SlideShare a Scribd company logo
1 of 39
Download to read offline
Security
20/20
Chapter 1
Preparing today for tomorrow’s threats
I.1 Outlook
I.2 Threats
I.3 Innovation
I.4 Risk management
I.5 Regulation
I.6 Strategies
I.7 Sources
Outlook
I.1 Outlook
When companies hear the word “security,” what concepts come to mind
— safety, protection or perhaps comfort? To the average IT administrator,
security conjures up images of locked-down networks and virus-free devices.
An attacker, state-sponsored agent or hactivist, meanwhile, may view security
as a way to demonstrate expertise by infiltrating and bringing down corporate
or government networks for profit, military goals, political gain — or even fun.
Page 3
We live in a world in which cybercrime is on the rise. A quick scan of the
timeline of major incidents (See Figure 1, Page 9) shows the increasing
frequency and severity of security breaches — a pattern that is likely
to continue for years to come. Few if any organizations are safe from
cybercriminals, to say nothing of national security. In fact, experts even
exposed authentication and encryption vulnerabilities in the U.S. Federal
Aviation Administration’s new state-of-the-art multibillion-dollar air
traffic control system1
.
Page 4
I.1 Outlook
Security now, by necessity, must protect all aspects of the enterprise, from
the data center to the desktop and beyond the network edge. Seemingly
commonplace, yet still nascent, innovations such as cloud services and the
bring-your-own-device (BYOD) trend have only accelerated the need for
relevant security at all points in the information lifecycle.
“The Internet of Things is going to allow us to be more connected and very
productive,” says Art Gilliland, senior vice president, Software Enterprise
Security Products, HP. “But it also creates more areas for adversaries to
compromise the environment. Any device can be the attack point or the thing
that is attacking.” Over the next decade, this reality is going to challenge our
IT environments, our consumer lifestyles and the security industry at large.
“We have very intelligent, highly motivated antagonists who are determined
to cause disruption. We don’t think that’s ever going to go away,” says Rebecca
Lawson, director, Worldwide Enterprise Solutions Marketing, HP.
Enterprises need to adopt a different approach to security. The game is no
longer about locking down the network and blocking every threat. To compete
against adversaries who are increasingly sophisticated and well-funded —
and in many cases, unknown — companies have to manage the risk that is
inherent in doing business in a connected world.
Page 5
“Any device can be the attack point or the thing that is attacking,” Gilliland says.
In 2020, companies and individuals alike will need to approach security
from a holistic mindset as threats to corporate, government and personal
information increase. Security professionals will find themselves answering
to CEOs and corporate boards as their policies, processes and vulnerabilities
become companywide priorities.
In order to reduce technical debt downstream and decrease unplanned
downtime, intrusions and business disruption, enterprises will need to
embrace a three-step approach to security:
1.	 Build it in.
2.	 Make it intelligent.
3.	 Protect what matters.
“People do not have a good handle on today’s threats. Pretty much every
corporation is suffering breaches, and when they are even aware of what is
happening, they are unwilling to talk about it,” says Martin Sadler, director,
Cloud and Security, HP Labs. “We do not have today’s threats under control,
and we are going to have to work hard to keep it from getting worse.”
Our goal in this chapter is to shed some light on the most likely threats
enterprises will face in 2020 and what they can do now to protect their
information and networks while enabling agility and privacy. The threats are
very real, and they are very damaging. But enterprises can look at them as
catalysts for positive change.
I.1 Outlook Page 6
“We do not have today’s threats
under control, and we are going
to have to work hard to keep it
from getting worse.”
Martin Sadler, director, Cloud and Security, HP Labs
twitter: @hplabs
“Every corporation is suffering
breaches, and they are
unwilling to talk about it.”
I.1 Outlook Page 7
Martin Sadler, director, Cloud and Security, HP Labs
OutlookI.1 Page 8
Page 9I.1 Outlook
Discussion hub
Doyoubelieveenterprisesaregetting
smarter about enterprise security?
“Biometrics is flawed. Identity as
implemented in enterprise applications
doesn’t necessarily align with how identity
works in the real world.”
— James McGovern
“Identity theft will become much harder to pull off
convincingly in this age of connectedness; as soon
as someone starts misusing your identity you’re
bound to be notified some way or another.”
— Horia Slusanschi
Threats
Page 11I.2
Combine global technology trends with the emergence of organized cybercrime,
add the universal mandate for businesses to make money, and you have an
unwinnable game for the enterprise.
Here are some emerging trends and top concerns:
Connected societies:
Technology is having a greater influence on society, as seen by the Arab Spring
of 2011. And many anticipate that an additional 1 billion people will be online by
2020, with a significant percentage of them from developing countries. “At some
point in the near future we will end up with more people having access to the
Internet than access to clean water,” Sadler notes. “If you equip people to be a
part of this global communications infrastructure when their other needs are not
being met, they will turn to the Internet to get access to what they need.”
As a result, kinetic warfare or cyberterrorism has the potential to be an
effective means for emerging countries to challenge the developed world on
an increasingly level technology playing field. “It is important to think beyond
software and system vulnerabilities and understand the wider backdrop that is
likely to shape online activity,” Sadler says.
Medical device as vulnerability:
Physical security is coming under scrutiny as an increasing number of implanted
electronic devices such as insulin pumps and pacemakers are being exposed
as vulnerable to hacking. Routinely monitored and interconnected with other
devices over wireless networks, they are raising red flags in the security and
medical communities as the newest vulnerability due to a lack of regulation
and industry oversight. Imagine being held for ransom by someone you never
see, who forces you to drain your bank account in exchange for keeping your
pacemaker running. A vulnerability was recently reported that could make just
this type of scenario a reality2
.
The increase in machine-to-machine interactions:
As cities adopt smart grid technologies and buildings become more “intelligent,”
breaches in security of these interconnected systems will have a cascading
effect. Network grids that control traffic lights, railroad crossings and toll
bridges, for instance, could become prime targets for terrorists or hackers
looking to extort money from governments or individuals.
Our desire to be mobile:
Mobile devices, from smartphones and tablets to laptops and ultrabooks, have
become primary sources of communication and information. As a result,
Threats
I.2 Threats
web-based applications are proliferating. But how many of them are secure?
“Web applications are becoming the preferred method of attacks because
they often have vulnerabilities that can be exploited,” Lawson says. “Everyone
wants to have a cool web app but they don’t know the potential risks and
liabilities based on how that app interacts with other apps. These days,
security is still, too often, an afterthought.”
The increase of cloud services:
As companies move more of their infrastructure and their data to the cloud,
adversaries will be able to take advantage of the trend. “In theory, the
cloud services model strengthens security because data will be handled by
companies with whole teams that think about nothing but security. But we’re
not there yet,” says Joseph Menn, author of Fatal System Error: The Hunt for
the New Crime Lords Who are Bringing Down the Internet and an investigative
reporter with Reuters specializing in cyber security.
The growing importance of Big Data:
For large organizations, keeping up with both the volume and the velocity of
information is a huge undertaking. Attackers can exploit immense, distributed
Big Data systems, which often have limited security controls, and gain access
to tremendous amounts of information at once.
Page 13
Exploiting the weakest link
The majority of corporate security spending traditionally has been focused on
infrastructure security. However, threats exploit the weakest areas, and for
many organizations that weakest area has become the application layer.
“For several decades people have been paying attention to network
infrastructure security but not application security,” says John Diamant,
secure product development strategist and distinguished technologist, HP.
“It’s a house-of-cards situation: Because security is a weakest-link problem
and applications are filled with vulnerabilities, a company can have plenty of
network-based security but still be exposed.”
What’s more, a disparity exists between the amount of money spent on
application security compared to infrastructure and network security, with
only 10 percent of the average enterprise security budget spent on application
security. However, Diamant notes, more than 70 percent of successful attacks
were carried out at the application level3
. “Application security is one threat
that is seriously under-represented. And it’s one that’s not being well enough
addressed,” he says. The lack of spending on securing applications and code
is creating a mountain of technical debt for which network and infrastructure
security alone cannot compensate.
I.2 Threats
“Application security is one threat that is seriously underrepresented,” Diamant points out.
The power of nation-states
The motivations behind cyberattacks also have changed. Hackers are getting
paid handsomely for zero-day exploits, as nation-states and organized-crime
rings fund an emerging cybercriminal market. “There’s an active adversary out
there, trying to get around defenses and out-innovate the security controls you
put in place,” Gilliland says. “The wealth of an entire marketplace is funding an
attack against a single entity.”
Meanwhile, the amount of time between when sophisticated attacks using
cutting-edge technology occur and when corporations see that technology
materialize on their own networks is shrinking. What starts off as a bespoke
attack rapidly becomes industrialized because it can be replicated to be used
against any number of available targets.
“The bad guys are using more sophisticated technology and even developing
their own supply chains,” Sadler notes. “If you want to know who the users of
leading-edge technology are, it’s the people attacking our organizations.”
Page 15I.2 Threats
“Security is a weakest-link problem and
applications are filled with vulnerabilities,
so a company can have plenty of network-
based security but still be exposed.”
John Diamant, secure product development strategist and distinguished technologist, HP
Page 16I.2 Threats
Page 17I.2 Threats
Discussion hub
What threats do you believe will shape
the security landscape in 2020?
“Security threats follow value. Will there
be anything significantly more valuable in
2020 that we don’t already value today?”
— Horia Slușanschi
“Malicious QRcodes: The ability to place a sticker
over a legitimate code with one that takes you to a
malware site is cropping up more and more. This is
an example of convenience overwhelming security.”
”— Charles Bess
Innovation: Holding
threats at bay
I.3
To compete against threats, enterprises must look beyond the all-but-
vanished “network perimeter” and focus on securing applications and
data while understanding identity and access for users as they move from
corporate to hostile networks at will. As threats become more ubiquitous,
organized and directed, companies must remain constantly vigilant.
“We have to build better technologies to authenticate and understand who
users are, what users should have access to or not and what data matters
or doesn’t matter — and put controls directly on the information,” Gilliland
explains. “There are components of that technology that exist today, but
it has to become more sophisticated and more accurate.”
Smart systems
To stay ahead of the bad guys, companies will need to rely more on “smart
systems” which should be able to recognize anomalies in a workflow and emit
an alert before proceeding with the new request.
Innovation
I.3 Innovation
“By the time people are involved in defending against an attack, it’s too late,”
