TRAINING SERVICES elearning

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "TRAINING SERVICES elearning"

Transcription

1 Securely Enabling Your Business TRAINING SERVICES elearning Engaging and Effective Overview FishNet Security s Training Services team offers engaging, interactive elearning courses that cover a range of security topics including security awareness, compliance, secure coding and application development. For more than a decade, our clients have benefited from our training services, helping them meet their organizational and compliance goals. Proven elearning Solutions Simplify your elearning initiatives with an industry-leading training solution that addresses the following core business objectives: Meets compliance Maximizes data security Cost-effective implementation Easy to use Ensures training best practices FishNet Security Hosted Solution Powerful learning management system (LMS) Secure environment Quick, hassle-free implementation Self-Hosted Solution Delivered to your environment using SCORM, AICC or Tin Can format Our elearning Advantage Online reporting notifications and reminders Progress tracking Certificates System audits Mobile interface Multi-lingual support Modular licensing options elearning Courses Security Awareness Interactive Format featuring CyberBOT Security Awareness for Executives Video Format Compliance Credit Card Handling Introduction to PCI PCI DSS PCI Scoping Introduction to HIPAA Developer Application Security Secure Coding OWASP Top 10 Incident Response Mobile Security Top 10 Web 2.0 Secure Coding Custom Content Our instructional designers and subject matter experts deliver custom courses by crafting content that fits your organization s program, policies, standards and business needs. Corporate Headquarters 6130 Sprint Parkway, Ste. 400 Overland Park, KS ID#TR-GEN ID#12XX FishNet Security. Last All Modified rights reserved FishNet Security. All rights reserved.

2 SECURITY AWARENESS Interactive Format featuring CyberBOT FishNet Security hosted or client-hosted SCORM, Tin Can and AICCcomplaint database formats 8 interactive missions that are 15 minutes or less in duration Over 60 topics using over 50 interactions 19 scenarios based on real-world threats like, malware instances, and social media incursions Integrated quizzes, matching, drag and drop, multiple choice and true/false Around the world today, hackers are networking together infected computers to create vast bot networks. These bot networks are tasked with stealing critical business data. It is vital that all organizations train their employees to protect information while also meeting compliance regulations. FishNet Security has created state-of-the-art, interactive and comprehensive security awareness training covering 45 topics to help your organization meet those objectives. Give your employees the training they need to protect your company. Mission 1: Passwords Review the importance and characteristics of a strong password. This mission provides strategies to create passwords that are easy to remember while maximizing password security. 1. Protecting Sensitive Data 2. Data Protection 3. Intrusion Prevention Techniques 4. Database Security 5. Strong Password Creation 6. Password Management Software Mission 2: Review and identify common scams such as phishing and spear phishing and determine how to eliminate their associated risks. 1. Security 2. Malware Prevention 3. Phishing 4. Spear Phishing 5. Identifying Threats Mission 3: Mobile Security Learn how to choose safe mobile applications, the importance of strong mobile passwords and best practices for reporting infected or lost devices. 1. BYOD Security 2. Mobile Download Security 3. Recognizing Malicious Applications 4. Safeguarding Mobile Assets Mission 4: Social Engineering Define social engineering and what it means to your organization. Also, learn the multiple attack methods used against you and how to combat them. 1. Common Social Engineering Techniques 2. Social Engineering via Telephone 3. Social Engineering via Onsite Attacks 4. Identifying a Social Engineer 5. Preventing a Social Engineering Attack ID#TR-GEN

3 Interactive Format featuring CyberBOT SECURITY AWARENESS Interactive learning reinforces the security messages that will keep your users from making costly mistakes. Mission 5: Workplace Security Uncover the tactics intruders use to gain access to the vital business data within the walls of your organization. Review common tactics and how to maximize workspace security. 1. Workplace Security 2. Physical Security Awareness 3. Tailgating 4. External Media (USB ) Protection & Threats 5. Protecting Your Workplace 6. Employee Security Awareness Mission 6: Outside the Office Understand common characteristics of threats outside the office and best practices to secure your organization s data. Includes how to choose a safe wireless connection, what to do if your device is lost or stolen and protecting confidential information in general conversation. 1. Travel Security 2. Airport Security 3. Wireless Network Security 4. Secure Connections Outside the Office 5. Protecting Information in Public 6. Preventing Theft of Sensitive Information Mission 7: Malicious Downloads Protecting your devices against malicious downloads is a constant effort. This mission will review at a high level how viruses work, how they spread and the dangers they can cause. Also includes how to recognize these attacks before they happen and what to do if you don t catch an attack in time. 1. Recognizing Malicious Downloads 2. Safe Web Browsing 3. Virus Identification & Remediation 4. Scareware 5. Antivirus 6. Identifying File Types 7. Protecting Your Computer & Network 8. Software Updates Mission 8: Social Media Social media use is on the rise. It s becoming more important to understand the risks associated with using it. This mission will review common tactics used by online criminals, how they target their victims and steps you can take to be safe. 1. Safe Social Media 2. Social Media Threats 3. Social Media & Social Engineering 4. URL Awareness & Identifying Malicious Links 5. Mobile Password Protection Corporate Headquarters 6130 Sprint Parkway, Ste. 400 Overland Park, KS ID#TR-GEN ID#12XX FishNet Security. Last All Modified rights reserved FishNet Security. All rights reserved.

