Rethinking Cyber Security Threats

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Rethinking Cyber Security Threats"

Transcription

1 Rethinking Cyber Security Threats (ISC)² Update U.S. Government Advisory Board Meeting February 17, 2010 Frank Chow CISSP ISSAP ISSMP CSSLP CGEIT CRISC CISM CISA Chairperson of Professional Information Security Association / Security Manager of Automated Systems (HK) Ltd. Copyright , 2013, (ISC) 2 All Rights Reserved

2 Who is (ISC) 2? The International Information Systems Security Certification Consortium HQs in US and with Office in London, Hong Kong and Tokyo A global not-for-profit organization known for world class education and Gold Standard certifications. Founded in 1989 by multiple professional associations. Develops and maintains the (ISC)² CBK, a taxonomy of information security topics. The CBK is a critical body of knowledge that defines global industry standards, serving as a common framework of terms and principles that allow professionals worldwide to discuss, debate and resolve matters pertaining to the field. Nearly 90,000 security professionals worldwide in over 135 countries 2

3 PISA ( 專 業 資 訊 保 安 協 會 ) PISA SIG -(ISC) 2 Hong Kong Chapter Not-for-profit organization Facilitate knowledge and information sharing among the PISA members Promote the highest quality of technical and ethical standards to the information security profession, Promote best-practices in information security control, Promote security awareness to the IT industry and general public in Hong Kong, Be the de facto representative body of local information security professionals 3

4 Agenda Definition Cyber Security Challenges Cyber Security Inside Out How to Survive in Cyber Attack? Addressing Cyber Security Challenges on a Global Scale 4

5 Copyright , (ISC) 2 All Rights Reserved DEFINITION

6 Definition According to H.R Cyber Security Information Act : cybersecurity: The vulnerability of any computing system, software program, or critical infrastructure to, or their ability to resist, intentional interference, compromise, or incapacitation through the misuse of, or by unauthorized means of, the Internet, public or private telecommunications systems or other similar conduct that violates Federal, State, or international law, that harms interstate commerce of the United States, or that threatens public health or safety. Source: U.S. National CyberSecurity 6

7 (ISC)² Update U.S. Government Advisory Board Meeting February 17, 2010 CYBER SECURITY CHALLENGES Copyright , 2013, (ISC) 2 All Rights Reserved

8 How many devices you have? 8

9 They use tablet Is it secure? 9

10 Tablets in meeting room Is it secure? 10

11 ecrime Market Current Pricing Source: APWG 11

12 Hack Household Appliances Source: ScienceNordic 12

13 Global Risk Trends Cyber Attack is considered as one of the top five in the most likely Risk in 2012 as per Global Risks Report. Source: World Economic Forum 13

14 Global Risk 2013 Source: World Economic Forum 14

15 Motivations Behind Attacks Source: 15

16 Cyber Attack Trends Source: 16

17 Distribution of Attack Techniques Source: 17

18 Distribution of Targets Source: 18

19 Ranking of Five Types of Cyber Crime Source: The Impact of Cybercrime on Business Ponemon Institute Research Report,

20 (ISC)² Update U.S. Government Advisory Board Meeting February 17, 2010 Cyber Security Inside Out Copyright , 2013, (ISC) 2 All Rights Reserved

21 Cyber Security Game Changers Source: ISACA/ 21

22 Cyber Attack Approach 22

23 Cyber Attack Approach Perform SQL ARP EXEC Scan Send with malware Admin Admin Opens with Malware Operator Internet Acct Operator Hacker Hacker performs sends an an ARP with (Address malware Resolution Protocol) Scan 2. recipient opens the and the 5. Once malware the Slave gets installed Database quietly is found, hacker sends 3. an SQL Using EXEC the information commandthat malware gets, hacker is able to take control of the recipient s PC! 6. Performs another ARP Scan 7. Takes control of Data Slave Database Master DB Master DB Source: Example from 2006 SANS SCADA Security Summit, INL 23

24 What we can do in Cyber Security? Social Media Security Computer Forensics Physical Access Logical Access Organization Data Cyber Security Incident Response Mobile Security Source: ISACA/ 24

25 Cyber Security Components Well Defined Structure Roles & Responsibility Skilled Resources R&D Lab & Testing Lab Standards & Best Practices Security Operation Center Cyber Security Cell Security Analytics Malware Detection Cyber Security Command Centre Threat Intelligence Feed Evolving Threat Research Anomaly Detection Contextualized Intelligence Interface & Interlock Source: ISACA/ Law Enforcement Agency CERT Risk Intelligence Service Providers Other Countries CERT & Intelligence Agencies 25

26 Cyber Security Components Cyber Security Resources Strategic Advisory Cyber Security Service Portfolio Operational / Post-Event BCP / DR Preparedness against Cyber attacks Cyber Security Training and Awareness Computer Forensics DDOS Test Enterprise Security Architecture Threat Modeling Social Media Security Mobile Security Simulation Exercises Regulatory Readiness(FISMA, TRA, Indian Act etc.) Incident Response (Virus/Malware/Botnets) Cloud Security Effectiveness Measurement of Policies/Procedures/Infra Design of Security Intelligence Centre Penetration Testing Vulnerability Assessment Interface & Interlock Law Enforcement Agency CERT Risk Intelligence Service Provider Enterprise Risk Management Source: ISACA/ 26

27 Computer Forensic Computer Forensic provides a post-intrusion / incident analysis in order to identify, preserve, analyse meaningful evidence and provide a detailed forensic report and recommendation on the security incident. Computer Forensics Coverage Network Forensics Media Forensics System Forensics Web Server Forensics LAN/WAN Network USB/CD Media Laptop/Desktop Log Analysis Wireless Network Mobile Device Database/ Operating Systems Mobile Trading Hard Disk Mobile Devices Intrusion/ Malware Analysis Source: ISACA/ 27

28 Approach for Computer Forensics The following are the broad steps involved in this assessment 1. Initial Study Situation awareness, identify the potential source of data Confidentiality 5. Reporting Logical Conclusion, Management and Technical Presentation 2. Data Collection Data duplication, Cloning, Extractions using specialized S/W and H/W Media Remote or Onsite Seamless Access & Secure Storage of Data Break Through Preserve Chain of Custody Intelligent Search of Suspect Data Evidence Investigation Examination, Decryption, Intelligent search on information on interest Data Concurrent Analysis Information 4. Analysis Data Interpretation, Event Correlation, Chain of Custody, Pattern Matching Source: ISACA/ 28

