The Human Firewall How Security Awareness Impacts Your Control Environment
|
|
- Jonathan Francis
- 8 years ago
- Views:
Transcription
1 The Human Firewall How Security Awareness Impacts Your Control Environment Dane Boyd, Security Awareness Training Principal Consultant John Andrew, IT Security Auditor Dell
2 Agenda Introduction In The News Red Team Stories Defining the Problem Winning Awareness Strategies Winning Awareness Tactics Q&A 2 Classification: //Dell /Confidential - Limited External Distribution:
3 Introduction Dane Boyd, Security Awareness Training Principal Consultant - Awareness Com Leader CISO - Led DSWx Awareness practice for 5 years - Fun facts: (From, Speak, Hobby) John Andrew, CISA, CISSP, GLEG - IT Security Auditor dotted line to CISO - Over 20 Years IT, IT Audit, and IT Security experience - Fun facts: (From, Speak, Hobby) 3 Classification: //Dell /Confidential - Limited External Distribution:
4 Disclaimer Rules of the Road This presentation is prepared solely for educational purposes. Our goal is to engage IT Auditors in Security Awareness efforts. Much of what we will share is based on our personal experience. Take what benefits you forget the rest. Questions are welcome! Please wait until transition points. 4 Classification: //Dell /Confidential - Limited External Distribution:
5 In The News Wired writer Andy Greenberg reports on Jeep Cherokee exploit All of this is possible only because Chrysler, like practically all carmakers, is doing its best to turn the modern automobile into a smartphone. Uconnect, an Internet-connected computer feature in hundreds of thousands of Fiat Chrysler cars, SUVs, and trucks, controls the vehicle s entertainment and navigation, enables phone calls, and even offers a Wi-Fi hot spot. 5 Classification: //Dell /Confidential - Limited External Distribution:
6 In The News Wall Street Journal Michael Hayden describing the OPM hack 21 MM Security Clearance Records compromised. 6 Classification: //Dell /Confidential - Limited External Distribution:
7 In The News 7 Classification: //Dell /Confidential - Limited External Distribution:
8 In The News Critical Infrastructure Survey Results 48% of IT Executives believe that it is likely that there will be an attack on critical infrastructure. When - in the next three years Impact resulting in loss of life 8 Classification: //Dell /Confidential - Limited External Distribution:
9 Red Team Stories Critical Infrastructure The ERIPP and SHODAN search engines can be easily used to find Internet facing ICS devices, thus identifying potential attack targets. These search engines are being actively used to identify and access control systems over the Internet. Combining these tools with easily obtainable exploitation tools, attackers can identify and access control systems with significantly less effort than ever before. 9 Classification: //Dell /Confidential - Limited External Distribution:
10 Red Team Stories Project Shine - Control Systems Found Include- Traffic light controls Traffic cameras Swimming Pool Acid Pump Hydroelectric plant Nuclear Power Plant Hotel Wine Cooler Hospital Heart Rate Monitor Home Security System Gondola Ride Car Wash 10 Source: html Classification: //Dell /Confidential - Limited External Distribution:
11 Red Team Stories DHS Public Private Partnership 2014 IC Analyst Private Sector Program Critical Manufacturing Findings Lack of Awareness and information sharing Interpretation of cyber threats and the cyber security posture differed significantly between management, engineering, audit, compliance, and IT security. Need for more training, education, and awareness across all Critical Sectors. 11 Classification: //Dell /Confidential - Limited External Distribution:
12 Information Security = Building a Castle 12 Classification: //Dell /Confidential - Limited External Distribution:
13 95% 95% of all attacks on enterprise networks are the result of successful spear phishing Source: Allan Paller, Director of Research - SANS Institute 13 Classification: //Dell /Confidential - Limited External Distribution:
14 Defense in Depth Firewall IDS/IPS Network Defense Layers Web Proxy Anti-Virus Endpoint Monitoring End-point Defenses User Key Terrain 14 Classification: //Dell /Confidential - Limited External Distribution:
15 Strategies for a Vigilant Employee Executive Support Vigilant Employee Inspect what you expect Proper Attention 15 Classification: //Dell /Confidential - Limited External Distribution:
16 Strategy: Inspect what you expect
17 Defense in Depth: A Closer Look Testing Only 60% User Key Terrain of organizations have a Security Awareness Program. 17 Source: PwC The Global State of Information Security Survey 2014 Classification: //Dell /Confidential - Limited External Distribution:
18 Testing Improves Learning The added effort required to recall the information makes learning stronger. Henry L. Roediger III, Washington University in St. Louis and a co-author of Make It Stick: The Science of Successful Learning. 18 Classification: //Dell /Confidential - Limited External Distribution:
19 Strategy: Executive Support 19 Classification: //Dell /Confidential - Limited External Distribution:
20 Reason #1: Employee Resentment This guy 20 Classification: //Dell /Confidential - Limited External Distribution:
21 Reason #2: Employees Understanding and her! 21 Classification: //Dell /Confidential - Limited External Distribution:
22 Reason #3: Executives are part of the problem 22 Classification: //Dell /Confidential - Limited External Distribution:
23 Whaling
24 The Whale Hunt Salary Previous jobs Donations 24 Classification: //Dell /Confidential - Limited External Distribution:
25 The Whale Hunt 25 Classification: //Dell /Confidential - Limited External Distribution:
26 The Whale Hunt Salary Previous jobs Donations Children s name Mother s death date 26 Classification: //Dell /Confidential - Limited External Distribution:
27 The Whale Hunt Salary Previous jobs Donations Children s name Mother s death date City & State 27 Classification: //Dell /Confidential - Limited External Distribution:
28 The Whale Hunt Salary Previous jobs Donations Children s name Mother s death date City & State Tax Record Home Address Aerial Photo of home 28 Classification: //Dell /Confidential - Limited External Distribution:
29 29 Classification: //Dell /Confidential - Limited External Distribution:
30 30 Classification: //Dell /Confidential - Limited External Distribution:
31 31 Classification: //Dell /Confidential - Limited External Distribution:
32 Strategy: Treat Awareness like a vulnerability 32 Classification: //Dell /Confidential - Limited External Distribution:
33 Proper Importance CVE CVE Employee ID In computer security, a vulnerability is a weakness which allows an attacker to reduce a system's information assurance. Vulnerability is the intersection of three elements: a system susceptibility or flaw, attacker access to the flaw, and attacker capability to exploit the flaw. Source: Wikipedia 33 Classification: //Dell /Confidential - Limited External Distribution:
34 Live Poll: How frequently are you patching the human firewall? New Employee Security Awareness Training? Annual Security Awareness Training? Periodic Security Awareness Newsletter? Phishing Assessments? Lunch & Learn? Other areas? 34 Classification: //Dell /Confidential - Limited External Distribution:
35 Tactics 35 Classification: //Dell /Confidential - Limited External Distribution:
36 Typical Security Awareness Program Tactics Once a year Too Long! Computer Expert Policy Acknowledgement Form? 36 Classification: //Dell /Confidential - Limited External Distribution:
37 Frequency Duration Instructor Focus Testing Reinforcement Learn from Arnold Worked out twice a day Trained each muscle group 3x/week sets per workout Tens of thousands of pounds SAT Tip: Frequency matters!!! 37 Classification: //Dell /Confidential - Limited External Distribution:
38 Pop quiz! Where am I from? 38 Classification: //Dell /Confidential - Limited External Distribution:
39 Frequency Duration Instructor Focus Testing Reinforcement How often are you training your employees? 39 Classification: //Dell /Confidential - Limited External Distribution:
40 Frequency Duration Instructor Focus Testing Reinforcement Who is this??? Edward Everett, Spoke at Dedication of Soldier's National Cemetery Two hours long speech Who spoke after him? 40 Classification: //Dell /Confidential - Limited External Distribution:
41 Frequency Duration Instructor Focus Testing Reinforcement Learn from Lincoln Gettysburg Address 272 words Two minutes SAT Tip: Shorter is better! Make it consumable! 41 Classification: //Dell /Confidential - Limited External Distribution:
42 Frequency Duration Instructor Focus Testing Reinforcement How long are your training sessions? 42 Classification: //Dell /Confidential - Limited External Distribution:
43 Frequency Duration Instructor Focus Testing Reinforcement SAT Tip: Understanding security is a skill. Communication is a separate skill! 43 Classification: //Dell /Confidential - Limited External Distribution:
44 Frequency Duration Instructor Focus Testing Reinforcement Who here is a strong communicator? Who here is highly technical? 44 Classification: //Dell /Confidential - Limited External Distribution:
45 Frequency Duration Instructor Focus Testing Reinforcement Learn from Coast Guard Continually adapted to smugglers methods: Cargo ships Fast Boats Submarines SAT Tip: Training must be specific to threats and adapt as threats change. Intel is key! 45 Classification: //Dell /Confidential - Limited External Distribution:
46 Frequency Duration Instructor Focus Testing Reinforcement What threats do we see today? How do we adapt? 46 Classification: //Dell /Confidential - Limited External Distribution:
47 Frequency Duration Instructor Focus Testing Reinforcement What threats do we see today? How do we adapt? 47 Classification: //Dell /Confidential - Limited External Distribution:
48 Frequency Duration Instructor Focus Testing Reinforcement Learn from the US ARMY What is the number one principle in peacetime training? Replicate battlefield conditions SAT Tip: Include realistic simulations as tests 48 Classification: //Dell /Confidential - Limited External Distribution:
49 Frequency Duration Instructor Focus Testing Reinforcement What are the battlefield conditions? How do you simulate these conditions? Phishing Vishing USB Drops Tail gating Bacon Confiscating sensitive info 49 Classification: //Dell /Confidential - Limited External Distribution:
50 Frequency Duration Instructor Focus Testing Reinforcement Learn from Advertisers 1.2 billion media impressions Social Media Television Radio Signage 107% Increase in Sales SAT Tip: Consistent message & multiple mediums (Combined with frequency) to change behavior 50 Classification: //Dell /Confidential - Limited External Distribution:
51 Frequency Duration Instructor Focus Testing Reinforcement What does reinforcement look like? Posters Newsletters Signage Reward Program Recognition Programs Secret Shopper Trivia 51 Classification: //Dell /Confidential - Limited External Distribution:
52 Frequency Duration Instructor Focus Testing Reinforcement Output 52 Case file: Arnold Classification: //Dell /Confidential - Limited External Distribution:
53 Results 53 Classification: //Dell /Confidential - Limited External Distribution:
54 Dell Managed Phishing Phishing Failure Rate 54 Classification: //Dell /Confidential - Limited External Distribution:
55 40% 55 Classification: //Dell /Confidential - Limited External Distribution:
56 Conclusion 56 Classification: //Dell /Confidential - Limited External Distribution:
57 Thank you!
Cyber Security and Information Assurance Controls Prevention and Reaction NOVEMBER 2013
Cyber Security and Information Assurance Controls Prevention and Reaction 1 About Enterprise Risk Management Capabilities Cyber Security Risk Management Information Assurance Strategic Governance Regulatory
More informationINTRODUCTION TO NETWORK SECURITY. Nischit Vaidya, CISSP Instructor
INTRODUCTION TO NETWORK SECURITY Nischit Vaidya, CISSP Instructor COPYRIGHT ARGOTIS, INC. 2 0 1 3 1 INSTRUCTOR BIOGRAPHY Nischit Vaidya, CISSP, Security+ President/CEO of Argotis, Inc. - Providing Cybersecurity
More informationEnterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006
Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 April 2013 Hologic and the Hologic Logo are trademarks or registered trademarks of Hologic, Inc. Microsoft, Active Directory,
More informationTechnical Testing. Application, Network and Red Team Testing DATA SHEET. Test your security defenses. Expert Testing, Analysis and Assessments
DATA SHEET Technical Testing Application, Network and Red Team Testing The Dell SecureWorks Technical Testing services deliver the independent expertise, experience and perspective you need to enhance
More information2011 Forrester Research, Inc. Reproduction Prohibited
1 2011 Forrester Research, Inc. Reproduction Prohibited Information Security Metrics Present Information that Matters to the Business Ed Ferrara, Principal Research Analyst July 12, 2011 2 2009 2011 Forrester
More informationCyber Security Management
Cyber Security Management Focusing on managing your IT Security effectively. By Anthony Goodeill With the news cycles regularly announcing a recurrently theme of targets of hacker attacks and companies
More informationBelmont Savings Bank. Are there Hackers at the gate? 2013 Wolf & Company, P.C.
Belmont Savings Bank Are there Hackers at the gate? 2013 Wolf & Company, P.C. MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2013 Wolf & Company, P.C. About Wolf & Company, P.C.
More informationThe Value of Automated Penetration Testing White Paper
The Value of Automated Penetration Testing White Paper Overview As an information security and the security manager of the company, I am well aware of the difficulties of enterprises and organizations
More informationSECURITY CONSIDERATIONS FOR LAW FIRMS
SECURITY CONSIDERATIONS FOR LAW FIRMS Enterprise Risk Management Professional consulting firm that specializes in cyber security Founded in 1998 in Miami, Florida Serves more than 150 clients, locally,
More informationHelmi Rais CERT-TCC Team Manager National Agency for Computer Security, Tunisia helmi.rais@ansi.tn helmi.rais@gmail.com
Promoting a Cybersecurity Culture: Tunisian Experience ITU Regional Cybersecurity Forum for Eastern and Southern Africa Lusaka, Zambia, 25-28 August 2008 Helmi Rais CERT-TCC Team Manager National Agency
More informationINTRUSION DETECTION SYSTEM (IDS) D souza Adam Jerry Joseph 0925910 I MCA
INTRUSION DETECTION SYSTEM (IDS) D souza Adam Jerry Joseph 0925910 I MCA OVERVIEW Introduction Overview The IDS Puzzle Current State of IDS Threats I have a good firewall, why do I need an IDS? Expectations
More informationTechnical Testing. Network Testing DATA SHEET
DATA SHEET Technical Testing Network Testing The Dell SecureWorks Technical Testing services deliver the independent expertise, experience and perspective you need to enhance your security posture, reduce
More informationYou are the weakest link! Presented by Michael Hammond, CISA, CRISC, CISSP, C EH Director, IT Audit & Security O Connor & Drew P.C. mhammond@ocd.