4 Security Awareness for Executives featuring CyberBOT SECURITY AWARENESS With access to more company systems and information, executive and manager-level personnel are often targets of cyberattacks. This 30-minute mission is designed specifically to help them recognize and avoid such attacks and prevent other cyberthreats from impacting the workplace. Interactive missions mirror real-world scenarios executives might encounter. Course Objectives 1. Identify and prevent cyberthreats to the individual manager/executive. 2. Identify and prevent cyberthreats in the workplace. Covered 1. Information Security Complacency & Compliance (Case Study Approach) Outside the Office Rule Breakers Whaling Privilege Accounts 2. Overview of Information Security Awareness for all Employees Password Security Security Social Engineering Protection Mobile Application Security Ransomware Learn to overcome complacency when it comes to security in the workplace. ID#TR-GEN0006 ID#TR-SL

5 SECURITY AWARENESS SECURITY AWARENESS Video-hosted elearning delivers a professional format to compliment any organization s culture. Video Format This Security Awareness Solution features a host-based video format, interactive quiz questions and six fully integrated Security Awareness games. Both informative and entertaining, this elearning solution will help keep your learners engaged with security as they work as well as meet your training compliance requirements. Protecting Confidential Information Covers basic Security Awareness concepts, including Personally Identifiable Information (PII), each employee s role in Security Awareness, the cost of disclosure and how to stop disclosure of confidential information. Protecting Your Computer & Network Teaches important security basics, including creating strong passwords, Internet security basics and stopping malicious software. Mobile Computing Covers how to securely use any mobile device as well as how to protect those devices and confidential information when traveling. Physical Security Teaches all the key aspects of physical security, including types, controls, priorities and how to take action. Social Engineering & Phishing Covers how employees can stay alert and aware of all social engineering threats, including phone and attacks as well as a variety of social engineering strategies. Information Risk Management Teaches how to manage risk by assessing danger and designing effective security controls. Thank you for a great training experience. I will definitely recommend FishNet Security Training Services to my employer for future training. ID#TR-GEN

6 Credit Card Handling Employees who handle customer credit cards on a daily basis are the first stop when it comes to the security of customer data. With the proper training, they can become an asset to security rather than a liability. PCI COMPLIANCE This multi-occupational, interactive security training course will educate employees on credit card security, best practices and why it matters. Benefits Improve security effectiveness between employees and customers. Increase retention and influence behavior. Give customers peace of mind their credit card data is safe when conducting business with your organization. Introduction to PII CALL CENTER TABLE SERVICE QUICK SERVE MANAGER Phone Internet Customer not in vicinity On premise Customer in vicinity On premise Customer in vicinity Phone Internet On premise Customer in vicinity or not Credit Card Basics Transaction Best Practices Why Security Is Important Interactive What Would You Do Scenarios Best Practice Review Quiz Each course is catered to the employee s role, creating a learning experience that is relevant and easy to understand and that ultimately increases the success of the program. ID#TR-GEN0006 ID#TR-SL

7 COMPLIANCE Introduction to the Payment Card Industry (PCI) The Introduction to PCI elearning course was created with everyone who interacts with credit or debit card data in mind. This includes everyone from cashiers to traveling sales staff to system administrators. The course concisely and clearly explains what the PCI is, how employees interact with its regulations, the penalties for not complying and the types of data they can and cannot store. PCI DSS The PCI DSS standards measure organizations against an exacting security framework. Made up of six principles and 12 requirements, the PCI DSS standards can be overwhelming to those not prepared. The PCI DSS elearning course helps any manager, developer, system or network engineer or CTO understand exactly what the standards are and how they can meet each of them. By using the PCI DSS elearning course, organizations can strengthen their systems and personnel in preparation for a PCI audit. Identity theft Data protection standards Data flow PCI Council PCI DSS Classification levels Verifying compliance Card data that can be stored Penalties and fines Costs of a data breach Basic security guidelines Introduction to PCI DSS Building and maintaining a secure network Protecting cardholder data Maintaining a vulnerability management program Implementing strong access control measures Monitoring and testing your networks Maintaining an information security policy Corporate Headquarters 6130 Sprint Parkway, Ste. 400 Overland Park, KS ID#TR-GEN ID#12XX FishNet Security. Last All Modified rights reserved FishNet Security. All rights reserved.

8 COMPLIANCE PCI Scoping Protecting cardholder data is critical to both the organization and the customer. This course establishes best practices for creating a PCI security scope to meet your business and compliance goals. Introduction to HIPAA This course was designed for anyone who works with medical data, from nurses to third-party processers. The course concisely and clearly explains why HIPAA was created, how it affects work life, penalties for not obeying and what types of data industry employees can and cannot store. Defining and storing cardholder data Discovering your scope Determining your entity Determining your card usage level Choosing your self-assessment questionnaire History Purpose Covered entities Business entities Individual Identifiable Health Information (IIHI) Protected Health Information (PHI) Privacy I had a really positive experience... It was fun and interactive! Security Working with HIPAA ID#TR-GEN

9 DEVELOPER Application Security Hackers use a variety of attacks that can result in fraud, theft, compromise of sensitive information or data destruction. The Application Security course trains developers to modify, create and design safe and secure web-based applications by exploring eight common attacks. Each of the eight modules uses real-world and practical instruction, attack demonstrations, remediation best practices, hints and tips to educate developers. Forceful browsing Command injection Data modification in hidden fields Session hijacking program Exploiting information leakage Cross-site scripting Secure Coding The Secure Coding section is composed of eight total modules. Four of them are.net modules and four are Java modules. Each module covers the same basic information in the first quarter before diving into language-specific content..net input validation.net output encoding.net error handling.net SQL injection defense JavaSF input validation JavaSF output encoding JavaSF error handling JavaSF SQL injection defense Cross-site request forgery Client-side logic subversions Corporate Headquarters 6130 Sprint Parkway, Ste. 400 Overland Park, KS ID#TR-GEN ID#12XX FishNet Security. Last All Modified rights reserved FishNet Security. All rights reserved.

