Data Protection and War Stories Data Protection and War Stories from the Wild Wild Westfrom the Wild Wild West
Peter H. Gregory, CISA, CISSPPeter H. Gregory, CISA, [email protected]@yahoo.comwww.isecbooks.comwww.isecbooks.comWestern Pension and Benefits ConferenceWestern Pension and Benefits ConferenceFebruary 20, 2007February 20, 2007
Peter H. Gregory, CISA, CISSP Peter H. Gregory, CISA, CISSP [email protected]@yahoo.com
Western Pension & Benefits ConferenceWestern Pension & Benefits Conference
About the SpeakerAbout the Speaker
Peter Gregory, CISA, CISSPPeter Gregory, CISA, CISSPAuthor of 12 books in information security & technologyAuthor of 12 books in information security & technologyFrequent conference speakerFrequent conference speakerInterviews in Information Security Magazine, Interviews in Information Security Magazine, Computerworld, Seattle Times, Computerworld, Seattle Times, C|NetC|Net News, etc.News, etc.Board of Directors, InfraGard SeattleBoard of Directors, InfraGard SeattleWay too busy with too many things (but considering more)Way too busy with too many things (but considering more)
www.isecbooks.comwww.isecbooks.competergregory@[email protected]
Peter H. Gregory, CISA, CISSP Peter H. Gregory, CISA, CISSP [email protected]@yahoo.com
Western Pension & Benefits ConferenceWestern Pension & Benefits Conference
RulesRules
This is interactiveThis is interactiveAsk questions at any timeAsk questions at any time
-- There are no dumb questionsThere are no dumb questionsYou can send me eYou can send me e--mail about it latermail about it laterYou can leave comments or questions on my You can leave comments or questions on my blogblog
Peter H. Gregory, CISA, CISSP Peter H. Gregory, CISA, CISSP [email protected]@yahoo.com
Western Pension & Benefits ConferenceWestern Pension & Benefits Conference
AgendaAgenda
Background on technology and securityBackground on technology and securityUnintended consequencesUnintended consequencesMisuse of technologyMisuse of technologyThreats and VulnerabilitiesThreats and VulnerabilitiesThings you can do on your ownThings you can do on your ownThings you need your organization to doThings you need your organization to do
Peter H. Gregory, CISA, CISSP Peter H. Gregory, CISA, CISSP [email protected]@yahoo.com
Western Pension & Benefits ConferenceWestern Pension & Benefits Conference
The security problem definedThe security problem defined
Technology advances faster than our ability to protect Technology advances faster than our ability to protect ourselvesourselves
-- Examples: cars, childrenExamples: cars, children’’s toyss toysTechnology does not attempt to discern the intent of the Technology does not attempt to discern the intent of the user; persons with evil intent are free to misuse technologyuser; persons with evil intent are free to misuse technologyAs various technologies are used together, there are As various technologies are used together, there are frequently unintended consequences that are not frequently unintended consequences that are not immediately understoodimmediately understoodSecurity measures come later, and are often imperfectSecurity measures come later, and are often imperfectUsers assume some responsibility for safe usageUsers assume some responsibility for safe usage
Peter H. Gregory, CISA, CISSP Peter H. Gregory, CISA, CISSP [email protected]@yahoo.com
Western Pension & Benefits ConferenceWestern Pension & Benefits Conference
Speaking of unintended consequencesSpeaking of unintended consequences……
Peter H. Gregory, CISA, CISSP Peter H. Gregory, CISA, CISSP [email protected]@yahoo.com
Western Pension & Benefits ConferenceWestern Pension & Benefits Conference
Peter H. Gregory, CISA, CISSP Peter H. Gregory, CISA, CISSP [email protected]@yahoo.com
