OC CIO Minutes July 10, 2014

Southern California/Orange County CIO Breakfast Round Table

July 10, 2014 meeting

Present:        Jeff Hecht, David Mann, Sean Brown, Jim Sutter, William Zauner, Keith Golden, Dave Phillips

Topic:          Security in the News

Jeff Hecht selected 3 major security events from the past 12 months on which to focus - the Heartbleed vulnerability

- massive data breaches such as the Target one

- the NSA/Snowden theft.

The Heartbleed bug allows for steeling data usually protected by the OpenSSL/TLS encryption over the Internet.  Not only is data lost but also the encryption keys themselves.  It is estimated that more than 600,000 servers were affected.  You can test your servers to see if your company is affected (see slide 9).

The Target theft resulted in more than 40 M credit/debit numbers being stolen, with massive side affects (see slide 10). Not only was Target affected but many, many other big stores – an estimated 1 in 4 Americans have been affected.  Chip and pin technologies (smart cards) can have a positive affect, but costly to implement.

The Snowden action revealed that mass surveillance programs are conducted by the NSA, affecting both US citizens and foreign nationals.  It has raised many concerns, including the threat of insider theft.  Side 19 lists a number of actions that might form part of your defense in depth. Jeff's slides are at:  http://www.slideshare.net/occio .

Jeff lead a very interesting discussion and he lists many interesting links to much more information in his appendices.

Jeff – this was a great presentation, as usual.

 

OC CIO Minutes June 12, 2014

Southern California/Orange County CIO Breakfast Round Table

June 12, 2014 meeting

Present:        David Mann, Sean Brown, Jim Sutter, Jeff Hecht, Jeff Crowell,

Dave Phillips

Topic:          Mobile Security

David Mann is the new CIO at ATMECS and he shared with us a brief description of the company (see slides 3-6).  ATMECS is a technology solutions partner whose focus includes applications development, systems integration, and database solutions. The name ATMECS stands for Aspire, Think, Manage, Engage, Create, Succeed.

Mobile security is no longer one point of control – it involves people (users, employees, contractors, customers, partners), data (structured and unstructured), and all kinds of devices.  David shared with us various statistics on mobile search and its threats and challenges. The biggest increase in loss of and theft of mobile devices is in SF!  When thinking about mobile security strategy, you have to consider mobile device management and security, application management, data protection, virtual desk infrastructure, risk management, always on VPN and trusted execution environment.  He had a slide for each of these issues, and ended with a Gartner Magic Quadrant for 2012 and 2013, showing the top 3 vendors for each.  I recommend you read the slides for more information. They're at:  http://www.slideshare.net/occio 

Great presentation - thank you, David