Computer Security: Data and Identity Management

12/17/2008IDTheftSecurity.com www.IDTheftSecurity.com

Computer Security: Data and Identity Management Overview

ƒ Hackers ƒ Business Prevention Dos’ ƒ Data Breaches ƒ Privacy Policy ƒ Shifts in Security Priorities ƒ Valuable Data ƒ Security Policy ƒ Firewalls ƒ Shredding ƒ Wireless Security ƒ Physical Security ƒ Using Technology ;Computers ƒ Authentication and Access Control ƒ Email ƒ Identity Management ƒ Spam ƒ Viruses ƒ Regulatory and Compliance ƒ Spyware ƒ Internal Threats ƒ Phishing ƒ Biometric Solutions ƒ Botnets ƒ Considerations

12/17/2008 www.IDTheftSecurity.com

ID Theft Security Hackers

12/17/2008 www.IDTheftSecurity.com

Botnets Zombies

12/17/2008 www.IDTheftSecurity.com

ID Theft Security Data Breaches

ƒ Hacking ƒ Irresponsible insider ƒ Malicious insider ƒ 3rd party fault ƒ Laptop theft ƒ Theft ƒ Loss 12/17/2008 www.IDTheftSecurity.com

History of Hacking

ƒ 2001 ƒ 2004 ƒ 2008 9 The need for security began with desktop computing when the only means of compromising data was by inserting a contaminated floppy disk into a PC or opening an infected email attachment. That was the anti-virus era. 9 The need for security evolved with the Internet as more companies developed internal and external networks. That was the network security era. 9 Now as companies leverage the power of the web, information security has evolved yet again: We are in the application security era.

12/17/2008 www.IDTheftSecurity.com

ID Theft Security Using Technology

ƒ Ice-pick to an Iceberg

12/17/2008 www.IDTheftSecurity.com

Data Breaches

12/17/2008 www.IDTheftSecurity.com

ID Theft Security Using Technology

ƒ Speed of technology ƒ Digital printers

12/17/2008 www.IDTheftSecurity.com

Black Hat Hacking

ƒ ‘Def’Con convention

12/17/2008 www.IDTheftSecurity.com

ID Theft Security Web Mobs

12/17/2008 www.IDTheftSecurity.com

Hacking for Money

ƒ Hacking for Dummies ƒ Hacking tools kits $100- several thousands

12/17/2008 www.IDTheftSecurity.com

ID Theft Security Hacking for Money

ƒ Enterprise networks

12/17/2008 www.IDTheftSecurity.com

Hacking for Money

ƒ Unprotected networks sniffed by hackers

12/17/2008 www.IDTheftSecurity.com

ID Theft Security Using Technology

ƒ Compliance and regulatory issues

12/17/2008 www.IDTheftSecurity.com

Using Technology

Flawed system 1) SSN 2) Credit

12/17/2008 www.IDTheftSecurity.com

ID Theft Security Hacked

12/17/2008 www.IDTheftSecurity.com

InformationHacking for Brokers Money

ƒFeb 2005 - Fined 15M

Computers - hacked or stolen; data tapes lost, insiders take files home. Scores of universities, hospitals, government agencies, merchants and financial firms continue to report such breaches.

12/17/2008 www.IDTheftSecurity.com

ID Theft Security Hacked

12/17/2008 www.IDTheftSecurity.com

Hacked

12/17/2008 www.IDTheftSecurity.com

ID Theft Security Hacked

12/17/2008 www.IDTheftSecurity.com

Hacked

12/17/2008 www.IDTheftSecurity.com

ID Theft Security Hacked

12/17/2008 www.IDTheftSecurity.com

Hacked

12/17/2008 www.IDTheftSecurity.com

ID Theft Security Hacked

12/17/2008 www.IDTheftSecurity.com

How Stolen Information is Used

12/17/2008 www.IDTheftSecurity.com

ID Theft Security Shifts in Security Priorities

ƒ Forrester Research says that new challenges such as the rising threats of fraud and identity theft are causing a fundamental shift in identity management. ƒ Attention has moved from the build-out of eBusiness, to efficiency and cost-cutting, and now to compliance. ƒ 2006 on will focus on the issues of fraud, theft, and privacy. ƒ This will manifest in the realm of authentication and account protection including authorization, administration, and then audit. ƒ Strengthen consumer data privacy protection policies.