Western Pension & Benefits ConferenceWestern Pension & Benefits Conference
Another thing you need to knowAnother thing you need to know……
Security mechanisms do not necessarily stop bad things Security mechanisms do not necessarily stop bad things from happeningfrom happening
Peter H. Gregory, CISA, CISSP Peter H. Gregory, CISA, CISSP [email protected]@yahoo.com
Western Pension & Benefits ConferenceWestern Pension & Benefits Conference
Peter H. Gregory, CISA, CISSP Peter H. Gregory, CISA, CISSP [email protected]@yahoo.com
Western Pension & Benefits ConferenceWestern Pension & Benefits Conference
Understanding ThreatsUnderstanding Threats
Data Theft & Identity TheftData Theft & Identity TheftMalwareMalwarePhysical TheftPhysical TheftFraudFraudInsidersInsidersFormerFormer insidersinsidersOrganized crimeOrganized crime
Peter H. Gregory, CISA, CISSP Peter H. Gregory, CISA, CISSP [email protected]@yahoo.com
Western Pension & Benefits ConferenceWestern Pension & Benefits Conference
Understanding VulnerabilitiesUnderstanding Vulnerabilities
Weaknesses that can permit unauthorized access or Weaknesses that can permit unauthorized access or malfunctionsmalfunctions
-- SoftwareSoftware-- ProcessesProcesses-- PeoplePeople
Peter H. Gregory, CISA, CISSP Peter H. Gregory, CISA, CISSP [email protected]@yahoo.com
Western Pension & Benefits ConferenceWestern Pension & Benefits Conference
Peter H. Gregory, CISA, CISSP Peter H. Gregory, CISA, CISSP [email protected]@yahoo.com
Western Pension & Benefits ConferenceWestern Pension & Benefits Conference
What needs to be protectedWhat needs to be protected
Credentials (userids and passwords)Credentials (userids and passwords)PII (Personally Identifiable Information)PII (Personally Identifiable Information)Your company secretsYour company secrets, whatever they are, whatever they areYour companyYour company assetsassetsYour personal secretsYour personal secrets
Peter H. Gregory, CISA, CISSP Peter H. Gregory, CISA, CISSP [email protected]@yahoo.com
Western Pension & Benefits ConferenceWestern Pension & Benefits Conference
What security professionals care aboutWhat security professionals care about
““CIACIA””-- ConfidentialityConfidentiality-- IntegrityIntegrity-- AvailabilityAvailability
Peter H. Gregory, CISA, CISSP Peter H. Gregory, CISA, CISSP [email protected]@yahoo.com
Western Pension & Benefits ConferenceWestern Pension & Benefits Conference
Understanding RiskUnderstanding Risk
Security professionals sometimes perform risk analysisSecurity professionals sometimes perform risk analysis
Risk = (Probability of event) X (Impact of event)Risk = (Probability of event) X (Impact of event)
Peter H. Gregory, CISA, CISSP Peter H. Gregory, CISA, CISSP [email protected]@yahoo.com
Western Pension & Benefits ConferenceWestern Pension & Benefits Conference
How to tell if a computer breach has occurredHow to tell if a computer breach has occurred
No easy ways, yet, if everNo easy ways, yet, if everIf information has been stolen, itIf information has been stolen, it’’s still theres still thereIf information has been deliberately corrupted, it may not If information has been deliberately corrupted, it may not be immediately evident, if everbe immediately evident, if ever
Peter H. Gregory, CISA, CISSP Peter H. Gregory, CISA, CISSP [email protected]@yahoo.com
Western Pension & Benefits ConferenceWestern Pension & Benefits Conference
How to protect your assetsHow to protect your assets
Things you can doThings you can do-- Secure your passwordsSecure your passwords-- Protect your screenProtect your screen-- Encrypt your dataEncrypt your data-- Use the Internet safelyUse the Internet safely-- Prevent laptop theftPrevent laptop theft-- Secure document disposalSecure document disposal-- Prevent eavesdroppingPrevent eavesdropping
