Andrew Hay

Note: I’ve you’ve seen my Tyler Perry rant from earlier today you’ll understand the title

Well I’m back home from RSA Conference 2010 and I’m exhausted. I caught up with old friends, met new friends, and talked quite a bit. Here are a few of the “talks” in question from last week:

“My Life on the Information Security D-List” Presentation at #BSidesSF

“Unicorns, Clubhouses, and Ruffled Feathers: Women in Security Part 2″ Presentation at #BSidesSF

“RSA 2010: What responsibility do security bloggers have to the industry?” Interview

Please vote for my BSidesSanFrancisco talk entitled “My Life on the Infosec D-List” by tweeting (I think that’s a verb now) the following:

I vote for “My Life on the Infosec D-List” by @andrewsmhay #BSidesSF http://bit.ly/BSidesSFtalks

Abstract: People new to information security often find themselves wondering how to make a name for themselves in the industry. Andrew Hay has lived most of his career on the D-list but has worked hard to increase his status in the hopes of someday landing that coveted A-list position. Through this talk we’ll discuss how to expand your circle of influence, how to build your personal brand, and how to move up from the dreaded Infosec D-List.

I PROMISE it will be entertaining

The results of a study show that the average cost of a data breach (based on 2009 data) is $204USD per exposed record. I often find it hard to value the data I’m protecting so this is really a good starting point to measure against.

Report: http://www.encryptionreports.com/2009cdb.html

Excellent writeup: http://www.scmagazineus.com/data-breaches-cost-organizations-204-per-record-in-2009/article/162259/

Highlights:

• Number of data breaches that were caused by malicious attacks and botnets doubled from 12 percent in 2008 to 24 percent in 2009.
• Data breaches caused by malicious attacks cost organizations 30 to 40 percent more on average than those caused by human negligence or by IT system glitches.
• 42 percent of all data breaches last year resulted from third-party mistakes.
• 36 percent of breaches involved lost or stolen laptops or other mobile devices.
• Lost business makes up the largest portion of breach costs, totaling $135 per record lost on average, a slight decrease from $139 in 2008.
• Ex-post response activities, which include providing credit monitoring services and other assistance to breach victims, cost $46 per record last year, up from $39 in 2008.
• Most expensive data breach included in this year’s study cost one organization nearly $31 million to resolve, and the least expensive breach cost $750,000.
• Activities that enable organizations to detect the breach, which totalled $8 per record on average last year, and costs to notify breach victims, which totaled $15 per record.
• Those who notified breach victims within one month paid $219 per record exposed, on average, versus $196 paid by those who waited longer.
• Having a CISO, or equivalent position, could decrease data breach costs by 50 percent.
• Companies with a CISO paid $157 per compromised record, on average, compared to those which did not have a CISO ($236 per compromised record).

Just sit right back and you’ll hear a tale,
A tale of a fateful trip
That started from this tropic port
Aboard this tiny ship.

My “Failagain’s Island” talk was accepted at SOURCE Boston 2010 and I couldn’t be happier. This will be the first time giving this presentation but I hope it won’t be the last. Here are the details so far:

Failagain’s Island – The Perils of Banking in an Island Nation

According to Wikipedia, experts believe that as much as half the world’s capital flows through offshore centers. Tax havens have 1.2% of the world’s population and hold 26% of the world’s wealth, including 31% of the net profits of United States multinationals. You would expect that isolated offshore financial centers, such as Bermuda, Cayman Islands, and Bahamas, would be exponentially more secure than your local bank branch due to the magnitude of money being protected – but you would be wrong.

Foreign nations, malicious attackers, and malware creators know that most tax havens, especially those located in small water-locked countries, are behind the times when it comes to security. This knowledge, combined with the amount of money that flows through the offshore financial centers, makes them juicy targets for major financial exploitation. The goal of this presentation is to dispel common security myths and provide detailed explanations of the risks associated with offshore banking. Let Andrew Hay, who was responsible for the implementation and monitoring of security controls at a major offshore bank, provide an in-the-trenches account of the security issues surrounding banking with an island nation.

(I’m laughing as I type this)

My iTunes Store App is finally available for free download via the iTunes App Store. If the link doesn’t work for you a simple search for “andrew hay” should bring it up. This app will work with iPhone and iPod touch (2nd generation) and requires iPhone OS 3.0 or later (due to the extreme awesomeness of the application I’m willing to bet).

What is the App? Why it’s a fantastic way of taking this blog (and my face) with you wherever you go of course!

Let’s be honest here folks…the icon of my face is well worth the free download.