Sadler says. “We want systems that protect themselves — to have multiple
layers of defense in much the same way the human body defends itself, and to
act autonomously.”
Along with smart systems, current technologies such as virtualization are
helping mitigate some of the opportunities for attack by removing the ability
for direct communication with critical systems. By using a higher level of
abstraction in the way we configure our storage, networking and processing,
we can better guarantee that security is being enforced and preventing
potential attacks.
Application lifecycle and security
Many of the issues surrounding application security can be significantly
reduced if developers take a lifecycle approach to security and develop the
application with the benefit of protecting it from cradle to grave. The idea is
based on the concept of Total Quality Management (TQM), which W. Edwards
Deming introduced in the 1950s. In the United States, TQM made its way into
manufacturing in the 1970s and into IT software quality assurance in the
1980s, a time when software security was far from an issue.
Page 21
Today, however, companies are recognizing the need to architect and build
security into applications from the start, which is no trivial task. “It has taken
us a long time to learn the lessons from Deming,” Diamant says.
“By the time people are involved
in defending against an attack,
it’s too late.”
Martin Sadler, director, Cloud and Security, HP Labs
twitter: @hplabs
I.3 Innovation Page 22
Source: HP Comprehensive Applications Threat Analysis (CATA), September 2012
Extending security assurance to meet today’s realities
Organizations cannot afford to be reactive in the current threat-filled environment
In post-release
phase
Patching
In testing
phase
Integration and
penetration testing
In development
phase
Code reviews
In requirements
phase
Architecture
and design
Returnoninvestment
Historical evolution in security assurance maturity
ProactiveReactive
Page 23Innovation
Discussion hub
How can organizations like those in healthcare
turn the tides against security breaches?
“Security protocols will adjust, seek out and
quarantine perceived threats before the
system is compromised.”
— Albert Vargas
“A triage approach could focus the scarce
resources of security teams on areas that
need attention.”
— Charles Bess
I.3
Risk management
I.4 Risk management
Most enterprises walk a fine line between agility and security. The simplistic
view is that a company can have either one or the other. However, the two are
not mutually exclusive. Gilliland explains that migrating to a security approach
that protects users and their information instead of the infrastructure and its
devices can help enterprises be more agile.
“If you try to control only the infrastructure, it stops you from adopting new
platforms and from moving and sharing information more freely. Once you
can protect the data, you can actually be more flexible,” says Gilliland.
To achieve the right balance, companies must make security part of the
foundation of every technical design process — and understand the business
risks they are taking when they make security decisions.
Technologies that focus on mitigating attacks can help an enterprise reduce
vulnerability. Solutions that use threat research and correlation of security
events and vulnerabilities with contextual data to deliver security intelligence
across IT operations, infrastructure and applications will be even more critical
as hackers look for new ways to make their attacks more targeted and more
destructive. Enterprises need visibility across the entire organization in order
to see where there may be threats.
In the shorter term, Larry Ponemon, chairman and founder of security research
think tank Ponemon Institute, believes a new generation of tools will alleviate
many of the problems caused by simple human laziness. “We get lazy and
don’t change passwords, and as a result tools are ineffective,” he notes.
“I think we will see more solutions that make security invisible to the user and
under-the-system-level technologies. Call it ‘security with convenience’.”
Above all, executives need to adopt a risk-management mindset to security
policy. “You may have stopped the adversary 5,000 times, but that one breach
creates a perception of negligence,” Gilliland warns. He urges enterprises to
create the infrastructure, toolsets, processes and controls to minimize damage
when the inevitable breach occurs.
Page 25
Page 26I.4
Art Gilliland, senior vice president, Software Enterprise Security Products, HP
“You may have stopped the adversary
5,000 times, but that one breach
creates a perception of negligence.”
Risk management
I.4 Risk management Page 27
Page 28I.4 Risk management
Discussion hub
By 2020, will government entities play a
larger role in protecting citizens online?
“The real issue is how much privacy individuals
are willing to give up in order to have more
security and how much trust they have in the
government to behave benevolently.”
— Kevin Light
“The economies of global corporate entities in
many cases will be greater than the GDP of
many countries, and it is this citizenship that
will be earmarked for protection.”
— Manjit
Regulation
I.5
In the last decade, after a number of high-profile network breaches, state and
federal authorities in the United States have enacted stringent legislation to
protect user data, such as the payment-card industry’s Data Security Standard,
healthcare’s Health Insurance Portability and Accountability Act (HIPAA) and
financial services’ Gramm-Leach-Bliley Act. Government requirements and
frameworks have raised awareness of security issues, making it a punishable
offense to willingly — and, in some cases, even unwillingly — expose sensitive
personal information. Whether we will be more secure with these new laws in
place is a subject of much debate.
Some argue that government involvement is essential to protecting individual
entities against the military intelligence of nation-states, while others believe
self-regulation with properly aligned incentives will prove more effective. It’s
important to think about who pays for the cost of security today.
“The economic drivers make it challenging,” Diamant explains. “If the decision-
makers aren’t feeling the direct impact of a breach, companies don’t include
the optimal amount of security.”
Gilliland suggests governments have a role to play in protecting consumers,
but companies won’t win by providing the minimum level of security.
“Regulatory requirements set a bar above which everyone must be,” Gilliland
Regulation
Page 31I.5 Regulation
explains. “But you’re competing against an adversary that is looking for
weakness. So if you are aspiring to the low bar, you’re in trouble. We need
to create an ROI model that helps executives truly understand what it takes
to be secure.”
Information stewards
Sadler says research is taking the view that security is about stewardship.
“Our first role is to protect the Internet for everybody,” he says. “We will all be
looking after other people’s information. You expect me (as a company) to use
your information but not misuse that information. If we put homes online in
future smart cities, we will want the service providers to use the information
we’ve given them, but for the purposes we expect. The industry is going
through a period of feeling our way through what is acceptable use and
what is not.”
And when we come under attack, Sadler says, we need to share the nature of
that attack in real time with others around us, to better protect everyone. The
security operations center of 2020 will be federated with partners, suppliers,
customers and even competitors. It will not just be looking inwardly at what is
happening on the corporate network.
“It’s about stewardship — our first
role is to protect the Internet
for everybody.”
Martin Sadler, director, Cloud and Security, HP Labs
twitter: @hplabs
Page 32I.5 Regulation
Page 33I.5 Regulation
Discussion hub
What can be done to ensure government
has a say without stifling innovation?
“Although portrayed as scary in movies, global
monitoring could increase our feeling of
security if we can prevent misuse of that info.”
— Bastiaan van der Water
“Certain governments will also be the
attackers, claiming the intent to protect
us. Who will protect us from governments
going too far?”
— Patrick Demichel
Strategies
Innovation can be a tremendous driver in keeping networks and data secure.
But it will never be enough. To prepare now for the threats of tomorrow,
companies must take a holistic, grassroots approach to security. In order
to embrace the kind of transformation that is required to be resilient and
defensible in 2020, enterprises must start building security into their cultures.
“Companies must reach out to all their stakeholders and make them aware
that damage can happen anywhere in an organization. It needs be a cultural
norm around which employees are educated,” Lawson says. And having a
breach management plan is critical to dealing with the inevitable. “Companies
no longer get a black eye for a breach, they get a black eye for fumbling after
the breach,” she adds.
Who will be responsible for driving this kind of change? “The role of the chief
information security officer is more important than most people realize,” Menn
explains. “This is a battle of ecosystems, and it has to be taken seriously at the
highest levels.”
I.6 Strategies
Page 36
Technology a major driver
For many companies, the use of smart technologies already has begun, with
more organizations bringing integrated and context-aware systems into
their infrastructures to help protect their data. “Luckily, smart systems
implementation is not a Big Bang thing where you have to get everything in
place to make it work. It’s more a collection of separate pieces that help a lot,
and the more we have the better we will be,” Sadler says.
Ponemon has high hopes for security in 2020. “We will see more interoperability
across security technology than we have today,” he predicts. “Today there are
literally hundreds of categories of security devices and a lot of them overlap, so
it’s difficult for a company to know what it needs. The industry needs to come
up with fewer categories and more interoperability.”
Also, he believes more people will be educated about security, acquiring more
skill and a higher security intelligence, which alone may mitigate a good number
of security issues.
Menn explains that, in the short term, security companies are going back to the
drawing board and tying security down to the chip level. They also are
Page 37
supporting more business rules in their products, which will allow customers
to limit the functionality of an application so that certain features might have
to be turned on or off depending on the user’s circumstances.
Long-term, Menn believes we will need a new Internet for financial
transactions and sensitive information. “I don’t think TCP/IP can be made
secure. The Internet was something in beta that escaped from the lab. It was
never supposed to be used for banking and government secrets.”
By 2020, many hope the evolution of security technologies and safeguards
may finally outpace the threats they have been designed to protect against.
Others are frank and anticipate continuing difficulties stemming the swelling
tide of attacks. But all agree that the key is in starting today.
“I don’t think TCP/IP can be
made secure. The Internet was
something in beta that escaped
from the lab.”
Joseph Menn, author, investigative reporter with Reuters
Twitter: @josephmenn
I.6 Strategies
(Photo credit: Doug Piburn)
Page 38I.6 Strategies
Discussion hub
How will technology change the way
enterprises approach security in 2020?
“The rise of social media helps to link humans
into various digital ‘tribes.’ Such groups or
humans will become more resilient to various
forms of electronic attack.”
— Horia Slușanschis
“BYOD will be widely spread and both
applications and corporate data will be
virtually stored in the cloud. Professionals
will carry their offices in their pockets for
use anywhere at any time.”
— Bo Carlsson
1
Steve Henn, “Could the New Air Traffic Control System Be Hacked?,” NPR.org,
August 14, 2012
2
Homeland Security News Wire, “Pacemakers, other implanted devices,
vulnerable to lethal attacks,” November 28, 2012
3
Microsoft, Microsoft Security Intelligence Report, Volume 12, 2012, page 40
I.7 Sources
The views set forth in this publication are not necessarily those of Hewlett-Packard Company or its affiliates (HP), but are the collective views of contributors to this publication, some of which have been curated by HP. Because the
content of this publication is future-looking, it, by definition, makes certain presuppositions and assumptions, some or all of which may or may not be realized.