12/17/2008 www.IDTheftSecurity.com

Bring on the Legislation!

State bills ƒ State legislation follows landmark California Security Breach Notice SB1386 . ƒ Requires any business or state agency that’s personal data was breached to notify consumers of unauthorized access. ƒ 168 security breach bills introduced in 29 states in 2006. ƒ 19 enacted, 14 pending. ƒ 12 states also cover breach of paper records.

Compelled by state data-loss notification laws, companies and organizations have disclosed since, February 2005 :

ƒ Over 916 incidents of personal data breached.

ƒ Total records reported lost: 227,000,000 million records.

12/17/2008 www.IDTheftSecurity.com

ID Theft Security Shifts in Security Priorities

12/17/2008 www.IDTheftSecurity.com

Shifts in Security Priorities

12/17/2008 www.IDTheftSecurity.com

ID Theft Security Valuable Data

12/17/2008 www.IDTheftSecurity.com

Valuable Data

ƒ Social Security numbers ƒ Obsolete contracts ƒ Employment applications ƒ Obsolete personnel records ƒ Medical records ƒ Arbitration/grievance files ƒ Account numbers ƒ Insurance forms and records ƒ Client records ƒ Legal documents ƒ Approval/qualification documents ƒ Payroll records ƒ Accounts Payable and Receivable ƒ Classified documents ƒ Confidential financial information ƒ Customer or client lists ƒ Business correspondence ƒ Client/customer records ƒ Drafts of contracts ƒ Tax docs ƒ Cancelled checks

12/17/2008 www.IDTheftSecurity.com

ID Theft Security 12/17/2008 www.IDTheftSecurity.com

Firewalls 101

12/17/2008 www.IDTheftSecurity.com

ID Theft Security Firewalls 101

ƒ http://firewallguide.com/ ZoneAlarm or Norton ƒ HTTP Hypertext transfer protocol: port 80 ƒ Ports used transiently as needed by software ƒ FTP File transfer protocol: port 21 ƒ Viruses/trojans exploit ports ƒ SMTP Simple mail transfer protocol: port 25 ƒ Hardware (IDS) intrusion detection system ƒ POP Post office protocol: port 110 ƒ 65536 ports ƒ ProcessLibrary.com

12/17/2008 www.IDTheftSecurity.com

12/17/2008 www.IDTheftSecurity.com

ID Theft Security Spam: Unsolicited commercial email sent in large numbers designed to be profitable from a very small number of responses.

Spyware: Software designed to compile usage statistics or take information from the host system and communicate it back to its home server for commercial or criminal purposes.

Virus/Worm: Unauthorized software that multiplies and carries a message, remote control component or destructive payload.

Phishing: An enabler of identity theft activity often carried out through email.

Social Most common method of gaining and abusing the trust of a stranger, Engineering: often for the purpose of identity theft and financial gain.

Wireless Networks

12/17/2008 www.IDTheftSecurity.com

Wireless Security

12/17/2008 www.IDTheftSecurity.com

ID Theft Security Wireless Security

ƒ Be wary of free wi-fi (evil twins)

ƒ Wi-fi is insecure

ƒ 300-500 ft range

ƒ Secure PDAs

ƒ http://www.purenetworks.com/securityscan/

12/17/2008 www.IDTheftSecurity.com

Wireless Security

ƒ Bluetooth

ƒ Disable when not in use

ƒ When you set up a wireless access point (WAP), immediately change the default SSID (network identifier or network name) and the default administrator password.

ƒ Turn off SSID broadcasting on the WAP.

ƒ Enable encryption with either WEP or WPA. WPA encryption is stronger and more secure, so it is the encryption method of choice if your hardware (WAP and wireless NICs) and your operating system support it.