29 Social Media Security Rise in the use of Social Networking sites such as Twitter, LinkedIn, Facebook by corporate to communicate and build their brand names as well as by individual to share information increase the risk of data security Social Media Security Sensitive & Customer Information Gathering over Social Networking Social Engineering Awareness Assessment Corporate Social Networking Website Security Crisis Response over Social Media Social Networking Sites (FB, Orkut etc.) Community Sites, Forums & Blogs Using Search Engines Phishing Through Calls Phishing Though Mails and Websites Dumpster Drive Employee Awareness Assessment Evaluation of Social Media & Acceptable Usage Policy Malware Detection Phishing Attack Detection Hacking Attack Detection Crisis Response Plan Observing incident over Social Media Training and Awareness Source: ISACA/ 29

30 Approach for Social Media Security A comprehensive and structured approach for Social Media Security Assessment, Sensitive Customer Information from different sources like social engineering sites, forums, community sites, blogs and hacking sites will be gathered along with the automated tools and search engines like Google, AltaVista, Baidu etc. The following are the broad steps involved in this assessment Identifying & understanding Sensitive Customer Data Define the Search Pattern on the Sensitive Customer Data Information gathering from automated tools using search patterns Analysis, Validation and Reporting Social Engineering Techniques Manual Information Gathering Using Search Engines like Google Source: ISACA/ 30

31 Incident Response Incident Response Service provides on field or remote analysis by experts to identify, contaminate, recover and eradicate different variety of cyber attacks to the organisation. Virus Outbreaks DOS/DDOS/ Botnet Attacks Incident Response Service Malware Attacks Phishing Attacks Hacking Attacks Source: ISACA/ 31

32 Cyber Security Incident Response Approach A structured and proven approach for handling and responding to any kind of Cyber Security Attacks. In line with the industry best practices and experts armored with specialized tools help customer to react effectively and immediately. Preparation Identification Collection Assessment Reporting Reassess and Train Mobilize Resources Tools & Kits Authorization and Approvals Legal considerations Situation Awareness Sources of information Chain of custody Suspected behavior Live Data Acquisition Log/Network Data Acquisition OS and Database Acquisition Analyze acquired evidences Identify the level of impact Identify the source of intrusion & vulnerability Management report on extent of Damage Report on nature of the incident and compromise Eradication and recovery measures Reassess the fix Develop learning and Lessons Training and Awareness Secure Guidelines Source: ISACA/ 32

33 (ISC)² Update U.S. Government Advisory Board Meeting February 17, 2010 How to Survive in Cyber Attack? Copyright , 2013, (ISC) 2 All Rights Reserved

34 Defense in Depth 34

35 Security for Industrial Control Systems (SCADA) CYBER SECURITY CONTROLS Air-gap networks, apps and control data with firewalls, proxies PHYSICAL SECURITY CONTROLS SECURITY CONTROLS 35

36 Everything is a Target Security Management Polices, Procedures & Awareness Policy Assessments Operational Framework Consulting Training & Consulting Application Vulnerability Assessments Code Reviews Application Hardening Centralized Tool Integration Centralized Monitoring Private Public Server Internal Network Vulnerability Assessments Intrusion Detection Wireless Design Consulting Intrusion Prevention Authentication & Authorization Perimeter Vulnerability Assessments Firewalls & Proxies Intrusion Detection VPN Remote Access Data Authentication Management Identity Management Data Privacy Vulnerability Assessments Intrusion Prevention Patch Management Anti-Virus & Anti-SPAM Mobile Client Security Server Hardening Authentication & Authorization 36

37 (ISC)² Update U.S. Government Advisory Board Meeting February 17, 2010 Addressing Cyber Security Challenges on a Global Scale Copyright , 2013, (ISC) 2 All Rights Reserved

38 Introduction This CybersecurityManagement System consists of 4 main components: Cyber Security Framework; Maturity Model; Roles and Responsibilities chart; Implementation Guide. Source: ITU Regional Cyber security Forum for Africa and Arab States,

39 National Cybersecurity Management System Source: ITU Regional Cyber security Forum for Africa and Arab States,

40 National Cyber Security Framework : 5 Domains Source: ITU Regional Cyber security Forum for Africa and Arab States,

41 National Cyber Security Framework (5 Domains and 34 Processes) 1 -SP : Strategy and Policies 3 -AC : Awareness and Communication SP1 NCSec Strategy: Promulgate & endorse a National Cybersecurity Strategy AC1 SP2 Lead Institutions: Identify a lead institutions for developing a national strategy, and 1 lead institution per stakeholder category AC2 Leaders in the Government : Persuade national leaders in the government of the need for national action to address threats to and vulnerabilities of the NCSec through policy-level discussions National Cybersecurity and Capacity : Manage National Cybersecurity and capacity at the national level SP3 NCSecPolicies : Identify or define policies of the NCSec strategy AC3 Continuous Service: Ensure continuous service within each stakeholder and among stakeholders SP4 SP5 IO1 IO2 IO3 IO4 Critical Information Infrastructures Protection : Establish & integrate risk management for identifying & prioritizing protective efforts regarding CII Stakeholders : Identify the degree of readiness of each stakeholder regarding to the implementation of NCSec strategy & how stakeholders pursue the NCSec strategy & policies AC4 AC5 2 -IO : Implementation and Organisation AC6 NCSec Council : Define National Cybersecurity Council for coordination between all stakeholders, to approve the NCSec strategy NCSec Authority: Define Specific high level Authority for coordination among cybersecurity stakeholders AC8 National CERT: Identify or establish a national CERT to prepare for, detect, respond to, and recover from national cyber incidents Privacy and Personnal Data Protection : Review existing privacy regime and update it to the on-line environment AC7 AC9 AC10 National Awareness : Promote a comprehensive national awareness program so that all participants businesses, the general workforce, and the general population secure their own parts of cyberspace Awareness Programs : Implement security awareness programs and initiatives for users of systems and networks Citizens and Child Protection: Support outreach to civil society with special attention to the needs of children and individual users Research and Development : Enhance Research and Development (R&D) activities (through the identification of opportunities and allocation of funds) CSecCulture for Business: Encourage the development of a culture of security in business enterprises Available Solutions: Develop awareness of cyber risks and available solutions NCSec Communication : Ensure National Cybersecurity Communication IO5 Laws : Ensure that a lawful framework is settled and regularly levelled 4 - CC : Compliance and Communication IO6 IO7 Institutions : Identify institutions with cybersecurity responsibilities, and procure resources that enable NCSec implementation National Experts and Policymakers : Identify the appropriate experts and policymakers within government, private sector and university IO8 Training : Identify training requirements and how to achieve them CC3 IO9 IO10 Government : Implement a cybersecurity plan for government-operated systems, that takes into account changes management International Expertise: Identify international expert counterparts and foster international efforts to address cybersecurity issues, including information sharing and assistance efforts CC1 CC2 CC4 CC5 5 -EM : Evaluation and Monitoring EM1 NCSec Observatory: Set up the NCSec observatory EM3 Mechanisms for Evaluation : Define mechanisms that can be used to coordinate the activities of the EM2 lead institution, the government, the private sector and civil society, in order to monitor and evaluate the global NCSec performance Source: ITU Regional Cyber security Forum for Africa and Arab States, 2009 EM4 International Compliance & Cooperation : Ensure regulatory compliance with regional and international recommendations, standards National Cooperation: Identify and establish mechanisms and arrangements for cooperation among government, private sector entities, university and ONGs at the national level Private sector Cooperation : Encourage cooperation among groups from interdependent industries (through the identification of common threats). Incidents Handling : Manage incidents through national CERT to detect, respond to, and recover from national cyber incidents, through cooperative arrangement (especially between government and private sector) Points of Contact: Establish points of contact (or CSIRT) within government, industry and university to facilitate consultation, cooperation and information exchange with national CERT, in order to monitor and evaluate NCSec performance in each sector NCSec Assessment: Assess and periodically reassess the current state of cybersecurity efforts and develop program priorities NCSec Governance : Provide National Cybersecurity Governance 41

