware: 2016's Greatest Malware ThreatRansomware: 2016's Greatest Malware Threat
Ransomware: 2016's Greatest Malware Threat
 
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
 
Cloud Storage and Security: Solving Compliance Challenges
Cloud Storage and Security: Solving Compliance ChallengesCloud Storage and Security: Solving Compliance Challenges
Cloud Storage and Security: Solving Compliance Challenges
 
Correct the most common web development security mistakes - Eric Vanderburg
Correct the most common web development security mistakes - Eric VanderburgCorrect the most common web development security mistakes - Eric Vanderburg
Correct the most common web development security mistakes - Eric Vanderburg
 
The Prescription for Protection - Avoid Treatment Errors To The Malware Problem
The Prescription for Protection - Avoid Treatment Errors To The Malware ProblemThe Prescription for Protection - Avoid Treatment Errors To The Malware Problem
The Prescription for Protection - Avoid Treatment Errors To The Malware Problem
 
Hacktivism: Motivations, Tactics and Threats
Hacktivism: Motivations, Tactics and ThreatsHacktivism: Motivations, Tactics and Threats
Hacktivism: Motivations, Tactics and Threats
 
Countering malware threats - Eric Vanderburg
Countering malware threats - Eric VanderburgCountering malware threats - Eric Vanderburg
Countering malware threats - Eric Vanderburg
 
A Guide to Secure Remote Access - Eric Vanderburg
A Guide to Secure Remote Access - Eric VanderburgA Guide to Secure Remote Access - Eric Vanderburg
A Guide to Secure Remote Access - Eric Vanderburg
 
Computer Security Primer - Eric Vanderburg - JURINNOV
Computer Security Primer - Eric Vanderburg - JURINNOVComputer Security Primer - Eric Vanderburg - JURINNOV
Computer Security Primer - Eric Vanderburg - JURINNOV
 
Frases biblicas escritas em imagens
Frases biblicas escritas em imagensFrases biblicas escritas em imagens
Frases biblicas escritas em imagens
 
IT Professional Development - HDI Keynote - Eric Vanderburg
IT Professional Development - HDI Keynote - Eric VanderburgIT Professional Development - HDI Keynote - Eric Vanderburg
IT Professional Development - HDI Keynote - Eric Vanderburg
 
Server Hardening Primer - Eric Vanderburg - JURINNOV
Server Hardening Primer - Eric Vanderburg - JURINNOVServer Hardening Primer - Eric Vanderburg - JURINNOV
Server Hardening Primer - Eric Vanderburg - JURINNOV
 
Physical security primer - JURINNOV - Eric Vanderburg
Physical security primer - JURINNOV - Eric VanderburgPhysical security primer - JURINNOV - Eric Vanderburg
Physical security primer - JURINNOV - Eric Vanderburg
 
Kubernetes @ Nanit by Chen Fisher
Kubernetes @ Nanit by Chen FisherKubernetes @ Nanit by Chen Fisher
Kubernetes @ Nanit by Chen Fisher
 
Quality Software Development LifeCycle
Quality Software Development LifeCycleQuality Software Development LifeCycle
Quality Software Development LifeCycle
 
Increasing Android app security for free - Roberto Gassirà, Roberto Piccirill...
Increasing Android app security for free - Roberto Gassirà, Roberto Piccirill...Increasing Android app security for free - Roberto Gassirà, Roberto Piccirill...
Increasing Android app security for free - Roberto Gassirà, Roberto Piccirill...
 
