Seguridad en los procesos de negocio: herramientas para una gestión integral del riesgo Gabriel Marcos Product Manager – Columbus Networks

Slides:



Advertisements
Presentaciones similares
Español la memoria (2): cómo trabajarla bien en grupos.
Advertisements

In it to win it. Soy Dale … Responde a las preguntas : Tenéis solo 10 minutos. Cuando la alarma suena, los que están en las sillas ganan.
Teaching in the Target Language. Sample of Story Focus for Vocabulary Acquisition Isabel veía películas románticas. -¿Veía Isabel películas románticas?
You need to improve the way you write and think in Spanish – At what time? This is an interactive presentation. You need your worksheet, your pencil, and.
MOY Meeting Joyce Tucker Meghan Heller November 3, 2011.
Las Palabras Interrogativas
Mr. Redaelli OnlineTaco.com. To Have - Tener Yo tengo – I have Tú tienes – You have (Informal) Usted tiene – You have (Formal) El tiene – He has Ella.
TOWARDS A NEW ECONOMIC BILL Héctor Silva Meeting - Breakfast September 16, 2009.
POLICY MAKING ON MIGRATION THE COSTA RICAN EXPERIENCE Luis Alonso Serrano Echeverría Head of the Planning Department General Direction of Migration & Alien.
Aspectos financieros del Sistema Nacional de Áreas Silvestres Protegidas – SINASIP en el Paraguay: un breve resumen. Financial aspects of the National.
RENAISSANCE es un proyecto del programa CONCERTO co-financiado por la Comisión Europea dentro del Sexto Programa Marco RENAISSANCE - ZARAGOZA - SPAIN 1.
RENAISSANCE es un proyecto del programa CONCERTO co-financiado por la Comisión Europea dentro del Sexto Programa Marco 1 WP 1.5 Description of work (month.
Capítulo 3 Nuevas clases, nuevos amigos PRIMER PASO
PLEASE READ (hidden slide) This template uses Microsofts corporate font, Segoe Segoe is not a standard font included with Windows, so if you have not.
ALC 53 lunes el 14 de diciembre Use your own paper for this weeks ALC. You will turn them in on Friday.
Grupos de Trabajo 6 - Informe Working Group 6 – Report Transparency.
Grupos de Trabajo # 7 - Informe Working Group # 7 – Report General Business and Operational Risks.
BIENVENIDOS AL WORKSHOP DE ACSDA SOBRE LOS PRINCIPIOS DE INFRAESTRUCTURAS FINANCIERAS DE MERCADO WELCOME TO ACSDAS FINANCIAL MARKET INFRASTRUCTURES PRINCIPLES.
Empresa y Sociedad Tema 1. Teoría de la Empresa y de la Sociedad Dr. Antonio Lloret 17 de Enero de 2011.
The Plurals of Adjectives
1 3 WAYS TO ASK A QUESTION 1.Add question marks to a statement. 2.Add a tag word to a statement. 3.Use a question word.
Game Cluedo: How to Play 1.Your group should have the 21 cards containing 6 cards of suspects, 9 rooms and 6 weapons, a tally card for each member and.
Affirmative and Negative Words
Prof. Carlos Rodríguez Sánchez Texto: Networking A Beginners Guide Bruce Hallberg Introducción a la Seguridad en las Redes.
1 Usages of the Verb IR Spanish One ch.4A 2 IR is an irregular verb: voyvamos vas----- vavan.
Unlike what you would imagine El día de los muerto, or Day of the Dead, is really like, it is not a sad, mourning event. Instead, it is a fiesta to celebrate.
Description Digital school is an educational movement that use technology to learn and transform the educational practice to promote the students integral.
Modelo (100 palabras) Ayer hubo un terremoto muy fuerte cerca de la ciudad. Creemos que muchas personas murieron y el terremoto también destruyó muchos.
PRESENTACIÓN REUNIÓN PREPARATORIA IX REUNIÓN DE MINISTROS DE JUSTICIA O DE MINISTROS O PROCURADORES GENERALES DE LAS AMÉRICAS, REMJA. PRESENTATION WORKING.
Departamento Administrativo de Ciencia, Tecnología e innovación Colciencias República de Colombia VII Ordinary Meeting of the COMCYT Working Group Technological.
9/20 A- Complete the sentences: 1. Me llam_ Pablo. 2. ¿Cómo te llam_ _? 3.¿Cómo se llam_ ? B- Contesta las preguntas (oraciones completas). 1. ¿Estudias.
Spanish Ia (Final Exam) Crossfire Initial Activity 1. Brief notes on tener... (or review if you have received them already!) Tener---formas Tener.