ƒ Enable MAC address filtering and enter the physical addresses of computers that will be allowed to connect to the wireless network.

12/17/2008 www.IDTheftSecurity.com

ID Theft Security Wireless Security

ƒ Disable the Dynamic Host Configuration Protocol (DHCP) on the WAP and use a private IP addressing range that is outside the most common (192.168.x.x). This method prevents intruders from being assigned an IP address, and they will have to guess an address that is correct for your network. ƒ Disable Simple Network Management Protocol (SNMP) support on the WAP. This protocol can be used by hackers to gather information about your network. ƒ Do not use an overly powerful antenna that broadcasts beyond the range you need. Do not place the antenna close to a window; place it as close to the center of the area you want the network to cover as possible.

12/17/2008 www.IDTheftSecurity.com

Spyware

ƒ Keyloggers ƒ Adware ƒ Cookies ƒ Keycatchers ƒ Use spy removal software ƒ www.lavasoftusa.com/ * ƒ Spybot Search and Destroy ƒ www.download.com *

12/17/2008 www.IDTheftSecurity.com

ID Theft Security Spyware

•Pop-ups = Spyware •Drive-bys •IE 7 •Google toolbar

12/17/2008 www.IDTheftSecurity.com

Spyware

12/17/2008 www.IDTheftSecurity.com

ID Theft Security Spyware

12/17/2008 www.IDTheftSecurity.com

KeyCatchers

12/17/2008 www.IDTheftSecurity.com

ID Theft Security Using Technology

e-mail

12/17/2008 www.IDTheftSecurity.com

12/17/2008 www.IDTheftSecurity.com

ID Theft Security Using Technology

e-mail ƒ Don’t reply to spam ƒ Don’t request to be taken off spam lists, just hit delete ƒ Don’t open attachments from those you do not know ƒ email signature ƒ Use throwaway addresses ƒ ISP ƒ Mailfilters, IP blocking, blacklists ƒ challenge/response

12/17/2008 www.IDTheftSecurity.com Challenge/response

12/17/2008 www.IDTheftSecurity.com

ID Theft Security Challenge/response

12/17/2008 www.IDTheftSecurity.com Malware/Viruses/Spyware

12/17/2008 www.IDTheftSecurity.com

ID Theft Security Viruses

ƒ 5.5 million known viruses in 2007 ƒ 15,000 to 20,000 daily ƒ 2,000 and 3,000 new viruses per hour ƒ First 2 months of 2008 = 1 million samples of malware. ƒ 24/7/365!!!!!!!!!!!!!!! 12/17/2008 www.IDTheftSecurity.com

Viruses

12/17/2008 www.IDTheftSecurity.com

ID Theft Security ƒUse Norton / McAffe / AVG / PC Cillin ƒAVast @ http://www.avast.com/eng/download.html ƒInstall virus protection and keep it automatically updated* ƒConfigurations 12/17/2008 www.IDTheftSecurity.com

Windows Update

ƒ Use SP2 / automatic security patches for critical updates ƒ Run scans/missing patches

12/17/2008 www.IDTheftSecurity.com

ID Theft Security Internet Explorer

ƒ Be careful about which Web sites you visit. Sites devoted to illegal or questionable subjects, such as hacker sites, sites for downloading pirated music or software, and pornographic sites are most likely to contain malicious code

ƒ Do not conduct financial transactions or send private information over the Web unless the site is secure (which is usually indicated by a dialog box or a “lock” icon in the browser’s status bar).

ƒ Configure your browser’s security settings for safe browsing.

ƒ Configure your browser’s privacy settings to avoid unwanted cookies and pop-up ads.

ƒ Enable checking of digital signatures on drivers and other programs you download.

12/17/2008 www.IDTheftSecurity.com

Internet Explorer

ƒ Configure your browser to not automatically download ActiveX controls, or run scripts, Java applets, or other code. If you want to be able to run code on some sites, configure the browser to prompt you before doing so.