Things your Things your organizationorganization can docan do-- TopTop--down securitydown security-- Account managementAccount management-- Access managementAccess management-- Perimeter defensesPerimeter defenses-- Physical securityPhysical security-- Security scanningSecurity scanning-- Change managementChange management-- Incident managementIncident management-- Background checksBackground checks-- Outside assessmentsOutside assessments-- DRP / BCPDRP / BCP
Peter H. Gregory, CISA, CISSP Peter H. Gregory, CISA, CISSP [email protected]@yahoo.com
Western Pension & Benefits ConferenceWestern Pension & Benefits Conference
SECURE YOUR PASSWORDSSECURE YOUR PASSWORDS
Use good passwordsUse good passwords-- Long, complex, difficult for others to guessLong, complex, difficult for others to guess
Use different passwords for different accountsUse different passwords for different accountsUse a password storage vaultUse a password storage vault
-- Password SafePassword Safe
Peter H. Gregory, CISA, CISSP Peter H. Gregory, CISA, CISSP [email protected]@yahoo.com
Western Pension & Benefits ConferenceWestern Pension & Benefits Conference
Password SafePassword Safe
passwordsafe.sourceforge.net
Peter H. Gregory, CISA, CISSP Peter H. Gregory, CISA, CISSP [email protected]@yahoo.com
Western Pension & Benefits ConferenceWestern Pension & Benefits Conference
PROTECT YOUR SCREENPROTECT YOUR SCREEN
Privacy filter ($70Privacy filter ($70--90)90)Short interval Short interval lockinglocking screen saverscreen saverLock your screen when unattended Lock your screen when unattended
-- --LL-- CtrlCtrl--AltAlt--Del Del -- KK
Peter H. Gregory, CISA, CISSP Peter H. Gregory, CISA, CISSP [email protected]@yahoo.com
Western Pension & Benefits ConferenceWestern Pension & Benefits Conference
Peter H. Gregory, CISA, CISSP Peter H. Gregory, CISA, CISSP [email protected]@yahoo.com
Western Pension & Benefits ConferenceWestern Pension & Benefits Conference
ENCRYPT YOUR DATAENCRYPT YOUR DATA
Encrypt data stored on your computerEncrypt data stored on your computer-- Disk encryptionDisk encryption
-- EFS (built in to Windows)EFS (built in to Windows)-- BitLocker (new in Vista)BitLocker (new in Vista)-- PGP diskPGP disk-- many other brandsmany other brands
Encrypt data you send to othersEncrypt data you send to others-- PGP, WinZip v9+PGP, WinZip v9+
Peter H. Gregory, CISA, CISSP Peter H. Gregory, CISA, CISSP [email protected]@yahoo.com
Western Pension & Benefits ConferenceWestern Pension & Benefits Conference
WinZip version 9 or newerWinZip version 9 or newer
Peter H. Gregory, CISA, CISSP Peter H. Gregory, CISA, CISSP [email protected]@yahoo.com
Western Pension & Benefits ConferenceWestern Pension & Benefits Conference
USE THE INTERNET SAFELYUSE THE INTERNET SAFELY
AntiAnti--VirusVirus-- Check for updates dailyCheck for updates daily-- Full hard drive scan weeklyFull hard drive scan weekly-- AutoAuto--protect turned onprotect turned on-- Heuristics turned onHeuristics turned on-- EE--mail protection (if available)mail protection (if available)
DonDon’’t want to pay? Use AVG Free Antit want to pay? Use AVG Free Anti--VirusViruswww.grisoft.comwww.grisoft.com
VirusesWormsTrojans
Peter H. Gregory, CISA, CISSP Peter H. Gregory, CISA, CISSP [email protected]@yahoo.com
Western Pension & Benefits ConferenceWestern Pension & Benefits Conference
USE THE INTERNET SAFELYUSE THE INTERNET SAFELY
EE--mailmail-- Use a spam filterUse a spam filter-- DonDon’’t open unfamiliar et open unfamiliar e--mailsmails
Browser safetyBrowser safety-- Maintain secure settingsMaintain secure settings-- Use antiUse anti--spywarespyware
-- Windows Defender, Spy Sweeper, AdWindows Defender, Spy Sweeper, Ad--AwareAware……-- Block popBlock pop--upsups
SPAM
PopUps