10 DEVELOPER The OWASP Top 10 The Open Web Application Security Project (OWASP) Top 10 document regularly provides the 10 most frequent and dangerous security vulnerabilities organizations deal with every day. This course allows users to explore what each attack is, how each attack works, detailed examples of each attack, remediation steps and best practices that they can easily incorporate into their everyday development and coding work. Risk #1: Injection Risk #2: Broken Authentication & Session Management Risk #3 - Cross-Site Scripting (XSS) Incident Response This course provides the knowledge you need to effectively become incident-ready, while helping you plan to prevent incidents and stay a step ahead. The methodologies taught focus strongly on preparation and prevention, such as having the right people and tools in place, but also dig deeply into the proper response objectives. Introduction to Incident Response The Incident Response team Operations support Handling incidents Risk #4: Insecure Direct Object References Risk #5: Security Misconfiguration Risk #6: Sensitive Data Exposure Risk #7: Missing Function Level Access Control Risk #8: Cross-Site Request Forgery (CSRF) Risk #9: Using Components with Known Vulnerabilities Risk #10: Unvalidated Redirects & Forwards ID#TR-GEN

11 DEVELOPER The Mobile Security Top 11 In today s mobile environment, there is a drive for developers to quickly and efficiently create mobile applications for a variety of devices. As they develop the next generation of mobile applications, developers must keep security best practices at the forefront. They must know how to secure both the application that will be deployed to the mobile device and the web services that power the app. If either are left insecure, attackers will exploit any weakness they find. This 1.5-hour course covers the important security topics developers need to understand, regardless of development platform or language. Application Error Messages Application Response Handling Authentication & Session Management Client Information Leakage Client-Side Injection Cross-Site Request Forgery Data Storage Sensitive Information Disclosure Transport Layer Security User Account Lockout User Input Caching Web 2.0 Secure Coding The buzzword Web 2.0 has been in the public vocabulary for years. As HTML5 and other new 2.0 technologies become widely implemented and draw closer to maturity, attackers are focusing their attention on finding exploits and attacking Web 2.0 services, technologies and languages. This program teaches developers how to avoid common pitfalls and follow best practices in six courses that total 45 minutes in length. AJAX / XML / JSON in Web 2.0 Cross-origin resource sharing Local storage Web messaging WebSocket protocol XSS in HTML5 LEARN MORE About our Industry Expertise ID#TR-GEN0006 at: Corporate Corporate Headquarters Headquarters / 6130 / 6130 Sprint Sprint Parkway Parkway / Ste. / Ste / Overland / Overland Park, Park, KS KS / / All rights reserved.

TRAINING SERVICES elearning

TRAINING SERVICES elearning SECURELY ENABLING BUSINESS Securely Enabling Your Business TRAINING SERVICES elearning Engaging and Effective Overview FishNet Security s Training Services team offers engaging, interactive elearning courses

More information

PCI Data Security Standard 3.0

PCI Data Security Standard 3.0 SECURELY ENABLING BUSINESS PCI Data Security Standard 3.0 Training Strategies That Work Presented by Doug Hall May 20, 2014 AGENDA PCI DSS 3.0 Training Strategies That Work PCI DSS 3.0 Overview PCI Training

More information

WEB SECURITY CONCERNS THAT WEB VULNERABILITY SCANNING CAN IDENTIFY

WEB SECURITY CONCERNS THAT WEB VULNERABILITY SCANNING CAN IDENTIFY WEB SECURITY CONCERNS THAT WEB VULNERABILITY SCANNING CAN IDENTIFY www.alliancetechpartners.com WEB SECURITY CONCERNS THAT WEB VULNERABILITY SCANNING CAN IDENTIFY More than 70% of all websites have vulnerabilities

More information

PCI-DSS and Application Security Achieving PCI DSS Compliance with Seeker

PCI-DSS and Application Security Achieving PCI DSS Compliance with Seeker PCI-DSS and Application Security Achieving PCI DSS Compliance with Seeker www.quotium.com 1/14 Summary Abstract 3 PCI DSS Statistics 4 PCI DSS Application Security 5 How Seeker Helps You Achieve PCI DSS

More information

WHITE PAPER. FortiWeb and the OWASP Top 10 Mitigating the most dangerous application security threats

WHITE PAPER. FortiWeb and the OWASP Top 10 Mitigating the most dangerous application security threats WHITE PAPER FortiWeb and the OWASP Top 10 PAGE 2 Introduction The Open Web Application Security project (OWASP) Top Ten provides a powerful awareness document for web application security. The OWASP Top

More information

KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES. www.kaspersky.com

KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES. www.kaspersky.com KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES www.kaspersky.com EXPERT SERVICES Expert Services from Kaspersky Lab are exactly that the services of our in-house experts, many of them global

More information

Where every interaction matters.

Where every interaction matters. Where every interaction matters. Peer 1 Vigilant Web Application Firewall Powered by Alert Logic The Open Web Application Security Project (OWASP) Top Ten Web Security Risks and Countermeasures White Paper

More information

Passing PCI Compliance How to Address the Application Security Mandates

Passing PCI Compliance How to Address the Application Security Mandates Passing PCI Compliance How to Address the Application Security Mandates The Payment Card Industry Data Security Standards includes several requirements that mandate security at the application layer. These

More information

Magento Security and Vulnerabilities. Roman Stepanov

Magento Security and Vulnerabilities. Roman Stepanov Magento Security and Vulnerabilities Roman Stepanov http://ice.eltrino.com/ Table of contents Introduction Open Web Application Security Project OWASP TOP 10 List Common issues in Magento A1 Injection

More information

ETHICAL HACKING 010101010101APPLICATIO 00100101010WIRELESS110 00NETWORK1100011000 101001010101011APPLICATION0 1100011010MOBILE0001010 10101MOBILE0001

ETHICAL HACKING 010101010101APPLICATIO 00100101010WIRELESS110 00NETWORK1100011000 101001010101011APPLICATION0 1100011010MOBILE0001010 10101MOBILE0001 001011 1100010110 0010110001 010110001 0110001011000 011000101100 010101010101APPLICATIO 0 010WIRELESS110001 10100MOBILE00010100111010 0010NETW110001100001 10101APPLICATION00010 00100101010WIRELESS110

More information

Cloud Security:Threats & Mitgations

Cloud Security:Threats & Mitgations Cloud Security:Threats & Mitgations Vineet Mago Naresh Khalasi Vayana 1 What are we gonna talk about? What we need to know to get started Its your responsibility Threats and Remediations: Hacker v/s Developer

