hidden pitfalls: identify and manage the latent risk in your … · 2014-06-06 · hidden...
TRANSCRIPT
![Page 1: Hidden Pitfalls: Identify and Manage the Latent Risk in Your … · 2014-06-06 · Hidden Pitfalls: Identify and Manage the Latent Risk in Your Organization . Fernando Martinez Ph.D](https://reader034.vdocument.in/reader034/viewer/2022042913/5f4b0013c9090c333f7318dd/html5/thumbnails/1.jpg)
Hidden Pitfalls: Identify and Manage the Latent
Risk in Your Organization
Fernando Martinez Ph.D. CISSP CISM CISA
![Page 2: Hidden Pitfalls: Identify and Manage the Latent Risk in Your … · 2014-06-06 · Hidden Pitfalls: Identify and Manage the Latent Risk in Your Organization . Fernando Martinez Ph.D](https://reader034.vdocument.in/reader034/viewer/2022042913/5f4b0013c9090c333f7318dd/html5/thumbnails/2.jpg)
Defined: LATENT RISK
Risk that is present and capable of emerging or
developing but not visible, obvious or active
Why speak about it or focus on it?
![Page 3: Hidden Pitfalls: Identify and Manage the Latent Risk in Your … · 2014-06-06 · Hidden Pitfalls: Identify and Manage the Latent Risk in Your Organization . Fernando Martinez Ph.D](https://reader034.vdocument.in/reader034/viewer/2022042913/5f4b0013c9090c333f7318dd/html5/thumbnails/3.jpg)
[Enter]
![Page 4: Hidden Pitfalls: Identify and Manage the Latent Risk in Your … · 2014-06-06 · Hidden Pitfalls: Identify and Manage the Latent Risk in Your Organization . Fernando Martinez Ph.D](https://reader034.vdocument.in/reader034/viewer/2022042913/5f4b0013c9090c333f7318dd/html5/thumbnails/4.jpg)
![Page 5: Hidden Pitfalls: Identify and Manage the Latent Risk in Your … · 2014-06-06 · Hidden Pitfalls: Identify and Manage the Latent Risk in Your Organization . Fernando Martinez Ph.D](https://reader034.vdocument.in/reader034/viewer/2022042913/5f4b0013c9090c333f7318dd/html5/thumbnails/5.jpg)
Collusion and Willful Neglect
“51% of employees said
they would go around any policy that restricted their use of their own devices or
use of cloud storage” Elizabeth Weise, USA Today, August 26th 2014, Money – Cybersecurity for Business, Pg. 3B. Citing data from 2014 Fortinet study.
![Page 6: Hidden Pitfalls: Identify and Manage the Latent Risk in Your … · 2014-06-06 · Hidden Pitfalls: Identify and Manage the Latent Risk in Your Organization . Fernando Martinez Ph.D](https://reader034.vdocument.in/reader034/viewer/2022042913/5f4b0013c9090c333f7318dd/html5/thumbnails/6.jpg)
Approach??
![Page 7: Hidden Pitfalls: Identify and Manage the Latent Risk in Your … · 2014-06-06 · Hidden Pitfalls: Identify and Manage the Latent Risk in Your Organization . Fernando Martinez Ph.D](https://reader034.vdocument.in/reader034/viewer/2022042913/5f4b0013c9090c333f7318dd/html5/thumbnails/7.jpg)
IoT
![Page 8: Hidden Pitfalls: Identify and Manage the Latent Risk in Your … · 2014-06-06 · Hidden Pitfalls: Identify and Manage the Latent Risk in Your Organization . Fernando Martinez Ph.D](https://reader034.vdocument.in/reader034/viewer/2022042913/5f4b0013c9090c333f7318dd/html5/thumbnails/8.jpg)
Distributed Data
![Page 9: Hidden Pitfalls: Identify and Manage the Latent Risk in Your … · 2014-06-06 · Hidden Pitfalls: Identify and Manage the Latent Risk in Your Organization . Fernando Martinez Ph.D](https://reader034.vdocument.in/reader034/viewer/2022042913/5f4b0013c9090c333f7318dd/html5/thumbnails/9.jpg)
Cloud Storage
![Page 10: Hidden Pitfalls: Identify and Manage the Latent Risk in Your … · 2014-06-06 · Hidden Pitfalls: Identify and Manage the Latent Risk in Your Organization . Fernando Martinez Ph.D](https://reader034.vdocument.in/reader034/viewer/2022042913/5f4b0013c9090c333f7318dd/html5/thumbnails/10.jpg)
What “Data Breach Fatigue” Could Mean for the Privacy
Profession
June 6, 2014
(https://privacyassociation.org/news/a/what-data-breach-fatigue-could-mean-for-the-privacy-profession/)
