2016 security review and predictions for 2017c.ymcdn.com/sites/ 2016 security review and predictions...

January 24th, 2017

2016 Security Review and

Predictions for 2017

2

Today’s web conference is generously sponsored by:

Visit https://www.hp.com/

3

2016 Security Review and Predictions for 2017

Welcome Conference Moderator

Jorge OrchillesSenior VP, CitiDirector, South Florida ISSA

To ask a question:Type in your question in the Questions area of your screen.

#ISSAWebConf

4

2016 Security Review and Predictions for 2017

Today’s Speakers

Kip BoylePresident of Cyber Risk Opportunities, LLC.

Ron ChestangSenior IT Security Consultant, Hewlett Packard

Andrea HoyPresident of Information Systems Security Association

International

5

Speaker Introduction

Kip Boyle• President of Cyber Risk Opportunities,

LLC

• Former CISO at PEMCO

• Retired US Air Force officer

• Certified CISM, CISSP

• B.S. in computer information systems at the University of Tampa and MS in Management at Troy State University

@KipBoyle

Managed cybersecurity programs that

help mid-market businesses thrive

Mossack Fonseca

7

1/25/2017© 2016, Cyber Risk Opportunities, LLC. All

Rights Reserved.8


Rights Reserved.9

Largest scandal ever


Rights Reserved.10

Wiped out $135 billion of stock value

Massive political fallout


Rights Reserved.12

The Panama Papers are a

management failure

The best way to predict the future is to invent itAlan Kay

American Computer Scientist, Inventor of Smalltalk, Turing Award Winner

13

2017—Bridge the chasm

competition for resources

marketing

operations

InfoSec Business Value Model

Reliability of

Operations

Expected

Return

IndemnityRisk

Management

• Business

process integrity

• Data protection

• Continuous

improvement

• Future agility

• New capability

• Return on mitigation

• Brand enhancement

• Competitive

differentiation

• Greater

stakeholder support

• Increased

accountability

• Compliance

• Improved awareness

• Risk insight

• Risk and cost

avoidance

• Risk reduction or

acceptance

Trust

© 2016, Cyber Risk Opportunities, LLC. All Rights Reserved. 14

Example: Encrypt PII in

production databases

Top Benefit: Indemnity

Closer alignment with company

InfoSec policy and FTC

“reasonableness” standard

Exemptions under Breach

Notification laws

© 2016, Cyber Risk Opportunities, LLC. All Rights Reserved.

InfoSec Portfolio Visualizer

19

The best way to predict the future is to invent itAlan Kay

American Computer Scientist, Inventor of Smalltalk, Turing Award Winner

25

Executive Forum 2016

“Implementing an Information Security Program”

28


Ron Chestang

• Senior IT Security Consultant

• Over 15 years experience as a Cyber Officer in the United States Air Force

• Expert in war between cyber security professionals and cyber criminals

• Specialist in fighting corporate espionage

Executive Forum 2016

Can A Printer Compromise Your Business?

Ron Chestang GCIH, CISM, CEH,

Print Security Adviser

29

What are the top printing security concerns?

1) Exposure of data in transit

2) Company’s ability to identify a security breach from printers

3) Exposure of documents left in the output tray

4) Unauthorized use of printer features

5) Remote employee’s use of home printers

6) Exposure of device network settings or ports

7) Threat of outside malicious access to network through printers

IDC, “User Perspectives on Print Security,” U.S. companies with more than 500 employees, November 2015 IDC#US40612015

Add creepy security slide

31

More data

PRINTERS ARE UNDER ATTACK

64%IT MANAGERSREPORT LIKELY

PRINTER MALWARE INFECTION

60%HAD A PRINTERDATA BREACH

Ponemon Institute, “Insecurity of Network-Connected Printers,” October 2015.Ponemon Institute, “Annual Global IT Security Benchmark Tracking Study,” March 2015.