More information

CORE Security and the Payment Card Industry Data Security Standard (PCI DSS)

CORE Security and the Payment Card Industry Data Security Standard (PCI DSS) CORE Security and the Payment Card Industry Data Security Standard (PCI DSS) Addressing the PCI DSS with Predictive Security Intelligence Solutions from CORE Security CORE Security +1 617.399-6980 info@coresecurity.com

More information

SecurityMetrics Vision whitepaper

SecurityMetrics Vision whitepaper SecurityMetrics Vision whitepaper 1 SecurityMetrics Vision: Network Threat Sensor for Small Businesses Small Businesses at Risk for Data Theft Small businesses are the primary target for card data theft,

More information

NATIONAL CYBER SECURITY AWARENESS MONTH

NATIONAL CYBER SECURITY AWARENESS MONTH NATIONAL CYBER SECURITY AWARENESS MONTH Tip 1: Security is everyone s responsibility. Develop an awareness framework that challenges, educates and empowers your customers and employees to be part of the

More information

Making your web application. White paper - August 2014. secure

Making your web application. White paper - August 2014. secure Making your web application White paper - August 2014 secure User Acceptance Tests Test Case Execution Quality Definition Test Design Test Plan Test Case Development Table of Contents Introduction 1 Why

More information

Web application testing

Web application testing CL-WTS Web application testing Classroom 2 days Testing plays a very important role in ensuring security and robustness of web applications. Various approaches from high level auditing through penetration

More information

The Top Web Application Attacks: Are you vulnerable?

The Top Web Application Attacks: Are you vulnerable? QM07 The Top Web Application Attacks: Are you vulnerable? John Burroughs, CISSP Sr Security Architect, Watchfire Solutions jburroughs@uk.ibm.com Agenda Current State of Web Application Security Understanding

More information

Barracuda Web Site Firewall Ensures PCI DSS Compliance

Barracuda Web Site Firewall Ensures PCI DSS Compliance Barracuda Web Site Firewall Ensures PCI DSS Compliance E-commerce sales are estimated to reach $259.1 billion in 2007, up from the $219.9 billion earned in 2006, according to The State of Retailing Online

More information

How to complete the Secure Internet Site Declaration (SISD) form

How to complete the Secure Internet Site Declaration (SISD) form 1 How to complete the Secure Internet Site Declaration (SISD) form The following instructions are designed to assist you in completing the SISD form that forms part of your Merchant application. Once completed,

More information

elearning for Secure Application Development

elearning for Secure Application Development elearning for Secure Application Development Curriculum Application Security Awareness Series 1-2 Secure Software Development Series 2-8 Secure Architectures and Threat Modeling Series 9 Application Security

More information

Web Hacking Incidents Revealed: Trends, Stats and How to Defend. Ryan Barnett Senior Security Researcher SpiderLabs Research

Web Hacking Incidents Revealed: Trends, Stats and How to Defend. Ryan Barnett Senior Security Researcher SpiderLabs Research Web Hacking Incidents Revealed: Trends, Stats and How to Defend Ryan Barnett Senior Security Researcher SpiderLabs Research Ryan Barnett - Background Trustwave Senior Security Researcher Web application

More information

WHITE PAPER FORTIWEB WEB APPLICATION FIREWALL. Ensuring Compliance for PCI DSS 6.5 and 6.6

WHITE PAPER FORTIWEB WEB APPLICATION FIREWALL. Ensuring Compliance for PCI DSS 6.5 and 6.6 WHITE PAPER FORTIWEB WEB APPLICATION FIREWALL Ensuring Compliance for PCI DSS 6.5 and 6.6 CONTENTS 04 04 06 08 11 12 13 Overview Payment Card Industry Data Security Standard PCI Compliance for Web Applications

More information

SITA Security Requirements for Third-Party Service Providers that Access, Process, Store or Transmit Data on Behalf of SITA

SITA Security Requirements for Third-Party Service Providers that Access, Process, Store or Transmit Data on Behalf of SITA SITA Information Security SITA Security Requirements for Third-Party Service Providers that Access, Process, Store or Transmit Data on Behalf of SITA September, 2012 Contents 1. Introduction... 3 1.1 Overview...

More information

Account Information Security. Merchant Guide

Account Information Security. Merchant Guide Account Information Security Merchant Guide At Visa, protecting our cardholders is at the core of everything we do. One of the many reasons people trust our brand is that we make buying and selling safer

More information

Adobe Systems Incorporated

Adobe Systems Incorporated Adobe Connect 9.2 Page 1 of 8 Adobe Systems Incorporated Adobe Connect 9.2 Hosted Solution June 20 th 2014 Adobe Connect 9.2 Page 2 of 8 Table of Contents Engagement Overview... 3 About Connect 9.2...

More information

Application security testing: Protecting your application and data

Application security testing: Protecting your application and data E-Book Application security testing: Protecting your application and data Application security testing is critical in ensuring your data and application is safe from security attack. This ebook offers

More information

WHITE PAPER. FortiWeb Web Application Firewall Ensuring Compliance for PCI DSS 6.5 and 6.6

WHITE PAPER. FortiWeb Web Application Firewall Ensuring Compliance for PCI DSS 6.5 and 6.6 WHITE PAPER FortiWeb Web Application Firewall Ensuring Compliance for PCI DSS 6.5 and 6.6 Ensuring compliance for PCI DSS 6.5 and 6.6 Page 2 Overview Web applications and the elements surrounding them

More information

Six Essential Elements of Web Application Security. Cost Effective Strategies for Defending Your Business

Six Essential Elements of Web Application Security. Cost Effective Strategies for Defending Your Business 6 Six Essential Elements of Web Application Security Cost Effective Strategies for Defending Your Business An Introduction to Defending Your Business Against Today s Most Common Cyber Attacks When web

More information

Staying a step ahead of the hackers: the importance of identifying critical Web application vulnerabilities.