Understanding computer attacks and attackers - Eric Vanderburg - JURINNOV
Understanding computer attacks and attackers - Eric Vanderburg - JURINNOVUnderstanding computer attacks and attackers - Eric Vanderburg - JURINNOV
Understanding computer attacks and attackers - Eric Vanderburg - JURINNOV
 
Security Governance Primer - Eric Vanderburg - JURINNOV
Security Governance Primer - Eric Vanderburg - JURINNOVSecurity Governance Primer - Eric Vanderburg - JURINNOV
Security Governance Primer - Eric Vanderburg - JURINNOV
 
Iam infosafe janvier 2017
Iam infosafe janvier 2017 Iam infosafe janvier 2017
Iam infosafe janvier 2017
 
PRESENTACION DE SERVICIOS CORPORATIVOS
PRESENTACION DE SERVICIOS CORPORATIVOSPRESENTACION DE SERVICIOS CORPORATIVOS
PRESENTACION DE SERVICIOS CORPORATIVOS
 

Similar to Preventing Fraud from Top to Bottom

Cyber Readiness in the Securities and Brokerage Industries Featuring Armstron...
Cyber Readiness in the Securities and Brokerage Industries Featuring Armstron...Cyber Readiness in the Securities and Brokerage Industries Featuring Armstron...
Cyber Readiness in the Securities and Brokerage Industries Featuring Armstron...Armstrong Teasdale
 
SANS Ask the Expert: An Incident Response Playbook: From Monitoring to Opera...
SANS Ask the Expert: An Incident Response Playbook: From Monitoring to Opera... SANS Ask the Expert: An Incident Response Playbook: From Monitoring to Opera...
SANS Ask the Expert: An Incident Response Playbook: From Monitoring to Opera...AlienVault
 
Why Your Organization Must Have a Cyber Risk Management Program and How to De...
Why Your Organization Must Have a Cyber Risk Management Program and How to De...Why Your Organization Must Have a Cyber Risk Management Program and How to De...
Why Your Organization Must Have a Cyber Risk Management Program and How to De...Shawn Tuma
 
Data Breach Lessons from 2013 - Eric Vanderburg - CodeMash 2014
Data Breach Lessons from 2013 - Eric Vanderburg - CodeMash 2014Data Breach Lessons from 2013 - Eric Vanderburg - CodeMash 2014
Data Breach Lessons from 2013 - Eric Vanderburg - CodeMash 2014Eric Vanderburg
 
AdvisorAssist Are Your RIA's Clients Protected from Cyber Threats?
AdvisorAssist Are Your RIA's Clients Protected from Cyber Threats?AdvisorAssist Are Your RIA's Clients Protected from Cyber Threats?
AdvisorAssist Are Your RIA's Clients Protected from Cyber Threats?AdvisorAssist, LLC
 
Anatomy Of A Breach: The Good, The Bad & The Ugly
Anatomy Of A Breach: The Good, The Bad & The UglyAnatomy Of A Breach: The Good, The Bad & The Ugly
Anatomy Of A Breach: The Good, The Bad & The UglyResilient Systems
 
Threat Modeling for System Builders and System Breakers - Dan Cornell of Deni...
Threat Modeling for System Builders and System Breakers - Dan Cornell of Deni...Threat Modeling for System Builders and System Breakers - Dan Cornell of Deni...
Threat Modeling for System Builders and System Breakers - Dan Cornell of Deni...Denim Group
 
Understanding GDPR: Myths & Reality of Compliance
Understanding GDPR: Myths & Reality of ComplianceUnderstanding GDPR: Myths & Reality of Compliance
Understanding GDPR: Myths & Reality of ComplianceVeridium
 
Save Your Network – Protecting Healthcare Data from Deadly Breaches
Save Your Network – Protecting Healthcare Data from Deadly BreachesSave Your Network – Protecting Healthcare Data from Deadly Breaches
Save Your Network – Protecting Healthcare Data from Deadly BreachesLancope, Inc.
 