More Related Content

What's hot

Cyber Training: Developing the Next Generation of Cyber Analysts
Cyber Training: Developing the Next Generation of Cyber AnalystsCyber Training: Developing the Next Generation of Cyber Analysts
Cyber Training: Developing the Next Generation of Cyber AnalystsBooz Allen Hamilton
 
Security in Web 2.0, Social Web and Cloud
Security in Web 2.0, Social Web and CloudSecurity in Web 2.0, Social Web and Cloud
Security in Web 2.0, Social Web and CloudITDogadjaji.com
 
Cybersecurity report
Cybersecurity reportCybersecurity report
Cybersecurity reportKevin Leffew
 
IBM 2015 Cyber Security Intelligence Index
IBM 2015 Cyber Security Intelligence IndexIBM 2015 Cyber Security Intelligence Index
IBM 2015 Cyber Security Intelligence IndexAndreanne Clarke
 
Online security – an assessment of the new
Online security – an assessment of the newOnline security – an assessment of the new
Online security – an assessment of the newsunnyjoshi88
 
140707_Cyber-Security
140707_Cyber-Security140707_Cyber-Security
140707_Cyber-SecurityTara Gravel
 
Mobile malware and enterprise security v 1.2_0
Mobile malware and enterprise security v 1.2_0Mobile malware and enterprise security v 1.2_0
Mobile malware and enterprise security v 1.2_0Javier Gonzalez
 
Cyber Security small
Cyber Security smallCyber Security small
Cyber Security smallHenry Worth
 
Managed security services for financial services firms
Managed security services for financial services firmsManaged security services for financial services firms
Managed security services for financial services firmsJake Weaver
 
Raise The Cybersecurity Curtain! Be The Voice!
Raise The Cybersecurity Curtain! Be The Voice!Raise The Cybersecurity Curtain! Be The Voice!
Raise The Cybersecurity Curtain! Be The Voice!Ludmila Morozova-Buss
 
How the Internet of Things Leads to Better, Faster Crisis Communication
 How the Internet of Things Leads to Better, Faster Crisis Communication How the Internet of Things Leads to Better, Faster Crisis Communication
How the Internet of Things Leads to Better, Faster Crisis CommunicationBlackBerry
 
Ten Security Essentials for CIOs
Ten Security Essentials for CIOsTen Security Essentials for CIOs
Ten Security Essentials for CIOsIBM Security
 
Information Security
Information SecurityInformation Security
Information Securitytrunko
 
Raise The Cybersecurity Curtain. Predictions 2021
Raise The Cybersecurity Curtain. Predictions 2021Raise The Cybersecurity Curtain. Predictions 2021
Raise The Cybersecurity Curtain. Predictions 2021Ludmila Morozova-Buss
 
Corporate Cybersecurity: A Serious Game
Corporate Cybersecurity: A Serious GameCorporate Cybersecurity: A Serious Game
Corporate Cybersecurity: A Serious GameTatainteractive1
 
ThreatMetrix Profile in March 2014 CIO Review
ThreatMetrix Profile in March 2014 CIO ReviewThreatMetrix Profile in March 2014 CIO Review
ThreatMetrix Profile in March 2014 CIO ReviewThreatMetrix
 

What's hot (20)

Risky Business
Risky BusinessRisky Business
Risky Business
 
Cyber Training: Developing the Next Generation of Cyber Analysts
Cyber Training: Developing the Next Generation of Cyber AnalystsCyber Training: Developing the Next Generation of Cyber Analysts
Cyber Training: Developing the Next Generation of Cyber Analysts
 
Security in Web 2.0, Social Web and Cloud
Security in Web 2.0, Social Web and CloudSecurity in Web 2.0, Social Web and Cloud
Security in Web 2.0, Social Web and Cloud
 
Manifesto_final
Manifesto_finalManifesto_final
Manifesto_final
 
Cybersecurity report
Cybersecurity reportCybersecurity report
Cybersecurity report
 
Delusions of-safety-cyber-savvy-ceo
Delusions of-safety-cyber-savvy-ceoDelusions of-safety-cyber-savvy-ceo
Delusions of-safety-cyber-savvy-ceo
 
IBM 2015 Cyber Security Intelligence Index
IBM 2015 Cyber Security Intelligence IndexIBM 2015 Cyber Security Intelligence Index
IBM 2015 Cyber Security Intelligence Index
 
Online security – an assessment of the new
Online security – an assessment of the newOnline security – an assessment of the new
Online security – an assessment of the new
 
140707_Cyber-Security
140707_Cyber-Security140707_Cyber-Security
140707_Cyber-Security
 
Mobile malware and enterprise security v 1.2_0
Mobile malware and enterprise security v 1.2_0Mobile malware and enterprise security v 1.2_0
Mobile malware and enterprise security v 1.2_0
 
Cyber Security small
Cyber Security smallCyber Security small
Cyber Security small
 
Managed security services for financial services firms
Managed security services for financial services firmsManaged security services for financial services firms
Managed security services for financial services firms
 
Raise The Cybersecurity Curtain! Be The Voice!
Raise The Cybersecurity Curtain! Be The Voice!Raise The Cybersecurity Curtain! Be The Voice!
Raise The Cybersecurity Curtain! Be The Voice!
 
How the Internet of Things Leads to Better, Faster Crisis Communication
 How the Internet of Things Leads to Better, Faster Crisis Communication How the Internet of Things Leads to Better, Faster Crisis Communication
How the Internet of Things Leads to Better, Faster Crisis Communication
 
Ten Security Essentials for CIOs
Ten Security Essentials for CIOsTen Security Essentials for CIOs
Ten Security Essentials for CIOs
 
Information Security
Information SecurityInformation Security
Information Security
 
Raise The Cybersecurity Curtain. Predictions 2021
Raise The Cybersecurity Curtain. Predictions 2021Raise The Cybersecurity Curtain. Predictions 2021
Raise The Cybersecurity Curtain. Predictions 2021
 
Corporate Cybersecurity: A Serious Game
Corporate Cybersecurity: A Serious GameCorporate Cybersecurity: A Serious Game
Corporate Cybersecurity: A Serious Game
 
ThreatMetrix Profile in March 2014 CIO Review
ThreatMetrix Profile in March 2014 CIO ReviewThreatMetrix Profile in March 2014 CIO Review
ThreatMetrix Profile in March 2014 CIO Review
 
Trends_in_my_profession(revised)
Trends_in_my_profession(revised)Trends_in_my_profession(revised)
Trends_in_my_profession(revised)
 

Viewers also liked

Ict Security per le nuove esigenze di business
Ict Security per le nuove esigenze di businessIct Security per le nuove esigenze di business
Ict Security per le nuove esigenze di businessat MicroFocus Italy ❖✔
 
Mobile app user_survey_failing_meet_user_expectations
Mobile app user_survey_failing_meet_user_expectationsMobile app user_survey_failing_meet_user_expectations
Mobile app user_survey_failing_meet_user_expectationsat MicroFocus Italy ❖✔
 
Protecting your data against cyber attacks in big data environments
Protecting your data against cyber attacks in big data environmentsProtecting your data against cyber attacks in big data environments
Protecting your data against cyber attacks in big data environmentsat MicroFocus Italy ❖✔
 
Chelsea TropperFinalProjectVitaCocoIMCPlan
Chelsea TropperFinalProjectVitaCocoIMCPlanChelsea TropperFinalProjectVitaCocoIMCPlan
Chelsea TropperFinalProjectVitaCocoIMCPlanchelsea tropper
 
Tara J Walshe CV
Tara J Walshe CVTara J Walshe CV
Tara J Walshe CVTara walsh
 
The Business of Hacking - Business innovation meets the business of hacking
The Business of Hacking - Business innovation meets the business of hackingThe Business of Hacking - Business innovation meets the business of hacking
The Business of Hacking - Business innovation meets the business of hackingat MicroFocus Italy ❖✔
 
