Archive
Fortune Cookies Tell No Lies
Join us on May 16 at the Delta Sydney for a presentation from Travis Barlow, Director of Security Consulting Services: eSentire Inc.
Fortune Cookies tell no lies – or how China may not be behind the majority of Internet borne attacks
Is China really behind all the attacks that the mainstream media would have you believe? During his talk Mr.Barlow will review recent happenings and the results of his research that provide some insights into what may be one of the largest Internet security assumptions in recent history.
Mr. Barlow is also the founder of the Atlantic Security Conference, Halifax Area Security Klatch, and the recently launched Halifax Hack Labs.
His presentation will run from 5:30-6:30 PM, with complimentary snacks and coffee/tea, then join us from 6:30-7:30 PM for complimentary appetizers, drinks, and networking. There will also be a draw for a $100 gift card from Future Shop!
A big thank you goes out to Check Point for sponsoring this event and to eSentire Inc. for providing an excellent presenter!
You don’t want to miss it! REGISTER TODAY! Seating is limited and your registration ticket is required for the door prize draw. You must print it and bring it with you to the event.
What is Security Posture
What is Security Posture? It is your overall security plan – the approach your business takes to security, from planning to implementation. It is comprised of technical and non-technical policies, procedures and controls, that protect you from both internal and external threats. No business, large or small, is safe from potential security breaches. Anyone is fair game.
Why do you need to worry?
- Hackers – Hackers scan networks for vulnerable systems that can be easily breached for malicious purposes. This can result in compromised data that, in turn, can cause lost customer confidence.
- Disgruntled Employees – Employees bearing a grudge could easily walk out your door with company data on removable media. They could send internal company data to an external source (ie. FTP, SSH, or email server) or simply destroy company data from within.
- Script Kiddies – Typically inexperienced hacker wannabes use tools which are freely available on the Internet (ie. LOIC – Low Orbit Ion Cannon or BackTrack 5). In the wrong hands, these tools can cause significant damage.
- Spammers – Exploit vulnerable email systems to relay spam email through your network infrastructure, often resulting in a network outage due to the traffic generated from your compromised network.
What can you do to protect yourself?
Determine what needs to be protected. This could include credit card numbers, confidential customer data, or corporate assets.
Figure out how your data might be acquired. A risk assessment should be conducted to determine any potential weak points in both your IT and physical controls.
Install controls to protect your data. This may be as simple as implementing a security awareness program for all employees, or as complex as installing a hardened network perimeter (ie. DLP or IDS systems). The scope of the controls will be determined by your financial situation and the likelihood of compromised data.
In the end, you need to decide how much risk you can accept. This will determine a security posture that suits the needs of your business.