Spyware
Peter H. Gregory, CISA, CISSP Peter H. Gregory, CISA, CISSP [email protected]@yahoo.com
Western Pension & Benefits ConferenceWestern Pension & Benefits Conference
PREVENT LAPTOP THEFTPREVENT LAPTOP THEFT
Keep your laptop with you at all timesKeep your laptop with you at all times-- Lock in your trunkLock in your trunk-- DonDon’’t put it in checked baggaget put it in checked baggage-- DonDon’’t check at the bell deskt check at the bell desk-- Lock it to a heavy piece of Lock it to a heavy piece of
furniturefurniture
Peter H. Gregory, CISA, CISSP Peter H. Gregory, CISA, CISSP [email protected]@yahoo.com
Western Pension & Benefits ConferenceWestern Pension & Benefits Conference
SECURE DOCUMENT DISPOSALSECURE DOCUMENT DISPOSAL
Pay attention to what you are throwing awayPay attention to what you are throwing awayWaste paper into recyclingWaste paper into recyclingPaper with personal or company information to shred bins Paper with personal or company information to shred bins or directly to the shredderor directly to the shredder
Peter H. Gregory, CISA, CISSP Peter H. Gregory, CISA, CISSP [email protected]@yahoo.com
Western Pension & Benefits ConferenceWestern Pension & Benefits Conference
PREVENT EAVESDROPPINGPREVENT EAVESDROPPING
Phone conversations in public placesPhone conversations in public placesBe mindful of who may overhear youBe mindful of who may overhear you
Peter H. Gregory, CISA, CISSP Peter H. Gregory, CISA, CISSP [email protected]@yahoo.com
Western Pension & Benefits ConferenceWestern Pension & Benefits Conference
Things your Things your organizationorganization can docan do……
Peter H. Gregory, CISA, CISSP Peter H. Gregory, CISA, CISSP [email protected]@yahoo.com
Western Pension & Benefits ConferenceWestern Pension & Benefits Conference
TOPTOP--DOWN SECURITYDOWN SECURITY
ExecutiveExecutive--level accountability for security and compliancelevel accountability for security and complianceLeadership by exampleLeadership by exampleOrganization security policyOrganization security policy
-- Enforcement to include real consequencesEnforcement to include real consequences
Peter H. Gregory, CISA, CISSP Peter H. Gregory, CISA, CISSP [email protected]@yahoo.com
Western Pension & Benefits ConferenceWestern Pension & Benefits Conference
ACTIVELY MANAGE USER ACCOUNTSACTIVELY MANAGE USER ACCOUNTS
Formal process for userid creationFormal process for userid creationFormal process for terminationFormal process for termination
-- Promptly disable user accountsPromptly disable user accounts-- Contractors tooContractors too
Peter H. Gregory, CISA, CISSP Peter H. Gregory, CISA, CISSP [email protected]@yahoo.com
Western Pension & Benefits ConferenceWestern Pension & Benefits Conference
RESTRICT ACCESS TO DATA NEED TO RESTRICT ACCESS TO DATA NEED TO KNOWKNOW
Employees should be able to access Employees should be able to access only what they only what they require to do their jobrequire to do their job, and no more, and no moreHow: create access control policy How: create access control policy firstfirst, , thenthen implement itimplement itDo not permit Do not permit ““accumulation of privilegesaccumulation of privileges””
-- Transfers within the organization Transfers within the organization –– people take their people take their privileges with them and accumulate moreprivileges with them and accumulate more
Peter H. Gregory, CISA, CISSP Peter H. Gregory, CISA, CISSP [email protected]@yahoo.com
Western Pension & Benefits ConferenceWestern Pension & Benefits Conference
ENCRYPT SENSITIVE DATAENCRYPT SENSITIVE DATA
Encrypt sensitive data at restEncrypt sensitive data at rest-- PII (personally identifiable information)PII (personally identifiable information)
