Andrew Hay

Please vote for my BSidesSanFrancisco talk entitled “My Life on the Infosec D-List” by tweeting (I think that’s a verb now) the following:

I vote for “My Life on the Infosec D-List” by @andrewsmhay #BSidesSF http://bit.ly/BSidesSFtalks

Abstract: People new to information security often find themselves wondering how to make a name for themselves in the industry. Andrew Hay has lived most of his career on the D-list but has worked hard to increase his status in the hopes of someday landing that coveted A-list position. Through this talk we’ll discuss how to expand your circle of influence, how to build your personal brand, and how to move up from the dreaded Infosec D-List.

I PROMISE it will be entertaining

The results of a study show that the average cost of a data breach (based on 2009 data) is $204USD per exposed record. I often find it hard to value the data I’m protecting so this is really a good starting point to measure against.

Report: http://www.encryptionreports.com/2009cdb.html

Excellent writeup: http://www.scmagazineus.com/data-breaches-cost-organizations-204-per-record-in-2009/article/162259/

Highlights:

• Number of data breaches that were caused by malicious attacks and botnets doubled from 12 percent in 2008 to 24 percent in 2009.
• Data breaches caused by malicious attacks cost organizations 30 to 40 percent more on average than those caused by human negligence or by IT system glitches.
• 42 percent of all data breaches last year resulted from third-party mistakes.
• 36 percent of breaches involved lost or stolen laptops or other mobile devices.
• Lost business makes up the largest portion of breach costs, totaling $135 per record lost on average, a slight decrease from $139 in 2008.
• Ex-post response activities, which include providing credit monitoring services and other assistance to breach victims, cost $46 per record last year, up from $39 in 2008.
• Most expensive data breach included in this year’s study cost one organization nearly $31 million to resolve, and the least expensive breach cost $750,000.
• Activities that enable organizations to detect the breach, which totalled $8 per record on average last year, and costs to notify breach victims, which totaled $15 per record.
• Those who notified breach victims within one month paid $219 per record exposed, on average, versus $196 paid by those who waited longer.
• Having a CISO, or equivalent position, could decrease data breach costs by 50 percent.
• Companies with a CISO paid $157 per compromised record, on average, compared to those which did not have a CISO ($236 per compromised record).

Just sit right back and you’ll hear a tale,
A tale of a fateful trip
That started from this tropic port
Aboard this tiny ship.

My “Failagain’s Island” talk was accepted at SOURCE Boston 2010 and I couldn’t be happier. This will be the first time giving this presentation but I hope it won’t be the last. Here are the details so far:

Failagain’s Island – The Perils of Banking in an Island Nation

According to Wikipedia, experts believe that as much as half the world’s capital flows through offshore centers. Tax havens have 1.2% of the world’s population and hold 26% of the world’s wealth, including 31% of the net profits of United States multinationals. You would expect that isolated offshore financial centers, such as Bermuda, Cayman Islands, and Bahamas, would be exponentially more secure than your local bank branch due to the magnitude of money being protected – but you would be wrong.

Foreign nations, malicious attackers, and malware creators know that most tax havens, especially those located in small water-locked countries, are behind the times when it comes to security. This knowledge, combined with the amount of money that flows through the offshore financial centers, makes them juicy targets for major financial exploitation. The goal of this presentation is to dispel common security myths and provide detailed explanations of the risks associated with offshore banking. Let Andrew Hay, who was responsible for the implementation and monitoring of security controls at a major offshore bank, provide an in-the-trenches account of the security issues surrounding banking with an island nation.

(I’m laughing as I type this)

My iTunes Store App is finally available for free download via the iTunes App Store. If the link doesn’t work for you a simple search for “andrew hay” should bring it up. This app will work with iPhone and iPod touch (2nd generation) and requires iPhone OS 3.0 or later (due to the extreme awesomeness of the application I’m willing to bet).

What is the App? Why it’s a fantastic way of taking this blog (and my face) with you wherever you go of course!

Let’s be honest here folks…the icon of my face is well worth the free download.

Please join me at RSA® Conference 2010 from March 1 to 5, 2010 in San Francisco. RSA Conference is the premier conference for information security professionals.

As a selected speaker at the 2010 Conference, I’m pleased to be able to extend a discount of $200 off the current registration rate when you use my personal discount registration code. Simply enter the following code when you register online:

My personal discount registration code*: PRMSL8518UAV

*This offer cannot be combined with any other discounts and is valid for new registrations after January 11, 2010 through February 5, 2010.

Take advantage of five days of educational programs, access to industry experts and networking opportunities. Your Delegate Pass gives you:

• More than 250 targeted sessions across 18 tracks, including two new ones – Data Security and Security in Practice
• Access to over 300 leading information security companies
• Valuable new contacts within our industry
• Entry to the successful Innovation Sandbox which premiered last year – demos, whiteboarding, rising stars!

To find out more about RSA Conference and the packed agenda, visit: http://www.rsaconference.com/2010/usa/index.htm.

Be sure to register using the discount registration code above to receive the $200 savings.

Look forward to seeing you in San Francisco from March 1 to 5!