33

AND YET, PRINTING IS NOT A HIGH SECURITY PRIORITY FOR ITDMS

LEVEL OF CONCERN

91%

77%

77%

18%

PC DEVICES

MOBILEDEVICES

SERVERS

PRINTERS

Source: Spiceworks survey of 107 IT pros at companies with 250 or more employees in North America, Europe, the Middle East, Africa, Asia Pacific, and China, conducted on behalf of HP in January 2015,

MORE…

DATA40ZB

By 2020

CLIENTS25B “Connected Things”

By 2020

SECURITY THREATS

+48% Annually

35

“Break Things”…… Dan Kaminsky Blackhat 2016 Keynote speaker

Print Security Stages of Maturity ( 2016 March )

36

Ad-Hoc

Opportunistic

Repeatable

ManagedUnsecured /Unprepared

RecognizingRisk

BasicCompliance

ComprehensivePolicies

ProactiveManagement

Business unknowingly vulnerable toEither malicious or accidental attacks

via printers/MFPs

Likelihood of attack lessens, still atconsiderable risk due to limited

integration

Organization invest significantly in aProgram that is very device specific, does

not meet robust needs of organization

Continuous print security practicesReasonably certain, exception is

Unexpected types of attacks

Continued readiness using optimized Solutions and strategy mitigates risk

Of print-related attacks

Optimized

1IDC, “IDC MaturityScape Benchmark: Print Security in the United States,” March 2016 IDC#US410480162IDC, “IDC MaturityScape: Print Security”, December 2015

61% of US companies have significantly under-addressed printer security & compliance1

The weakest link

37

1Includes device, data and document security capabilities by leading managed print service providers. Based on HP review of 2015-2016 publicly available information on security services, security and management software and device embedded security features of their competitive in-class printers. For more information visit: www.hp.com/go/MPSsecurityclaims or www.hp.com/go/mps.

Today’s printers look a whole lot like PCs

Firmware and software

Hardware

Network access

Email

Internet

71% of breaches start from Endpoints

… and are being attacked, just like PCs

WIRELESS HACKING

Researchers in Singapore developed a drone with a mobile phone that

can detect open wireless printers in close proximity then establish the

mobile device as a fake access point that mimics the printer and

intercepts documents intended for the real device.

134 different Vulnerabilities

Over 50 modules/attacks

250 different Vulnerabilities

Over 400 modules/attacks

Printer security breachesCase studies

41 HP CONFIDENTIAL Internal Use Only

[email protected]

42

1962

HP Confidential

Stuxnet is known as one of the most sophisticated viruses ever discovered, so unique it make history as the worlds first global digital weapon of the coming age of digital warfare… Kim Zetter

Discovered exploit using print-spoolerto spread between machines over the network… he tested on his own test machine and it worked. The feeling made his hair stand on end

“

”

2010

44

2011

45

2015

46

20162016 April

47

20162016 NovemberSan Francisco Municipal Railway

“SFMTA network was Very Open and 2000 Server/PC”Forbes

© Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

Office of Personnel Management Breach 21 plus million government employees data compromised.

Office of Personnel Management Breach21 plus million government employees data compromised

• FOR YEARS THESE REPORTS HIGHLIGHTING THESE SYSTEMS, POOR SYSTEM COMPLIANCE”

• Will Hurd, Congressman

“Systematic failure on Security Governance, Controls, Security Management Structure , CMDB accuracy…. So bad recommend to shutdown the systems”

Michael Esser, OPM Audit Inspector General. I.T.

Affinity Health• Multiple leased MFPs were

returned to the leasing agent without erasing the confidential medical records and data contained on the hard drives

• The company who later purchased the MFPs discovered the records on the hard drive

• Affinity estimated that 344,579 individuals may have been affected by the breach

• Breach resulted in $1.2 million in HIPAA violations

HP CONFIDENTIAL Internal Use Only 49

next

previous

home

Source: cnsnews.com “Company Fined for Leaving Electronic Health Data on Hard Drive of Leased Photocopier” August 15, 2013http://www.cnsnews.com/news/a rticle/compa ny-fined-leav ing-e lectronic-hea lth-da ta-hard-drive-leased-photocopier

Customer Photo – Network Sniffing.

Cupboard

Security Risk: breach examples

Recent history can open our eyes to the cost, pain and extent of cyber crime

Breach Affected Estimated cost Exploited vulnerability

Anthem Blue Cross and Blue Shield, 2015

Up to 80 million records, including client names, dates of birth, physical and email addresses, medical IDs and Social Security numbers

>$100 million4 Sensitive data, including Social Security numbers, was stored unencrypted5

Target stores,2015

70 million credit and debit cards6 $148 million7 Phishing email sent to HVAC system contractor with unsecured network access8

Aalborg Farveog Lak

Systems disabled and encrypted with ransomware. IT Infrastructure needed to be replaced

1,000,000DKAccess to Corporate network achieved via a Label Printer9

KPMG study in Sweden, 2014

13 of 14 Organizations were infiltrated by malware which was in contact with external C&C servers.