Staying a step ahead of the hackers: the importance of identifying critical Web application vulnerabilities. Managing business infrastructure White paper Staying a step ahead of the hackers: the importance of identifying critical Web application vulnerabilities. September 2008 2 Contents 2 Overview 5 Understanding

More information

FINAL DoIT 11.03.2015 - v.4 PAYMENT CARD INDUSTRY DATA SECURITY STANDARDS APPLICATION DEVELOPMENT AND MAINTENANCE PROCEDURES

FINAL DoIT 11.03.2015 - v.4 PAYMENT CARD INDUSTRY DATA SECURITY STANDARDS APPLICATION DEVELOPMENT AND MAINTENANCE PROCEDURES Purpose: The Department of Information Technology (DoIT) is committed to developing secure applications. DoIT s System Development Methodology (SDM) and Application Development requirements ensure that

More information

Using Free Tools To Test Web Application Security

Using Free Tools To Test Web Application Security Using Free Tools To Test Web Application Security Speaker Biography Matt Neely, CISSP, CTGA, GCIH, and GCWN Manager of the Profiling Team at SecureState Areas of expertise: wireless, penetration testing,

More information

N4SECURE SERVICES TECHNICAL DESCRIPTION PUBLIC NODE4 LIMITED 25/04/2016

N4SECURE SERVICES TECHNICAL DESCRIPTION PUBLIC NODE4 LIMITED 25/04/2016 N4SECURE SERVICES TECHNICAL DESCRIPTION PUBLIC NODE4 LIMITED 25/04/2016 INTRODUCTION N4Secure is a Threat Intelligence managed service. By monitoring network traffic, server traffic, scanning for internal

More information

Universities and Schools Under Cyber-Attack: How to Protect Your Institution of Excellence

Universities and Schools Under Cyber-Attack: How to Protect Your Institution of Excellence Universities and Schools Under Cyber-Attack: How to Protect Your Institution of Excellence About ERM About The Speaker Information Security Expert at ERM B.S. Software Engineering and Information Technology

More information

05.0 Application Development

05.0 Application Development Number 5.0 Policy Owner Information Security and Technology Policy Application Development Effective 01/01/2014 Last Revision 12/30/2013 Department of Innovation and Technology 5. Application Development

More information

DFW INTERNATIONAL AIRPORT STANDARD OPERATING PROCEDURE (SOP)

DFW INTERNATIONAL AIRPORT STANDARD OPERATING PROCEDURE (SOP) Title: Functional Category: Information Technology Services Issuing Department: Information Technology Services Code Number: xx.xxx.xx Effective Date: xx/xx/2014 1.0 PURPOSE 1.1 To appropriately manage

More information

Mobile Application Security Sharing Session May 2013

Mobile Application Security Sharing Session May 2013 Mobile Application Security Sharing Session Agenda Introduction of speakers Mobile Application Security Trends and Challenges 5 Key Focus Areas for an mobile application assessment 2 Introduction of speakers

More information

National Cyber Security Month 2015: Daily Security Awareness Tips

National Cyber Security Month 2015: Daily Security Awareness Tips National Cyber Security Month 2015: Daily Security Awareness Tips October 1 New Threats Are Constantly Being Developed. Protect Your Home Computer and Personal Devices by Automatically Installing OS Updates.

More information

Recommended Practice Case Study: Cross-Site Scripting. February 2007

Recommended Practice Case Study: Cross-Site Scripting. February 2007 Recommended Practice Case Study: Cross-Site Scripting February 2007 iii ACKNOWLEDGEMENT This document was developed for the U.S. Department of Homeland Security to provide guidance for control system cyber

More information

How to start a software security initiative within your organization: a maturity based and metrics driven approach OWASP

How to start a software security initiative within your organization: a maturity based and metrics driven approach OWASP How to start a software security initiative within your organization: a maturity based and metrics driven approach Marco Morana OWASP Lead/ TISO Citigroup OWASP Application Security For E-Government Copyright

More information

DATA BREACHES: WHEN COMPLIANCE IS NOT ENOUGH

DATA BREACHES: WHEN COMPLIANCE IS NOT ENOUGH DATA BREACHES: WHEN COMPLIANCE IS NOT ENOUGH Andy Watson Grant Thornton LLP. All rights reserved. CYBERSECURITY 2 SURVEY OF CHIEF AUDIT EXECUTIVES (CAEs) GRANT THORNTON'S 2014 CAE SURVEY Data privacy and

More information

Securing Your Web Application against security vulnerabilities. Ong Khai Wei, IT Specialist, Development Tools (Rational) IBM Software Group

Securing Your Web Application against security vulnerabilities. Ong Khai Wei, IT Specialist, Development Tools (Rational) IBM Software Group Securing Your Web Application against security vulnerabilities Ong Khai Wei, IT Specialist, Development Tools (Rational) IBM Software Group Agenda Security Landscape Vulnerability Analysis Automated Vulnerability

More information

Reducing the Cost and Complexity of Web Vulnerability Management

Reducing the Cost and Complexity of Web Vulnerability Management WHITE PAPER: REDUCING THE COST AND COMPLEXITY OF WEB..... VULNERABILITY.............. MANAGEMENT..................... Reducing the Cost and Complexity of Web Vulnerability Management Who should read this

More information

Detecting Web Application Vulnerabilities Using Open Source Means. OWASP 3rd Free / Libre / Open Source Software (FLOSS) Conference 27/5/2008

Detecting Web Application Vulnerabilities Using Open Source Means. OWASP 3rd Free / Libre / Open Source Software (FLOSS) Conference 27/5/2008 Detecting Web Application Vulnerabilities Using Open Source Means OWASP 3rd Free / Libre / Open Source Software (FLOSS) Conference 27/5/2008 Kostas Papapanagiotou Committee Member OWASP Greek Chapter conpap@owasp.gr

More information

Guide for the attention of developers/hosts for merchant websites on the minimum level of security for bank card data processing

Guide for the attention of developers/hosts for merchant websites on the minimum level of security for bank card data processing Guide for the attention of developers/hosts for merchant websites on the minimum level of security for bank card data processing Foreword This guide in no way intends to replace a PCI DSS certification

