Session objectives. Threats, Threat Agents, and Vulnerabilities. Information on threats. Threat Identification ISO 27005:2008
|
|
- Corey Bailey
- 7 years ago
- Views:
Transcription
1 Session objectives Threats, Threat Agents, and Vulnerabilities COMM037 Computer Security Dr Hans Georg Schaathun University of Surrey Recognise the differences between common threat sources Be able to account for a wide range of threats in a risk analysis Raggad, Chapter 3 ISO 27005:2008 Autumn 2010 Week 5 Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 Week 5 1 / 46 Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 Week 5 2 / 46 Threat Classification Threat Classification ISO 27005:2008 Information on threats Input Information on threats from incident reviews, asset owners, users, etc. Output A list of threats with identification of type and source. Action Identify threats and their sources. Threat description Threat Source Threat Type Effect of Threat to Asset (consequential threats) Impact and Consequences Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 Week 5 5 / 46 Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 Week 5 6 / 46
2 Threat Classification Classes of Threats Example of Consquential Threats Threats Natural Manmade Root Threat Thunderstorm Secondary Threat Fire Intentional Third-Order Threat Power outage Fourth-Order Threat Web server failure Accidental Outsider Insider At what stage of the path do you put your controls? Human Error Software Fault Hardware Fault Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 Week 5 7 / 46 Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 Week 5 9 / 46 Responsive Controls Preventive Controls Thunderstorm lightning diverter Fire fire alarm, fire hoses, fire extinguishers Power outage UPS Web server failure off-site backup server, 24/7 maintenance crew Prevent web server failure Understanding of cause is essential Controlling the cause threat prevents the higher-order threat Either UPS (responsive) or upgraded power supply (preventive) controling the power outage threat will prevent web server failure (some of the time) Understanding threat paths is useful when planning preventive controls. Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 Week 5 10 / 46 Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 Week 5 11 / 46
3 and Impacts Examples Approach Brain Storm from all Directions Use different approaches and thought processes to cover as many threats as possible. Port Scanning Attacks (root threat) fascilitates break-in attacks (secondary threat) Credit Card Numbers compromised (confidentiality) root threat fascilitates Impersonation Attacks (Integrity) secondary threat Virus (Integrity) root threat fascilitiates other attacks (any type) secondary threat Who are your enemies? what do they want to do? what can they do? (penetration testing) What has happened in the past? to yourself to others What is your great fears? how could it come about? What could happen? Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 Week 5 12 / 46 Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 Week 5 14 / 46 Approach Qualitative and Quantitative Approaches What is a threat source? Recap Quantitiative approaches (e.g. FAIR) measure and quantify issues prioritise mathematically Detail required to measure Qualititative approaches (e.g. ISO 27005) identify all problems no accurate assessment of severity If you start the quantitative approaches to early many threats will slip through Threat source or threat agent An entity with an intention and capability to cause impact Sentient adversaries potential attackers Honest users making mistakes Nature and random events There is a reason behind incidents Enemies with an objective of their own Nature and its random events Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 Week 5 15 / 46 Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 Week 5 17 / 46
4 WikiLeaks from Afghanistan Why do we identify threat sources? WikiLeaks Why do we need to identify the threat sources? When is the threat realised? how often Understand the nature of the threat resourceful attackers or amateurs? How will a preliminary attack be exploited? blackmail? slander? further attacks? military, classified documents on the war in Afghanistan late July 2010 lifted from the US military leaks from Iraq October 2010 Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 Week 5 18 / 46 Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 Week 5 20 / 46 WikiLeaks from Afghanistan WikiLeaks from Afghanistan Assets Relevant Confidential information former informants potential targets of retribution future operations allowing counter-operations previous operations leading to impact on goodwill and reputation Taliban and other insurgent organisation military use of the information Freedom of Information Movements champions of the public right to information Anti-War Movements aiming to swing the public opinion about the war Other military and political enemies of the state damage the state s military capability Who is the actual threat source? Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 Week 5 21 / 46 Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 Week 5 22 / 46
5 WikiLeaks from Afghanistan Vulnerabilities Staff with an agenda Extensive records in compact format walk out with an encyclopedia on a keyring Targets industrial control systems specific types of computers from Siemens Malware, able to override the controls Chemical plants Power plants Power grids Exploits four previously unknown vulnerabilities Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 Week 5 23 / 46 Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 Week 5 25 / 46 What is a worm? The attack on Iran Malware Malicious Software Standalone programs do not modify other programs (as viruses do) Usually spreads over the network network congestion is a common impact 60% of infections in Iran The Nuclear Plant in Bushehr compromised Iran will not reveal the extent of damage seems to have delayed the opening of the plant Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 Week 5 26 / 46 Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 Week 5 27 / 46