UndisclosedMultiple methods of infiltration used. 11 Organizations were exfiltrating data from various endpoints.

4 ZDNET, February 2015, http://www.zdnet.com/article/anthem-data-breach-cost-likely-to-smash-100-million-barrier5 The Wall Street Journal, http://www.wsj.com/articles/investigators-eye-china-in- anthem-hack-14231675606 New York Times, http://www.wsj.co m/articles/SB10001424052702303754404579312232546392464 7 New York Times, http://www.nytimes .com/2015/08/06/business/target-puts-data-b reach-costs-at-148-million.html?_r=08 Krebs On Security, February 2015, http://krebsonsecurity.com/2015/02/target-hac kers-broke-in-via-hvac-co mpany/9 Hacker kom ind via labelprinterHacker kom ind via labelprinter, April 2015 http://www.computerworld.dk/art/233684/hacker-kom-ind-via-lab elprinter-to g-dansk-firmas-it-systemer-som-gidsel10 Swedish Civil Contingencies Agency https://www.msb.se/en /Products/Publications/Publications -from-the-MSB /Information-Security--trends-2015-A-Swedish-perspective/11 KPMG http://www.kpmg.com/SE/sv/kunskap-utbildning/nyheter-publikation er/Publikation er-2014/Documents/Study-report-Unkno wnThreats-in-Sweden .pdf

Printers at 12 Colleges Spew Hate Fliers in Suspected HackMARCH 25 2016, 4:06 PM ET

“DePaul University said it suspects their printers were hacked are now taking steps to secure them from future breaches.”

Hacker claims to have within minutes identified roughly 29,000 printers that were connected to the Internet and could be exploited through an open port, then automated a procedure that asked each vulnerable machine to print the hate flyer.

The fliers were discovered this week at Princeton, Brown, Northeastern, UC Berkley, DePaul, UMass Amherst, Smith College, Mt. Holyoke, among others.

Hacking Wireless Printers With Phones on Drones

©2016 HP, Inc. All rights reserved. | The information contained herein is subject

to change without notice. | HP Confidential

53

©2016 HP, Inc. All rights reserved. | The information contained herein is subject to change without notice. | HP Confidential53

Researcher’s in Singapore developed a drone with a mobile phone that can detect open wireless printers in close proximity then establish the mobile device as a fake access point that mimics the printer and intercepts documents intended for the real device. (2015)

Columbia University

• A grad student in 2011 exposed a flaw in printing devices that could let hackers hijack the devices to spy on users, spread malware and even force the devices to overheat and catch fire

• Printer did not have code signing validation, which allowed the breach

54

previous

home

Source: http://www.scientificamerican.com/a rticle/printers-can-be-hacked-to-ca tch-fire/

HP CONFIDENTIAL Internal Use Only

55

So What About Now !

2017

56 HP CONFIDENTIAL Internal Use Only

Recon

Weaponization

Delivery

Exploitation

Command &

Control

Cyber Kill Chain

57

“I probe around for a multifunction printer and see that it is configured with default passwords. Great I am in” ………..Hackers Playbook by Peter Kim.

“YES! We've compromised a number of companies using printers as our initial foothold, we move laterally from the printer, find Active Directory, query it with an account from the printer and bingo, we hit GOLD”

SEAHawk

58

IoT

What is an End Point?

SEAHawk

60

Are Printers So Different to PC’s ?

61

When I Looked At Print Infrastructure !

Externalaudit

Compliance

Regulation

(formerly CBP)

Compliance

Logical Access Governance Physical Security

Asset Management Security Configuration Data Security

Patching & AV Log Management

& Security Incident

Build & Release

Business Continuity Network Security Information Security

Personal Security System Acquisition

& Development

Access Control

Framework – All Venders – All Industries

20 Critical Controls•CSC 1: Inventory of Authorized and Unauthorized Devices

•CSC 2: Inventory of Authorized and Unauthorized Software•CSC 3: Secure Configurations for Hardware and Software on Mobile Device Laptops,

Workstations, and Servers•CSC 4: Continuous Vulnerability Assessment and Remediation

•CSC 5: Controlled Use of Administrative Privileges•CSC 6: Maintenance, Monitoring, and Analysis of Audit Logs