You are the weakest link! Presented by Michael Hammond, CISA, CRISC, CISSP, C EH Director, IT Audit & Security O Connor & Drew P.C. mhammond@ocd.com Agenda Why do we keep getting hacked? How are they doing
More informationAdvanced Visibility. Moving Beyond a Log Centric View. Matthew Gardiner, RSA & Richard Nichols, RSA
Advanced Visibility Moving Beyond a Log Centric View Matthew Gardiner, RSA & Richard Nichols, RSA 1 Security is getting measurability worse Percent of breaches where time to compromise (red)/time to Discovery
More informationUsing Risk Modeling & Attack Simulation for Proactive Cyber Security Predictive Solutions for Effective Security Risk Management
whitepaper Using Risk Modeling & Attack Simulation for Proactive Cyber Security Predictive Solutions for Effective Security Risk Management Executive Summary For years, security concerns have been a major
More information13 Ways Through A Firewall What you don t know will hurt you
Scientech 2013 Symposium: Managing Fleet Assets and Performance 13 Ways Through A Firewall What you don t know will hurt you Andrew Ginter VP Industrial Security Waterfall Security Solutions andrew. ginter
More informationSecurity Challenges and Solutions for Higher Education. May 2011
Security Challenges and Solutions for Higher Education May 2011 Discussion Topics Security Threats and Challenges Education Risks and Trends ACH and Wire Fraud Malware and Phishing Techniques Prevention
More informationBUILDING A SECURITY OPERATION CENTER (SOC) ACI-BIT Vancouver, BC. Los Angeles World Airports
BUILDING A SECURITY OPERATION CENTER (SOC) ACI-BIT Vancouver, BC. Los Angeles World Airports Building a Security Operation Center Agenda: Auditing Your Network Environment Selecting Effective Security
More information1. For each of the 25 questions, multiply each question response risk value (1-5) by the number of times it was chosen by the survey takers.
Employee Security Awareness Survey Trenton Bond trent.bond@gmail.com Admin - Version 1.3 Security Awareness One of the most significant security risks that organizations and corporations face today is
More informationEd McMurray, CISA, CISSP, CTGA CoNetrix
Ed McMurray, CISA, CISSP, CTGA CoNetrix AGENDA Introduction Cybersecurity Recent News Regulatory Statements NIST Cybersecurity Framework FFIEC Cybersecurity Assessment Questions Information Security Stats
More informationIntegrated Threat & Security Management.
Integrated Threat & Security Management. SOLUTION OVERVIEW Vulnerability Assessment for Web Applications Fully Automated Web Crawling and Reporting Minimal Website Training or Learning Required Most Accurate
More informationThreat Intelligence Pty Ltd info@threatintelligence.com 1300 809 437. Specialist Security Training Catalogue
Threat Intelligence Pty Ltd info@threatintelligence.com 1300 809 437 Specialist Security Training Catalogue Did you know that the faster you detect a security breach, the lesser the impact to the organisation?
More information10 Smart Ideas for. Keeping Data Safe. From Hackers
0100101001001010010001010010101001010101001000000100101001010101010010101010010100 0100101001001010010001010010101001010101001000000100101001010101010010101010010100000 0100101001001010010001010010101001010101001000000100101001010101010010101010010100000
More informationErnie Hayden CISSP CEH Executive Consultant
Ernie Hayden CISSP CEH Executive Consultant The Old Paradigm The New Philosophies What to Do? Discussion, Q&A http://ptcdigitalworld.wikispaces.com/file/view/14.jpg/91941753/964x515/14.jpg Herstmonceux
More informationCyber Security 2014 SECURE BANKING SOLUTIONS, LLC
Cyber Security CHAD KNUTSON SECURE BANKING SOLUTIONS 2014 SECURE BANKING SOLUTIONS, LLC Presenter Chad Knutson Senior Information Security Consultant Masters in Information Assurance CISSP (Certified Information
More informationWhy The Security You Bought Yesterday, Won t Save You Today
9th Annual Courts and Local Government Technology Conference Why The Security You Bought Yesterday, Won t Save You Today Ian Robertson Director of Information Security Michael Gough Sr. Risk Analyst About
More informationBasic Security Considerations for Email and Web Browsing
Basic Security Considerations for Email and Web Browsing There has been a significant increase in spear phishing and other such social engineering attacks via email in the last quarter of 2015, with notable
More informationOPC & Security Agenda
OPC & Security Agenda Cyber Security Today Cyber Security for SCADA/IS OPC Security Overview OPC Security Products Questions & Answers 1 Introduction CYBER SECURITY TODAY The Need for Reliable Information
More informationIs security awareness a waste of time?