ƒ You can test your Web browser software for common vulnerabilities and determine its encryption strength at the following Web sites:

ƒ The Scanit Browser Security Test page at http://bcheck.scanit.be/bcheck/

ƒ The Qualys Free Browser Checkup page at http://browsercheck.qualys.com/

ƒ The Verisign Browser Check page at www.verisign.com/advisor/check.html

12/17/2008 www.IDTheftSecurity.com

ID Theft Security Phishing

12/17/2008 www.IDTheftSecurity.com Phishing

12/17/2008 www.IDTheftSecurity.com

ID Theft Security Phishing

12/17/2008 www.IDTheftSecurity.com Phishing

12/17/2008 www.IDTheftSecurity.com

ID Theft Security Phishing

12/17/2008 www.IDTheftSecurity.com

Phishing

ƒ Phishing, Pharming, Spoofing, Spear Phishing ƒ Authentic using existing company web HTML code ƒ Request to update account or verify information ƒ Investment opp, recover funds, claim prize ƒ Redirect to a spoof incorporating functional links ƒ Large banks, Regional, local, Corp, associations ƒ 5 percent catch rate ƒ 1/3rd of the population knows what phishing is

12/17/2008 www.IDTheftSecurity.com

ID Theft Security Phishing

12/17/2008 www.IDTheftSecurity.com

12/17/2008 www.IDTheftSecurity.com

ID Theft Security 12/17/2008 www.IDTheftSecurity.com

12/17/2008 www.IDTheftSecurity.com

ID Theft Security 12/17/2008 www.IDTheftSecurity.com Phishing

12/17/2008 www.IDTheftSecurity.com

ID Theft Security 12/17/2008 www.IDTheftSecurity.com

12/17/2008 www.IDTheftSecurity.com

ID Theft Security 12/17/2008 www.IDTheftSecurity.com Phishing

12/17/2008 www.IDTheftSecurity.com

ID Theft Security Phishing

12/17/2008 www.IDTheftSecurity.com Phishing

12/17/2008 www.IDTheftSecurity.com

ID Theft Security Phishing

12/17/2008 www.IDTheftSecurity.com

Botnets Zombies

ƒ Botnets, Zombies: host virus, trojans and spam ƒ lax security practices by consumers and small business are giving scammers a base from which to launch attacks. ƒ set up phishing Websites targeting well-known online brands ƒ sending junk mail e-mails advertising phishing Websites ƒ installing redirection services to deliver Web traffic to existing phishing Websites or for the propagation of spam and phishing messages ƒ Hosting viruses, malware and keylogggers

12/17/2008 www.IDTheftSecurity.com

ID Theft Security Botnets Zombies

12/17/2008 www.IDTheftSecurity.com Botnets Zombies

12/17/2008 www.IDTheftSecurity.com

ID Theft Security Business Prevention Do’s

12/17/2008 www.IDTheftSecurity.com

Business Prevention Do’s

ƒ Lock mailbox ƒ Secure all legal documents and account numbers ƒ Place mail in secure outgoing mailboxes or at the PO ƒ Call the post office if you go more than 4 days without mail ƒ Pay attention to delivery dates of all bills ƒ Bank Online ƒ Use automatic bill payment, auto payroll dep

12/17/2008 www.IDTheftSecurity.com

ID Theft Security Business Prevention Do’s

ƒ Eliminate paper statements ƒ Reconcile bills and statements diligently and timely ƒ Pay attention to the expiration date of credit cards and look for arrival of new cards ƒ Have bank ordered checks delivered to the bank and not your office ƒ Be cautious ordering online and mail-order ƒ Ask all public and private entities about policies for disposal

12/17/2008 www.IDTheftSecurity.com

Privacy Policy

9 What personally identifiable information is collected from you 9 What cookies are and how they are used 9 How your information is used 9 Who is collecting your information 9 With whom your information may be shared 9 What choices are available to you regarding collection, use, and distribution of your information 9 The kind of security precautions that are in place to protect the loss, misuse, or alteration of your information 9 What else you should know about your online privacy

12/17/2008 www.IDTheftSecurity.com

ID Theft Security Security Policy

9 Cover all organizational systems used for processing, storing or transmitting personal information. 9 Security risks faced assessed in the development of the policy 9 Cost-effective measures devised to reduce the risks to acceptable levels 9 Monitored and periodically reviewed. 9 Staff and management made aware of the protective security policies and how to implement them.