•CSC 7: Email and Web Browser Protections•CSC 8: Malware Defenses

•CSC 9: Limitation and Control of Network Ports, Protocols, and Services•CSC 10: Data Recovery Capability

•CSC 11: Secure Configurations for Network Devices such as Firewall Routers, and Switches•CSC 12: Boundary Defense

•CSC 13: Data Protection•CSC 14: Controlled Access Based on the Need to Know

•CSC 15: Wireless Access Control•CSC 16: Account Monitoring and Control

•CSC 17: Security Skills Assessment and Appropriate Training to Fill Gaps•CSC 18: Application Software Security

•CSC 19: Incident Response and Management•CSC 20: Penetration Tests and Red Team Exercises

OSWAP Top Ten1. Cross Site Scripting (XSS)

2. Injection

3. Malicious File Extension

4. Insecure Direct Object Reference

5. Cross Site Request Forgery (CSRF)

6. Leakage and Improper Error Handling

7. Broken Authentication and Sessions

8. Insecure Cryptographic Storage

9. Insecure Communication

10. Failure to Restrict URL Access

68

Pwn – “All Mine”

Industry Security Examples

70

Types of policy settings250+ security settings available in HP enterprise MFPs

Device control

Credentials

Network Services Device

discovery

Printing

Authentication

Authentication services

Email

Command load and execute

Direct connect ports

Fax speed dial lock

I/O timeout

802.1x Authentication

LDAP Server Authentication

File erase mode

File system access protocols

Control panel lock

FTP Firmware Update

Novell remote configuration Telnet

Remote Firmware

upgrade

PJL password

Device PIN presence

File system password Fax PIN

SNMPv1/v2 SNMPv3

Admin (EWS) password

Bootloader password presence

Public username

Secondary email authentication

Credential type

Allow return email address

change

Restrict Addresses

User authentication

Walk-up authentication

Job storage authentication

Send to e-mail authentication

Job creation authentication

Send to folder authenticatio

n

Copy authentication Send to fax authentication

Service Location Protocol (SLP)

Web Services Discovery (WS-Discovery)Bonjour

Link-Local Multicast Name Resolution Protocol

Maximum attachment size

TCP/IP Printing (P9100)

File Transfer Protocol

Internet Printing Protocol

Novell (IPX/SPX)

HP Enterprise embedded security features

Three key technologies take security to the next level:

• HP Sure Start validates the integrity of the BIOS code

• Whitelisting ensures only authentic, known-good HP code is loaded into memory

• Run-time intrusion detection detects anomalies during complex firmware and memory operations

Each feature automatically triggers a reboot if attacked

• HP JetAdvantage Security Manager automatically assesses and, if necessary, remediates device security settings to comply with pre-established company policies

1 Based on HP review of 2015 published embedded security features of competitive in-class printers. Only HP offers a

combination of security features for integrity checking down to the BIOS with self-healing capabilities. A FutureSmart

service pack update may be required to activate security features. Some features will be made available as a HP FutureSmart service pack update on selected existing Enterprise printer models. For list of compatible products, see hp.com/go/LJcompatibility. For more information, visit hp.com/go/LJsecurityclaims.

Load BIOS

HP Sure Start

Au

tom

atic

reb

oo

t

Check firmware

WhitelistingCheck printer settings

HP JetAdvantageSecurity Manager

Continuous monitoring

Run-time intrusion detection

71

Protect. Detect. Recover.

HP LaserJet and PageWide Enterprise: The world’s most secure printers1 with self-healing capabilities

JetAdvantage Security Manager Customer

A major banking customer needed to secure 30,000 devices.

BEFORE

of fleet complied with security policy

25% Less than

AFTER

of fleet complies with the security policy

97% More than

servers12

daily effort

4 hourssaved every day by built-in reports

HOURS

Assessment: 3 Hours

2 servers

No cost, no obligation limited security risk assessment of 20 of your HP printers/MFPs

Security Manager Quick Assess

Highlights• Assess up to 20 HP

devices; no license key required

• Uses new Limited policy with 13 most common security settings

• No remediation, no certificate mgmt., no Instant-On

• License key will unlock full functionality –no new installation required.

video

Complete Limited Policy

Add devices Assess devices Review Results

All within an hour!