Reportec hp atalla soluzioni enterprise per la protezione dei dati sensibili
Reportec   hp atalla soluzioni enterprise per la protezione dei dati sensibiliReportec   hp atalla soluzioni enterprise per la protezione dei dati sensibili
Reportec hp atalla soluzioni enterprise per la protezione dei dati sensibiliat MicroFocus Italy ❖✔
 
愛,是唯一的添加 - 鮮乳坊
愛,是唯一的添加 - 鮮乳坊愛,是唯一的添加 - 鮮乳坊
愛,是唯一的添加 - 鮮乳坊Baggio Chang
 
Business Risk: Effective Technology Protecting Your Business
Business Risk: Effective Technology Protecting Your BusinessBusiness Risk: Effective Technology Protecting Your Business
Business Risk: Effective Technology Protecting Your Businessat MicroFocus Italy ❖✔
 

Viewers also liked (15)

Ict Security per le nuove esigenze di business
Ict Security per le nuove esigenze di businessIct Security per le nuove esigenze di business
Ict Security per le nuove esigenze di business
 
Mobile app user_survey_failing_meet_user_expectations
Mobile app user_survey_failing_meet_user_expectationsMobile app user_survey_failing_meet_user_expectations
Mobile app user_survey_failing_meet_user_expectations
 
Protecting your data against cyber attacks in big data environments
Protecting your data against cyber attacks in big data environmentsProtecting your data against cyber attacks in big data environments
Protecting your data against cyber attacks in big data environments
 
Omkar mulje
Omkar muljeOmkar mulje
Omkar mulje
 
Logo_print
Logo_printLogo_print
Logo_print
 
PCI COMPLIANCE REPORT
PCI COMPLIANCE REPORTPCI COMPLIANCE REPORT
PCI COMPLIANCE REPORT
 
Chelsea TropperFinalProjectVitaCocoIMCPlan
Chelsea TropperFinalProjectVitaCocoIMCPlanChelsea TropperFinalProjectVitaCocoIMCPlan
Chelsea TropperFinalProjectVitaCocoIMCPlan
 
Tara J Walshe CV
Tara J Walshe CVTara J Walshe CV
Tara J Walshe CV
 
Hp secure file
Hp secure fileHp secure file
Hp secure file
 
The Business of Hacking - Business innovation meets the business of hacking
The Business of Hacking - Business innovation meets the business of hackingThe Business of Hacking - Business innovation meets the business of hacking
The Business of Hacking - Business innovation meets the business of hacking
 
Reportec hp atalla soluzioni enterprise per la protezione dei dati sensibili
Reportec   hp atalla soluzioni enterprise per la protezione dei dati sensibiliReportec   hp atalla soluzioni enterprise per la protezione dei dati sensibili
Reportec hp atalla soluzioni enterprise per la protezione dei dati sensibili
 
Threat report 2015_v1
Threat report 2015_v1Threat report 2015_v1
Threat report 2015_v1
 
愛,是唯一的添加 - 鮮乳坊
愛,是唯一的添加 - 鮮乳坊愛,是唯一的添加 - 鮮乳坊
愛,是唯一的添加 - 鮮乳坊
 
Cyberedge 2015 Defense Report
Cyberedge 2015 Defense Report Cyberedge 2015 Defense Report
Cyberedge 2015 Defense Report
 
Business Risk: Effective Technology Protecting Your Business
Business Risk: Effective Technology Protecting Your BusinessBusiness Risk: Effective Technology Protecting Your Business
Business Risk: Effective Technology Protecting Your Business
 

Similar to Volume2 chapter1 security

Security - intelligence - maturity-model-ciso-whitepaper
Security - intelligence - maturity-model-ciso-whitepaperSecurity - intelligence - maturity-model-ciso-whitepaper
Security - intelligence - maturity-model-ciso-whitepaperCMR WORLD TECH
 
A1 - Cibersegurança - Raising the Bar for Cybersecurity
A1 - Cibersegurança - Raising the Bar for CybersecurityA1 - Cibersegurança - Raising the Bar for Cybersecurity
A1 - Cibersegurança - Raising the Bar for CybersecuritySpark Security
 
Cyberfort syllabus & career
Cyberfort syllabus & careerCyberfort syllabus & career
Cyberfort syllabus & careerAmit Kumar
 
Cyberfort syllabus & career
Cyberfort syllabus & careerCyberfort syllabus & career
Cyberfort syllabus & careerAmit Kumar
 
Top 10 cybersecurity predictions for 2016 by Matthew Rosenquist
Top 10 cybersecurity predictions for 2016 by Matthew RosenquistTop 10 cybersecurity predictions for 2016 by Matthew Rosenquist
Top 10 cybersecurity predictions for 2016 by Matthew RosenquistMatthew Rosenquist
 
12Cyber Research ProposalCyb
12Cyber Research ProposalCyb12Cyber Research ProposalCyb
12Cyber Research ProposalCybAnastaciaShadelb
 
AI-Cyber-Security-White-Papers-06-15-LR
AI-Cyber-Security-White-Papers-06-15-LRAI-Cyber-Security-White-Papers-06-15-LR
AI-Cyber-Security-White-Papers-06-15-LRBill Besse
 
Shifting Risks and IT Complexities Create Demands for New Enterprise Security...
Shifting Risks and IT Complexities Create Demands for New Enterprise Security...Shifting Risks and IT Complexities Create Demands for New Enterprise Security...
Shifting Risks and IT Complexities Create Demands for New Enterprise Security...Booz Allen Hamilton
 
5 Security Trends to Watch in 2020
5 Security Trends to Watch in 20205 Security Trends to Watch in 2020
5 Security Trends to Watch in 2020Dharmendra Rama
 
A Manifesto for Cyber Resilience
A Manifesto for Cyber ResilienceA Manifesto for Cyber Resilience
A Manifesto for Cyber ResilienceSymantec
 
Team 3_Final Project.docx
Team 3_Final Project.docxTeam 3_Final Project.docx
Team 3_Final Project.docxMarcusBrown87
 
6 Cybersecurity Trends to Watch in 2019
6 Cybersecurity Trends to Watch in 20196 Cybersecurity Trends to Watch in 2019
6 Cybersecurity Trends to Watch in 2019BluePayProcessing
 
Top 15 security predictions for 2017
Top 15 security predictions for 2017Top 15 security predictions for 2017
Top 15 security predictions for 2017Accelerate Tech
 
White Paper Example - Brafton for NIP Group.pdf
White Paper Example - Brafton for NIP Group.pdfWhite Paper Example - Brafton for NIP Group.pdf
White Paper Example - Brafton for NIP Group.pdfBrafton
 
Five Network Security Threats And How To Protect Your Business Wp101112
Five Network Security Threats And How To Protect Your Business Wp101112Five Network Security Threats And How To Protect Your Business Wp101112
Five Network Security Threats And How To Protect Your Business Wp101112Erik Ginalick
 

Similar to Volume2 chapter1 security (20)

Get Prepared
Get PreparedGet Prepared
Get Prepared
 
Security - intelligence - maturity-model-ciso-whitepaper
Security - intelligence - maturity-model-ciso-whitepaperSecurity - intelligence - maturity-model-ciso-whitepaper
Security - intelligence - maturity-model-ciso-whitepaper
 
A1 - Cibersegurança - Raising the Bar for Cybersecurity
A1 - Cibersegurança - Raising the Bar for CybersecurityA1 - Cibersegurança - Raising the Bar for Cybersecurity
A1 - Cibersegurança - Raising the Bar for Cybersecurity
 
Cyberfort syllabus & career
Cyberfort syllabus & careerCyberfort syllabus & career
Cyberfort syllabus & career
 
Cyberfort syllabus & career
Cyberfort syllabus & careerCyberfort syllabus & career
Cyberfort syllabus & career
 
The 10 Fastest Growing Cyber Security Companies of 2017
The 10 Fastest Growing Cyber Security Companies of 2017The 10 Fastest Growing Cyber Security Companies of 2017
The 10 Fastest Growing Cyber Security Companies of 2017
 
Top 10 cybersecurity predictions for 2016 by Matthew Rosenquist
Top 10 cybersecurity predictions for 2016 by Matthew RosenquistTop 10 cybersecurity predictions for 2016 by Matthew Rosenquist
Top 10 cybersecurity predictions for 2016 by Matthew Rosenquist
 
12Cyber Research ProposalCyb
12Cyber Research ProposalCyb12Cyber Research ProposalCyb
12Cyber Research ProposalCyb
 
12Cyber Research ProposalCyb
12Cyber Research ProposalCyb12Cyber Research ProposalCyb
12Cyber Research ProposalCyb
 
AI-Cyber-Security-White-Papers-06-15-LR
AI-Cyber-Security-White-Papers-06-15-LRAI-Cyber-Security-White-Papers-06-15-LR
AI-Cyber-Security-White-Papers-06-15-LR
 
Shifting Risks and IT Complexities Create Demands for New Enterprise Security...
Shifting Risks and IT Complexities Create Demands for New Enterprise Security...Shifting Risks and IT Complexities Create Demands for New Enterprise Security...
Shifting Risks and IT Complexities Create Demands for New Enterprise Security...
 