12/17/2008 www.IDTheftSecurity.com

Shredding Data

12/17/2008 www.IDTheftSecurity.com

ID Theft Security Shredding Data

Secure disposal of paper-based records include: ƒ shredding or disintegration of paper files ƒ contracting an authorized disposal company for secure disposal

Thoroughly erase data from discarded hard drives ƒ www.killdisk.com or a sledge hammer ƒ McAfee Shredder and Norton WipeInfo

12/17/2008 www.IDTheftSecurity.com

Physical Security

12/17/2008 www.IDTheftSecurity.com

ID Theft Security Physical Security

ƒ Alarm systems ƒ External and internal locks ƒ Cables, clamps, brackets ƒ Access control ƒ Perimeter security ƒ Guards ƒ CCTV cameras

12/17/2008 www.IDTheftSecurity.com

Internal Threats

ƒ Survey of 500 managers and employees with access to sensitive customer information found the following:

ƒ 66% said their co-workers, not hackers, pose the greatest risk to consumer privacy; only 10% said hackers are the greatest threat.

ƒ 62% reported incidents at work that put customer data at risk for identity theft.

ƒ 46% said it would be “easy,” “very easy” or “extremely easy” for workers to remove sensitive data from the corporate database.

ƒ 32% said they’re unaware of internal company policies to protect customer data.

ƒ 28% said their company does not have a written security policy or they didn’t know if it has one.

12/17/2008 www.IDTheftSecurity.com

ID Theft Security Internal Threats

ƒ Web Browsing, Web-Based Email and P2P (peer to peer) : Viruses and malicious code can be hidden in Web sites and downloads of ActiveX and executables. MP3s, Avi’s and images, clog up network bandwidth and drive space. Confidential data can be transferred via web based email.

ƒ Instant Messaging and Chatrooms: IM has the same security concerns as Web-based email - users can potentially send and receive sensitive corporate data. There are also viruses that are specifically aimed at IM systems. Both also provide the means for confidential data to be transferred.

ƒ Decide whether your staff can use IM as a legitimate business tool or not, and then ensure you have a policy in place - and then communicate and enforce it. Use software to manage access.

ƒ Consider banning removable storage, usb, ipods, cd burners

12/17/2008 www.IDTheftSecurity.com

Identity and Access Management

ƒ Authentication: Requiring users to present strong proof of identity.

ƒ Single sign-on (SSO) Audit controls: Centralized logging is considered a best practice for tracking and monitoring user activity as part of mandated internal audit controls. ie: McDonalds

ƒ Encryption: Encryption makes sensitive information unreadable, except by authorized users who have the means to decrypt the data.

ƒ Data integrity/Digital signatures: The use of digital signatures can help to ensure the integrity of online communications and transactions; digital signatures also support non-repudiation by providing assurance that data has not been altered during transmission 12/17/2008 www.IDTheftSecurity.com

ID Theft Security Authentication and Access Control

Biometric Identifiers 9Fingerprinting 9Iris scans 9Facial recognition 9Voice recognition 9US-VISIT Biometric Enter/Exit 9Passports: fingerprint and iris scans at airport checkpoints. Oct 26th to enter US 12/17/2008 www.IDTheftSecurity.com

Authentication and Access Control

ƒStrengthen password policies ƒChange passwords semi annually ƒNorton Password Manager ƒUSB tokens ƒSmart cards ƒBiometrics

12/17/2008 www.IDTheftSecurity.com

ID Theft Security Authentication and Access Control

Two-factor authentication: ƒ The combination of something users know (their PIN) and something users have (the six digit tokencode shown on their token) provides strong, two-factor authentication. It is similar to how the banking ATM system works where users must present their PIN (something they know) together with their bankcard (something they have) before being granted access to their account.