![Page 11: Hidden Pitfalls: Identify and Manage the Latent Risk in Your … · 2014-06-06 · Hidden Pitfalls: Identify and Manage the Latent Risk in Your Organization . Fernando Martinez Ph.D](https://reader034.vdocument.in/reader034/viewer/2022042913/5f4b0013c9090c333f7318dd/html5/thumbnails/11.jpg)
Data breach notification fatigue: Do consumers (eventually) tune out? Data breach notifications are flying en masse following the Epsilon Interactive breach, but are they doing customers any good? By George V. Hulme CSO | Apr 12, 2011 8:00 AM http://www.csoonline.com/article/2127999/data-protection/data-breach-notification-fatigue--do-consumers--eventually--tune-out-.html
![Page 12: Hidden Pitfalls: Identify and Manage the Latent Risk in Your … · 2014-06-06 · Hidden Pitfalls: Identify and Manage the Latent Risk in Your Organization . Fernando Martinez Ph.D](https://reader034.vdocument.in/reader034/viewer/2022042913/5f4b0013c9090c333f7318dd/html5/thumbnails/12.jpg)
• Close to 50% - 110 Million – of all adults • In the last 12 months! • Conservative figure – several large
organizations are not “fully transparent” http://money.cnn.com/2014/05/28/technology/security/hack-data-breach/
![Page 13: Hidden Pitfalls: Identify and Manage the Latent Risk in Your … · 2014-06-06 · Hidden Pitfalls: Identify and Manage the Latent Risk in Your Organization . Fernando Martinez Ph.D](https://reader034.vdocument.in/reader034/viewer/2022042913/5f4b0013c9090c333f7318dd/html5/thumbnails/13.jpg)
BYOD aka Consumerization
![Page 14: Hidden Pitfalls: Identify and Manage the Latent Risk in Your … · 2014-06-06 · Hidden Pitfalls: Identify and Manage the Latent Risk in Your Organization . Fernando Martinez Ph.D](https://reader034.vdocument.in/reader034/viewer/2022042913/5f4b0013c9090c333f7318dd/html5/thumbnails/14.jpg)
Social Engineering
![Page 15: Hidden Pitfalls: Identify and Manage the Latent Risk in Your … · 2014-06-06 · Hidden Pitfalls: Identify and Manage the Latent Risk in Your Organization . Fernando Martinez Ph.D](https://reader034.vdocument.in/reader034/viewer/2022042913/5f4b0013c9090c333f7318dd/html5/thumbnails/15.jpg)
Identity Management
Two Factor
![Page 16: Hidden Pitfalls: Identify and Manage the Latent Risk in Your … · 2014-06-06 · Hidden Pitfalls: Identify and Manage the Latent Risk in Your Organization . Fernando Martinez Ph.D](https://reader034.vdocument.in/reader034/viewer/2022042913/5f4b0013c9090c333f7318dd/html5/thumbnails/16.jpg)
Identity Management
Multi Factor
![Page 17: Hidden Pitfalls: Identify and Manage the Latent Risk in Your … · 2014-06-06 · Hidden Pitfalls: Identify and Manage the Latent Risk in Your Organization . Fernando Martinez Ph.D](https://reader034.vdocument.in/reader034/viewer/2022042913/5f4b0013c9090c333f7318dd/html5/thumbnails/17.jpg)
Latent Risk - Summarized
1. Internet of Things (IoT) 2. Distributed Data 3. Cloud Storage 4. Consumerization 5. Social Engineering 6. Challenge/Response for identity
management 7. Data breach fatigue
![Page 18: Hidden Pitfalls: Identify and Manage the Latent Risk in Your … · 2014-06-06 · Hidden Pitfalls: Identify and Manage the Latent Risk in Your Organization . Fernando Martinez Ph.D](https://reader034.vdocument.in/reader034/viewer/2022042913/5f4b0013c9090c333f7318dd/html5/thumbnails/18.jpg)
There is no Silver Bullet
![Page 19: Hidden Pitfalls: Identify and Manage the Latent Risk in Your … · 2014-06-06 · Hidden Pitfalls: Identify and Manage the Latent Risk in Your Organization . Fernando Martinez Ph.D](https://reader034.vdocument.in/reader034/viewer/2022042913/5f4b0013c9090c333f7318dd/html5/thumbnails/19.jpg)
Abstraction
![Page 20: Hidden Pitfalls: Identify and Manage the Latent Risk in Your … · 2014-06-06 · Hidden Pitfalls: Identify and Manage the Latent Risk in Your Organization . Fernando Martinez Ph.D](https://reader034.vdocument.in/reader034/viewer/2022042913/5f4b0013c9090c333f7318dd/html5/thumbnails/20.jpg)
Fernando Martinez, PhD Senior Vice President and CIO
Parkland Health and Hospital System [email protected]