42 National Cyber Security Maturity Model PS Process Description Level 1 Level 2 Level 3 Level 4 Level 5 SP 1 Promulgate & endorse a National Cybersecurity Strategy Recognition of the need for a National strategy NCSec is announced & planned. NCSec is operational for all key activities NCSec is under regular review NCSec is under continuous improvement SP2 Identify a lead institution for developing a national strategy, and 1 lead institution per stakeholder category Some institutions have an individual cybersecurity strategy Lead institutions are announced for all key activities Lead institutions are operational for all key activities Lead institutions are under regular review Lead institutions are under continuous improvement SP3 Identify or define policies of the NCSec strategy Ad-hoc & Isolated approaches to policies & practices Similar & common processes announced & planned Policies and procedures are defined, documented, operational National best practices are applied &repeatable Integrated policies & procedures Transnational best practice SP4 Establish & integrate Risk management process for Identifying & prioritizing protective efforts regarding NCSec (CIIP) Recognition of the need for risk management process in CIIP CIIP are identified & planned. Risk management process is announced Risk management process is approved & operational for all CIIP CIIP risk management process is complete, repeatable, and lead to CI best practices CIIP risk management process evolves to automated workflow & integrated to enable improvement Source: ITU Regional Cyber security Forum for Africa and Arab States,

43 ce National Cybersecurity Assessment SP1 5 EM4 4 SP4 Legend: CC2 CC IO3 IO2 SP1: National Cybersecurity Strategy SP4: CIIP IO2: National Cybersecurity Authority IO3: National-CERT IO5: Cyber Law AC5: Awareness Programme CC1: International Cooperation CC2: National Coordination EM4: Cybersecurity Governance AC5 IO5 Source: ITU Regional Cyber security Forum for Africa and Arab States,

44 RACI Chart / Stakeholders SP1 SP2 SP3 NCSec Strategy Promulgate & endorse a National Cybersecurity Strategy Lead Institutions Identify a lead institutions for developing a national strategy, and 1 lead institution per stakeholder category NCSec Policies Identify or define policies of the NCSec strategy I A C C R C C C I I R I I I I I A C R C C I I R C C C C A C R C I C I R I I SP4 Critical Infrastructures Establish & integrate risk management for identifying & prioritizing protective efforts regarding NCSec (CIIP) A R R C I R C R I Source: ITU Regional Cyber security Forum for Africa R and = Arab Responsible, States, 2009 A = Accountable, C = Consulted, I = Informed Copyright ,(ISC) 2 All Rights Reserved CONFIDENTIAL 44

45 National CybersecurityManagement System Implementation Guide Source: ITU Regional Cyber security Forum for Africa and Arab States,

46 Example: Measuring the effectiveness of Security Apply the vulnerability management lifecycle... Inventory assets Identify vulnerabilities Develop baseline Prioritize based on vulnerability data, threat data, and asset classification plan Monitor known vulnerabilities Watch unpatched systems Alert other suspicious activity Eliminate highpriority vulnerabilities Establish controls Demonstrate progress Source: ITU Regional Cyber security Forum for Africa and Arab States,

47 (ISC)² Update U.S. Government Advisory Board Meeting February 17, 2010 Thank You Copyright , 2013, (ISC) 2 All Rights Reserved

National Cybersecurity Management System: Framework, Maturity Model and Implementation Guide

National Cybersecurity Management System: Framework, Maturity Model and Implementation Guide National Cybersecurity Management System: Framework, Maturity Model and Implementation Guide Taieb DEBBAGH, PhD, CISA Secretary General Ministry of Industry, Trade and New Technologies, Morocco ITU Regional

More information

Security Transcends Technology

Security Transcends Technology INTERNATIONAL INFORMATION SYSTEMS SECURITY CERTIFICATION CONSORTIUM, INC. Career Enhancement and Support Strategies for Information Security Professionals Paul Wang, MSc, CISA, CISSP Paul.Wang@ch.pwc.com

More information

By: Gerald Gagne. Community Bank Auditors Group Cybersecurity What you need to do now. June 9, 2015

By: Gerald Gagne. Community Bank Auditors Group Cybersecurity What you need to do now. June 9, 2015 Community Bank Auditors Group Cybersecurity What you need to do now June 9, 2015 By: Gerald Gagne MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2015 Wolf & Company, P.C. Cybersecurity

More information

e-discovery Forensics Incident Response

e-discovery Forensics Incident Response e-discovery Forensics Incident Response NetSecurity Corporation 21351 Gentry Drive Suite 230 Dulles, VA 20166 VA DCJS # 11-5605 Phone: 703.444.9009 Toll Free: 1.866.664.6986 Web: www.netsecurity.com Email:

More information

Encyclopedia of Information Assurance Suggested Titles: March 25, 2013 The following titles have not been contracted.