Is security awareness a waste of time? New York State Cyber Security Conference June 5, 2013 Scott Gréaux Vice President Product Management and Services, PhishMe, Inc. They are exploiting human vulnerabilities
More informationMohamed ElHarras CIIP Strategies and Policies Executive Director
EGYPT National Telecom Regulatory Authority Integrating The Information Security Awareness in Critical Infrastructure Firms Mohamed ElHarras CIIP Strategies and Policies Executive Director Agenda The Connectivity
More informationdeveloping your potential Cyber Security Training
developing your potential Cyber Security Training The benefits of cyber security awareness The cost of a single cyber security incident can easily reach six-figure sums and any damage or loss to a company
More informationSeptember 20, 2013 Senior IT Examiner Gene Lilienthal
Cyber Crime September 20, 2013 Senior IT Examiner Gene Lilienthal The following presentation are views and opinions of the speaker and does not necessarily reflect the views of the Federal Reserve Bank
More informationOffice of Inspector General
DEPARTMENT OF HOMELAND SECURITY Office of Inspector General Improved Security Required for DHS Networks (Redacted) Notice: The Department of Homeland Security, Office of Inspector General, has redacted
More informationChecklist for HIPAA/HITECH Compliance Best Practices for Healthcare Information Security
Checklist for HIPAA/HITECH Compliance Best Practices for Healthcare Information Security Ali Pabrai, MSEE, CISSP (ISSMP, ISSAP) For Daily Compliance & Security Tips, Follow ecfirst @ Agenda Review the
More informationFERPA: Data & Transport Security Best Practices
FERPA: Data & Transport Security Best Practices April 2013 Mike Tassey Privacy Technical Assistance Center FERPA and Data Security Unlike HIPAA and other similar federal regulations, FERPA does not require
More informationAppGuard. Defeats Malware
AppGuard Defeats Malware and phishing attacks, drive-by-downloads, zero-day attacks, watering hole attacks, weaponized documents, ransomware, and other undetectable advanced threats by preventing exploits
More informationAPT Advanced Persistent Threat Time to rethink?
APT Advanced Persistent Threat Time to rethink? 23 November 2012 Gergely Tóth Senior Manager, Security & Privacy Agenda APT examples How to get inside? Remote control Once we are inside Conclusion 2 APT
More informationFIVE PRACTICAL STEPS
WHITEPAPER FIVE PRACTICAL STEPS To Protecting Your Organization Against Breach How Security Intelligence & Reducing Information Risk Play Strategic Roles in Driving Your Business CEOs, CIOs, CTOs, AND
More informationFedVTE Training Catalog SPRING 2015. advance. Free cybersecurity training for government personnel. fedvte.usalearning.gov
FedVTE Training Catalog SPRING 2015 advance. Free cybersecurity training for government personnel. fedvte.usalearning.gov If you need any assistance please contact the FedVTE Help Desk here or email the
More informationYour security is our priority
Your security is our priority Welcome to our Cash Management newsletter for businesses. You will find valuable information about how to limit your company s risk for fraud. We offer a wide variety of products
More informationI ve been breached! Now what?
I ve been breached! Now what? THE AFTERMATH OF A BREACH & STEPS TO REDUCE RISK The number of data breaches in the United States in 2014 hit a record high. And 2015 is not looking any better. There have
More informationSecurity Awareness Training Solutions
DATA SHEET Security Awareness Training Solutions A guide to available Dell SecureWorks services At Dell SecureWorks, we strive to be a trusted security advisor to our clients. Part of building this trust
More informationPreempting Business Risk with RSA SIEM and CORE Security Predictive Security Intelligence Solutions
Preempting Business Risk with RSA SIEM and CORE Security Predictive Security Intelligence Solutions CORE Security +1 617.399-6980 info@coresecurity.com www.coresecurity.com blog.coresecurity.com Preempting
More informationCyber-Security Risk in the Global Organization:
Cyber-Security Risk in the Global Organization: Trends, Challenges and Strategies for Effective Management David Childers, CCEP, CIPP CEO, Compli Todd Carroll Assistant Special Agent in Charge, FBI Three
More informationInformation Security @ Blue Valley Schools FEBRUARY 2015
Information Security @ Blue Valley Schools FEBRUARY 2015 Student Data Privacy & Security Blue Valley is committed to providing an education beyond expectations to each of our students. To support that
More informationCYBER SECURITY, A GROWING CIO PRIORITY
www.wipro.com CYBER SECURITY, A GROWING CIO PRIORITY Bivin John Verghese, Practitioner - Managed Security Services, Wipro Ltd. Contents 03 ------------------------------------- Abstract 03 -------------------------------------