M ATERIAL DE CONTINGENCIA INGLÈS 4 TO AÑO TODAS LAS SECCIONES Prof. Emily Chávez.
ExpoForo 2008 "Políticas Públicas em la era digital" Camillo Speroni VP & GM Novell Latin America
El 27 de noviembre de Tienes 5 minutos para escribir 5 líneas por lo menos en un papel sobre tus vacaciones del día de gracias.
Antonio Gámir TSP – Windows Client Microsoft Ibérica.
Su Negocio Conectado. VisibilidadVisibilidad ColaboraciónColaboración PlanificaciónPlanificación EjecuciónEjecución Build Connections.
Clustered Hard Disk Drives Cold data.
Bienvenido a Technet Summit Forefront Client Security.
LA SOCIEDAD CONECTADA EL lugar de trabajo del futuro.
Haz Ahora Combine the two sentences to form a single sentence with a reciprocal verb. 1.Yo ayudo a mi madre a hacer la cama. Mi madre me ayuda a hacer.
HAZ AHORA / DO NOW Responde en frases completas: Por ejemplo: ¿Qué te gusta más, nadar o esquiar? Pues, me gusta más nadar. Pues, no me gusta ni nadar.
THE VERB TENER Spanish 1- 9/23/13 Sra. Baldwin. TENER Tener is a verb that means “to have”. It has irregular forms (does not follow a pattern) and must.
Cancela, JM. Ayán C. University Of Vigo. Throughout history the definition of learning has been conceptualized in many different ways depending on the.
1 USMP PhD in Information Systems Engineering INFRASTRUCTURE MANAGEMENT - IM The Information and Communications Technology Infrastructure Management (ICT-IM)
Adivina quién soy Una autobiografía breve. Purpose Use what you know from Spanish 1 to describe yourself Trade and then read aloud to guess who the person.
© 2013 Board of Regents of the University of Wisconsin System, on behalf of WIDA.
 Making complete sentences How to make complete sentences in Spanish. The following presentation is designed to help you learn how to do the following:
Porque nos importa la seguridad
Our first project: The iron. Name of the student: Miranda de la Torre Rivero. AVATAR.
Negatives and Questions. Negatives Consider the following sentences: Juan estudia mucho. Marta y Antonio viven en Georgia. Rita y el chico necesitan.
Question formation Preview Sí or no No and not Question words
Repaso (parte 2) Español 2. Como escribir una pregunta…  Adónde (to where)  Cómo (how)  Cuál/Cuáles (which ones)  Cuándo (when)  Cuánto (how much)
Stations Homework Remember that we need to make sentences in Spanish, we are growing and the way we use our knowledge should grow with you. We need to.
Social Networks and Parent Teacher Meetings: A Question that can´t Wait Molina, M.D., Rodríguez, J., Collado, J.A. y Pérez, E. University of Jaén (SPAIN)
Santiago de Chile January 2012 Roundtable 6: Lobby regulation János Bertók Head of Public Sector Integrity Division Organización para la cooperación.
Un juego de adivinanzas: ¿Dónde está el tesoro? A1B1C1D1E1F1 A4B4C4D4E4F4 A2B2C2D2E2F2 A5B5C5D5E5F5 A3B3C3D3E3F3 A6B6C6D6E6F6 Inténtalo de nuevo Inténtalo.
1.12 Repaso 2 de septiembre.
First Grade Dual High Frequency Words
Día número 24 Español 1—Acelerado
Page 1 CITS Active Directory Implementation UMass Dartmouth.
Spanish Class Mrs. Rogers. Origin 9 de noviembre de 2016
Romaine Outbreak Summary
Development of the concert programme
1.12 Repaso 2 de septiembre.
Setting SMART Goals If goals aren’t reachable, they aren’t worth making. All you have to do to set realistic goals is follow the SMART goals guidelines.
Welcome to PowerPoint gdskcgdskfcbskjc. Designer helps you get your point across PowerPoint Designer suggests professional designs for your presentation,
Integrated Management System
Watch the video and work with a partner  Write down the 2 facts you considered the most interesting.  Share them with your partner. Were they the same?
Las Preguntas (the questions) Tengo una pregunta… Sí, Juan habla mucho con el profesor en clase. No, Juan no habla mucho en clase. s vo s vo Forming.
Transcripción de la presentación:

Seguridad en los procesos de negocio: herramientas para una gestión integral del riesgo Gabriel Marcos Product Manager – Columbus

Una pelea desigual PRESUPUESTO DÍA A DÍA PROYECTOS HACKERS RIESGOS CONOCIDOS RIESGOS POTENCIALES POLÍTICAS CORPORATIVAS HACKERS RIESGOS DESCONOCIDOS

DNS Grupos Usuarios Dominios Perfiles Parches Clusters Load balancing IP address DNS Grupos Usuarios Dominios Perfiles Parches Clusters Load balancing IP address Documentación Manejo de inventario Licenciamiento Scripts Configuraciones Change management Bases de conocimiento Training Documentación Manejo de inventario Licenciamiento Scripts Configuraciones Change management Bases de conocimiento Training Ejemplo: tareas de un administrador Se enfoca en seguridad en su tiempo libre…

Ejemplo: pandillas de cibercriminales 6 personas - 5 años de afectados 100 países U$S 14 MM de ingresos

Brazilian banks were targets for distributed denial-of-service attacks, with massive assaults against HSBC Brazil, Banco da Brasil, Itau Unibanco Multiplo SA and Banco Bradesco SA. Hactivists took credit for the DDoS spree. Una mirada al 2012 At least 228,000 Social Security numbers were exposed in a March 30 breach involving a Medicaid server at the Utah Department of Health, according to officials from the Utah Department of Technology Services and Utah Department of Health, which theorised that attacks from Eastern Europe bypassed security controls because of configuration errors. In May, Utah CIO Steven Fletcher resigned because of it. Researchers from Seculert discovered what they say is a botnet command-and-control server holding 45,000 login credentials Facebook users exploited by a pervasive worm, Ramnit, infecting Windows and designed to infect computers and steal social networking usernames and passwords. Hactivist group Anonymous brought down the websites of trade groups U.S. Telecom Association and TechAmerica, apparently for their support of the cybersecurity bill proposed by Rep. Mike Rogers that would allow the private companies and the government to share any information "directly pertaining to a vulnerability of, or threat to" a computer network. Privacy advocates, including the ACLU and Center for Democracy and technology, contend the bills shreds privacy protections. Hackers claimed to have breached the systems of the Belgian credit provider Elantis and threatened to publish confidential customer information if the bank did not make an extortion payment of $197,000. Elantis confirmed the data breach but said the bank will not give in to extortion threats. About 6.5 million cryptographic hashes of LinkedIn user passwords were stolen and posted online, a breach LinkedIn acknowledged though it didn't discuss specific numbers, which may be much less due to duplicates. LinkedIn invalidated the passwords of impacted users and the company said s will be sent to users whose passwords were compromised, though it warned about updating passwords via links sent in .