-- Financial, medical, identityFinancial, medical, identityEncrypt sensitive data in transitEncrypt sensitive data in transit
-- Batch feeds between organizationsBatch feeds between organizations-- EE--mailmail-- Ad hoc data transfersAd hoc data transfers
Peter H. Gregory, CISA, CISSP Peter H. Gregory, CISA, CISSP [email protected]@yahoo.com
Western Pension & Benefits ConferenceWestern Pension & Benefits Conference
IMPLEMENT PERIMETER DEFENSESIMPLEMENT PERIMETER DEFENSES
FirewallsFirewallsSpam filteringSpam filtering
-- Hardware, software, or external service*Hardware, software, or external service*Intrusion detectionIntrusion detection
-- ““snortsnort””Intrusion preventionIntrusion prevention
* * -- my favorite by farmy favorite by far
Peter H. Gregory, CISA, CISSP Peter H. Gregory, CISA, CISSP [email protected]@yahoo.com
Western Pension & Benefits ConferenceWestern Pension & Benefits Conference
PHYSICAL SECURITYPHYSICAL SECURITY
Key card entryKey card entryVisible name/photo badgesVisible name/photo badgesRestricted access to sensitive areas, computer roomsRestricted access to sensitive areas, computer roomsSignSign--in sheet at receptionin sheet at reception
-- Capture DL, DOB, vehicle license, signatureCapture DL, DOB, vehicle license, signatureVideo surveillanceVideo surveillance
-- Watch all entrances, sensitive areasWatch all entrances, sensitive areas-- Record video, retain it for 30 days or moreRecord video, retain it for 30 days or more
Peter H. Gregory, CISA, CISSP Peter H. Gregory, CISA, CISSP [email protected]@yahoo.com
Western Pension & Benefits ConferenceWestern Pension & Benefits Conference
SCAN YOUR ENVIRONMENTSCAN YOUR ENVIRONMENT
Scanning Scanning -- electronically searching for vulnerabilitieselectronically searching for vulnerabilitiesScan from the outsideScan from the outside--inin
-- External scanning providersExternal scanning providers-- Qualys, Ambiron, many othersQualys, Ambiron, many others
-- Hackers do it routinely and frequently, why not do it Hackers do it routinely and frequently, why not do it also and also and plug those holes!plug those holes!
Scan internallyScan internally-- Nessus, Qualys, ShavlikNessus, Qualys, Shavlik
Peter H. Gregory, CISA, CISSP Peter H. Gregory, CISA, CISSP [email protected]@yahoo.com
Western Pension & Benefits ConferenceWestern Pension & Benefits Conference
CHANGE MANAGEMENTCHANGE MANAGEMENT
All changes to applications, infrastructure should go All changes to applications, infrastructure should go through a formal change management processthrough a formal change management process
-- RequestRequest-- ReviewReview-- ApproveApprove-- ImplementImplement-- VerifyVerify-- RecordkeepingRecordkeeping
Peter H. Gregory, CISA, CISSP Peter H. Gregory, CISA, CISSP [email protected]@yahoo.com
Western Pension & Benefits ConferenceWestern Pension & Benefits Conference
SECURITY INCIDENT MANAGEMENTSECURITY INCIDENT MANAGEMENT
Recognize when an incident occursRecognize when an incident occursAct quickly to preserve forensic dataAct quickly to preserve forensic data
-- May be needed for criminal or civil actionsMay be needed for criminal or civil actionsAct quickly to restore operationsAct quickly to restore operations
-- May trigger business continuity eventsMay trigger business continuity events
Peter H. Gregory, CISA, CISSP Peter H. Gregory, CISA, CISSP [email protected]@yahoo.com
Western Pension & Benefits ConferenceWestern Pension & Benefits Conference
BACKGROUND CHECKSBACKGROUND CHECKS
Do you really know whoDo you really know who’’s working for you?s working for you?Make background checks a part of the hiring processMake background checks a part of the hiring process
-- EducationEducation-- EmploymentEmployment-- CreditCredit-- CriminalCriminal
Do this for employees Do this for employees andand contractors!contractors!