Multi-faceted Cyber Security v1
Multi-faceted Cyber Security v1Multi-faceted Cyber Security v1
Multi-faceted Cyber Security v1Asad Zaman
 
Introduction to Health Informatics Ch11 power point
Introduction to Health Informatics Ch11 power pointIntroduction to Health Informatics Ch11 power point
Introduction to Health Informatics Ch11 power pointbradleyl2
 
Anticipative Safety Management - Performance Based Monitoring
Anticipative Safety Management - Performance Based MonitoringAnticipative Safety Management - Performance Based Monitoring
Anticipative Safety Management - Performance Based MonitoringFionaMacGael
 
The Legal Case for Cybersecurity - SecureWorld Dallas 2017 (Lunch Keynote)
The Legal Case for Cybersecurity - SecureWorld Dallas 2017 (Lunch Keynote)The Legal Case for Cybersecurity - SecureWorld Dallas 2017 (Lunch Keynote)
The Legal Case for Cybersecurity - SecureWorld Dallas 2017 (Lunch Keynote)Shawn Tuma
 
MySQL Manchester TT - Security
MySQL Manchester TT - SecurityMySQL Manchester TT - Security
MySQL Manchester TT - SecurityMark Swarbrick
 
Information Governance – What Does a Modern Program Look Like?
Information Governance – What Does a Modern Program Look Like?Information Governance – What Does a Modern Program Look Like?
Information Governance – What Does a Modern Program Look Like?Winston & Strawn LLP
 
Computer Fraud - Eric Vanderburg - China Resource Network Conference
Computer Fraud - Eric Vanderburg - China Resource Network ConferenceComputer Fraud - Eric Vanderburg - China Resource Network Conference
Computer Fraud - Eric Vanderburg - China Resource Network ConferenceEric Vanderburg
 
The Legal Case for Cybersecurity
The Legal Case for CybersecurityThe Legal Case for Cybersecurity
The Legal Case for CybersecurityShawn Tuma
 
Internal Controls Over Information Systems
Internal Controls Over Information Systems Internal Controls Over Information Systems
Internal Controls Over Information Systems Jeffrey Paulette
 
2015 Angelbeat_ConvergenceMsg-FINAL
2015 Angelbeat_ConvergenceMsg-FINAL2015 Angelbeat_ConvergenceMsg-FINAL
2015 Angelbeat_ConvergenceMsg-FINALRick Kingsley
 

Similar to Preventing Fraud from Top to Bottom (20)

Cyber Readiness in the Securities and Brokerage Industries Featuring Armstron...
Cyber Readiness in the Securities and Brokerage Industries Featuring Armstron...Cyber Readiness in the Securities and Brokerage Industries Featuring Armstron...
Cyber Readiness in the Securities and Brokerage Industries Featuring Armstron...
 
SANS Ask the Expert: An Incident Response Playbook: From Monitoring to Opera...
SANS Ask the Expert: An Incident Response Playbook: From Monitoring to Opera... SANS Ask the Expert: An Incident Response Playbook: From Monitoring to Opera...
SANS Ask the Expert: An Incident Response Playbook: From Monitoring to Opera...
 
Why Your Organization Must Have a Cyber Risk Management Program and How to De...
Why Your Organization Must Have a Cyber Risk Management Program and How to De...Why Your Organization Must Have a Cyber Risk Management Program and How to De...
Why Your Organization Must Have a Cyber Risk Management Program and How to De...
 
Data Breach Lessons from 2013 - Eric Vanderburg - CodeMash 2014
Data Breach Lessons from 2013 - Eric Vanderburg - CodeMash 2014Data Breach Lessons from 2013 - Eric Vanderburg - CodeMash 2014
Data Breach Lessons from 2013 - Eric Vanderburg - CodeMash 2014
 
AdvisorAssist Are Your RIA's Clients Protected from Cyber Threats?
AdvisorAssist Are Your RIA's Clients Protected from Cyber Threats?AdvisorAssist Are Your RIA's Clients Protected from Cyber Threats?
AdvisorAssist Are Your RIA's Clients Protected from Cyber Threats?
 