6 Who is the attack source? A viewpoint from Law Enforcement This would require a lot of resources on the level of a nation state. Gadi Evron, Israeli cybersecurity strategist The known enemies preventing nuclear development USA and Israel China as a testrun of new cyberwarfare technology Are there private organisations with the capability? We do not know what the source is Dr. David Benichou at WIFS 09 in London French juge investigatoire Special advisor to the Minstry of Justice PhD in Computer Sciences Model based on field experience more than 1000 cases Qualitative rather than quantitative Real-life, rather than academic view Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 Week 5 28 / 46 Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 Week 5 30 / 46 The seven families of cybercrime Seven classes of threat sources (graphics c David Bénichou) The seven families of cybercrime Empirical distribution of attack profiles kiddies hackers avengers LP cyberterro bandits spies Adolescent amateurs script kiddies hackers Amateurs with a goal avengers legal persons Resourceful professionals Organised crime Terrorists Spies population dangerousness Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 Week 5 31 / 46 Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 Week 5 32 / 46
7 The big majority Masked Avengers Script Kiddies Hackers Clueless amateurs Use scripts created by others Trying hacks for fun No understanding of the techniques used Technically adept Obscure motivations challenge, learning, experience Grown up individuals with a score to settle Obvious motivation relatively easy to unmask e.g. a disgruntled employee with a desire to punish the company e.g. Mr/Mrs average dragging an ex-lover down in the mud Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 Week 5 33 / 46 Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 Week 5 34 / 46 Legal Persons The big and resourceful Spies, organised crime, and terrorists Financial motives unfair competition trade secrets Highly skilled Easy to identify the motive is a give-away Different motivations political (spies) financial (organised crime) ideological (terrorists) All are resourceful, with solid backing few have resources on this scale the resources make serious impact possible Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 Week 5 35 / 46 Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 Week 5 36 / 46
8 The rare and serious agents Risk Analysis Terrorists Spies Organised Crime Backed with considerable resources money, manpower, information, backup Different objectives Ideology Terrorists Politics Spies Money Organised Crime Similar dedication professionalism and clear objectives How does each family affect your risk analysis? Script Kiddies Hackers Avengers Legal Persons Terrorists Spies Organised Crime Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 Week 5 37 / 46 Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 Week 5 38 / 46 Vulnerability Identification Vulnerability Identification ISO 27005:2008 Vulnerability Identification Areas of vulnerabilities ISO 27005:2008 Input lists of known threats assets existing controls Output a list of vulnerabilities in relation to assets, threats, and controls a list of vulnerabilities not related to any identified threat Action Identify vulnerabilities that could be exploited by the threats Organisation Processes and procedures Management routines Personnel Physical environment Information system configuration Hardware, software or communications equipment Dependence on external parties Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 Week 5 40 / 46 Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 Week 5 41 / 46
9 Vulnerability Identification Vulnerabilities and Known Threats Vulnerability Identification Vulnerabilities without Threat For each threat identified Which assets are under threat? What vulnerabilities can it exploit How? What could be the attack What controls do we have? Resort the list, listing each vulnerability with all its associated threats Is there a problem? No risk at the moment Threat is needed to exploit it Yet, should be recognised and monitored it may change over time we may have forgotten a threat Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 Week 5 42 / 46 Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 Week 5 43 / 46 Exercise 5 Closure Summary Closure Review NIST SP Rev2/sp rev2-final.pdf Prepare a list, with short explanations, of the main types of controls. Additionally (not to be handed in) 1 Be ready to discuss the different types of information security controls in class. 2 read the following week s exercise Protecting the Forest Effective risk analysis requires structured review of threats vulnerabilities For threats we need to understand source cause effect No immediate risk from threats without vulnerabilites vulnerabilities without threat ISO provides the framework Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 Week 5 45 / 46 Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 Week 5 46 / 46
Joint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training- Session Two Information Security in Universities
Joint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training- Session Two Information Security in Universities Agenda Information Security Management in Universities Recent
More informationIT Security Incident Management Policies and Practices
IT Security Incident Management Policies and Practices Information Technology Services Center (ITSC) of The Hong Kong University of Science and Technology Date: Feb 6, 2015 i Document Control Document
More informationRisk Assessment Guide
KirkpatrickPrice Assessment Guide Designed Exclusively for PRISM International Members KirkpatrickPrice. innovation. integrity. delivered. KirkpatrickPrice Assessment Guide 2 Document Purpose The Assessment
More informationDisaster Recovery Planning
NASA IV & V ANNUAL WORKSHOP 202 The 4th International Workshop on Independent Verification & Validation of Software Disaster Recovery Planning Divya Krishnamoorthy Mailam Engineering College, Mailam. (Affiliated
More informationfor Critical Infrastructure Protection Supervisory Control and Data Acquisition SCADA SECURITY ADVICE FOR CEOs
for Critical Infrastructure Protection Supervisory Control and Data Acquisition SCADA SECURITY ADVICE FOR CEOs EXECUTIVE SUMMARY Supervisory Control and Data Acquisition (SCADA) systems are used for remote
More informationOpen an attachment and bring down your network?