12/17/2008 www.IDTheftSecurity.com

USB Wireless Security Lock

ƒ Walk away and your PC is locked ƒ The USB Wireless Security lock is an effective means to ensure computer access is limited to an authorized user ƒ When the user moves more than 2 meters away from the computer, the security dongle will disable access to the computer

12/17/2008 www.IDTheftSecurity.com

ID Theft Security Considerations

ƒ Background Checks: verify education, work experience, criminal histories. ƒ Dumb Terminals: PCs with no hard drives, email or printers. No cell phones, notebooks or pens. ƒ Automatic lockout: former employees are security risks ƒ Beef up access control ƒ Shred Shred Shred Shred Shred Shred Shred ƒ Review policies for remote computing ƒ Shut down networks when not in use. 24/7 no good

12/17/2008 www.IDTheftSecurity.com

Considerations

ƒ Do not store Social Security Numbers. Use DMV

ƒ Do not store data on laptops, floppys, CDs. ƒ Develop identity and access management policies and procedures. ƒ Provide information access on a "need-to-know" basis. Assign access rights according to the job function. ƒ Monitor who's looking at what and why. ƒ Back up data / www.connected.com / and Norton Ghost

12/17/2008 www.IDTheftSecurity.com

ID Theft Security Considerations

Disable the local administrator account A recommended security measure is to disable the local administrator's account, after creating a new account that has administrative privileges. This is to prevent hackers from using the default administrator account to get into your computer.

Here's how:

ƒ Create a user account and give it full administrative privileges. ƒ Log on as the user with administrative privileges. ƒ Right click My Computer and select Manage. ƒ In the left pane, expand Local Users and Groups. ƒ Click Users. ƒ In the right pane, double click Administrator. ƒ Click the General tab. ƒ Click Account is disabled to check the box, then click OK. ƒ The change will take place when you log off and log back on to the computer. You should not be able to log on with the default Administrator account.

12/17/2008 www.IDTheftSecurity.com

Regulatory and Compliance

12/17/2008 www.IDTheftSecurity.com

ID Theft Security Regulatory and Compliance

ƒ Fair and Accurate Transactions F.A.C.T Act 2003

ƒ The Sarbanes Oxley Act

ƒ Health Insurance Portability and Accountability Act (HIPAA)

ƒ Graham-Leach-Bliley Act

ƒ Identity Theft Penalty Enhancement Act

ƒ The U.S. Financial Services Modernization Act

ƒ California A.B. 1950

12/17/2008 www.IDTheftSecurity.com

Fair and Accurate Transactions F.A.C.T Act 2003

Requires companies engaged in the delivery of financial services to the consumer to develop customer focused solutions that mitigate the damage of identity theft. If you've ever applied for a charge account, personal loan, insurance, or job, there's a file about you. This file contains information on where you work and live, how you pay your bills and whether you’ve been sued, arrested, or have filed for bankruptcy. Companies that gather and sell this information are called Consumer Reporting Agencies (CRAs).

ƒ “Any record about an individual, whether in paper, electronic, or other form that is a consumer report (also known as a credit report) or is derived from a consumer report." ƒ “Any person or company that possesses or maintains such information to take reasonable measures to protect against unauthorized access to or use of the information in connection with its disposal."

12/17/2008 www.IDTheftSecurity.com

ID Theft Security The Sarbanes Oxley Act

ƒ Designed to increase corporate accountability, mandates that hard drives be erased before the disposal of a computer.

12/17/2008 www.IDTheftSecurity.com

Health Insurance Portability and Accountability Act (HIPAA)

ƒ Require companies to guard the confidentiality of medical and financial records, and hold them responsible for their computer data, even when it is no longer in their hands.

ƒ Disposal also must meet EPA standards.

12/17/2008 www.IDTheftSecurity.com

ID Theft Security Graham-Leach-Bliley Act

Includes provisions to protect consumers personal financial information held by

financial institutions. There are three principal parts to the privacy requirements:

ƒ The Financial Privacy Rule, Safeguards Rule and Pretexting Provisions.