1402.1842.pdf
1402.1842.pdf1402.1842.pdf
1402.1842.pdf
 
5 Security Trends to Watch in 2020
5 Security Trends to Watch in 20205 Security Trends to Watch in 2020
5 Security Trends to Watch in 2020
 
A Manifesto for Cyber Resilience
A Manifesto for Cyber ResilienceA Manifesto for Cyber Resilience
A Manifesto for Cyber Resilience
 
Team 3_Final Project.docx
Team 3_Final Project.docxTeam 3_Final Project.docx
Team 3_Final Project.docx
 
6 Cybersecurity Trends to Watch in 2019
6 Cybersecurity Trends to Watch in 20196 Cybersecurity Trends to Watch in 2019
6 Cybersecurity Trends to Watch in 2019
 
Top 15 security predictions for 2017
Top 15 security predictions for 2017Top 15 security predictions for 2017
Top 15 security predictions for 2017
 
5 main trends in cyber security for 2020
5 main trends in cyber security for 20205 main trends in cyber security for 2020
5 main trends in cyber security for 2020
 
White Paper Example - Brafton for NIP Group.pdf
White Paper Example - Brafton for NIP Group.pdfWhite Paper Example - Brafton for NIP Group.pdf
White Paper Example - Brafton for NIP Group.pdf
 
Five Network Security Threats And How To Protect Your Business Wp101112
Five Network Security Threats And How To Protect Your Business Wp101112Five Network Security Threats And How To Protect Your Business Wp101112
Five Network Security Threats And How To Protect Your Business Wp101112
 

More from at MicroFocus Italy ❖✔

Bper services Case Study Application Delivery Management
Bper services Case Study Application Delivery ManagementBper services Case Study Application Delivery Management
Bper services Case Study Application Delivery Managementat MicroFocus Italy ❖✔
 
Crittografia end to-end basata sui dati come volano della app economy
Crittografia end to-end basata sui dati come volano della app economyCrittografia end to-end basata sui dati come volano della app economy
Crittografia end to-end basata sui dati come volano della app economyat MicroFocus Italy ❖✔
 
Technology’s role in data protection – the missing link in GDPR transformation
Technology’s role in data protection – the missing link in GDPR transformationTechnology’s role in data protection – the missing link in GDPR transformation
Technology’s role in data protection – the missing link in GDPR transformationat MicroFocus Italy ❖✔
 
HPE Security – Data Security HPE Voltage SecureMail
HPE Security – Data Security HPE Voltage SecureMailHPE Security – Data Security HPE Voltage SecureMail
HPE Security – Data Security HPE Voltage SecureMailat MicroFocus Italy ❖✔
 
The Best Articles of 2016 DEVELOPING AND CONNECTING CYBERSECURITY LEADERS GLO...
The Best Articles of 2016 DEVELOPING AND CONNECTING CYBERSECURITY LEADERS GLO...The Best Articles of 2016 DEVELOPING AND CONNECTING CYBERSECURITY LEADERS GLO...
The Best Articles of 2016 DEVELOPING AND CONNECTING CYBERSECURITY LEADERS GLO...at MicroFocus Italy ❖✔
 
Hpe secure data-payments-pci-dss-control-applicability-assessment
Hpe secure data-payments-pci-dss-control-applicability-assessmentHpe secure data-payments-pci-dss-control-applicability-assessment
Hpe secure data-payments-pci-dss-control-applicability-assessmentat MicroFocus Italy ❖✔
 
HPE Software at Discover 2016 London 29 November—1 December
HPE Software at Discover 2016 London 29 November—1 DecemberHPE Software at Discover 2016 London 29 November—1 December
HPE Software at Discover 2016 London 29 November—1 Decemberat MicroFocus Italy ❖✔
 
The National Cyber Security Strategy 2016 to 2021 sets out the government's p...
The National Cyber Security Strategy 2016 to 2021 sets out the government's p...The National Cyber Security Strategy 2016 to 2021 sets out the government's p...
The National Cyber Security Strategy 2016 to 2021 sets out the government's p...at MicroFocus Italy ❖✔
 
Sicurezza end-to-end-per-la-posta-e-documenti-allegati
Sicurezza end-to-end-per-la-posta-e-documenti-allegatiSicurezza end-to-end-per-la-posta-e-documenti-allegati
Sicurezza end-to-end-per-la-posta-e-documenti-allegatiat MicroFocus Italy ❖✔
 
Protecting your data against cyber attacks in big data environments
Protecting your data against cyber attacks in big data environmentsProtecting your data against cyber attacks in big data environments
Protecting your data against cyber attacks in big data environmentsat MicroFocus Italy ❖✔
 
State of Security Operations 2016 report of capabilities and maturity of cybe...
State of Security Operations 2016 report of capabilities and maturity of cybe...State of Security Operations 2016 report of capabilities and maturity of cybe...
State of Security Operations 2016 report of capabilities and maturity of cybe...at MicroFocus Italy ❖✔
 
HP secure mail techincal brief and the ibe advantage
HP secure mail techincal brief and the ibe advantageHP secure mail techincal brief and the ibe advantage
HP secure mail techincal brief and the ibe advantageat MicroFocus Italy ❖✔
 

More from at MicroFocus Italy ❖✔ (20)

Bper services Case Study Application Delivery Management
Bper services Case Study Application Delivery ManagementBper services Case Study Application Delivery Management
Bper services Case Study Application Delivery Management
 
Configuration Management in a Multi-Cloud Era
Configuration Management in a Multi-Cloud EraConfiguration Management in a Multi-Cloud Era
Configuration Management in a Multi-Cloud Era
 
Crittografia end to-end basata sui dati come volano della app economy
Crittografia end to-end basata sui dati come volano della app economyCrittografia end to-end basata sui dati come volano della app economy
Crittografia end to-end basata sui dati come volano della app economy
 
Technology’s role in data protection – the missing link in GDPR transformation
Technology’s role in data protection – the missing link in GDPR transformationTechnology’s role in data protection – the missing link in GDPR transformation
Technology’s role in data protection – the missing link in GDPR transformation
 
HPE Security – Data Security HPE Voltage SecureMail
HPE Security – Data Security HPE Voltage SecureMailHPE Security – Data Security HPE Voltage SecureMail
HPE Security – Data Security HPE Voltage SecureMail
 
Chationary
ChationaryChationary
Chationary
 
The Best Articles of 2016 DEVELOPING AND CONNECTING CYBERSECURITY LEADERS GLO...
The Best Articles of 2016 DEVELOPING AND CONNECTING CYBERSECURITY LEADERS GLO...The Best Articles of 2016 DEVELOPING AND CONNECTING CYBERSECURITY LEADERS GLO...
The Best Articles of 2016 DEVELOPING AND CONNECTING CYBERSECURITY LEADERS GLO...
 
Hpe secure data-payments-pci-dss-control-applicability-assessment
Hpe secure data-payments-pci-dss-control-applicability-assessmentHpe secure data-payments-pci-dss-control-applicability-assessment
Hpe secure data-payments-pci-dss-control-applicability-assessment
 
HPE Software at Discover 2016 London 29 November—1 December
HPE Software at Discover 2016 London 29 November—1 DecemberHPE Software at Discover 2016 London 29 November—1 December
HPE Software at Discover 2016 London 29 November—1 December
 
The National Cyber Security Strategy 2016 to 2021 sets out the government's p...
The National Cyber Security Strategy 2016 to 2021 sets out the government's p...The National Cyber Security Strategy 2016 to 2021 sets out the government's p...
The National Cyber Security Strategy 2016 to 2021 sets out the government's p...
 
Format preserving encryption bachelor thesis
Format preserving encryption bachelor thesisFormat preserving encryption bachelor thesis
Format preserving encryption bachelor thesis
 
Privacy e recupero crediti il vademecum
Privacy e recupero crediti   il vademecumPrivacy e recupero crediti   il vademecum
Privacy e recupero crediti il vademecum
 
Sicurezza end-to-end-per-la-posta-e-documenti-allegati
Sicurezza end-to-end-per-la-posta-e-documenti-allegatiSicurezza end-to-end-per-la-posta-e-documenti-allegati
Sicurezza end-to-end-per-la-posta-e-documenti-allegati
 
Protecting your data against cyber attacks in big data environments
Protecting your data against cyber attacks in big data environmentsProtecting your data against cyber attacks in big data environments
Protecting your data against cyber attacks in big data environments
 
Hpe security research cyber risk report 2016
Hpe security research  cyber risk report 2016Hpe security research  cyber risk report 2016
Hpe security research cyber risk report 2016
 
A data-centric program
A data-centric program A data-centric program
A data-centric program
 
State of Security Operations 2016 report of capabilities and maturity of cybe...
State of Security Operations 2016 report of capabilities and maturity of cybe...State of Security Operations 2016 report of capabilities and maturity of cybe...
State of Security Operations 2016 report of capabilities and maturity of cybe...
 