Anatomy Of A Breach: The Good, The Bad & The Ugly
Anatomy Of A Breach: The Good, The Bad & The UglyAnatomy Of A Breach: The Good, The Bad & The Ugly
Anatomy Of A Breach: The Good, The Bad & The Ugly
 
Threat Modeling for System Builders and System Breakers - Dan Cornell of Deni...
Threat Modeling for System Builders and System Breakers - Dan Cornell of Deni...Threat Modeling for System Builders and System Breakers - Dan Cornell of Deni...
Threat Modeling for System Builders and System Breakers - Dan Cornell of Deni...
 
Understanding GDPR: Myths & Reality of Compliance
Understanding GDPR: Myths & Reality of ComplianceUnderstanding GDPR: Myths & Reality of Compliance
Understanding GDPR: Myths & Reality of Compliance
 
Save Your Network – Protecting Healthcare Data from Deadly Breaches
Save Your Network – Protecting Healthcare Data from Deadly BreachesSave Your Network – Protecting Healthcare Data from Deadly Breaches
Save Your Network – Protecting Healthcare Data from Deadly Breaches
 
Multi-faceted Cyber Security v1
Multi-faceted Cyber Security v1Multi-faceted Cyber Security v1
Multi-faceted Cyber Security v1
 
Introduction to Health Informatics Ch11 power point
Introduction to Health Informatics Ch11 power pointIntroduction to Health Informatics Ch11 power point
Introduction to Health Informatics Ch11 power point
 
Anticipative Safety Management - Performance Based Monitoring
Anticipative Safety Management - Performance Based MonitoringAnticipative Safety Management - Performance Based Monitoring
Anticipative Safety Management - Performance Based Monitoring
 
The Legal Case for Cybersecurity - SecureWorld Dallas 2017 (Lunch Keynote)
The Legal Case for Cybersecurity - SecureWorld Dallas 2017 (Lunch Keynote)The Legal Case for Cybersecurity - SecureWorld Dallas 2017 (Lunch Keynote)
The Legal Case for Cybersecurity - SecureWorld Dallas 2017 (Lunch Keynote)
 
MySQL Manchester TT - Security
MySQL Manchester TT - SecurityMySQL Manchester TT - Security
MySQL Manchester TT - Security
 
Information Governance – What Does a Modern Program Look Like?
Information Governance – What Does a Modern Program Look Like?Information Governance – What Does a Modern Program Look Like?
Information Governance – What Does a Modern Program Look Like?
 
Computer Fraud - Eric Vanderburg - China Resource Network Conference
Computer Fraud - Eric Vanderburg - China Resource Network ConferenceComputer Fraud - Eric Vanderburg - China Resource Network Conference
Computer Fraud - Eric Vanderburg - China Resource Network Conference
 
The Legal Case for Cybersecurity
The Legal Case for CybersecurityThe Legal Case for Cybersecurity
The Legal Case for Cybersecurity
 
Internal Controls Over Information Systems
Internal Controls Over Information Systems Internal Controls Over Information Systems
Internal Controls Over Information Systems
 
2015 Angelbeat_ConvergenceMsg-FINAL
2015 Angelbeat_ConvergenceMsg-FINAL2015 Angelbeat_ConvergenceMsg-FINAL
2015 Angelbeat_ConvergenceMsg-FINAL
 
Architelos gac domain abuse best practices feb 12
Architelos gac domain abuse best practices feb 12Architelos gac domain abuse best practices feb 12
Architelos gac domain abuse best practices feb 12
 

More from Eric Vanderburg

GDPR, Data Privacy and Cybersecurity - MIT Symposium
GDPR, Data Privacy and Cybersecurity - MIT SymposiumGDPR, Data Privacy and Cybersecurity - MIT Symposium
GDPR, Data Privacy and Cybersecurity - MIT SymposiumEric Vanderburg
 
Modern Security the way Equifax Should Have
Modern Security the way Equifax Should HaveModern Security the way Equifax Should Have
Modern Security the way Equifax Should HaveEric Vanderburg
 