More information

PCI Compliance: How to ensure customer cardholder data is handled with care

PCI Compliance: How to ensure customer cardholder data is handled with care PCI Compliance: How to ensure customer cardholder data is handled with care Choosing a safe payment process for your business Contents Contents 2 Executive Summary 3 PCI compliance and accreditation 4

More information

WEB ATTACKS AND COUNTERMEASURES

WEB ATTACKS AND COUNTERMEASURES WEB ATTACKS AND COUNTERMEASURES February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in

More information

ALERT LOGIC FOR HIPAA COMPLIANCE

ALERT LOGIC FOR HIPAA COMPLIANCE SOLUTION OVERVIEW: ALERT LOGIC FOR HIPAA COMPLIANCE AN OUNCE OF PREVENTION IS WORTH A POUND OF CURE Alert Logic provides organizations with the most advanced and cost-effective means to secure their healthcare

More information

Rational AppScan & Ounce Products

Rational AppScan & Ounce Products IBM Software Group Rational AppScan & Ounce Products Presenters Tony Sisson and Frank Sassano 2007 IBM Corporation IBM Software Group The Alarming Truth CheckFree warns 5 million customers after hack http://infosecurity.us/?p=5168

More information

Introduction: 1. Daily 360 Website Scanning for Malware

Introduction: 1. Daily 360 Website Scanning for Malware Introduction: SiteLock scans your website to find and fix any existing malware and vulnerabilities followed by using the protective TrueShield firewall to keep the harmful traffic away for good. Moreover

More information

Training and Awareness

Training and Awareness Training and Awareness Services Overview JANUS Associates, Inc. 1055 Washington Boulevard Stamford, CT 06901 203-251-0200 matthewl@janusassociates.com Providing your employees with information technology

More information

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data Kenna Platform Security A technical overview of the comprehensive security measures Kenna uses to protect your data V2.0, JULY 2015 Multiple Layers of Protection Overview Password Salted-Hash Thank you

More information

What is Web Security? Motivation

What is Web Security? Motivation brucker@inf.ethz.ch http://www.brucker.ch/ Information Security ETH Zürich Zürich, Switzerland Information Security Fundamentals March 23, 2004 The End Users View The Server Providers View What is Web

More information

The Key to Secure Online Financial Transactions

The Key to Secure Online Financial Transactions Transaction Security The Key to Secure Online Financial Transactions Transferring money, shopping, or paying debts online is no longer a novelty. These days, it s just one of many daily occurrences on

More information

Payment Card Industry Data Security Standard Training. Chris Harper Vice President of Technical Services Secure Enterprise Computing, Inc.

Payment Card Industry Data Security Standard Training. Chris Harper Vice President of Technical Services Secure Enterprise Computing, Inc. Payment Card Industry Data Security Standard Training Chris Harper Vice President of Technical Services Secure Enterprise Computing, Inc. March 27, 2012 Agenda Check-In 9:00-9:30 PCI Intro and History

More information

Cracking the Perimeter via Web Application Hacking. Zach Grace, CISSP, CEH zgrace@403labs.com January 17, 2014 2014 Mega Conference

Cracking the Perimeter via Web Application Hacking. Zach Grace, CISSP, CEH zgrace@403labs.com January 17, 2014 2014 Mega Conference Cracking the Perimeter via Web Application Hacking Zach Grace, CISSP, CEH zgrace@403labs.com January 17, 2014 2014 Mega Conference About 403 Labs 403 Labs is a full-service information security and compliance

More information

White Paper. Guide to PCI Application Security Compliance for Merchants and Service Providers

White Paper. Guide to PCI Application Security Compliance for Merchants and Service Providers White Paper Guide to PCI Application Security Compliance for Merchants and Service Providers Contents Overview... 3 I. The PCI DSS Requirements... 3 II. Compliance and Validation Requirements... 4 III.

More information

plantemoran.com What School Personnel Administrators Need to know

plantemoran.com What School Personnel Administrators Need to know plantemoran.com Data Security and Privacy What School Personnel Administrators Need to know Tomorrow s Headline Let s hope not District posts confidential data online (Tech News, May 18, 2007) In one of

More information

SQuAD: Application Security Testing

SQuAD: Application Security Testing SQuAD: Application Security Testing Terry Morreale Ben Whaley June 8, 2010 Why talk about security? There has been exponential growth of networked digital systems in the past 15 years The great things

More information

Web Application Security. Vulnerabilities, Weakness and Countermeasures. Massimo Cotelli CISSP. Secure

Web Application Security. Vulnerabilities, Weakness and Countermeasures. Massimo Cotelli CISSP. Secure Vulnerabilities, Weakness and Countermeasures Massimo Cotelli CISSP Secure : Goal of This Talk Security awareness purpose Know the Web Application vulnerabilities Understand the impacts and consequences

More information

The Business Case for Security Information Management

The Business Case for Security Information Management The Essentials Series: Security Information Management The Business Case for Security Information Management sponsored by by Dan Sullivan Th e Business Case for Security Information Management... 1 Un

More information

Elevation of Mobile Security Risks in the Enterprise Threat Landscape

Elevation of Mobile Security Risks in the Enterprise Threat Landscape March 2014, HAPPIEST MINDS TECHNOLOGIES Elevation of Mobile Security Risks in the Enterprise Threat Landscape Author Khaleel Syed 1 Copyright Information This document is an exclusive property of Happiest

More information

I ve been breached! Now what?