Soluzioni per proteggere i dati nel cloud
Soluzioni per proteggere i dati nel cloudSoluzioni per proteggere i dati nel cloud
Soluzioni per proteggere i dati nel cloud
 
HP secure mail techincal brief and the ibe advantage
HP secure mail techincal brief and the ibe advantageHP secure mail techincal brief and the ibe advantage
HP secure mail techincal brief and the ibe advantage
 
Hp Secure Mail
Hp Secure MailHp Secure Mail
Hp Secure Mail
 

Recently uploaded

Why Choose Brain Inventory For Ecommerce Development.pdf
Why Choose Brain Inventory For Ecommerce Development.pdfWhy Choose Brain Inventory For Ecommerce Development.pdf
Why Choose Brain Inventory For Ecommerce Development.pdfBrain Inventory
 
eAuditor Audits & Inspections - conduct field inspections
eAuditor Audits & Inspections - conduct field inspectionseAuditor Audits & Inspections - conduct field inspections
eAuditor Audits & Inspections - conduct field inspectionsNirav Modi
 
Cybersecurity Challenges with Generative AI - for Good and Bad
Cybersecurity Challenges with Generative AI - for Good and BadCybersecurity Challenges with Generative AI - for Good and Bad
Cybersecurity Challenges with Generative AI - for Good and BadIvo Andreev
 
Webinar - IA generativa e grafi Neo4j: RAG time!
Webinar - IA generativa e grafi Neo4j: RAG time!Webinar - IA generativa e grafi Neo4j: RAG time!
Webinar - IA generativa e grafi Neo4j: RAG time!Neo4j
 
Watermarking in Source Code: Applications and Security Challenges
Watermarking in Source Code: Applications and Security ChallengesWatermarking in Source Code: Applications and Security Challenges
Watermarking in Source Code: Applications and Security ChallengesShyamsundar Das
 
Growing Oxen: channel operators and retries
Growing Oxen: channel operators and retriesGrowing Oxen: channel operators and retries
Growing Oxen: channel operators and retriesSoftwareMill
 
Kubernetes go-live checklist for your microservices.pptx
Kubernetes go-live checklist for your microservices.pptxKubernetes go-live checklist for your microservices.pptx
Kubernetes go-live checklist for your microservices.pptxPrakarsh -
 
ERP For Electrical and Electronics manufecturing.pptx
ERP For Electrical and Electronics manufecturing.pptxERP For Electrical and Electronics manufecturing.pptx
ERP For Electrical and Electronics manufecturing.pptxAutus Cyber Tech
 
Top Software Development Trends in 2024
Top Software Development Trends in  2024Top Software Development Trends in  2024
Top Software Development Trends in 2024Mind IT Systems
 
ARM Talk @ Rejekts - Will ARM be the new Mainstream in our Data Centers_.pdf
ARM Talk @ Rejekts - Will ARM be the new Mainstream in our Data Centers_.pdfARM Talk @ Rejekts - Will ARM be the new Mainstream in our Data Centers_.pdf
ARM Talk @ Rejekts - Will ARM be the new Mainstream in our Data Centers_.pdfTobias Schneck
 
online pdf editor software solutions.pdf
online pdf editor software solutions.pdfonline pdf editor software solutions.pdf
online pdf editor software solutions.pdfMeon Technology
 
Kawika Technologies pvt ltd Software Development Company in Trivandrum
Kawika Technologies pvt ltd Software Development Company in TrivandrumKawika Technologies pvt ltd Software Development Company in Trivandrum
Kawika Technologies pvt ltd Software Development Company in TrivandrumKawika Technologies
 
Mastering Kubernetes - Basics and Advanced Concepts using Example Project
Mastering Kubernetes - Basics and Advanced Concepts using Example ProjectMastering Kubernetes - Basics and Advanced Concepts using Example Project
Mastering Kubernetes - Basics and Advanced Concepts using Example Projectwajrcs
 
OpenChain Webinar: Universal CVSS Calculator
OpenChain Webinar: Universal CVSS CalculatorOpenChain Webinar: Universal CVSS Calculator
OpenChain Webinar: Universal CVSS CalculatorShane Coughlan
 
AI Embracing Every Shade of Human Beauty
AI Embracing Every Shade of Human BeautyAI Embracing Every Shade of Human Beauty
AI Embracing Every Shade of Human BeautyRaymond Okyere-Forson
 
How Does the Epitome of Spyware Differ from Other Malicious Software?
How Does the Epitome of Spyware Differ from Other Malicious Software?How Does the Epitome of Spyware Differ from Other Malicious Software?
How Does the Epitome of Spyware Differ from Other Malicious Software?AmeliaSmith90
 
20240330_고급진 코드를 위한 exception 다루기
20240330_고급진 코드를 위한 exception 다루기20240330_고급진 코드를 위한 exception 다루기
20240330_고급진 코드를 위한 exception 다루기Chiwon Song
 
Transforming PMO Success with AI - Discover OnePlan Strategic Portfolio Work ...
Transforming PMO Success with AI - Discover OnePlan Strategic Portfolio Work ...Transforming PMO Success with AI - Discover OnePlan Strategic Portfolio Work ...
Transforming PMO Success with AI - Discover OnePlan Strategic Portfolio Work ...OnePlan Solutions
 
Introduction-to-Software-Development-Outsourcing.pptx
Introduction-to-Software-Development-Outsourcing.pptxIntroduction-to-Software-Development-Outsourcing.pptx
Introduction-to-Software-Development-Outsourcing.pptxIntelliSource Technologies
 

Recently uploaded (20)

Why Choose Brain Inventory For Ecommerce Development.pdf
Why Choose Brain Inventory For Ecommerce Development.pdfWhy Choose Brain Inventory For Ecommerce Development.pdf
Why Choose Brain Inventory For Ecommerce Development.pdf
 
eAuditor Audits & Inspections - conduct field inspections
eAuditor Audits & Inspections - conduct field inspectionseAuditor Audits & Inspections - conduct field inspections
eAuditor Audits & Inspections - conduct field inspections
 
Cybersecurity Challenges with Generative AI - for Good and Bad
Cybersecurity Challenges with Generative AI - for Good and BadCybersecurity Challenges with Generative AI - for Good and Bad
Cybersecurity Challenges with Generative AI - for Good and Bad
 
Webinar - IA generativa e grafi Neo4j: RAG time!
Webinar - IA generativa e grafi Neo4j: RAG time!Webinar - IA generativa e grafi Neo4j: RAG time!
Webinar - IA generativa e grafi Neo4j: RAG time!
 
Watermarking in Source Code: Applications and Security Challenges
Watermarking in Source Code: Applications and Security ChallengesWatermarking in Source Code: Applications and Security Challenges
Watermarking in Source Code: Applications and Security Challenges
 
Growing Oxen: channel operators and retries
Growing Oxen: channel operators and retriesGrowing Oxen: channel operators and retries
Growing Oxen: channel operators and retries
 
Kubernetes go-live checklist for your microservices.pptx
Kubernetes go-live checklist for your microservices.pptxKubernetes go-live checklist for your microservices.pptx
Kubernetes go-live checklist for your microservices.pptx
 
ERP For Electrical and Electronics manufecturing.pptx
ERP For Electrical and Electronics manufecturing.pptxERP For Electrical and Electronics manufecturing.pptx
ERP For Electrical and Electronics manufecturing.pptx
 
Top Software Development Trends in 2024
Top Software Development Trends in  2024Top Software Development Trends in  2024
Top Software Development Trends in 2024
 
ARM Talk @ Rejekts - Will ARM be the new Mainstream in our Data Centers_.pdf
ARM Talk @ Rejekts - Will ARM be the new Mainstream in our Data Centers_.pdfARM Talk @ Rejekts - Will ARM be the new Mainstream in our Data Centers_.pdf
ARM Talk @ Rejekts - Will ARM be the new Mainstream in our Data Centers_.pdf
 
online pdf editor software solutions.pdf
online pdf editor software solutions.pdfonline pdf editor software solutions.pdf
online pdf editor software solutions.pdf
 
Kawika Technologies pvt ltd Software Development Company in Trivandrum
Kawika Technologies pvt ltd Software Development Company in TrivandrumKawika Technologies pvt ltd Software Development Company in Trivandrum
Kawika Technologies pvt ltd Software Development Company in Trivandrum
 
Mastering Kubernetes - Basics and Advanced Concepts using Example Project
Mastering Kubernetes - Basics and Advanced Concepts using Example ProjectMastering Kubernetes - Basics and Advanced Concepts using Example Project
Mastering Kubernetes - Basics and Advanced Concepts using Example Project
 
OpenChain Webinar: Universal CVSS Calculator
OpenChain Webinar: Universal CVSS CalculatorOpenChain Webinar: Universal CVSS Calculator
OpenChain Webinar: Universal CVSS Calculator
 
AI Embracing Every Shade of Human Beauty
AI Embracing Every Shade of Human BeautyAI Embracing Every Shade of Human Beauty
AI Embracing Every Shade of Human Beauty
 
Program with GUTs
Program with GUTsProgram with GUTs
Program with GUTs
 
How Does the Epitome of Spyware Differ from Other Malicious Software?
How Does the Epitome of Spyware Differ from Other Malicious Software?How Does the Epitome of Spyware Differ from Other Malicious Software?
How Does the Epitome of Spyware Differ from Other Malicious Software?
 
20240330_고급진 코드를 위한 exception 다루기
20240330_고급진 코드를 위한 exception 다루기20240330_고급진 코드를 위한 exception 다루기
20240330_고급진 코드를 위한 exception 다루기
 
Transforming PMO Success with AI - Discover OnePlan Strategic Portfolio Work ...
Transforming PMO Success with AI - Discover OnePlan Strategic Portfolio Work ...Transforming PMO Success with AI - Discover OnePlan Strategic Portfolio Work ...
Transforming PMO Success with AI - Discover OnePlan Strategic Portfolio Work ...
 