ƒ Requires companies to guard the confidentiality of medical and financial

records, and hold them responsible for their computer data, even when it

is no longer in their hands.

12/17/2008 www.IDTheftSecurity.com

Identity Theft Penalty Enhancement Act

ƒ Two years to prison sentences for criminals convicted of using stolen credit card numbers and other personal data to commit crimes.

ƒ Orders the U.S. Sentencing Commission to consider increasing the penalties for employees who steal sensitive data from their own companies.

12/17/2008 www.IDTheftSecurity.com

ID Theft Security The U.S. Financial Services Modernization Act

ƒ Requires financial institutions to have policies and procedures to ensure the security of customer information such as names, social security numbers, credit histories and bank account numbers.

12/17/2008 www.IDTheftSecurity.com

California A.B. 1950

ƒ Applies to all businesses that own or license covered personal information. The statutory definition of a business located in the

same Title of the Civil Code 1798.80 includes corporations, associations, or groups, however organized, and whether or

not organized to operate for a profit.

12/17/2008 www.IDTheftSecurity.com

ID Theft Security Considerations

ƒ http://www.esafe.com / ƒ addresses multiple layers of content security

ƒ http://www.vontu.com/ ƒ stops confidential information, including customer data and intellectual property from being sent via email

ƒ http://www.pcguardiantechnologies.com/ ƒ encryption software for protecting fixed media, removable media and email.

ƒ http://www.protegrity.com/ ƒ protects data in all data stores and file systems, separates security policy from data management, audits & reports on all access to secure data 12/17/2008 www.IDTheftSecurity.com

12/17/2008 www.IDTheftSecurity.com

ID Theft Security 12/17/2008 www.IDTheftSecurity.com

12/17/2008 www.IDTheftSecurity.com

ID Theft Security 12/17/2008 www.IDTheftSecurity.com

Considerations 9 http://www.esafe.com / addresses multiple layers of content security

9 http://www.vontu.com/ stops confidential information, including customer data and intellectual property from being sent via email

9 http://www.pcguardiantechnologies.com/ encryption software for protecting fixed media, removable media and email.

9 http://www.protegrity.com/ protects data in all data stores and file systems, separates security policy from data management, audits & reports on all access to secure data

12/17/2008 www.IDTheftSecurity.com

ID Theft Security Considerations

ƒ US-cert.gov ƒ Security.cnet.com ƒ hp.com/sbso/security/index.html ƒ microsoft.com/security

12/17/2008 www.IDTheftSecurity.com

12/17/2008 www.IDTheftSecurity.com

ID Theft Security 12/17/2008 www.IDTheftSecurity.com

12/17/2008 www.IDTheftSecurity.com

ID Theft Security 12/17/2008 www.IDTheftSecurity.com

Robert Siciliano

Robert Siciliano is a Boston based Professional Speaker, Personal Security Consultant and president of 3 security related companies. He is certified under 14 State Real Estate Boards, various industry associations and under the guidelines of the Massachusetts Board of Nursing to train healthcare workers on personal safety. He has 18 years of security training as a member of the American Society of Industrial Security He is the author of 2 books including The Safety Minute: Living on High Alert; How to take control of your personal security and prevent fraud His seminar topics include; Safe Travel Security, ID Theft Security, Computer Security, Workplace Violence, Nurse Security, Realty Security, Self Defense, Children Security and Public School Security. Robert has appeared in Mademoiselle, Good Housekeeping, Consumer Digest REDBOOK, the New York Times, Los Angeles Times, Washington Times, New York Post and Boston Herald, on national TV including CNN, CNBC, FOX, MSNBC, the Montel Williams, Sally Jesse Raphael, Howard Stern, David Brenner, and the Maury Povich talk shows.

Reach him at www.IDTheftSecurity.com or e-mail [email protected] or call 1 800 2 GET SAFE. SafetyMinute Seminars, P.O. Box 15145, Boston, MA 02215 12/17/2008 www.IDTheftSecurity.com

ID Theft Security