Cómo usar la Tecnología para generar más Seguridad y Desarrollo local 27 de Marzo 2015 Adrian Mikeliunas, CISSP, CISA Conquest Security
Jul 15, 2015
Cómo usar la Tecnología para generar más
Seguridad y Desarrollo local
27 de Marzo 2015
Adrian Mikeliunas, CISSP, CISA
Conquest Security
Seguridad y Desarrollo
Agenda
♦ Definiciones♦ Peligros♦ Tecnologia y Comunicaciones♦ Seguridad y Desarrollo
Adrian Mikeliunas, CISSP Certified Information System Security Professional (CISSP) Certified Information Systems Auditor (CISA) 30+ años de Ingeniero de Sistemas
12 años en el Banco Mundial, 4 años en el Fondo Monetario
7 años de Consultor para AT&T
Mobile: 571-335-5525
4
Identity theftIdentity theft
Labor ActionLabor Action
Trojan HorsesTrojan HorsesScript KiddiesScript Kiddies
Industrial EspionageIndustrial Espionage
Human FactorHuman Factor
Backdoor ownership of Host machinesBackdoor ownership of Host machines
HackersHackers
SniffingSniffing
CrackersCrackers
Process HijackingProcess Hijacking
Buffer OverflowsBuffer Overflows
Hostile Java AppletsHostile Java Applets
ECHELON/CARNIVORE – Government SurveillanceECHELON/CARNIVORE – Government Surveillance
Abuse of Civil AuthorityAbuse of Civil Authority
Compromise of centralized 3Compromise of centralized 3rdrd Party Data Repositories Party Data Repositories
Legacy Systems
IP TheftIP TheftHostile VB ScriptsHostile VB Scripts
Denial of Service AttacksDenial of Service Attacks
Foreign Government EspionageForeign Government Espionage
Data Lineage
Rogue ApplicationsRogue Applications
Intrusion to commit a FelonyIntrusion to commit a Felony
Virus’sVirus’s
Worms
Spoofing
New Regulations
Social EngineeringSocial EngineeringWebsite AttacksWebsite Attacks
Theft of Trade SecretsTheft of Trade Secrets
Dumpster DivingDumpster Diving
Breach of Physical SecurityBreach of Physical Security
Terrorism
Peligros ExternosPeligros Externos
Seguridad y Desarrollo
Social EngineeringSocial Engineering
SniffingSniffing
SpamSpam
GopherGopher
WirelessWirelessemailemail
DNS Cache-based TrustDNS Cache-based Trust
NFSNFS
Poorly Maintained SystemPoorly Maintained SystemSecurity Sensor MisconfigurationSecurity Sensor Misconfiguration
IP TheftIP Theft
Admin ErrorsAdmin Errors
Privilege EscalationPrivilege Escalation
SendmailSendmail
Too many ServicesToo many Services TCP HijackingTCP Hijacking
Finger BuffersFinger Buffers
External DNS Zone TransfersExternal DNS Zone Transfers
Human FactorHuman Factor
Identity theftIdentity theftTFTPTFTP FTPFTP
Unauthorized Insider accessUnauthorized Insider access
Rogue ApplicationsRogue Applications
SabotageSabotage
HTTPHTTPInstant
Messaging
Education and AwarenessEducation and Awareness
Disgruntled EmployeesDisgruntled Employees
Modem Hijacking
Bad Application Code
Policy adherencePolicy adherence
UDP ServicesUDP Services NewsNews
Patch Management
Peligros InternosPeligros Internos
Seguridad y Desarrollo
Security Frameworks
Disaster Recovery
Security AwarenessSecurity Awareness
Security Health Checks
Security Policies and Procedures
PKI Readiness Reviews
PKI Infrastructures
Privilege Management
ConsultantsConsultants
Intrusion Detection
Training
Security InfrastructureNetwork Forensics
Firewalls
Content Management
Secure Email
Legal/Regulatory
Portal Security
Business Continuity Planning
Incident Management
Platform Security
Computer Forensics
Website Protection
HR Policy
Event Monitoring
Domain Security
Wifi
Privacy
Collaboration/Partners
UsersCorporate Governance
Risk Assessments
Risk Analysis
Legacy Systems
Security Integration
Virus
Event Correlation
Security in Enterprise Architectures
Malware
Patch Management
Vulnerabilities
Control Standards
Intrusion Protection
The Human Factor
Log Analysis
Security Baselines
Webmail
Data Classification
Asset ClassificationAsset Classification
Data Lineage
Security Measurement
Mainframe Security
Security Management
¿Podemos Entender Seguridad?
Seguridad y Desarrollo
OECD Guidelines for the Security of Information Systems & Networks
Government Information Security Reform Act
Turnbull Report
Higgs Report
Smith Report
EU Privacy Directive
OECD - Corporate Guidelines GovernanceOECD - Corporate Guidelines Governance
HIPAA
GLBA
Sarbanes Oxley
Patriot Act IISB-1386 California
FISMA
GISRAOMB-123
OMB-130
NIST 800 Series Standards
Bill C-6
ISO 17799
Basel II
Computer Fraud and Abuse Act 1986
Children's Online Privacy Protection Act of 1998 (COPPA)
Electronic Communications Privacy Act 1986
Foreign Corrupt Practices Act 1977
Freedom of Information ActFreedom of Information Act
Computer Security Act 1987Computer Security Act 1987
Digital Millennium Copyright Act 1998
FERPA
National infrastructure Protection Act 1996
UK Data Protection Act
BS 7799BS 7799The European Union Directive on Data Protection
Anti-terrorism, Crime and Security Act 2001
The Telecommunications (Data Protection and Privacy) Regulations 1999
FERC
Homeland Security Act
NIST
EU Regulatory Framework for Electronic Communications
BITS FDA
FFIEC
21 CFR part 11
NERCNERCNY Reg. 173NY Reg. 173
Legislation & Standards
Seguridad y Desarrollo
Seguridad y Desarrollo
Estado Mundial de Seguridad
PASADO
Virus
Lola
TI era responsable
PRESENTE
Gobiernos que espíanChina KoreaNSA, etc..
Corrupcción SPAM & Malware
Usted es responsable
Seguridad y Desarrollo
Tecnología y Comunicaciones
♦ El Teléfono – De atadura a liberación [movil]
♦ La Computadora♦ De atadura a liberación [movil]
♦La radio y Television– …
Todo implica movilidad!
Seguridad y Desarrollo
Seguridad y Ciudadania
♦ ¿Transparencia o Corrupcion?♦ ¿Elecciones Electronicas?
♦ Reporte de Servicios– DC 311 311.dc.gov– NY 311 www1.nyc.gov/311
Seguridad y Desarrollo
Crowdsourcing (colaboracion abierta)
♦ Salud♦ Educación♦ Calidad Humana
♦ Ejemplos:– Kickstarter.com – IndieGogo.com– GoFundMe.com
Seguridad y Desarrollo
Desarrollo Sustentable
♦ Proyectos Municipales y Estatales– Comunicación– Educación– Salud– Seguridad– Trabajo
En un marco de: transparencia y anti-corrucción
Seguridad y Desarrollo
Desarrollo Sustentable
♦ Micro Préstamos– Fondos a pequeñas empresas
• http://www.kiva.org
• https://www.prosper.com