Cybercrime and Cyber Threats - CBLA - Eric Vanderburg
Cybercrime and Cyber Threats - CBLA - Eric VanderburgCybercrime and Cyber Threats - CBLA - Eric Vanderburg
Cybercrime and Cyber Threats - CBLA - Eric VanderburgEric Vanderburg
 
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...Eric Vanderburg
 
Mobile Forensics and Cybersecurity
Mobile Forensics and CybersecurityMobile Forensics and Cybersecurity
Mobile Forensics and CybersecurityEric Vanderburg
 
Emerging Technologies: Japan’s Position
Emerging Technologies: Japan’s PositionEmerging Technologies: Japan’s Position
Emerging Technologies: Japan’s PositionEric Vanderburg
 
Principles of technology management
Principles of technology managementPrinciples of technology management
Principles of technology managementEric Vanderburg
 
Japanese railway technology
Japanese railway technologyJapanese railway technology
Japanese railway technologyEric Vanderburg
 
Evaluating japanese technological competitiveness
Evaluating japanese technological competitivenessEvaluating japanese technological competitiveness
Evaluating japanese technological competitivenessEric Vanderburg
 
Japanese current and future technology management challenges
Japanese current and future technology management challengesJapanese current and future technology management challenges
Japanese current and future technology management challengesEric Vanderburg
 
Technology management in Japan: Robotics
Technology management in Japan: RoboticsTechnology management in Japan: Robotics
Technology management in Japan: RoboticsEric Vanderburg
 
Incident response table top exercises
Incident response table top exercisesIncident response table top exercises
Incident response table top exercisesEric Vanderburg
 
Deconstructing website attacks - Eric Vanderburg
Deconstructing website attacks - Eric VanderburgDeconstructing website attacks - Eric Vanderburg
Deconstructing website attacks - Eric VanderburgEric Vanderburg
 
The security professional's guide to programming - Eric Vanderburg
The security professional's guide to programming - Eric VanderburgThe security professional's guide to programming - Eric Vanderburg
The security professional's guide to programming - Eric VanderburgEric Vanderburg
 
Guide to protecting networks - Eric Vanderburg
Guide to protecting networks - Eric VanderburgGuide to protecting networks - Eric Vanderburg
Guide to protecting networks - Eric VanderburgEric Vanderburg
 
Ethical hacking Chapter 12 - Encryption - Eric Vanderburg
Ethical hacking Chapter 12 - Encryption - Eric VanderburgEthical hacking Chapter 12 - Encryption - Eric Vanderburg
Ethical hacking Chapter 12 - Encryption - Eric VanderburgEric Vanderburg
 

More from Eric Vanderburg (16)

GDPR, Data Privacy and Cybersecurity - MIT Symposium
GDPR, Data Privacy and Cybersecurity - MIT SymposiumGDPR, Data Privacy and Cybersecurity - MIT Symposium
GDPR, Data Privacy and Cybersecurity - MIT Symposium
 
Modern Security the way Equifax Should Have
Modern Security the way Equifax Should HaveModern Security the way Equifax Should Have
Modern Security the way Equifax Should Have
 
Cybercrime and Cyber Threats - CBLA - Eric Vanderburg
Cybercrime and Cyber Threats - CBLA - Eric VanderburgCybercrime and Cyber Threats - CBLA - Eric Vanderburg
Cybercrime and Cyber Threats - CBLA - Eric Vanderburg
 
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...
 