Encyclopedia of Information Assurance Suggested Titles: March 25, 2013 The following titles have not been contracted. Encyclopedia of Information Assurance Suggested Titles: March 25, 2013 The following titles have not been contracted. Administrative Awareness Case Study: Government Offices Certification and Accreditation:

More information

Protecting critical infrastructure from Cyber-attack

Protecting critical infrastructure from Cyber-attack Protecting critical infrastructure from Cyber-attack ACI-NA BIT Workshop, Session 6 (Cybersecurity) Long Beach, California October 4, 2015 Ben Trethowan Aviation Systems & Security Architect The scale

More information

Cybercrime & Cybersecurity: the Ongoing Battle International Hellenic University

Cybercrime & Cybersecurity: the Ongoing Battle International Hellenic University Cybercrime & Cybersecurity: the Ongoing Battle International Hellenic University Andreas Athanasoulias, CISM, CISSP Information Security Officer & Security Consultant Brief introduction My career path

More information

Bellevue University Cybersecurity Programs & Courses

Bellevue University Cybersecurity Programs & Courses Undergraduate Course List Core Courses: CYBR 250 Introduction to Cyber Threats, Technologies and Security CIS 311 Network Security CIS 312 Securing Access Control CIS 411 Assessments and Audits CYBR 320

More information

CYBER SECURITY AND RISK MANAGEMENT. An Executive level responsibility

CYBER SECURITY AND RISK MANAGEMENT. An Executive level responsibility CYBER SECURITY AND RISK MANAGEMENT An Executive level responsibility Cyberspace poses risks as well as opportunities Cyber security risks are a constantly evolving threat to an organisation s ability to

More information

Cyber Defense Operation Center (CDOC) Ensuring that Experts are allways watching

Cyber Defense Operation Center (CDOC) Ensuring that Experts are allways watching (CDOC) Ensuring that Experts are allways watching Data Sheet Introduction CyberHat CDOC is an intelligent security operation center; which combines cutting edge technologies and innovative processes ensuring

More information

Into the cybersecurity breach

Into the cybersecurity breach Into the cybersecurity breach Tim Sanouvong State Sector Cyber Risk Services Deloitte & Touche LLP April 3, 2015 Agenda Setting the stage Cyber risks in state governments Cyber attack vectors Preparing

More information

SPSP Phase III Recruiting, Selecting, and Developing Secure Power Systems Professionals: Job Profiles

SPSP Phase III Recruiting, Selecting, and Developing Secure Power Systems Professionals: Job Profiles PNNL-24138 SPSP Phase III Recruiting, Selecting, and Developing Secure Power Systems Professionals: Job Profiles March 2015 LR O Neil TJ Conway DH Tobey FL Greitzer AC Dalton PK Pusey Prepared for the

More information

Country Case Study on Incident Management Capabilities CERT-TCC, Tunisia

Country Case Study on Incident Management Capabilities CERT-TCC, Tunisia Country Case Study on Incident Management Capabilities CERT-TCC, Tunisia Helmi Rais CERT-TCC Team Manager National Agency for Computer Security, Tunisia helmi.rais@ansi.tn helmi.rais@gmail.com Framework

More information

Cybersecurity: What CFO s Need to Know

Cybersecurity: What CFO s Need to Know Cybersecurity: What CFO s Need to Know William J. Nowik, CISA, CISSP, QSA PCIP MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2014 Wolf & Company, P.C. Today s Agenda Introduction

More information

2012 Data Breach Investigations Report

2012 Data Breach Investigations Report 2012 Data Breach Investigations Report A study conducted by the Verizon RISK Team with cooperation from the Australian Federal Police, Dutch National High Tech Crime Unit, Irish Reporting & Information

More information

Cyber Resilience Implementing the Right Strategy. Grant Brown Security specialist, CISSP @TheGrantBrown

Cyber Resilience Implementing the Right Strategy. Grant Brown Security specialist, CISSP @TheGrantBrown Cyber Resilience Implementing the Right Strategy Grant Brown specialist, CISSP @TheGrantBrown 1 2 Network + Technology + Customers = $$ 3 Perfect Storm? 1) Increase in Bandwidth (extended reach) 2) Available

More information

Information Systems Security Certificate Program

Information Systems Security Certificate Program Information Technologies Programs Information Systems Security Certificate Program Accelerate Your Career extension.uci.edu/infosec University of California, Irvine Extension s professional certificate

More information

Developing the Corporate Security Architecture. www.avient.ca Alex Woda July 22, 2009

Developing the Corporate Security Architecture. www.avient.ca Alex Woda July 22, 2009 Developing the Corporate Security Architecture www.avient.ca Alex Woda July 22, 2009 Avient Solutions Group Avient Solutions Group is based in Markham and is a professional services firm specializing in

More information

What is Management Responsible For?

What is Management Responsible For? What is Management Responsible For? Matthew J. Putvinski, CPA, CISA, CISSP MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2011 Wolf & Company, P.C. About Wolf & Company, P.C Regional

More information

POLICIES TO MITIGATE CYBER RISK

POLICIES TO MITIGATE CYBER RISK POLICIES TO MITIGATE CYBER RISK http://www.tutorialspoint.com/information_security_cyber_law/policies_to_mitigate_cyber_risk.htm Copyright tutorialspoint.com This chapter takes you through the various

More information

The Protection Mission a constant endeavor

The Protection Mission a constant endeavor a constant endeavor The IT Protection Mission a constant endeavor As businesses become more and more dependent on IT, IT must face a higher bar for preparedness Cyber preparedness is the process of ensuring

More information

Cyber Security. BDS PhantomWorks. Boeing Energy. Copyright 2011 Boeing. All rights reserved.