Open an attachment and bring down your network? Many people think this will never happen to them, but virus attacks can come from unlikely sources and can strike when you least expect it. They can wreak
More informationWhat s Wrong with Information Security Today? You are looking in the wrong places for the wrong things.
What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things. AGENDA Current State of Information Security Data Breach Statics Data Breach Case Studies Why current
More informationDisaster Recovery. 1.1 Introduction. 1.2 Reasons for Disaster Recovery. EKAM Solutions Ltd Disaster Recovery
Disaster Recovery 1.1 Introduction Every day, there is the chance that some sort of business interruption, crisis, disaster, or emergency will occur. Anything that prevents access to key processes and
More informationCyber Security Incident Handling Policy. Information Technology Services Center (ITSC) of The Hong Kong University of Science and Technology
Cyber Security Incident Handling Policy Information Technology Services Center (ITSC) of The Hong Kong University of Science and Technology Date: Oct 9, 2015 i Document Control Document Owner Classification
More informationNuclear Security Requires Cyber Security
Nuclear Security Requires Cyber Security A. DAVID MCKINNON, PH.D., MARY SUE HOXIE Cyber Physical Security Team, National Security Directorate Project on Nuclear Issues (PONI) Fall 2015 Conference PNNL-SA-113027
More informationSCADA and Security Are they Mutually Exclusive? Terry M. Draper, PE, PMP
SCADA and Security Are they Mutually Exclusive? Terry M. Draper, PE, PMP Today s Topics SCADA Overview SCADA System vs. IT Systems Risk Factors Threats Potential Vulnerabilities Specific Considerations
More informationCourse mechanics. CS 458 / 658 Computer Security and Privacy. Course website. Additional communication
CS 458 / 658 Computer Security and Privacy Module 1 Introduction to Computer Security and Privacy Fall 2008 Course mechanics Instructor: Ian Goldberg Contact info: http://www.cs.uwaterloo.ca/ iang/ Office
More informationRulebook on Information Security Incident Management General Provisions Article 1
Pursuant to Article 38 of the Law on State Administration (Official Gazette of the Republic of Montenegro 38/03 from 27 June 2003, 22/08 from 02 April 2008, 42/11 from 15 August 2011), The Ministry for
More informationProtecting your business interests through intelligent IT security services, consultancy and training
Protecting your business interests through intelligent IT security services, consultancy and training The openness and connectivity of the digital economy today provides huge opportunities but also creates
More informationVulnerability Assessment & Compliance
www.pwc.com Vulnerability Assessment & Compliance August 3 rd, 2011 Building trust through Information security* Citizen-Centric egovernment state Consultantion workshop Agenda VAPT What and Why Threats
More informationInformation Security Organizations trends are becoming increasingly reliant upon information technology in
DATASHEET PENETRATION TESTING SERVICE Sales Inquiries: sales@spentera.com Visit us: http://www.spentera.com Protect Your Business. Get Your Service Quotations Today! Copyright 2011. PT. Spentera. All Rights
More information5 Tools For Passing a
5 Tools For Passing a 4530 Plank Rd., Ste. 111, Fredericksburg, VA 22407 3 Health Insurance Portability and Accountability Act 4 Health Information Technology for Economic and Clinical Health Act 4 5 1
More informationInformation Security By Bhupendra Ratha, Lecturer School of Library & Information Science D.A.V.V., Indore E-mail:bhu261@gmail.com Outline of Information Security Introduction Impact of information Need
More informationCybersecurity and internal audit. August 15, 2014
Cybersecurity and internal audit August 15, 2014 arket insights: what we are seeing so far? 60% of organizations see increased risk from using social networking, cloud computing and personal mobile devices
More informationSCADA Security @ City of Raleigh. Martin Petherbridge, CPA, CIA Internal Audit Manager Shirley McFadden, CPA, CIA Senior Internal Auditor
SCADA Security @ City of Raleigh Martin Petherbridge, CPA, CIA Internal Audit Manager Shirley McFadden, CPA, CIA Senior Internal Auditor Agenda 1. PLCs, SCADA and Stuxnet 2. Selecting Audit Standards 3.