Mobile Forensics and Cybersecurity
Mobile Forensics and CybersecurityMobile Forensics and Cybersecurity
Mobile Forensics and Cybersecurity
 
Emerging Technologies: Japan’s Position
Emerging Technologies: Japan’s PositionEmerging Technologies: Japan’s Position
Emerging Technologies: Japan’s Position
 
Principles of technology management
Principles of technology managementPrinciples of technology management
Principles of technology management
 
Japanese railway technology
Japanese railway technologyJapanese railway technology
Japanese railway technology
 
Evaluating japanese technological competitiveness
Evaluating japanese technological competitivenessEvaluating japanese technological competitiveness
Evaluating japanese technological competitiveness
 
Japanese current and future technology management challenges
Japanese current and future technology management challengesJapanese current and future technology management challenges
Japanese current and future technology management challenges
 
Technology management in Japan: Robotics
Technology management in Japan: RoboticsTechnology management in Japan: Robotics
Technology management in Japan: Robotics
 
Incident response table top exercises
Incident response table top exercisesIncident response table top exercises
Incident response table top exercises
 
Deconstructing website attacks - Eric Vanderburg
Deconstructing website attacks - Eric VanderburgDeconstructing website attacks - Eric Vanderburg
Deconstructing website attacks - Eric Vanderburg
 
The security professional's guide to programming - Eric Vanderburg
The security professional's guide to programming - Eric VanderburgThe security professional's guide to programming - Eric Vanderburg
The security professional's guide to programming - Eric Vanderburg
 
Guide to protecting networks - Eric Vanderburg
Guide to protecting networks - Eric VanderburgGuide to protecting networks - Eric Vanderburg
Guide to protecting networks - Eric Vanderburg
 
Ethical hacking Chapter 12 - Encryption - Eric Vanderburg
Ethical hacking Chapter 12 - Encryption - Eric VanderburgEthical hacking Chapter 12 - Encryption - Eric Vanderburg
Ethical hacking Chapter 12 - Encryption - Eric Vanderburg
 

Recently uploaded

IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGSujit Pal
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 

Recently uploaded (20)

IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAG
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 