More informationEvolution Of Cyber Threats & Defense Approaches
Evolution Of Cyber Threats & Defense Approaches Antony Abraham IT Architect, Information Security, State Farm Kevin McIntyre Tech Lead, Information Security, State Farm Agenda About State Farm Evolution
More informationCybersecurity: What CFO s Need to Know
Cybersecurity: What CFO s Need to Know William J. Nowik, CISA, CISSP, QSA PCIP MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2014 Wolf & Company, P.C. Today s Agenda Introduction
More informationCYBER SECURITY: A REPORT FROM THE TRENCHES 2015 AGC NATIONAL & CHAPTER LEADERSHIP CONFERENCE MIKE.ZUSMAN@CARVESYSTEMS.COM
CYBER SECURITY: A REPORT FROM THE TRENCHES 2015 AGC NATIONAL & CHAPTER LEADERSHIP CONFERENCE SECURITY IS A PROCESS, NOT A STATE CARVE SYSTEMS LLC MIKE.ZUSMAN@CARVESYSTEMS.COM How did I get here? (short
More informationTHE HUMAN COMPONENT OF CYBER SECURITY
cybersecurity.thalesgroup.com.au People, with their preference to minimise their own inconvenience, their predictability, apathy and general naivety about the potential impacts of their actions, are the
More informationReal World Healthcare Security Exposures. Brian Selfridge, Partner, Meditology Services
Real World Healthcare Security Exposures Brian Selfridge, Partner, Meditology Services 2 Agenda Introduction Background and Industry Context Anatomy of a Pen Test Top 10 Healthcare Security Exposures Lessons
More informationTraining Employees to Recognise & Avoid Advanced Threats
Training Employees to Recognise & Avoid Advanced Threats Joe Ferrara, President & CEO, Wombat Security Technologies Rashmi Knowles, Chief Security Architect EMEA, RSA The Security Division of EMC Session
More informationBy: Gerald Gagne. Community Bank Auditors Group Cybersecurity What you need to do now. June 9, 2015
Community Bank Auditors Group Cybersecurity What you need to do now June 9, 2015 By: Gerald Gagne MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2015 Wolf & Company, P.C. Cybersecurity
More informationSecurity on Embedded Systems
Cyber Security (CYS) Issue Group Activity Report Security on Embedded Systems Chair : Buheita Fujiwara Information-technology Promotion Agency With Cybersecurity Malaysia, Hitachi and III GBDe Summit 2007,
More informationDeveloping a Successful Security Awareness Training Program. Shea Garber, Sr. Account Executive Wombat Security Technologies, Inc.
Developing a Successful Security Awareness Training Program Shea Garber, Sr. Account Executive Wombat Security Technologies, Inc. Agenda The human element of cyber security Building your case Building
More informationPresented by Frederick J. Santarsiere
http://cinoltd.com/ Presented by Frederick J. Santarsiere CHFI, CISSP, CISM, CISA, CEH, CEI, CAP, SSCP Sec+, Net+, A+, MCSA, MCSE, MCITP, MCT CCENT, CCNA, CCNA Wireless, CCNA Voice CISCO SMBEN, SMBAM,
More informationHow to start a software security initiative within your organization: a maturity based and metrics driven approach OWASP
How to start a software security initiative within your organization: a maturity based and metrics driven approach Marco Morana OWASP Lead/ TISO Citigroup OWASP Application Security For E-Government Copyright
More informationWhat is Management Responsible For?
What is Management Responsible For? Matthew J. Putvinski, CPA, CISA, CISSP MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2011 Wolf & Company, P.C. About Wolf & Company, P.C Regional
More informationDefending Against Data Beaches: Internal Controls for Cybersecurity
Defending Against Data Beaches: Internal Controls for Cybersecurity Presented by: Michael Walter, Managing Director and Chris Manning, Associate Director Protiviti Atlanta Office Agenda Defining Cybersecurity
More informationApplication Security in the Software Development Lifecycle
Application Security in the Software Development Lifecycle Issues, Challenges and Solutions www.quotium.com 1/15 Table of Contents EXECUTIVE SUMMARY... 3 INTRODUCTION... 4 IMPACT OF SECURITY BREACHES TO
More informationHow to Secure Your Environment
End Point Security How to Secure Your Environment Learning Objectives Define Endpoint Security Describe most common endpoints of data leakage Identify most common security gaps Preview solutions to bridge
More informationAn Analysis of the Capabilities Of Cybersecurity Defense
UNIDIRECTIONAL SECURITY GATEWAYS An Analysis of the Capabilities Of Cybersecurity Defense Michael Firstenberg, Director of Industrial Security Waterfall Security Solutions Proprietary Information -- Copyright
More information13 Ways Through A Firewall
Industrial Control Systems Joint Working Group 2012 Fall Meeting 13 Ways Through A Firewall Andrew Ginter Director of Industrial Security Waterfall Security Solutions Proprietary Information -- Copyright
More informationSpyware. Michael Glenn Technology Management Michael.Glenn@Qwest.com. 2004 Qwest Communications International Inc.
