Southern California/Orange County CIO Breakfast Round Table
July 10, 2014 meeting
Present: Jeff Hecht, David Mann, Sean Brown, Jim
Sutter, William Zauner, Keith Golden, Dave Phillips
Topic: Security
in the News
Jeff Hecht selected 3 major
security events from the past 12 months on which to focus - the Heartbleed
vulnerability
- massive data breaches such as
the Target one
- the NSA/Snowden theft.
The Heartbleed bug allows for
steeling data usually protected by the OpenSSL/TLS encryption over the
Internet. Not only is data lost but also
the encryption keys themselves. It is
estimated that more than 600,000 servers were affected. You can test your servers to see if your
company is affected (see slide 9).
The Target theft resulted in
more than 40 M credit/debit numbers being stolen, with massive side affects
(see slide 10). Not only was Target affected but many, many other big stores –
an estimated 1 in 4 Americans have been affected. Chip and pin technologies (smart cards) can
have a positive affect, but costly to implement.
The Snowden action revealed
that mass surveillance programs are conducted by the NSA, affecting both US
citizens and foreign nationals. It has
raised many concerns, including the threat of insider theft. Side 19 lists a number of actions that might
form part of your defense in depth. Jeff's slides are at: http://www.slideshare.net/occio .
Jeff lead a very interesting
discussion and he lists many interesting links to much more information in his
appendices.
Jeff – this was a great
presentation, as usual.
No comments:
Post a Comment