Preventing Fraud from Top to Bottom

  • 1. Preventing Fraud from Top to Bottom Information Security Summit October 31, 2014 Session 8: 2:20–3:20 PM Dr. Eric A. Vanderburg Director, Cyber Security JURINNOV Ltd. Ramana Gaddamanugu, CFE Senior Manager, Risk and Compliance JURINNOV Ltd.
  • 2. Who are we? Dr. Eric A. Vanderburg Director, Cyber Security JURINNOV Ltd. Ramana Gaddamanugu, CFE Senior Manager, Risk and Compliance JURINNOV Ltd. © 2014 Property of JurInnov Ltd. All Rights Reserved
  • 3. © 2014 Property of JurInnov Ltd. All Rights Reserved Overview • Fraud Risks • Fraud Controls • Anti-Fraud Culture • Awareness • Fraud Incident Response
  • 4. Fraud Risks • Facts and Figures • Fraud factors • Laws • Case studies • Addressing fraud risk © 2014 Property of JurInnov Ltd. All Rights Reserved
  • 5. Facts and figures • 65% of fraud cases were discovered by tips or by an employee accidentally stumbling upon them during the course of their job duties.  Average organizational cost $5.5 million per incident -Ponemon Institute Study, March 2012  Financial impact of cybercrime expected to grow 10% per year through 2016 -Gartner top predictions for 2012 © 2014 Property of JurInnov Ltd. All Rights Reserved
  • 6. Fraud factors Pressures / Incentives: • A situation that is so challenging the person cannot see any other way out • Personal financial pressure • Family pressures • Greed • Pressure to meet goals Rationalization: • A way to justify in the person’s consciousness that the act of fraud is not so bad • Common beliefs: © 2014 Property of JurInnov Ltd. All Rights Reserved • Person is owed this money • Just borrowing until they are able to pay it back • Everyone else is doing it Opportunity: • The set of circumstances that make it possible to commit fraud
  • 7. © 2014 Property of JurInnov Ltd. All Rights Reserved Laws • The Ribicoff Bill • The Computer Fraud and Abuse Act of 1986 • The Electronic Communications Privacy Act of 1986 • The Communications Decency Act of 1996 • The Sarbanes-Oxley Act of 2002 (Sox) • The Gramm-Leach-Bliley Act (GLBA) • The California Database Security Breach Act (2003) • Identity Theft Enforcement and Restitution Act of 2008
  • 8. Case studies © 2014 Property of JurInnov Ltd. All Rights Reserved • Example 1 – Pressure – Opportunity – Rationalization
  • 9. Case studies © 2014 Property of JurInnov Ltd. All Rights Reserved • Example 2 – Pressure – Opportunity – Rationalization
  • 10. Case studies © 2014 Property of JurInnov Ltd. All Rights Reserved • Example 3 – Pressure – Opportunity – Rationalization
  • 11. Addressing fraud risk • Performing a fraud risk assessment • Options for dealing with risk © 2014 Property of JurInnov Ltd. All Rights Reserved – Accept – Mitigate – Transfer – Avoid
  • 12. Addressing risk TRANSFER Impact (Probability * Loss) © 2014 Property of JurInnov Ltd. All Rights Reserved Cost ACCEPT MITIGATE AVOID
  • 13. Fraud Controls • Access controls • Auditing • Business continuity • Application security • Cryptography • Security management • Governance • Segregation of Duties © 2014 Property of JurInnov Ltd. All Rights Reserved
  • 14. Ways controls are executed • Manual (performed by people) – Examples: Authorizations, Management reviews • Automatic (embedded in application code) – Examples: Exception reports, Interface controls, System access © 2014 Property of JurInnov Ltd. All Rights Reserved
  • 15. Control categories © 2014 Property of JurInnov Ltd. All Rights Reserved
  • 16. Access controls • Least privilege • Types of authentication – What you have – What you are – What you know © 2014 Property of JurInnov Ltd. All Rights Reserved
  • 17. © 2014 Property of JurInnov Ltd. All Rights Reserved Auditing • Server audit logs are turned on and retained • Proper review of logs and other data • Personnel held accountable
  • 18. Business continuity • Key systems have uninterruptable power supplies • Backups tested regularly • Disaster recovery plans in place • Business continuity testing for key systems • System maintenance as scheduled © 2014 Property of JurInnov Ltd. All Rights Reserved
  • 19. Application security • Security patches up to date • Equipment firmware is up to date • No unauthorized programs installed • Corporate applications have up to date security reviews • Antivirus software installed • Virus definitions up to date © 2014 Property of JurInnov Ltd. All Rights Reserved
  • 20. Cryptography © 2014 Property of JurInnov Ltd. All Rights Reserved • Data at rest – Workstations – Servers – Backups – Laptops – Phones • Data in motion (in transit) – VPN – Web site access – File transfer – Network communication
  • 21. Encryption example © 2014 Property of JurInnov Ltd. All Rights Reserved
  • 22. Security management • Configuration changes approved prior to implementation • Incidents handled by incident response plans • Media sanitized before being reused or disposed © 2014 Property of JurInnov Ltd. All Rights Reserved
  • 23. Governance • Security policies and procedures in place • Systems have documented security controls • Documented roles and responsibilities © 2014 Property of JurInnov Ltd. All Rights Reserved