Brazilian banks were targets for distributed denial-of-service attacks, with massive assaults against HSBC Brazil, Banco da Brasil, Itau Unibanco Multiplo SA and Banco Bradesco SA. Hactivists took credit for the DDoS spree. Una mirada al 2012 At least 228,000 Social Security numbers were exposed in a March 30 breach involving a Medicaid server at the Utah Department of Health, according to officials from the Utah Department of Technology Services and Utah Department of Health, which theorised that attacks from Eastern Europe bypassed security controls because of configuration errors. In May, Utah CIO Steven Fletcher resigned because of it. Researchers from Seculert discovered what they say is a botnet command-and-control server holding 45,000 login credentials Facebook users exploited by a pervasive worm, Ramnit, infecting Windows and designed to infect computers and steal social networking usernames and passwords. Hactivist group Anonymous brought down the websites of trade groups U.S. Telecom Association and TechAmerica, apparently for their support of the cybersecurity bill proposed by Rep. Mike Rogers that would allow the private companies and the government to share any information "directly pertaining to a vulnerability of, or threat to" a computer network. Privacy advocates, including the ACLU and Center for Democracy and technology, contend the bills shreds privacy protections. Hackers claimed to have breached the systems of the Belgian credit provider Elantis and threatened to publish confidential customer information if the bank did not make an extortion payment of $197,000. Elantis confirmed the data breach but said the bank will not give in to extortion threats. About 6.5 million cryptographic hashes of LinkedIn user passwords were stolen and posted online, a breach LinkedIn acknowledged though it didn't discuss specific numbers, which may be much less due to duplicates. LinkedIn invalidated the passwords of impacted users and the company said s will be sent to users whose passwords were compromised, though it warned about updating passwords via links sent in . BOTNET CONFIG ERROR EXTORSION HACTIVISMO DDOS PHISHING

Ejemplo: APT (Advanced Persistent Threat) Websense Threat Report2012 The Year in Review for Threats

La cruda realidad: En la mayoría de los casos, estamos indefensos y a merced de quien quiera realizar un mínimo esfuerzo para conseguir explotar una vulnerabilidad. Las medidas de seguridad que están implementadas en muchas organizaciones resultan insuficientes para entregar un nivel mínimo de seguridad. La cruda realidad: En la mayoría de los casos, estamos indefensos y a merced de quien quiera realizar un mínimo esfuerzo para conseguir explotar una vulnerabilidad. Las medidas de seguridad que están implementadas en muchas organizaciones resultan insuficientes para entregar un nivel mínimo de seguridad.

Enfoque de la gestión del riesgo: lo que dice el manual… PLAN DO ACT CHECK Políticas de seguridad Organización de la información Administración de activos Recursos humanos Seguridad física y ambiental Seguridad de las operaciones Control de acceso Desarrollo y mantenimiento de sistemas Gestión de incidentes Continuidad del negocio Cumplimiento legal y regulatorio

Seguridad de la información PLAN DO ACT CHECK ENFOQUE OPERATIVO …lo que pasa en realidad: Falta de información Qué tan efectivos son los controles? Seguro que estamos atacando TODOS los problemas? Dónde enfocar la solución? Falta de ejecución Expectativas vs funcionalidad. Servicio funcionando o garantizado? Riesgo acotado? Soluciones fáciles poco efectivas. Falta de dirección Hoy vs. Mañana. Cumplimiento regulatorio. ROI / TCO. Tecnología vs servicio.

Algunas ideas…

The enterprise of the future – Implications for the CIO - IBM El enfoque operativo de seguridad es contrario a la generación de valor e innovación

Tendencias regulatorias El fin del anonimato?... …la justificación que necesitábamos?

Consumerización (qué?!) Consumerization is the growing tendency for new information technology to emerge first in the consumer market and then spread into business and government organizations. Es cada vez más difícil decirle NO al usuario The primary impact of consumerization is that it is forcing businesses, especially large enterprises, to rethink the way they procure and manage IT equipment and services. Historically, central IT organizations controlled the great majority of IT usage within their firms, choosing or at least approving of the systems and services that employees used. Consumerization enables alternative approaches. Today, employees and departments are becoming increasing self-sufficient in meeting their IT needs.

Metodología Identificar necesidades Definir zonas de riesgo Crear controles a medida Monitorear globalmente Procesos proactivos Mejora continua Identificar necesidades Definir zonas de riesgo Crear controles a medida Monitorear globalmente Procesos proactivos Mejora continua

Consumir vs. crear servicios de seguridad

Seguridad en procesos de negocio HP Enterprise Security: Next-Generation Application Monitoring: Combining Application Security Monitoring and SIEM

Quién tiene la primera pregunta? GRACIAS Gabriel Marcos Product Manager – Columbus

Feedback: Política de privacidad Feedback
Do Not Sell My Personal Information
Sobre el proyecto: SlidePlayer Condiciones de uso

© 2025 SlidePlayer.es Inc. All rights reserved.