HP Secure Managed Print Services

Printers

The world’s most secure printers1

with self-healing capabilities

Software

Security solutions to detect, protect, monitor and manage the fleet

Services

Experts to assess risks, build and maintain a print security policy

1Based on HP review of 2015 published embedded security features of competitive in-class printers. Only HP offers a combination of security features for integrity checking down to the BIOS with self-healing capabilities. A FutureSmart service pack update may be required to activate security features on the HP LaserJet M527, M506, M577. Some features will be made available as a HP FutureSmart service pack update on select existing enterprise printer models. For list of compatible products visit: http://h20195.www2.hp.com/V2/GetD ocume nt.aspx?docna me=4AA6-1178E NW. For more information visit: www.hp.com/go/LJsecurityclaims.

2Based on the breadth of device, data and document security capabilities by leading managed print service providers. Includes HP review of 2015 published details on security services, security and management software and device embedded security features of leading competitive in-class printers. For more information visit: www.hp.com/go/MPSsecurityclaims or www.hp.com/go/mps.

The most comprehensive device, data and document security.2

HP Confidential 2016

Result of compromises

Take action now

Start Scanning Now!

Perform a use case for EOL/EOS Devices

Check your compliance regulations

Password Management

76

Take Action

77

Event messages

Event messages

Event messages

Syslog serverActionable results

SIEM tool

78

“HP Security Assessment and Security Manager saved our bacon”

“I am grateful HP Security team put a clear roadmap together to close my security gaps as opposed to an external audit or worse a shouting match with my management as why a security risk materialized”

“HP Security Services gave us a very clear roadmap and made me look like a security hero”

79

Front cover

81


Andrea Hoy

• President of ISSA International

• Founder of A. Hoy & Associates, a Virtual CISO provider

• Represented the United States as a diplomat to China on eDiscovery and forensics

• Formerly Chief Technical Officer of iQwest Technologies

82

2017 Security PredictionsEmerging Technologies: Friend or Foe, Help or Hindrance

Andrea C. Hoy, CISSP, CISM, MBAPresident, InternationalISSA

24 January 2017Webinar

Agenda

– Evolution of Emerging Technologies and their effect on the Security Landscape

– Emerging Tech Now – Every day

– The Hype of Emerging Tech – Top 3

– What should Businesses look to gain from Emerging Tech to grow and have more efficient, value added projects

– Tools that Help Handle Big Data

– Friend or Foe? 2017 Security Predictions

Evolution of Technology

& Big Data

The Attitude About Security of

Technology Then…

Google

(as a Friend in 2016)

– Leave times based on localized traffic

– Places to eat nearby that are open

– Takes events from your calendar and provides Reminders

and Notifications

– Takes events from your email and provides calendar events,

Reminders and Notifications

– It Tracks where you are

– It Knows where you will be

– It Reads and Analyzes your Calendar

– It Reads and Analyzes your Email

….and what if they hired a Snowden…

2017 will show more maleficents using tracking technology

– Analyzes of Email and Calendar and Buying and if you are Home???

Google Home

as a Foe?

Gartner’s Hype Cycle of Emerging

Technologies 2016

IoT

Self Driving

Automobiles

2016 Doesn’t this Help?

– Self Parking…so it parallel parks!

– Enhanced Cruise Control

– Collision Avoidance – Radar/Microwave

– GPS -Car’s position on the road

– Ultrasonic sensors

– Automatic Emergency Braking

In 2017 Will it be a Hindrance?

– AutoPiloted vehicles involved in fatal crashes

– Forward Collision Warning

– Auto Emergency Braking (AEB)

– Dept of Transportation announced first automated vehicle safety

checklist/Sept 2016

– 2017 Will security improve to negate hackers from controlling our vehicles

Source: ABC

Gartner’s Hype Cycle of Emerging

Technologies 2016

– Longest-running annual report

– Provides a cross-industry perspective on technologies and

trends

– What should be in my emerging technology business

portfolio?

So What’s the Hype?