Peter H. Gregory, CISA, CISSP Peter H. Gregory, CISA, CISSP [email protected]@yahoo.com
Western Pension & Benefits ConferenceWestern Pension & Benefits Conference
OUTSIDE AUDITORS / ASSESSORSOUTSIDE AUDITORS / ASSESSORS
Many regulations require periodic audits Many regulations require periodic audits –– others do notothers do not-- PCI, HIPAA, GLBA, SB1386, SB6043, FISMA, SOXPCI, HIPAA, GLBA, SB1386, SB6043, FISMA, SOX
If you are not periodically audited, consider doing soIf you are not periodically audited, consider doing so-- Security risk assessment by a security firmSecurity risk assessment by a security firm-- ISO27001 certificationISO27001 certification-- Webtrust or Systrust certificationWebtrust or Systrust certification-- HackerSafe or Verisign sealHackerSafe or Verisign seal
Peter H. Gregory, CISA, CISSP Peter H. Gregory, CISA, CISSP [email protected]@yahoo.com
Western Pension & Benefits ConferenceWestern Pension & Benefits Conference
DISASTER RECOVERY / BUSINESS DISASTER RECOVERY / BUSINESS CONTINUITY PLANNINGCONTINUITY PLANNING
Tangential to data securityTangential to data security-- Tied to Tied to ““availabilityavailability””
Peter H. Gregory, CISA, CISSP Peter H. Gregory, CISA, CISSP [email protected]@yahoo.com
Western Pension & Benefits ConferenceWestern Pension & Benefits Conference
War Story: Stolen LaptopsWar Story: Stolen Laptops
Scenario 1: 30+ employee laptops disappear overnightScenario 1: 30+ employee laptops disappear overnight
Scenario 2: executive left laptop on the airplaneScenario 2: executive left laptop on the airplane
Scenario 3: laptop and computer bag stolen out of Scenario 3: laptop and computer bag stolen out of employeeemployee’’s cars car
Peter H. Gregory, CISA, CISSP Peter H. Gregory, CISA, CISSP [email protected]@yahoo.com
Western Pension & Benefits ConferenceWestern Pension & Benefits Conference
War Story: Disclosed PasswordsWar Story: Disclosed Passwords
Scenario 1: Call center employee using supervisorScenario 1: Call center employee using supervisor’’s ID for s ID for approving discounts and creditsapproving discounts and credits
Scenario 2: Privileged (administrative) password given to Scenario 2: Privileged (administrative) password given to an employee who should not have had itan employee who should not have had it
-- Came to light when unauthorized changes caused Came to light when unauthorized changes caused outagesoutages
Peter H. Gregory, CISA, CISSP Peter H. Gregory, CISA, CISSP [email protected]@yahoo.com
Western Pension & Benefits ConferenceWestern Pension & Benefits Conference
War Story: Typhoid Mary laptop brings in a War Story: Typhoid Mary laptop brings in a wormworm
Scenario: 2003, Nimda wormScenario: 2003, Nimda worm-- EmployeeEmployee’’s laptop antis laptop anti--virus wasnvirus wasn’’t workingt working-- Became infected with Nimda while at home (no Became infected with Nimda while at home (no
firewall)firewall)-- Came in to work, plugged into the networkCame in to work, plugged into the network-- Attack commenced inside the corporate networkAttack commenced inside the corporate network-- Critical servers attacked, crashedCritical servers attacked, crashed
-- This occurred three times in three days (different This occurred three times in three days (different employees)employees)
Peter H. Gregory, CISA, CISSP Peter H. Gregory, CISA, CISSP [email protected]@yahoo.com
Western Pension & Benefits ConferenceWestern Pension & Benefits Conference
War Story: Vulnerability on CompetitorWar Story: Vulnerability on Competitor’’s Web s Web Site: could it happen to us?Site: could it happen to us?