I ve been breached! Now what? I ve been breached! Now what? THE AFTERMATH OF A BREACH & STEPS TO REDUCE RISK The number of data breaches in the United States in 2014 hit a record high. And 2015 is not looking any better. There have

More information

Importance of Web Application Firewall Technology for Protecting Web-based Resources

Importance of Web Application Firewall Technology for Protecting Web-based Resources Importance of Web Application Firewall Technology for Protecting Web-based Resources By Andrew J. Hacker, CISSP, ISSAP Senior Security Analyst, ICSA Labs January 10, 2008 ICSA Labs 1000 Bent Creek Blvd.,

More information

FORT HAYS STATE UNIVERSITY CREDIT CARD SECURITY POLICY

FORT HAYS STATE UNIVERSITY CREDIT CARD SECURITY POLICY FORT HAYS STATE UNIVERSITY CREDIT CARD SECURITY POLICY Page 1 of 6 Summary The Payment Card Industry Data Security Standard (PCI DSS), a set of comprehensive requirements for enhancing payment account

More information

SECURITY EDUCATION CATALOGUE

SECURITY EDUCATION CATALOGUE SECURITY EDUCATION CATALOGUE i ii TABLE OF CONTENTS Introduction 2 Security Awareness Education 3 Security Awareness Course Catalogue 4 Security Awareness Course Builder 7 SAE Print Material 8 Secure Code

More information

ArcGIS Server Security Threats & Best Practices 2014. David Cordes Michael Young

ArcGIS Server Security Threats & Best Practices 2014. David Cordes Michael Young ArcGIS Server Security Threats & Best Practices 2014 David Cordes Michael Young Agenda Introduction Threats Best practice - ArcGIS Server settings - Infrastructure settings - Processes Summary Introduction

More information

IT Security & Compliance. On Time. On Budget. On Demand.

IT Security & Compliance. On Time. On Budget. On Demand. IT Security & Compliance On Time. On Budget. On Demand. IT Security & Compliance Delivered as a Service For businesses today, managing IT security risk and meeting compliance requirements is paramount

More information

A6- Sensitive Data Exposure

A6- Sensitive Data Exposure OWASP Vulnerabilities and Attacks Simplifie d: Business Manager Series Part 2 Have you heard of the times when Fantastic Frank from Randomland was furious? Money and critical data was being stolen from

More information

Is Drupal secure? A high-level perspective on web vulnerabilities, Drupal s solutions, and how to maintain site security

Is Drupal secure? A high-level perspective on web vulnerabilities, Drupal s solutions, and how to maintain site security Is Drupal secure? A high-level perspective on web vulnerabilities, Drupal s solutions, and how to maintain site security Presented 2009-05-29 by David Strauss Thinking Securely Security is a process, not

More information

IBM Security Strategy

IBM Security Strategy IBM Security Strategy Intelligence, Integration and Expertise Kate Scarcella CISSP Security Tiger Team Executive M.S. Information Security IBM Security Systems IBM Security: Delivering intelligence, integration

More information

Visa Account Information Security Tool Kit. Welcome to the Visa Account Information Security Program

Visa Account Information Security Tool Kit. Welcome to the Visa Account Information Security Program Visa Account Information Security Tool Kit Welcome to the Visa Account Information Security Program 2 Contents 1. Securing cardholder data is everyone s concern 4 2. Visa Account Information Security (AIS)

More information

SANS Securing The Human

SANS Securing The Human SANS Securing The Human Introduction Most organizations have invested in security technology to protect their information, putting in place solutions such as firewalls, encryption or IDS sensors. However,

More information

Members of the UK cyber security forum. Soteria Health Check. A Cyber Security Health Check for SAP systems

Members of the UK cyber security forum. Soteria Health Check. A Cyber Security Health Check for SAP systems Soteria Health Check A Cyber Security Health Check for SAP systems Soteria Cyber Security are staffed by SAP certified consultants. We are CISSP qualified, and members of the UK Cyber Security Forum. Security

More information

Security Assessment through Google Tools -Focusing on the Korea University Website

Security Assessment through Google Tools -Focusing on the Korea University Website , pp.9-13 http://dx.doi.org/10.14257/astl.2015.93.03 Security Assessment through Google Tools -Focusing on the Korea University Website Mi Young Bae 1,1, Hankyu Lim 1, 1 Department of Multimedia Engineering,

More information

Table of Contents. Page 2/13

Table of Contents. Page 2/13 Page 1/13 Table of Contents Introduction...3 Top Reasons Firewalls Are Not Enough...3 Extreme Vulnerabilities...3 TD Ameritrade Security Breach...3 OWASP s Top 10 Web Application Security Vulnerabilities

More information

PCI DSS Overview and Solutions. Anwar McEntee Anwar_McEntee@rapid7.com

PCI DSS Overview and Solutions. Anwar McEntee Anwar_McEntee@rapid7.com PCI DSS Overview and Solutions Anwar McEntee Anwar_McEntee@rapid7.com Agenda Threat environment and risk PCI DSS overview Who we are Solutions and where we can help Market presence High Profile Hacks in

More information

GFI White Paper PCI-DSS compliance and GFI Software products

GFI White Paper PCI-DSS compliance and GFI Software products White Paper PCI-DSS compliance and Software products The Payment Card Industry Data Standard () compliance is a set of specific security standards developed by the payment brands* to help promote the adoption

More information

[Company Name] HIPAA Security Awareness and Workforce Training Program Manual

[Company Name] HIPAA Security Awareness and Workforce Training Program Manual [Company Name] HIPAA Security Awareness and Workforce Training Program Manual The Importance of Security Awareness Training 4 Data Security Breaches 5 What is Information Security? 6 Roles and Responsibilities

More information

Penetration Testing Service. By Comsec Information Security Consulting

Penetration Testing Service. By Comsec Information Security Consulting Penetration Testing Service By Consulting February, 2007 Background The number of hacking and intrusion incidents is increasing year by year as technology rolls out. Equally, there is no hiding place your

More information

How to break in. Tecniche avanzate di pen testing in ambito Web Application, Internal Network and Social Engineering

How to break in. Tecniche avanzate di pen testing in ambito Web Application, Internal Network and Social Engineering How to break in Tecniche avanzate di pen testing in ambito Web Application, Internal Network and Social Engineering Time Agenda Agenda Item 9:30 10:00 Introduction 10:00 10:45 Web Application Penetration