What Top 3 Emerging Technology

will Effect 2017

1. Transparently immersive experiences

2. Perceptual smart machine age, and

3. The platform revolution

A.Hoy & Associates

1. Transparently Immersive

Experiences

A.Hoy & Associates

1. Transparently Immersive

Experiences

– Headaches

– Potential side effects to brain

– Ocular stimulation

– Electronic pulses

A.Hoy & Associates

2. The Perpetual Smart Machine

– ‘Bigger’ Data

– Increased Radical Computational Power

– Infinite Amounts of Data

“Just Google it”

– Deep Neural Networks

– Smart adaptation to new situations

– Analyze or Solve problems that no one has encountered previously

– 2017 Security Issues – Horse racing predictions, Las Vegas Football bets

– How does a cybersecurity professional protect against a deep neural network

highly intelligent…

2. The Perpetual Smart Machine

– Virtual Personal Assistants

– Cognitive Expert Advisors

– Personal Analytics

– Smart Data Discovery

– Smart Workspace, (or Homes)

– Conversational User Interfaces - apps that can lipread better than professional lip readers

– Machine Learning and Smart Robots

– Commercial UAVs (Drones)

– Autonomous Vehicles

– Natural-Language Question Answering

– Enterprise Taxonomy and Ontology Management

– Data Broker PaaS (dbrPaaS)

– Context Brokering

‘Bigger” data

– Data Analytics

– Growth of Big Data has Complexity and Cost.

– Hard to provide or enforce Data Assurance

– Difficult to Apply Access Controls

– Encryption is not feasible in many cases

A.Hoy & Associates

Big data

– Where does the data reside (If data is not where it should be….it

won’t open,

– Use of data needs to be embedded for who can use the data Data

is contextually aware of location, devices, and users)

– Logical and physical location controls?

– Data in Motion

– How do we protect the data flow (Need flexible technology that

can be used in almost any business data flow or business use)If

we place the governance and data policy stays with the data

– If place Average person stores….{ }

A.Hoy & Associates

2017 Security Prediction

– What if each data file had its own transparent encryption.

– Blocks of data

3. The Platform Revolution

– Transitioning of Technical Infrastructure to Ecosystem-enabling Platforms

– Technologies to Consider:

– IoT Platform

– Blockchain

– Neuromorphic Hardware

– Quantum computing

– Software defined Security

– Software-Defined Anything (SDx)

A.Hoy & Associates

Evolving Solutions

– Automotive Policies for Self Driving Cars

– Automotive Standards for OnBoard ComputeresSerenity One File Access Management

– Individual File Access Management

– Mobile Device Management

– Virtual Desktop

– Artificial Intelligence for securing the unknown

– Application Security

– Code review during Development Stage

– Use and Code review in Production

A.Hoy & Associates

More 2017 Security

Predictions

– Nation state related attacks will become more prevalent in

the public eye

– Intellectual property and espionage done by Hackers for

Hire

A.Hoy & Associates

2017 Security Predictions

1. Changes in Privacy Regulations to be considered?

o Federal or State

o EUPD or other country Expats

2. Are minors or the PII of children under 18 involved?

• Child protection {look up child protection laws]

• Family Consumer Rights Act

3. Data Protection Act changes to allow for SmartData, Self Protecting, Self

Governing to keep up with the technology

4. BlockChain becomes a security tool

A.Hoy & Associates

Resources & References

– Gartner’s Hype Cycle for Emerging Technologies 2016

– SertintyOne.com – SmartData, Self Protecting, Self

Governing

A.Hoy & Associates

Questions?

Contact Info:Andrea Hoy, CISSP, CISMISSAPresident, Internationalahoy (at) issa.org

106

Open Discussion & Q&A

• Jorge Orchilles - Moderator

• Kip Boyle

• Ron Chestang

• Andrea Hoy To ask a question:

Type in your question in the Questions

area of your screen.

You may need to click on the double

arrows to open this function.

#ISSAWebConf

107

ISSA International Web Conference

February - Cyber Residual Risk

2-Hour Live Event: Tuesday, February 28, 2017

Start Time: 9:00 a.m. US-Pacific/ 12:00 noon US-Eastern/ 5:00 p.m. London

Overview:

How do you analyze your environment and calculate Cyber Residual Risk. Once you

are done, you of course want to close up that last bit of exposure with Cyber

Insurance. Yet when you get the bill and it doesn’t seem to make sense. The cost

almost outweighs the projected risk. Then the worst happens and you need to file a

claim, and … it is denied. First, how do you calculate your residual cyber risk, and once

you do, how does an organization get proper cyber insurance.

Join us at the next International Web Conference:

108

A recording of the conference and a link to the survey to get CPE credit for attending the August ISSA International Web Conference will soon be available at: https://www.issa.org/?page=January2017IWC

If you or your company are interested in becoming a sponsor for the monthly ISSA International Web Conferences, please visit: https://www.issa.org/?page=BecomeASponsor

Web Conference Survey