Spyware Michael Glenn Technology Management Michael.Glenn@Qwest.com Agenda Security Fundamentals Current Issues Spyware Definitions Overlaps of Threats Best Practices What Service Providers are Doing References
More informationFedVTE Training Catalog SUMMER 2015. advance. Free cybersecurity training for government personnel. fedvte.usalearning.gov
FedVTE Training Catalog SUMMER 2015 advance. Free cybersecurity training for government personnel. fedvte.usalearning.gov Access FedVTE online at: fedvte.usalearning.gov If you need any assistance please
More informationEmerging Network Security Threats and what they mean for internal auditors. December 11, 2013 John Gagne, CISSP, CISA
Emerging Network Security Threats and what they mean for internal auditors December 11, 2013 John Gagne, CISSP, CISA 0 Objectives Emerging Risks Distributed Denial of Service (DDoS) Attacks Social Engineering
More informationBest Practices for a BYOD World
Face Today s Threats Head-On: Best Practices for a BYOD World Chris Vernon CISSP, VTSP Security Specialist Agenda Mobile Threats Overview 2013 State of Mobility Survey Canada BYOD Best Practices 2 Mobile
More informationCourse Title: Penetration Testing: Network & Perimeter Testing
Course Title: Penetration Testing: Network & Perimeter Testing Page 1 of 7 Course Description: The Security Analyst Series from EC-Council Press is comprised of five books covering a broad base of topics
More information<Insert Picture Here> How to protect sensitive data, challenges & risks
How to protect sensitive data, challenges & risks Lars Klumpes CISSP Security Strategy Consultant EMEA Disclaimer The following is intended to outline our general product direction.
More informationCybersecurity Awareness for Executives
SESSION ID: SOP-R04 Cybersecurity Awareness for Executives Rob Sloan Head of Cyber Content and Data Dow Jones @_rob_sloan Session Overview Aim: Provide a high level overview of an effective cybersecurity
More informationCNA NetProtect Essential SM. 1. Do you implement virus controls and filtering on all systems? Background:
1. Do you implement virus controls and filtering on all systems? Anti-Virus anti-virus software packages look for patterns in files or memory that indicate the possible presence of a known virus. Anti-virus
More informationData Loss Prevention in the Enterprise
Data Loss Prevention in the Enterprise ISYM 525 Information Security Final Paper Written by Keneth R. Rhodes 12-01-09 In today s world data loss happens multiple times a day. Statistics show that there
More informationThomas J. Schlagel Chief Information Officer, BNL
Thomas J. Schlagel Chief Information Officer, BNL PhD in Nuclear Physics from the University of Illinois at Urbana-Champaign in 1990 Joined BNL in 1990 as a Postdoctoral Associate in the Nuclear Theory
More informationCyber Crime: You Are the Target
Cyber Crime: You Are the Target When talking about computer crime, we often hear the observation from computer users that they aren t rich and therefore what they have isn t worth much to a cyber criminal.
More informationHow to Spot and Combat a Phishing Attack Webinar
How to Spot and Combat a Phishing Attack Webinar October 20 th, 2015 Kevin Patel Sr Director of Information Security, Compliance & IT Risk Mgmt kpatel@controlscan.com Agenda 1) National Cyber Security
More information8/27/2015. Brad Schuette IT Manager City of Punta Gorda bschuette@pgorda.us (941) 575-3354. Don t Wait Another Day
Brad Schuette IT Manager City of Punta Gorda bschuette@pgorda.us (941) 575-3354 2015 FRWA Annual Conference Don t Wait Another Day 1 SCADA Subsystems Management Physical Connectivity Configuration Mgmt.
More informationMetasploit The Elixir of Network Security
Metasploit The Elixir of Network Security Harish Chowdhary Software Quality Engineer, Aricent Technologies Shubham Mittal Penetration Testing Engineer, Iviz Security And Your Situation Would Be Main Goal
More informationCyber Security: Threat & The Maritime Environment Cyber Security: now byting the maritime industry
Cyber Security: Threat & The Maritime Environment Cyber Security: now byting the maritime industry Templar Executives NIAS 2007 DHR 2008 IAMM 2008 1 st CSS 2009 2 nd CSS 2011 Advising Government & Industry
More informationMaking Database Security an IT Security Priority
Sponsored by Oracle Making Database Security an IT Security Priority A SANS Whitepaper November 2009 Written by Tanya Baccam Security Strategy Overview Why a Database Security Strategy? Making Databases
More informationWeb Security School Final Exam
Web Security School Final Exam By Michael Cobb 1.) Which of the following services is not required to run a Windows server solely configured to run IIS and publish a Web site on the Internet? a. IIS Admin
More informationReferences NYS Office of Cyber Security and Critical Infrastructure Coordination Best Practices and Assessment Tools for the Household
This appendix is a supplement to the Cyber Security: Getting Started Guide, a non-technical reference essential for business managers, office managers, and operations managers. This appendix is one of
More informationUse Bring-Your-Own-Device Programs Securely
Use Bring-Your-Own-Device Programs Securely By Dale Gonzalez December 2012 Bring-your-own-device (BYOD) programs, which allow employees to use their personal smartphones, tablets and laptops in and out
More informationJumpstarting Your Security Awareness Program
Jumpstarting Your Security Awareness Program Michael Holcomb Director, Information Security HO20110473 1 Jumpstarting Your Security Awareness Program Classification: Confidential Owner: Michael Holcomb
More informationAbout Our 2015 WTA Cyber Security Speakers and Sessions
About Our 2015 WTA Cyber Security Speakers and Sessions The constant threat of cyber security attacks is the number one concern for most businesses today. Weaknesses in networks and data security can expose
More informationIs Penetration Testing recommended for Industrial Control Systems?