More information

Project OWASP and two most frequent vulnerabilities in web applications

Project OWASP and two most frequent vulnerabilities in web applications Project OWASP and two most frequent vulnerabilities in web applications Filip Šebesta, Wilson Tuladhar 2010 Abstract With the rapid use of the Internet, there has been a rapid growth in websites and web

More information

How-To Guide: Cyber Security. Content Provided by

How-To Guide: Cyber Security. Content Provided by How-To Guide: Cyber Security Content Provided by Who needs cyber security? Businesses that have, use, or support computers, smartphones, email, websites, social media, or cloudbased services. Businesses

More information

OWASP Top Ten Tools and Tactics

OWASP Top Ten Tools and Tactics OWASP Top Ten Tools and Tactics Russ McRee Copyright 2012 HolisticInfoSec.org SANSFIRE 2012 10 JULY Welcome Manager, Security Analytics for Microsoft Online Services Security & Compliance Writer (toolsmith),

More information

Joint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training - Session One

Joint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training - Session One Joint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training - Session One End User Security, IS Control Evaluation & Self- Assessment Information Security Trends and Countermeasures

More information

MatriXay WEB Application Vulnerability Scanner V 5.0. 1. Overview. (DAS- WEBScan ) - - - - - The best WEB application assessment tool

MatriXay WEB Application Vulnerability Scanner V 5.0. 1. Overview. (DAS- WEBScan ) - - - - - The best WEB application assessment tool MatriXay DAS-WEBScan MatriXay WEB Application Vulnerability Scanner V 5.0 (DAS- WEBScan ) - - - - - The best WEB application assessment tool 1. Overview MatriXay DAS- Webscan is a specific application

More information

white SECURITY TESTING WHITE PAPER

white SECURITY TESTING WHITE PAPER white SECURITY TESTING WHITE PAPER Contents: Introduction...3 The Need for Security Testing...4 Security Scorecards...5 Test Approach... 11 Framework... 16 Project Initiation Process... 17 Conclusion...

More information

(WAPT) Web Application Penetration Testing

(WAPT) Web Application Penetration Testing (WAPT) Web Application Penetration Testing Module 0: Introduction 1. Introduction to the course. 2. How to get most out of the course 3. Resources you will need for the course 4. What is WAPT? Module 1:

More information

Security Breaches and Vulnerability Experiences Overview of PCI DSS Initiative and CISP Payment Application Best Practices Questions and Comments

Security Breaches and Vulnerability Experiences Overview of PCI DSS Initiative and CISP Payment Application Best Practices Questions and Comments Security in the Payment Card Industry OWASP AppSec Seattle Oct 2006 Hap Huynh, Information Security Specialist, Visa USA hhuynh@visa.com Copyright 2006 - The OWASP Foundation Permission is granted to copy,

More information

Internet threats: steps to security for your small business

Internet threats: steps to security for your small business Internet threats: 7 steps to security for your small business Proactive solutions for small businesses A restaurant offers free WiFi to its patrons. The controller of an accounting firm receives a confidential

More information

THE HACKERS NEXT TARGET

THE HACKERS NEXT TARGET Governance and Risk Management THE HACKERS NEXT TARGET YOUR WEB AND SOFTWARE Anthony Lim MBA CISSP CSSLP FCITIL Director, Security, Asia Pacific Rational Software ISC2 CyberSecurity Conference 09 Kuala

More information

Web Application Security

Web Application Security Web Application Security Ng Wee Kai Senior Security Consultant PulseSecure Pte Ltd About PulseSecure IT Security Consulting Company Part of Consortium in IDA (T) 606 Term Tender Cover most of the IT Security

More information

safe and sound processing online card payments securely

safe and sound processing online card payments securely safe and sound processing online card payments securely Executive summary The following information and guidance is intended to provide key payment security advice to new or existing merchants who trade

More information

Web Application Penetration Testing

Web Application Penetration Testing Web Application Penetration Testing 2010 2010 AT&T Intellectual Property. All rights reserved. AT&T and the AT&T logo are trademarks of AT&T Intellectual Property. Will Bechtel William.Bechtel@att.com

More information

PCI DSS Reporting WHITEPAPER

PCI DSS Reporting WHITEPAPER WHITEPAPER PCI DSS Reporting CONTENTS Executive Summary 2 Latest Patches not Installed 3 Vulnerability Dashboard 4 Web Application Protection 5 Users Logging into Sensitive Servers 6 Failed Login Attempts

More information

OWASP AND APPLICATION SECURITY

OWASP AND APPLICATION SECURITY SECURING THE 3DEXPERIENCE PLATFORM OWASP AND APPLICATION SECURITY Milan Bruchter/Shutterstock.com WHITE PAPER EXECUTIVE SUMMARY As part of Dassault Systèmes efforts to counter threats of hacking, particularly

More information

PCI Compliance for Cloud Applications

PCI Compliance for Cloud Applications What Is It? The Payment Card Industry Data Security Standard (PCIDSS), in particular v3.0, aims to reduce credit card fraud by minimizing the risks associated with the transmission, processing, and storage

More information

TOP 10 Security Questions Introduction Breaches and other privacy and security incidents in healthcare are on the rise due to the vast size of the industry and the oneoffs of protected health information

More information

PCI Data Security Standards (DSS)

PCI Data Security Standards (DSS) ENTERPRISE APPLICATION WHITELISTING SOLUTION Achieving PCI Compliance at the Point of Sale Using Bit9 Parity TM to Protect Cardholder Data PCI: Protecting Cardholder Data As the technology used by merchants

More information

APPLICATION SECURITY: FROM WEB TO MOBILE. DIFFERENT VECTORS AND NEW ATTACK

APPLICATION SECURITY: FROM WEB TO MOBILE. DIFFERENT VECTORS AND NEW ATTACK APPLICATION SECURITY: FROM WEB TO MOBILE. DIFFERENT VECTORS AND NEW ATTACK John T Lounsbury Vice President Professional Services, Asia Pacific INTEGRALIS Session ID: MBS-W01 Session Classification: Advanced

More information