Cyber Security. BDS PhantomWorks. Boeing Energy. Copyright 2011 Boeing. All rights reserved. Cyber Security Automation of energy systems provides attack surfaces that previously did not exist Cyber attacks have matured from teenage hackers to organized crime to nation states Centralized control

More information

Legislative Council Panel on Information Technology and Broadcasting. Information Security

Legislative Council Panel on Information Technology and Broadcasting. Information Security For Information on 8 July 2013 LC Paper No. CB(4)834/12-13(05) Legislative Council Panel on Information Technology and Broadcasting Information Security Purpose This paper updates Members on the latest

More information

LINUX / INFORMATION SECURITY

LINUX / INFORMATION SECURITY LINUX / INFORMATION SECURITY CERTIFICATE IN LINUX SYSTEM ADMINISTRATION The Linux open source operating system offers a wide range of graphical and command line tools that can be used to implement a high-performance,

More information

Unified Security Management

Unified Security Management Unified Security Reduce the Cost of Compliance Introduction In an effort to achieve a consistent and reliable security program, many organizations have adopted the standard as a key compliance strategy

More information

INCIDENT RESPONSE CHECKLIST

INCIDENT RESPONSE CHECKLIST INCIDENT RESPONSE CHECKLIST The purpose of this checklist is to provide clients of Kivu Consulting, Inc. with guidance in the initial stages of an actual or possible data breach. Clients are encouraged

More information

A Cyber Security Integrator s perspective and approach

A Cyber Security Integrator s perspective and approach A Cyber Security Integrator s perspective and approach Presentation to Saudi Arabian Monetary Agency March 2014 What is a Cyber Integrator? Security system requirements - Finance Building a specific response

More information

Report on CAP Cybersecurity November 5, 2015

Report on CAP Cybersecurity November 5, 2015 Agenda Number 7. Report on CAP Cybersecurity November 5, 2015 Phil Cook CISSP, CISM Manager, Information Technologies Risk #1 External Attacks PR 81 Protect and secure CAP's Information Technology assets

More information

Detect, Prevent and Remediate the Cyber attack Nelson Yuen

Detect, Prevent and Remediate the Cyber attack Nelson Yuen Detect, Prevent and Remediate the Cyber attack Nelson Yuen Senior Systems Engineer Overview of the Local Security Landscape IP camera footages broadcasted live online In September, 2014, more than 1,000

More information

WAN security threat landscape and best mitigation practices. Rex Stover Vice President, Americas, Enterprise & ICP Sales

WAN security threat landscape and best mitigation practices. Rex Stover Vice President, Americas, Enterprise & ICP Sales WAN security threat landscape and best mitigation practices. Rex Stover Vice President, Americas, Enterprise & ICP Sales The Cost of Cybercrime Sony $171m PlayStation 3 data breach (April 2011) $3 trillion

More information

Actions and Recommendations (A/R) Summary

Actions and Recommendations (A/R) Summary Actions and Recommendations (A/R) Summary Priority I: A National Cyberspace Security Response System A/R 1-1: DHS will create a single point-ofcontact for the federal government s interaction with industry

More information

(BDT) BDT/POL/CYB/Circular-002. +41 22 730 6057 +41 22 730 5484 cybersecurity@itu.int

(BDT) BDT/POL/CYB/Circular-002. +41 22 730 6057 +41 22 730 5484 cybersecurity@itu.int 2011 15 (BDT) BDT/POL/CYB/Circular-002 +41 22 730 6057 +41 22 730 5484 cybersecurity@itu.int 2008 2010 2010 International Telecommunication Union Place des Nations CH-1211 Geneva 20 Switzerland Tel: +41

More information

FedVTE Training Catalog SPRING 2015. advance. Free cybersecurity training for government personnel. fedvte.usalearning.gov

FedVTE Training Catalog SPRING 2015. advance. Free cybersecurity training for government personnel. fedvte.usalearning.gov FedVTE Training Catalog SPRING 2015 advance. Free cybersecurity training for government personnel. fedvte.usalearning.gov If you need any assistance please contact the FedVTE Help Desk here or email the

More information

The Next Generation of Security Leaders

The Next Generation of Security Leaders The Next Generation of Security Leaders In an increasingly complex cyber world, there is a growing need for information security leaders who possess the breadth and depth of expertise necessary to establish

More information

Stepping Through the Info Security Program. Jennifer Bayuk, CISA, CISM

Stepping Through the Info Security Program. Jennifer Bayuk, CISA, CISM Stepping Through the Info Security Program Jennifer Bayuk, CISA, CISM Infosec Program How to: compose an InfoSec Program cement a relationship between InfoSec program and IT Governance design roles and

More information

IBM Security Strategy

IBM Security Strategy IBM Security Strategy Intelligence, Integration and Expertise Kate Scarcella CISSP Security Tiger Team Executive M.S. Information Security IBM Security Systems IBM Security: Delivering intelligence, integration

More information

ITU National Cybersecurity/CIIP Self-Assessment Tool

ITU National Cybersecurity/CIIP Self-Assessment Tool ITU National Cybersecurity/CIIP Self-Assessment Tool ICT Applications and Cybersecurity Division Policies and Strategies Department ITU Telecommunication Development Sector April 2009 Revised Draft For

More information

7 Homeland. ty Grant Program HOMELAND SECURITY GRANT PROGRAM. Fiscal Year 2008

7 Homeland. ty Grant Program HOMELAND SECURITY GRANT PROGRAM. Fiscal Year 2008 U.S. D EPARTMENT OF H OMELAND S ECURITY 7 Homeland Fiscal Year 2008 HOMELAND SECURITY GRANT PROGRAM ty Grant Program SUPPLEMENTAL RESOURCE: CYBER SECURITY GUIDANCE uidelines and Application Kit (October

More information

FedVTE Training Catalog SUMMER 2015. advance. Free cybersecurity training for government personnel. fedvte.usalearning.gov

FedVTE Training Catalog SUMMER 2015. advance. Free cybersecurity training for government personnel. fedvte.usalearning.gov FedVTE Training Catalog SUMMER 2015 advance. Free cybersecurity training for government personnel. fedvte.usalearning.gov Access FedVTE online at: fedvte.usalearning.gov If you need any assistance please

More information

North American Electric Reliability Corporation (NERC) Cyber Security Standard

North American Electric Reliability Corporation (NERC) Cyber Security Standard North American Electric Reliability Corporation (NERC) Cyber Security Standard Symantec Managed Security Services Support for CIP Compliance Overviewview The North American Electric Reliability Corporation

More information

Introduction. Jason Lawrence, MSISA, CISSP, CISA Manager, EY Advanced Security Center Atlanta, Georgia jason.lawrence@ey.com Twitter: @ethical_infosec

Introduction. Jason Lawrence, MSISA, CISSP, CISA Manager, EY Advanced Security Center Atlanta, Georgia jason.lawrence@ey.com Twitter: @ethical_infosec Introduction Jason Lawrence, MSISA, CISSP, CISA Manager, EY Advanced Security Center Atlanta, Georgia jason.lawrence@ey.com Twitter: @ethical_infosec More than 20 years of experience in cybersecurity specializing