  • 24. Segregation of Duties • Process • Systems • Roles and Authority • Oversight • Audit © 2014 Property of JurInnov Ltd. All Rights Reserved
  • 25. Test types © 2014 Property of JurInnov Ltd. All Rights Reserved • Inquiry – Interview staff to validate knowledge of a policy or requirement – Inquiry alone is not a sufficient test • Inspection – Review sample of source documents for evidence of control execution – Review exception reports and related documentation to identify preventive control failures and validate for risk occurrence – Reconcile process/system documentation to actual operation • Observation – Monitor personnel to validate execution of manual controls – Observe occurrence of automated controls (e.g. popup warnings) • Re-performing – Enter an illegal transaction to test control operation – Enter a valid transaction to test control operation
  • 26. Anti-Fraud Culture • Role of leadership • Reinforcing the culture day to day • Business integration • Making it happen © 2014 Property of JurInnov Ltd. All Rights Reserved
  • 27. Role of leadership • Incenting the behavior • Assignments and accountabilities • Personal contribution reports • Performance reviews • Daily interactions with team members • New system and process deployment © 2014 Property of JurInnov Ltd. All Rights Reserved
  • 28. Role of leadership • Take a quick pulse • Demonstrate that security is critical • Challenge assumptions of security • Ask about the risks • Monitor, measure, report • Hold everyone accountable • Reward behaviors • Debrief projects including security focus © 2014 Property of JurInnov Ltd. All Rights Reserved
  • 29. Reinforcing the culture: Day to Day • Monitoring, measuring and reporting • Integrating with business metrics • Weekly management meetings • Monthly dashboard review with employees • Quarterly goals met • Team rewards © 2014 Property of JurInnov Ltd. All Rights Reserved
  • 30. Business integration Anti-fraud Strategy • Priorities • Roles and responsibilities • Targeted capabilities • Specific goals (timeframe) © 2014 Property of JurInnov Ltd. All Rights Reserved Business Strategy • Core values • Purpose • Capabilities • Client promise • Business targets • Specific goals • Initiatives • Action items • Assignments and accountabilities
  • 31. Making it happen • Ask where are we today? – High level survey – taking the pulse – Assessment • Define and communicate expectations – Company policies – Employee training – Third party contract requirements © 2014 Property of JurInnov Ltd. All Rights Reserved
  • 32. Making it happen • Implement changes – Workflow (make it easy) – Technology – Physical • Ask how are we doing? – Checkpoints – Audits © 2014 Property of JurInnov Ltd. All Rights Reserved
  • 33. Awareness • Types of fraud • Everyone’s responsibility • Recognizing fraud • Who to notify • Whistleblowing policy © 2014 Property of JurInnov Ltd. All Rights Reserved
  • 34. Fraud Incident Response • Preparation • Identification • Containment • Investigation • Eradication • Recovery © 2014 Property of JurInnov Ltd. All Rights Reserved
  • 35. Preparation – Document procedures for likely incidents – Document steps for a non-specific incident – Prepare resources © 2014 Property of JurInnov Ltd. All Rights Reserved • Human • Technical – Is geographic diversity needed? – Determine notification procedure – Roles and responsibilities – Simulation – Review and maintenance
  • 36. Identification • Use of dormant accounts • Log alteration • Notification by partner or © 2014 Property of JurInnov Ltd. All Rights Reserved peer • Violation of policy • Violation of law • Loss of availability • Unusual consumption of computing resources • Unusual network activity • Corrupt files • Data breach • Reported attacks • Activity at unexpected times • Unusual email traffic • Presence of unfamiliar files • Execution of unknown programs
  • 37. Containment – Assembly – Restrict Access – Preservation – Notification © 2014 Property of JurInnov Ltd. All Rights Reserved
  • 38. Investigation – Interviewing – Documentation • IP address of compromised system • Time frame • Malicious ports • Flow records • Host file © 2014 Property of JurInnov Ltd. All Rights Reserved – Analysis • Event Logs – Escalation
  • 39. Eradication • Resolution- all that data should have given you action items. If not, look again – List action items – Rank in terms of risk level and time required – Prioritize – Coordinate and track remediation to completion © 2014 Property of JurInnov Ltd. All Rights Reserved • Validation – Confirm measures successfully remediated the incident
  • 40. © 2014 Property of JurInnov Ltd. All Rights Reserved Recovery • Remediate vulnerabilities • Restore services • Restore data • Restore confidence
  • 42. For assistance or additional information • Phone: 216-664-1100 • Web: www.jurinnov.com JurInnov Ltd. The Idea Center 1375 Euclid Avenue, Suite 400 Cleveland, Ohio 44115 © 2014 Property of JurInnov Ltd. All Rights Reserved