Is Penetration Testing recommended for Industrial Control Systems? By Ngai Chee Ban, CISSP, Honeywell Process Solutions, Asia Pacific Cyber Security Assessment for Industrial Automation Conducting a cyber-security
More informationTOP 10 TIPS FOR EDUCATING EMPLOYEES ABOUT CYBERSECURITY. Mark Villinski @markvillinski
TOP 10 TIPS FOR EDUCATING EMPLOYEES ABOUT CYBERSECURITY Mark Villinski @markvillinski Why do we have to educate employees about cybersecurity? 2014 Corporate Threats Survey 94% of business s suffered one
More informationAnthony J. Keane, MSc, PhD and Jason Flood, MSc Information Security & Digital Forensics Research Group Institute of Technology Blanchardstown
Anthony J. Keane, MSc, PhD and Jason Flood, MSc Information Security & Digital Forensics Research Group Institute of Technology Blanchardstown 1 Protected networks are continuously being successfully attacked
More informationThey Did What?!? How Your End Users Are Putting You At Risk
They Did What?!? How Your End Users Are Putting You At Risk SESSION ID: HT-F02 Mike Seifert CISSP, CISA, CIPP, CISM, CGEIT Vice President Enterprise Risk & Resilience Fiserv New/future jobs Cloud Services
More information2010 AICPA Top Technology Initiatives. About the Presenter. Agenda. Presenter: Dan Schroeder, CPA/CITP Habif, Arogeti, & Wynne, LLP
2010 AICPA Top Technology Initiatives Presenter: Dan Schroeder, CPA/CITP Habif, Arogeti, & Wynne, LLP Georgia Society of CPAs Annual Convention June 16, 2010 About the Presenter Partner-in-Charge, Habif,
More informationPresentation Objectives
Gerry Cochran, IT Specialist Jennifer Van Tassel, Associate Examiner Office of the State Comptroller Thomas P. DiNapoli State & Local Government Accountability Andrew A. SanFilippo Executive Deputy Comptroller
More informationCyber Security Beginners Guide to Firewalls A Non-Technical Guide
Cyber Security Beginners Guide to Firewalls A Non-Technical Guide Essential for Business Managers Office Managers Operations Managers Multi-State Information Sharing and Analysis Center (MS-ISAC) U.S.
More informationSBA Cybersecurity for Small Businesses. 1.1 Introduction. 1.2 Course Objectives. 1.3 Course Topics
SBA Cybersecurity for Small Businesses 1.1 Introduction Welcome to SBA s online training course: Cybersecurity for Small Businesses. SBA s Office of Entrepreneurship Education provides this self-paced
More informationCyber Security Threats
Cyber Security Threats What keeps us up at night? Doug Jacobson Information Assurance Center www.iac.iastate.edu Information Assurance Center Iowa State University 1 Outline Who are the players The good,
More informationData Breach Lessons Learned. June 11, 2015
Data Breach Lessons Learned June 11, 2015 Introduction John Adams, CISM, CISA, CISSP Associate Director Security & Privacy 410.707.2829 john.adams@protiviti.com Powerful Insights. Proven Delivery. Kevin
More informationEducation as a defense strategy. Jeannette Jarvis Group Program Manager PSS Security Microsoft
Education as a defense strategy Jeannette Jarvis Group Program Manager PSS Security Microsoft Introduction to End User Security Awareness End User Security Awareness Challenges Understanding End User
More informationCyber Self Assessment
Cyber Self Assessment According to Protecting Personal Information A Guide for Business 1 a sound data security plan is built on five key principles: 1. Take stock. Know what personal information you have
More informationSecure by design: taking a strategic approach to cybersecurity
Secure by design: taking a strategic approach to cybersecurity The cybersecurity market is overly focused on auditing policy compliance and performing vulnerability testing when the level of business risk
More informationCyber Security R&D (NE-1) and (NEET-4)
Cyber Security R&D (NE-1) and (NEET-4) Trevor Cook Office of Science and Technology Innovation Office of Nuclear Energy U.S. Department of Energy Cyber Security for Nuclear Systems (the threat is real)
More informationCyber/IT Risk: Threat Intelligence Countering Advanced Adversaries Jeff Lunglhofer, Principal, Booz Allen. 14th Annual Risk Management Convention
Cyber/IT Risk: Threat Intelligence Countering Advanced Adversaries Jeff Lunglhofer, Principal, Booz Allen 14th Annual Risk Management Convention New York, New York March 13, 2013 Today s Presentation 1)
More informationPart Banker. Part Geek. All Security & Compliance.
Part Banker. Part Geek. All Security & Compliance. Your IT Security Assessment......begins with Vulnerability Scanning to identify and classify security weaknesses in your IT network. We look for weaknesses
More information