More information

Information Technology Risk Management

Information Technology Risk Management Find What Matters Information Technology Risk Management Control What Counts The Cyber-Security Discussion Series for Federal Government security experts... by Carson Associates your bridge to better IT

More information

SECURITY. Risk & Compliance Services

SECURITY. Risk & Compliance Services SECURITY Risk & Compliance s V1 8/2010 Risk & Compliances s Risk & compliance services Summary Summary Trace3 offers a full and complete line of security assessment services designed to help you minimize

More information

CYBER SECURITY INFORMATION SHARING & COLLABORATION

CYBER SECURITY INFORMATION SHARING & COLLABORATION Corporate Information Security CYBER SECURITY INFORMATION SHARING & COLLABORATION David N. Saul Senior Vice President & Chief Scientist 28 June 2013 Discussion Flow The Evolving Threat Environment Drivers

More information

Corporate Security Research and Assurance Services

Corporate Security Research and Assurance Services Corporate Security Research and Assurance Services We Keep Your Business In Business Obrela Security Industries mission is to provide Enterprise Information Security Intelligence and Risk Management Services

More information

Security and Privacy

Security and Privacy Security and Privacy Matthew McCormack, CISSP, CSSLP CTO, Global Public Sector, RSA The Security Division of EMC 1 BILLIONS OF USERS MILLIONS/BILLIONS OF APPS 2010 Cloud Big Data Social Mobile Devices

More information

Cybersecurity The role of Internal Audit

Cybersecurity The role of Internal Audit Cybersecurity The role of Internal Audit Cyber risk High on the agenda Audit committees and board members are seeing cybersecurity as a top risk, underscored by recent headlines and increased government

More information

Linux Technologies QUARTER 1 DESKTOP APPLICATIONS - ESSENTIALS QUARTER 2 NETWORKING AND OPERATING SYSTEMS ESSENTIALS. Module 1 - Office Applications

Linux Technologies QUARTER 1 DESKTOP APPLICATIONS - ESSENTIALS QUARTER 2 NETWORKING AND OPERATING SYSTEMS ESSENTIALS. Module 1 - Office Applications NETWORK ENGINEERING TRACK Linux Technologies QUARTER 1 DESKTOP APPLICATIONS - ESSENTIALS Module 1 - Office Applications This subject enables users to acquire the necessary knowledge and skills to use Office

More information

Auditing After a Cyber Attack JAX IIA Chapter Meeting Cybersecurity and Law Enforcement

Auditing After a Cyber Attack JAX IIA Chapter Meeting Cybersecurity and Law Enforcement Auditing After a Cyber Attack JAX IIA Chapter Meeting Cybersecurity and Law Enforcement Copyright Elevate Consult LLC. All Rights Reserved 1 Presenter Ray Guzman MBA, CISSP, CGEIT, CRISC, CISA Over 25

More information

The enemies ashore Vulnerabilities & hackers: A relationship that works

The enemies ashore Vulnerabilities & hackers: A relationship that works The enemies ashore Vulnerabilities & hackers: A relationship that works Alexandros Charvalias, Manager CISSP, CISA, ACDA Assurance & Enterprise Risk Services Cyber security maturity model How effectively

More information

Jort Kollerie SonicWALL

Jort Kollerie SonicWALL Jort Kollerie Cloud 85% of businesses said their organizations will use cloud tools moderately to extensively in the next 3 years. 68% of spend in private cloud solutions. - Bain and Dell 3 Confidential

More information

Cyber Security Metrics Dashboards & Analytics

Cyber Security Metrics Dashboards & Analytics Cyber Security Metrics Dashboards & Analytics Feb, 2014 Robert J. Michalsky Principal, Cyber Security NJVC, LLC Proprietary Data UNCLASSIFIED Agenda Healthcare Sector Threats Recent History Security Metrics

More information

MEMORANDUM. Date: October 28, 2013. Federally Regulated Financial Institutions. Subject: Cyber Security Self-Assessment Guidance

MEMORANDUM. Date: October 28, 2013. Federally Regulated Financial Institutions. Subject: Cyber Security Self-Assessment Guidance MEMORANDUM Date: October 28, 2013 To: Federally Regulated Financial Institutions Subject: Guidance The increasing frequency and sophistication of recent cyber-attacks has resulted in an elevated risk profile

More information

Industrial Security Solutions

Industrial Security Solutions Industrial Security Solutions Building More Secure Environments From Enterprise to End Devices You have assets to protect. Control systems, networks and software can all help defend against security threats

More information

Fostering Incident Response and Digital Forensics Research

Fostering Incident Response and Digital Forensics Research Fostering Incident Response and Digital Forensics Research Bruce J. Nikkel bruce.nikkel@ubs.com September 8, 2014 Abstract This article highlights different incident response topics with a focus on digital

More information

FINRA Publishes its 2015 Report on Cybersecurity Practices

FINRA Publishes its 2015 Report on Cybersecurity Practices Securities Litigation & Enforcement Client Service Group and Data Privacy & Security Team To: Our Clients and Friends February 12, 2015 FINRA Publishes its 2015 Report on Cybersecurity Practices On February

More information

Cybersecurity and internal audit. August 15, 2014

Cybersecurity and internal audit. August 15, 2014 Cybersecurity and internal audit August 15, 2014 arket insights: what we are seeing so far? 60% of organizations see increased risk from using social networking, cloud computing and personal mobile devices

More information

Honeywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014

Honeywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014 Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Process Solutions (HPS) June 4, Industrial Cyber Security Industrial Cyber Security is the leading provider of cyber security

More information

Domain 1 The Process of Auditing Information Systems

Domain 1 The Process of Auditing Information Systems Certified Information Systems Auditor (CISA ) Certification Course Description Our 5-day ISACA Certified Information Systems Auditor (CISA) training course equips information professionals with the knowledge

More information

ASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES

ASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES ASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES Leonard Levy PricewaterhouseCoopers LLP Session ID: SEC-W03 Session Classification: Intermediate Agenda The opportunity Assuming

More information

SANS Top 20 Critical Controls for Effective Cyber Defense

SANS Top 20 Critical Controls for Effective Cyber Defense WHITEPAPER SANS Top 20 Critical Controls for Cyber Defense SANS Top 20 Critical Controls for Effective Cyber Defense JANUARY 2014 SANS Top 20 Critical Controls for Effective Cyber Defense Summary In a