Introduction-to-Software-Development-Outsourcing.pptx
Introduction-to-Software-Development-Outsourcing.pptxIntroduction-to-Software-Development-Outsourcing.pptx
Introduction-to-Software-Development-Outsourcing.pptx
 

Volume2 chapter1 security

  • 1. Security 20/20 Chapter 1 Preparing today for tomorrow’s threats I.1 Outlook I.2 Threats I.3 Innovation I.4 Risk management I.5 Regulation I.6 Strategies I.7 Sources
  • 3. I.1 Outlook When companies hear the word “security,” what concepts come to mind — safety, protection or perhaps comfort? To the average IT administrator, security conjures up images of locked-down networks and virus-free devices. An attacker, state-sponsored agent or hactivist, meanwhile, may view security as a way to demonstrate expertise by infiltrating and bringing down corporate or government networks for profit, military goals, political gain — or even fun. Page 3
  • 4. We live in a world in which cybercrime is on the rise. A quick scan of the timeline of major incidents (See Figure 1, Page 9) shows the increasing frequency and severity of security breaches — a pattern that is likely to continue for years to come. Few if any organizations are safe from cybercriminals, to say nothing of national security. In fact, experts even exposed authentication and encryption vulnerabilities in the U.S. Federal Aviation Administration’s new state-of-the-art multibillion-dollar air traffic control system1 . Page 4
  • 5. I.1 Outlook Security now, by necessity, must protect all aspects of the enterprise, from the data center to the desktop and beyond the network edge. Seemingly commonplace, yet still nascent, innovations such as cloud services and the bring-your-own-device (BYOD) trend have only accelerated the need for relevant security at all points in the information lifecycle. “The Internet of Things is going to allow us to be more connected and very productive,” says Art Gilliland, senior vice president, Software Enterprise Security Products, HP. “But it also creates more areas for adversaries to compromise the environment. Any device can be the attack point or the thing that is attacking.” Over the next decade, this reality is going to challenge our IT environments, our consumer lifestyles and the security industry at large. “We have very intelligent, highly motivated antagonists who are determined to cause disruption. We don’t think that’s ever going to go away,” says Rebecca Lawson, director, Worldwide Enterprise Solutions Marketing, HP. Enterprises need to adopt a different approach to security. The game is no longer about locking down the network and blocking every threat. To compete against adversaries who are increasingly sophisticated and well-funded — and in many cases, unknown — companies have to manage the risk that is inherent in doing business in a connected world. Page 5 “Any device can be the attack point or the thing that is attacking,” Gilliland says.
  • 6. In 2020, companies and individuals alike will need to approach security from a holistic mindset as threats to corporate, government and personal information increase. Security professionals will find themselves answering to CEOs and corporate boards as their policies, processes and vulnerabilities become companywide priorities. In order to reduce technical debt downstream and decrease unplanned downtime, intrusions and business disruption, enterprises will need to embrace a three-step approach to security: 1. Build it in. 2. Make it intelligent. 3. Protect what matters. “People do not have a good handle on today’s threats. Pretty much every corporation is suffering breaches, and when they are even aware of what is happening, they are unwilling to talk about it,” says Martin Sadler, director, Cloud and Security, HP Labs. “We do not have today’s threats under control, and we are going to have to work hard to keep it from getting worse.” Our goal in this chapter is to shed some light on the most likely threats enterprises will face in 2020 and what they can do now to protect their information and networks while enabling agility and privacy. The threats are very real, and they are very damaging. But enterprises can look at them as catalysts for positive change. I.1 Outlook Page 6 “We do not have today’s threats under control, and we are going to have to work hard to keep it from getting worse.” Martin Sadler, director, Cloud and Security, HP Labs twitter: @hplabs
  • 7. “Every corporation is suffering breaches, and they are unwilling to talk about it.” I.1 Outlook Page 7 Martin Sadler, director, Cloud and Security, HP Labs
  • 9. Page 9I.1 Outlook Discussion hub Doyoubelieveenterprisesaregetting smarter about enterprise security? “Biometrics is flawed. Identity as implemented in enterprise applications doesn’t necessarily align with how identity works in the real world.” — James McGovern “Identity theft will become much harder to pull off convincingly in this age of connectedness; as soon as someone starts misusing your identity you’re bound to be notified some way or another.” — Horia Slusanschi
  • 11. Page 11I.2 Combine global technology trends with the emergence of organized cybercrime, add the universal mandate for businesses to make money, and you have an unwinnable game for the enterprise. Here are some emerging trends and top concerns: Connected societies: Technology is having a greater influence on society, as seen by the Arab Spring of 2011. And many anticipate that an additional 1 billion people will be online by 2020, with a significant percentage of them from developing countries. “At some point in the near future we will end up with more people having access to the Internet than access to clean water,” Sadler notes. “If you equip people to be a part of this global communications infrastructure when their other needs are not being met, they will turn to the Internet to get access to what they need.” As a result, kinetic warfare or cyberterrorism has the potential to be an effective means for emerging countries to challenge the developed world on an increasingly level technology playing field. “It is important to think beyond software and system vulnerabilities and understand the wider backdrop that is likely to shape online activity,” Sadler says. Medical device as vulnerability: Physical security is coming under scrutiny as an increasing number of implanted electronic devices such as insulin pumps and pacemakers are being exposed as vulnerable to hacking. Routinely monitored and interconnected with other devices over wireless networks, they are raising red flags in the security and medical communities as the newest vulnerability due to a lack of regulation and industry oversight. Imagine being held for ransom by someone you never see, who forces you to drain your bank account in exchange for keeping your pacemaker running. A vulnerability was recently reported that could make just this type of scenario a reality2 . The increase in machine-to-machine interactions: As cities adopt smart grid technologies and buildings become more “intelligent,” breaches in security of these interconnected systems will have a cascading effect. Network grids that control traffic lights, railroad crossings and toll bridges, for instance, could become prime targets for terrorists or hackers looking to extort money from governments or individuals. Our desire to be mobile: Mobile devices, from smartphones and tablets to laptops and ultrabooks, have become primary sources of communication and information. As a result, Threats
  • 12. I.2 Threats web-based applications are proliferating. But how many of them are secure? “Web applications are becoming the preferred method of attacks because they often have vulnerabilities that can be exploited,” Lawson says. “Everyone wants to have a cool web app but they don’t know the potential risks and liabilities based on how that app interacts with other apps. These days, security is still, too often, an afterthought.” The increase of cloud services: As companies move more of their infrastructure and their data to the cloud, adversaries will be able to take advantage of the trend. “In theory, the cloud services model strengthens security because data will be handled by companies with whole teams that think about nothing but security. But we’re not there yet,” says Joseph Menn, author of Fatal System Error: The Hunt for the New Crime Lords Who are Bringing Down the Internet and an investigative reporter with Reuters specializing in cyber security. The growing importance of Big Data: For large organizations, keeping up with both the volume and the velocity of information is a huge undertaking. Attackers can exploit immense, distributed Big Data systems, which often have limited security controls, and gain access to tremendous amounts of information at once.
  • 13. Page 13 Exploiting the weakest link The majority of corporate security spending traditionally has been focused on infrastructure security. However, threats exploit the weakest areas, and for many organizations that weakest area has become the application layer. “For several decades people have been paying attention to network infrastructure security but not application security,” says John Diamant, secure product development strategist and distinguished technologist, HP. “It’s a house-of-cards situation: Because security is a weakest-link problem and applications are filled with vulnerabilities, a company can have plenty of network-based security but still be exposed.” What’s more, a disparity exists between the amount of money spent on application security compared to infrastructure and network security, with only 10 percent of the average enterprise security budget spent on application security. However, Diamant notes, more than 70 percent of successful attacks were carried out at the application level3 . “Application security is one threat that is seriously under-represented. And it’s one that’s not being well enough addressed,” he says. The lack of spending on securing applications and code is creating a mountain of technical debt for which network and infrastructure security alone cannot compensate.
  • 14. I.2 Threats “Application security is one threat that is seriously underrepresented,” Diamant points out. The power of nation-states The motivations behind cyberattacks also have changed. Hackers are getting paid handsomely for zero-day exploits, as nation-states and organized-crime rings fund an emerging cybercriminal market. “There’s an active adversary out there, trying to get around defenses and out-innovate the security controls you put in place,” Gilliland says. “The wealth of an entire marketplace is funding an attack against a single entity.” Meanwhile, the amount of time between when sophisticated attacks using cutting-edge technology occur and when corporations see that technology materialize on their own networks is shrinking. What starts off as a bespoke attack rapidly becomes industrialized because it can be replicated to be used against any number of available targets. “The bad guys are using more sophisticated technology and even developing their own supply chains,” Sadler notes. “If you want to know who the users of leading-edge technology are, it’s the people attacking our organizations.”
  • 15. Page 15I.2 Threats “Security is a weakest-link problem and applications are filled with vulnerabilities, so a company can have plenty of network- based security but still be exposed.” John Diamant, secure product development strategist and distinguished technologist, HP
  • 17. Page 17I.2 Threats Discussion hub What threats do you believe will shape the security landscape in 2020? “Security threats follow value. Will there be anything significantly more valuable in 2020 that we don’t already value today?” — Horia Slușanschi “Malicious QRcodes: The ability to place a sticker over a legitimate code with one that takes you to a malware site is cropping up more and more. This is an example of convenience overwhelming security.” ”— Charles Bess
  • 19. I.3 To compete against threats, enterprises must look beyond the all-but- vanished “network perimeter” and focus on securing applications and data while understanding identity and access for users as they move from corporate to hostile networks at will. As threats become more ubiquitous, organized and directed, companies must remain constantly vigilant. “We have to build better technologies to authenticate and understand who users are, what users should have access to or not and what data matters or doesn’t matter — and put controls directly on the information,” Gilliland explains. “There are components of that technology that exist today, but it has to become more sophisticated and more accurate.” Smart systems To stay ahead of the bad guys, companies will need to rely more on “smart systems” which should be able to recognize anomalies in a workflow and emit an alert before proceeding with the new request. Innovation