More informationCS 458 / 658 Computer Security and Privacy. Course mechanics. Course website. Module 1 Introduction to Computer Security and Privacy.
CS 458 / 658 Computer Security and Privacy Module 1 Introduction to Computer Security and Privacy Spring 2013 Course mechanics Instructor: Ian Goldberg https://cs.uwaterloo.ca/ iang/ Office hours: Thursdays
More informationBreakthrough Cyber Security Strategies. Introducing Honeywell Risk Manager
Breakthrough Cyber Security Strategies Introducing Honeywell Risk Manager About the Presenter Eric D. Knapp @ericdknapp Global Director of Cyber Security Solutions and Technology for Honeywell Process
More informationKeynote. Professor Russ Davis Chairperson IC4MF & Work Shop Coordinator for Coordinator for Technology, Innovation and Exploitation.
Keynote Professor Russ Davis Chairperson IC4MF & Work Shop Coordinator for Coordinator for Technology, Innovation and Exploitation 6 & 7 Nov 2013 So many of us now don t just work online but live part
More informationData Loss Prevention Program
Data Loss Prevention Program Safeguarding Intellectual Property Author: Powell Hamilton Senior Managing Consultant Foundstone Professional Services One of the major challenges for today s IT security professional
More informationInformation Security. CS526 Topic 1
Information Security CS 526 Topic 1 Overview of the Course 1 Today s Security News Today: 220 million records stolen, 16 arrested in massive South Korean data breach A number of online gaming & movie ticket
More informationAB 1149 Compliance: Data Security Best Practices
AB 1149 Compliance: Data Security Best Practices 1 Table of Contents Executive Summary & Overview 3 Data Security Best Practices 4 About Aurora 10 2 Executive Summary & Overview: AB 1149 is a new California
More informationSBA Cybersecurity for Small Businesses. 1.1 Introduction. 1.2 Course Objectives. 1.3 Course Topics
SBA Cybersecurity for Small Businesses 1.1 Introduction Welcome to SBA s online training course: Cybersecurity for Small Businesses. SBA s Office of Entrepreneurship Education provides this self-paced
More information10- Assume you open your credit card bill and see several large unauthorized charges unfortunately you may have been the victim of (identity theft)
1- A (firewall) is a computer program that permits a user on the internal network to access the internet but severely restricts transmissions from the outside 2- A (system failure) is the prolonged malfunction
More informationDefensible Strategy To. Cyber Incident Response
Cyber Incident Response Defensible Strategy To Cyber Incident Response Cyber Incident Response Plans Every company should develop a written plan (cyber incident response plan) that identifies cyber attack
More informationwww.pwc.co.uk Information Security Breaches Survey 2013
www.pwc.co.uk Information Security Breaches Survey 2013 Agenda and contents About the survey Security breaches increase External versus insider threats Understanding and communicating risks Implementation
More informationSafety and security are simply good business.
THE BUSINESS ASE FOR YBER SEURITY What s this about in a nutshell? The importance of cyber security for manufacturing and computer control systems has only recently been recognized and therefore has not
More informationUnit 3 Cyber security
2016 Suite Cambridge TECHNICALS LEVEL 3 IT Unit 3 Cyber security Y/507/5001 Guided learning hours: 60 Version 1 September 2015 ocr.org.uk/it LEVEL 3 UNIT 3: Cyber security Y/507/5001 Guided learning hours:
More informationExternal Supplier Control Requirements
External Supplier Control s Cyber Security For Suppliers Categorised as Low Cyber Risk 1. Asset Protection and System Configuration Barclays Data and the assets or systems storing or processing it must
More informationInternet security: Shutting the doors to keep hackers off your network
Internet security: Shutting the doors to keep hackers off your network A Paralogic Networks Guide www.scholarisintl.com Introduction Like all revolutionary steps in technological development the Internet
More informationProtecting Organizations from Cyber Attack
Protecting Organizations from Cyber Attack Cliff Glantz and Guy Landine Pacific Northwest National Laboratory (PNNL) PO Box 999 Richland, WA 99352 cliff.glantz@pnnl.gov guy.landine@pnnl.gov 1 Key Topics
More informationFundamentals of Information Systems Security Unit 1 Information Systems Security Fundamentals
Fundamentals of Information Systems Security Unit 1 Information Systems Security Fundamentals Learning Objective Explain the concepts of information systems security (ISS) as applied to an IT infrastructure.