WellWell--publicized vulnerability on publicized vulnerability on VerizonVerizon’’ss website easily website easily allowed people to view other customersallowed people to view other customers’’ account account informationinformationQuickly, executives asked if it could happen to us (AT&T Quickly, executives asked if it could happen to us (AT&T Wireless).Wireless).((……a mad scramble ensuesa mad scramble ensues……))We were not vulnerable to the same attack, or anything We were not vulnerable to the same attack, or anything resembling it. Phew!resembling it. Phew!
Peter H. Gregory, CISA, CISSP Peter H. Gregory, CISA, CISSP [email protected]@yahoo.com
Western Pension & Benefits ConferenceWestern Pension & Benefits Conference
War Story: Sept 11, 2001 War Story: Sept 11, 2001 –– corporate lockdowncorporate lockdown
We convened on an emergency response We convened on an emergency response conference bridge and locked down and conference bridge and locked down and mobilized the entire company: dozens of mobilized the entire company: dozens of office locations and hundreds of storesoffice locations and hundreds of stores
-- Locked down office building Locked down office building entrances (ingress by main entrance entrances (ingress by main entrance only)only)
-- Temporarily released all contractorsTemporarily released all contractors-- Tightened network securityTightened network security-- Suspended extranet accessSuspended extranet access
Peter H. Gregory, CISA, CISSP Peter H. Gregory, CISA, CISSP [email protected]@yahoo.com
Western Pension & Benefits ConferenceWestern Pension & Benefits Conference
Viruses and more in the software dev labViruses and more in the software dev lab
New administrator in a lab stuffed with dozens of New administrator in a lab stuffed with dozens of computers discovered a system with dozens of viruses computers discovered a system with dozens of viruses and and ““root kitsroot kits””When IT switched antiWhen IT switched anti--virus vendors, they never told R&D, virus vendors, they never told R&D, so the systems in the lab stopped updating virus so the systems in the lab stopped updating virus signatures six months earliersignatures six months earlierThe solution:The solution:
-- Reset all passwordsReset all passwords-- Wipe the seriouslyWipe the seriously--infected systems, clean the restinfected systems, clean the rest-- Get current antiGet current anti--virus licensesvirus licenses
Peter H. Gregory, CISA, CISSP Peter H. Gregory, CISA, CISSP [email protected]@yahoo.com
Western Pension & Benefits ConferenceWestern Pension & Benefits Conference
Outsider hacking in to 501(c)(3) web siteOutsider hacking in to 501(c)(3) web site
NonNon--profit websiteprofit website……Hacked into website software Hacked into website software
-- defaced web pagesdefaced web pages-- altered web pagesaltered web pages-- changed links to take people elsewherechanged links to take people elsewhere
Security assessment neededSecurity assessment needed-- Identify the vulnerabilitiesIdentify the vulnerabilities-- Fix themFix them
Peter H. Gregory, CISA, CISSP Peter H. Gregory, CISA, CISSP [email protected]@yahoo.com
Western Pension & Benefits ConferenceWestern Pension & Benefits Conference
Transactions showing up in other accountsTransactions showing up in other accounts
Credit card transactions for one customer showing up in Credit card transactions for one customer showing up in another customeranother customer’’s reports reportRoot cause analysis (RCA): administrator error, not Root cause analysis (RCA): administrator error, not following a procedurefollowing a procedure
Peter H. Gregory, CISA, CISSP Peter H. Gregory, CISA, CISSP [email protected]@yahoo.com
Western Pension & Benefits ConferenceWestern Pension & Benefits Conference
Q & AQ & A
Data Protection and War Stories Data Protection and War Stories from the Wild Wild Westfrom the Wild Wild West
Peter H. Gregory, CISA, CISSPPeter H. Gregory, CISA, [email protected]@yahoo.comwww.isecbooks.comwww.isecbooks.comWestern Pension and Benefits ConferenceWestern Pension and Benefits ConferenceFebruary 20, 2007February 20, 2007