  • 20. I.3 Innovation “By the time people are involved in defending against an attack, it’s too late,” Sadler says. “We want systems that protect themselves — to have multiple layers of defense in much the same way the human body defends itself, and to act autonomously.” Along with smart systems, current technologies such as virtualization are helping mitigate some of the opportunities for attack by removing the ability for direct communication with critical systems. By using a higher level of abstraction in the way we configure our storage, networking and processing, we can better guarantee that security is being enforced and preventing potential attacks. Application lifecycle and security Many of the issues surrounding application security can be significantly reduced if developers take a lifecycle approach to security and develop the application with the benefit of protecting it from cradle to grave. The idea is based on the concept of Total Quality Management (TQM), which W. Edwards Deming introduced in the 1950s. In the United States, TQM made its way into manufacturing in the 1970s and into IT software quality assurance in the 1980s, a time when software security was far from an issue.
  • 21. Page 21 Today, however, companies are recognizing the need to architect and build security into applications from the start, which is no trivial task. “It has taken us a long time to learn the lessons from Deming,” Diamant says. “By the time people are involved in defending against an attack, it’s too late.” Martin Sadler, director, Cloud and Security, HP Labs twitter: @hplabs
  • 22. I.3 Innovation Page 22 Source: HP Comprehensive Applications Threat Analysis (CATA), September 2012 Extending security assurance to meet today’s realities Organizations cannot afford to be reactive in the current threat-filled environment In post-release phase Patching In testing phase Integration and penetration testing In development phase Code reviews In requirements phase Architecture and design Returnoninvestment Historical evolution in security assurance maturity ProactiveReactive
  • 23. Page 23Innovation Discussion hub How can organizations like those in healthcare turn the tides against security breaches? “Security protocols will adjust, seek out and quarantine perceived threats before the system is compromised.” — Albert Vargas “A triage approach could focus the scarce resources of security teams on areas that need attention.” — Charles Bess I.3
  • 25. I.4 Risk management Most enterprises walk a fine line between agility and security. The simplistic view is that a company can have either one or the other. However, the two are not mutually exclusive. Gilliland explains that migrating to a security approach that protects users and their information instead of the infrastructure and its devices can help enterprises be more agile. “If you try to control only the infrastructure, it stops you from adopting new platforms and from moving and sharing information more freely. Once you can protect the data, you can actually be more flexible,” says Gilliland. To achieve the right balance, companies must make security part of the foundation of every technical design process — and understand the business risks they are taking when they make security decisions. Technologies that focus on mitigating attacks can help an enterprise reduce vulnerability. Solutions that use threat research and correlation of security events and vulnerabilities with contextual data to deliver security intelligence across IT operations, infrastructure and applications will be even more critical as hackers look for new ways to make their attacks more targeted and more destructive. Enterprises need visibility across the entire organization in order to see where there may be threats. In the shorter term, Larry Ponemon, chairman and founder of security research think tank Ponemon Institute, believes a new generation of tools will alleviate many of the problems caused by simple human laziness. “We get lazy and don’t change passwords, and as a result tools are ineffective,” he notes. “I think we will see more solutions that make security invisible to the user and under-the-system-level technologies. Call it ‘security with convenience’.” Above all, executives need to adopt a risk-management mindset to security policy. “You may have stopped the adversary 5,000 times, but that one breach creates a perception of negligence,” Gilliland warns. He urges enterprises to create the infrastructure, toolsets, processes and controls to minimize damage when the inevitable breach occurs. Page 25
  • 26. Page 26I.4 Art Gilliland, senior vice president, Software Enterprise Security Products, HP “You may have stopped the adversary 5,000 times, but that one breach creates a perception of negligence.” Risk management
  • 28. Page 28I.4 Risk management Discussion hub By 2020, will government entities play a larger role in protecting citizens online? “The real issue is how much privacy individuals are willing to give up in order to have more security and how much trust they have in the government to behave benevolently.” — Kevin Light “The economies of global corporate entities in many cases will be greater than the GDP of many countries, and it is this citizenship that will be earmarked for protection.” — Manjit
  • 30. I.5 In the last decade, after a number of high-profile network breaches, state and federal authorities in the United States have enacted stringent legislation to protect user data, such as the payment-card industry’s Data Security Standard, healthcare’s Health Insurance Portability and Accountability Act (HIPAA) and financial services’ Gramm-Leach-Bliley Act. Government requirements and frameworks have raised awareness of security issues, making it a punishable offense to willingly — and, in some cases, even unwillingly — expose sensitive personal information. Whether we will be more secure with these new laws in place is a subject of much debate. Some argue that government involvement is essential to protecting individual entities against the military intelligence of nation-states, while others believe self-regulation with properly aligned incentives will prove more effective. It’s important to think about who pays for the cost of security today. “The economic drivers make it challenging,” Diamant explains. “If the decision- makers aren’t feeling the direct impact of a breach, companies don’t include the optimal amount of security.” Gilliland suggests governments have a role to play in protecting consumers, but companies won’t win by providing the minimum level of security. “Regulatory requirements set a bar above which everyone must be,” Gilliland Regulation
  • 31. Page 31I.5 Regulation explains. “But you’re competing against an adversary that is looking for weakness. So if you are aspiring to the low bar, you’re in trouble. We need to create an ROI model that helps executives truly understand what it takes to be secure.” Information stewards Sadler says research is taking the view that security is about stewardship. “Our first role is to protect the Internet for everybody,” he says. “We will all be looking after other people’s information. You expect me (as a company) to use your information but not misuse that information. If we put homes online in future smart cities, we will want the service providers to use the information we’ve given them, but for the purposes we expect. The industry is going through a period of feeling our way through what is acceptable use and what is not.” And when we come under attack, Sadler says, we need to share the nature of that attack in real time with others around us, to better protect everyone. The security operations center of 2020 will be federated with partners, suppliers, customers and even competitors. It will not just be looking inwardly at what is happening on the corporate network. “It’s about stewardship — our first role is to protect the Internet for everybody.” Martin Sadler, director, Cloud and Security, HP Labs twitter: @hplabs
  • 33. Page 33I.5 Regulation Discussion hub What can be done to ensure government has a say without stifling innovation? “Although portrayed as scary in movies, global monitoring could increase our feeling of security if we can prevent misuse of that info.” — Bastiaan van der Water “Certain governments will also be the attackers, claiming the intent to protect us. Who will protect us from governments going too far?” — Patrick Demichel
  • 35. Innovation can be a tremendous driver in keeping networks and data secure. But it will never be enough. To prepare now for the threats of tomorrow, companies must take a holistic, grassroots approach to security. In order to embrace the kind of transformation that is required to be resilient and defensible in 2020, enterprises must start building security into their cultures. “Companies must reach out to all their stakeholders and make them aware that damage can happen anywhere in an organization. It needs be a cultural norm around which employees are educated,” Lawson says. And having a breach management plan is critical to dealing with the inevitable. “Companies no longer get a black eye for a breach, they get a black eye for fumbling after the breach,” she adds. Who will be responsible for driving this kind of change? “The role of the chief information security officer is more important than most people realize,” Menn explains. “This is a battle of ecosystems, and it has to be taken seriously at the highest levels.” I.6 Strategies
  • 36. Page 36 Technology a major driver For many companies, the use of smart technologies already has begun, with more organizations bringing integrated and context-aware systems into their infrastructures to help protect their data. “Luckily, smart systems implementation is not a Big Bang thing where you have to get everything in place to make it work. It’s more a collection of separate pieces that help a lot, and the more we have the better we will be,” Sadler says. Ponemon has high hopes for security in 2020. “We will see more interoperability across security technology than we have today,” he predicts. “Today there are literally hundreds of categories of security devices and a lot of them overlap, so it’s difficult for a company to know what it needs. The industry needs to come up with fewer categories and more interoperability.” Also, he believes more people will be educated about security, acquiring more skill and a higher security intelligence, which alone may mitigate a good number of security issues. Menn explains that, in the short term, security companies are going back to the drawing board and tying security down to the chip level. They also are
  • 37. Page 37 supporting more business rules in their products, which will allow customers to limit the functionality of an application so that certain features might have to be turned on or off depending on the user’s circumstances. Long-term, Menn believes we will need a new Internet for financial transactions and sensitive information. “I don’t think TCP/IP can be made secure. The Internet was something in beta that escaped from the lab. It was never supposed to be used for banking and government secrets.” By 2020, many hope the evolution of security technologies and safeguards may finally outpace the threats they have been designed to protect against. Others are frank and anticipate continuing difficulties stemming the swelling tide of attacks. But all agree that the key is in starting today. “I don’t think TCP/IP can be made secure. The Internet was something in beta that escaped from the lab.” Joseph Menn, author, investigative reporter with Reuters Twitter: @josephmenn I.6 Strategies (Photo credit: Doug Piburn)
  • 38. Page 38I.6 Strategies Discussion hub How will technology change the way enterprises approach security in 2020? “The rise of social media helps to link humans into various digital ‘tribes.’ Such groups or humans will become more resilient to various forms of electronic attack.” — Horia Slușanschis “BYOD will be widely spread and both applications and corporate data will be virtually stored in the cloud. Professionals will carry their offices in their pockets for use anywhere at any time.” — Bo Carlsson
  • 39. 1 Steve Henn, “Could the New Air Traffic Control System Be Hacked?,” NPR.org, August 14, 2012 2 Homeland Security News Wire, “Pacemakers, other implanted devices, vulnerable to lethal attacks,” November 28, 2012 3 Microsoft, Microsoft Security Intelligence Report, Volume 12, 2012, page 40 I.7 Sources The views set forth in this publication are not necessarily those of Hewlett-Packard Company or its affiliates (HP), but are the collective views of contributors to this publication, some of which have been curated by HP. Because the content of this publication is future-looking, it, by definition, makes certain presuppositions and assumptions, some or all of which may or may not be realized.