More information

NIST CYBERSECURITY FRAMEWORK COMPLIANCE WITH OBSERVEIT

NIST CYBERSECURITY FRAMEWORK COMPLIANCE WITH OBSERVEIT NIST CYBERSECURITY FRAMEWORK COMPLIANCE WITH OBSERVEIT OVERVIEW The National Institute of Standards of Technology Framework for Improving Critical Infrastructure Cybersecurity (The NIST Framework) is a

More information

Using SIEM for Real- Time Threat Detection

Using SIEM for Real- Time Threat Detection Using SIEM for Real- Time Threat Detection Presentation to ISSA Baltimore See and secure what matters Joe Magee CTO and Co-Founder March, 27 2013 About us Vigilant helps clients build and operate dynamic,

More information

Session 334 Incident Management. Jeff Roth, CISA, CGEIT, CISSP

Session 334 Incident Management. Jeff Roth, CISA, CGEIT, CISSP Session 334 Incident Management Jeff Roth, CISA, CGEIT, CISSP SPEAKER BIOGRAPHY Jeff Roth, CISA, CGEIT Jeff Roth has over 25 years experience in IT audit, security, risk management and IT Governance experience

More information

Defending Against Data Beaches: Internal Controls for Cybersecurity

Defending Against Data Beaches: Internal Controls for Cybersecurity Defending Against Data Beaches: Internal Controls for Cybersecurity Presented by: Michael Walter, Managing Director and Chris Manning, Associate Director Protiviti Atlanta Office Agenda Defining Cybersecurity

More information

CYBERSECURITY BEST PRACTICES FOR SMALL AND MEDIUM PENNSYLVANIA UTILITIES

CYBERSECURITY BEST PRACTICES FOR SMALL AND MEDIUM PENNSYLVANIA UTILITIES CYBERSECURITY BEST PRACTICES FOR SMALL AND MEDIUM PENNSYLVANIA UTILITIES The information provided in this document is presented as a courtesy to be used for informational purposes only. This information

More information

Emergency Response Service. 2013 IBM Corporation

Emergency Response Service. 2013 IBM Corporation Emergency Response Service Who is our team The Cyber Security Intelligence and Response team is staffed with: Highly skilled forensic analysts and consultants dedicated to incident response. Resident malware

More information

Addressing Cyber Risk Building robust cyber governance

Addressing Cyber Risk Building robust cyber governance Addressing Cyber Risk Building robust cyber governance Mike Maddison Partner Head of Cyber Risk Services The future of security The business environment is changing The IT environment is changing The cyber

More information

SIEM Implementation Approach Discussion. April 2012

SIEM Implementation Approach Discussion. April 2012 SIEM Implementation Approach Discussion April 2012 Agenda What are we trying to solve? Summary Observations from the Security Assessments related to Logging & Monitoring Problem Statement Solution Conceptual

More information

Department of Management Services. Request for Information

Department of Management Services. Request for Information Department of Management Services Request for Information Cyber-Security Assessment, Remediation, and Identity Protection, Monitoring, and Restoration Services September 3, 2015 Submitted By: Carlos Henley

More information

Professional Services Overview

Professional Services Overview Professional Services Overview INFORMATION SECURITY ASSESSMENT AND ADVISORY NETWORK APPLICATION MOBILE CLOUD IOT Praetorian Company Overview HISTORY Founded in 2010 Headquartered in Austin, TX Self-funded

More information

Presented by Frederick J. Santarsiere

Presented by Frederick J. Santarsiere http://cinoltd.com/ Presented by Frederick J. Santarsiere CHFI, CISSP, CISM, CISA, CEH, CEI, CAP, SSCP Sec+, Net+, A+, MCSA, MCSE, MCITP, MCT CCENT, CCNA, CCNA Wireless, CCNA Voice CISCO SMBEN, SMBAM,

More information

Enterprise Cybersecurity: Building an Effective Defense

Enterprise Cybersecurity: Building an Effective Defense Enterprise Cybersecurity: Building an Effective Defense Chris Williams Oct 29, 2015 14 Leidos 0224 1135 About the Presenter Chris Williams is an Enterprise Cybersecurity Architect at Leidos, Inc. He has

More information

Information Technology Engineers Examination. Information Security Specialist Examination. (Level 4) Syllabus

Information Technology Engineers Examination. Information Security Specialist Examination. (Level 4) Syllabus Information Technology Engineers Examination Information Security Specialist Examination (Level 4) Syllabus Details of Knowledge and Skills Required for the Information Technology Engineers Examination

More information

Proven LANDesk Solutions

Proven LANDesk Solutions LANDesk Solutions Descriptions Proven LANDesk Solutions IT departments face pressure to reduce costs, reduce risk, and increase productivity in the midst of growing IT complexity. More than 4,300 organizations

More information

Attachment A. Identification of Risks/Cybersecurity Governance

Attachment A. Identification of Risks/Cybersecurity Governance Attachment A Identification of Risks/Cybersecurity Governance 1. For each of the following practices employed by the Firm for management of information security assets, please provide the month and year

More information

IT Security. Securing Your Business Investments

IT Security. Securing Your Business Investments Securing Your Business Investments IT Security NCS GROUP OFFICES Australia Bahrain China Hong Kong SAR India Korea Malaysia Philippines Singapore Sri Lanka Securing Your Business Investments! Information

More information

Vijay Mauree Manager Planning, Research & Development and CERT-MU National Computer Board

Vijay Mauree Manager Planning, Research & Development and CERT-MU National Computer Board www.cert-mu.org.mu Vijay Mauree Manager Planning, Research & Development and CERT-MU National Computer Board Presentation Outline Introduction Enforcement National Co-ordination for Cyber Security Information

More information

Protect the data that drives our customers business. Data Security. Imperva s mission is simple:

Protect the data that drives our customers business. Data Security. Imperva s mission is simple: The Imperva Story Who We Are Imperva is the global leader in data security. Thousands of the world s leading businesses, government organizations, and service providers rely on Imperva solutions to prevent

More information

Microsoft s cybersecurity commitment

Microsoft s cybersecurity commitment Microsoft s cybersecurity commitment Published January 2015 At Microsoft, we take the security and privacy of our customers data seriously. This focus has been core to our culture for more than a decade

More information

NERC Cyber Security. Compliance Consulting. Services. HCL Governance, Risk & Compliance Practice

NERC Cyber Security. Compliance Consulting. Services. HCL Governance, Risk & Compliance Practice NERC Cyber Security Compliance Consulting Services HCL Governance, Risk & Compliance Practice Overview The North American Electric Reliability Corporation (NERC) is a nonprofit corporation designed to

More information

MASTER OF SCIENCE IN INFORMATION ASSURANCE PROGRAM DEPARTMENT OF COMPUTER SCIENCE HAMPTON UNIVERSITY

MASTER OF SCIENCE IN INFORMATION ASSURANCE PROGRAM DEPARTMENT OF COMPUTER SCIENCE HAMPTON UNIVERSITY MASTER OF SCIENCE IN INFORMATION ASSURANCE PROGRAM DEPARTMENT OF COMPUTER SCIENCE HAMPTON UNIVERSITY HTTP://SCIENCE.HAMPTONU.EDU/COMPSCI/ The Master of Science in Information Assurance focuses on providing

More information

KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES. www.kaspersky.com

KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES. www.kaspersky.com KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES www.kaspersky.com EXPERT SERVICES Expert Services from Kaspersky Lab are exactly that the services of our in-house experts, many of them global

More information

KEY STEPS FOLLOWING A DATA BREACH

KEY STEPS FOLLOWING A DATA BREACH KEY STEPS FOLLOWING A DATA BREACH Introduction This document provides key recommended steps to be taken following the discovery of a data breach. The document does not constitute an exhaustive guideline,

More information

Cyber Security and Privacy Services. Working in partnership with you to protect your organisation from cyber security threats and data theft

Cyber Security and Privacy Services. Working in partnership with you to protect your organisation from cyber security threats and data theft Cyber Security and Privacy Services Working in partnership with you to protect your organisation from cyber security threats and data theft 2 Cyber Security and Privacy Services What drives your security

More information

Performanta Pty Ltd. Company Profile. May 2012. Trust. Practical. Performanta.

Performanta Pty Ltd. Company Profile. May 2012. Trust. Practical. Performanta. May 2012 Trust. Practical. Performanta. Company Overview Performanta Pty Ltd is an information security organisation that has a practical approach, competitively priced services, strong client commitment,

More information

Information Technology Security Policy for IBTS

Information Technology Security Policy for IBTS Information Technology Security Policy for IBTS Pakistan Stock Exchange Limited Table of contents Information Technology Security Policy for IBTS 1- INTRODUCTION AND SCOPE... 3 2- CHARTER OF THE DOCUMENT...

More information

Navigating the Waters of Incident Response and Recovery

Navigating the Waters of Incident Response and Recovery Navigating the Waters of Incident Response and Recovery Lee Kim, Esq. Tucker Arensberg, P.C. CERT Symposium: Cyber Security Incident Management for Health Information Exchanges June 26, 2013 2013 Lee Kim

More information

Microsoft Technologies

Microsoft Technologies NETWORK ENGINEERING TRACK Microsoft Technologies QUARTER 1 DESKTOP APPLICATIONS - ESSENTIALS Module 1 - Office Applications This subject enables users to acquire the necessary knowledge and skills to use

More information

ORGANIZADOR: APOIANTE PRINCIPAL:

ORGANIZADOR: APOIANTE PRINCIPAL: ORGANIZADOR: APOIANTE PRINCIPAL: Miguel Gomes 912412885 luismiguel_gomes@symantec.com Alliances Portugal, Africa, Brasil Coverage One of the biggest CSP worlwide Tec. Inovator Strong Cloud Bet and investment

More information

Top 10 Baseline Cybersecurity Controls Banks Aren't Doing

Top 10 Baseline Cybersecurity Controls Banks Aren't Doing Top 10 Baseline Cybersecurity Controls Banks Aren't Doing SECURE BANKING SOLUTIONS 1 Contact Information Chad Knutson President, SBS Institute Senior Information Security Consultant Masters in Information

More information

Certified Information Systems Auditor (CISA)

Certified Information Systems Auditor (CISA) Certified Information Systems Auditor (CISA) Course Introduction Course Introduction Module 01 - The Process of Auditing Information Systems Lesson 1: Management of the Audit Function Organization of the

More information

Payment Card Industry Data Security Standard

Payment Card Industry Data Security Standard Symantec Managed Security Services support for IT compliance Solution Overview: Symantec Managed Services Overviewview The (PCI DSS) was developed to facilitate the broad adoption of consistent data security

More information

CRYPTOGEDDON: HEALTH CARE COMPROMISE. Todd Dow, CISA, PMP Founder, cryptogeddon.com @toddhdow, toddhdow@gmail.com

CRYPTOGEDDON: HEALTH CARE COMPROMISE. Todd Dow, CISA, PMP Founder, cryptogeddon.com @toddhdow, toddhdow@gmail.com CRYPTOGEDDON: HEALTH CARE COMPROMISE Todd Dow, CISA, PMP Founder, cryptogeddon.com @toddhdow, toddhdow@gmail.com WHAT IS CRYPTOGEDDON? An online scavenger hunt using hacker tools Use infosec tools to solve

More information

Critical Controls for Cyber Security. www.infogistic.com

Critical Controls for Cyber Security. www.infogistic.com Critical Controls for Cyber Security www.infogistic.com Understanding Risk Asset Threat Vulnerability Managing Risks Systematic Approach for Managing Risks Identify, characterize threats Assess the vulnerability

More information

CORE Security and the Payment Card Industry Data Security Standard (PCI DSS)

CORE Security and the Payment Card Industry Data Security Standard (PCI DSS) CORE Security and the Payment Card Industry Data Security Standard (PCI DSS) Addressing the PCI DSS with Predictive Security Intelligence Solutions from CORE Security CORE Security +1 617.399-6980 info@coresecurity.com

More information

Internet Safety and Security: Strategies for Building an Internet Safety Wall

Internet Safety and Security: Strategies for Building an Internet Safety Wall Internet Safety and Security: Strategies for Building an Internet Safety Wall Sylvanus A. EHIKIOYA, PhD Director, New Media & Information Security Nigerian Communications Commission Abuja, NIGERIA Internet

More information

Continuous Network Monitoring

Continuous Network Monitoring Continuous Network Monitoring Eliminate periodic assessment processes that expose security and compliance programs to failure Continuous Network Monitoring Continuous network monitoring and assessment

More information

Cyber R &D Research Roundtable

Cyber R &D Research Roundtable Cyber R &D Research Roundtable 2 May 2013 N A T I O N A L S E C U R I T Y E N E R G Y & E N V I R O N M E N T H E A L T H C Y B E R S E C U R I T Y Changing Environment Rapidly Evolving Threat Changes

More information