More informationUoB Risk Assessment Methodology
[Type here] UoB Risk Assessment Methodology The Risk Assessment Methodology describes how information security risk will be managed, including guidance for assessing, scoring, choosing acceptance or treatment
More informationThreats and Attacks. Modifications by Prof. Dong Xuan and Adam C. Champion. Principles of Information Security, 5th Edition 1
Threats and Attacks Modifications by Prof. Dong Xuan and Adam C. Champion Principles of Information Security, 5th Edition 1 Learning Objectives Upon completion of this material, you should be able to:
More informationUser Documentation Web Traffic Security. University of Stavanger
User Documentation Web Traffic Security University of Stavanger Table of content User Documentation... 1 Web Traffic Security... 1 University of Stavanger... 1 UiS Web Traffic Security... 3 Background...
More informationOPC & Security Agenda
OPC & Security Agenda Cyber Security Today Cyber Security for SCADA/IS OPC Security Overview OPC Security Products Questions & Answers 1 Introduction CYBER SECURITY TODAY The Need for Reliable Information
More informationITAR Compliance Best Practices Guide
ITAR Compliance Best Practices Guide 1 Table of Contents Executive Summary & Overview 3 Data Security Best Practices 4 About Aurora 10 2 Executive Summary & Overview: International Traffic in Arms Regulations
More informationExecutive Overview...4. Importance to Citizens, Businesses and Government...5. Emergency Management and Preparedness...6
Securing the State Of Michigan Information Technology Resources Table of Contents Executive Overview...4 Importance to Citizens, Businesses and Government...5 Emergency Management and Preparedness...6
More informationInternet Security Protecting Your Business. Hayden Johnston & Rik Perry WYSCOM
Internet Security Protecting Your Business Hayden Johnston & Rik Perry WYSCOM Introduction Protecting Your Network Securing Your Information Standards & Best Practices Tools & Options Into The Future Creating
More informationAnthony J. Keane, MSc, PhD and Jason Flood, MSc Information Security & Digital Forensics Research Group Institute of Technology Blanchardstown
Anthony J. Keane, MSc, PhD and Jason Flood, MSc Information Security & Digital Forensics Research Group Institute of Technology Blanchardstown 1 Protected networks are continuously being successfully attacked
More informationInformation Security
Information Security A staff guide to the University's Information Systems Security Policy Issued by the IT Security Group on behalf of the University. Information Systems Security Guidelines for Staff
More informationwww.pwc.com Developing a robust cyber security governance framework 16 April 2015
www.pwc.com Developing a robust cyber security governance framework 16 April 2015 Cyber attacks are ubiquitous Anonymous hacker group declares cyber war on Hong Kong government, police - SCMP, 2 October
More informationThe risks borne by one are shared by all: web site compromises
The risks borne by one are shared by all: web site compromises Having your company web site hacked or compromised can be a costly experience for your organisation. There are immediate costs in responding
More informationSPARKS Cybersecurity Technology and the NESCOR Failure Scenarios
SPARKS Cybersecurity Technology and the NESCOR Failure Scenarios Lucie Langer and Paul Smith firstname.lastname@ait.ac.at AIT Austrian Institute of Technology ComForEn Workshop Monday 29 th September,
More informationInformation Security for Managers
Fiscal Year 2015 Information Security for Managers Introduction Information Security Overview Enterprise Performance Life Cycle Enterprise Performance Life Cycle and the Risk Management Framework Categorize
More informationCyberterror. Cyberspace computer-mediated communication systems has become a battleground between states and terrorists, and among nation states.
Cyberterror Cyberspace computer-mediated communication systems has become a battleground between states and terrorists, and among nation states. What are terrorists main uses of cyberspace? How does cyberterror
More informationIntegrated Network Vulnerability Scanning & Penetration Testing SAINTcorporation.com
SAINT Integrated Network Vulnerability Scanning and Penetration Testing www.saintcorporation.com Introduction While network vulnerability scanning is an important tool in proactive network security, penetration
More informationDemystifying Cyber Insurance. Jamie Monck-Mason & Andrew Hill. Introduction. What is cyber? Nomenclature
Demystifying Cyber Insurance Jamie Monck-Mason & Andrew Hill Introduction What is cyber? Nomenclature 1 What specific risks does cyber insurance cover? First party risks - losses arising from a data breach
More informationfuture data and infrastructure
White Paper Smart Grid Security: Preparing for the Standards-Based Future without Neglecting the Needs of Today Are you prepared for future data and infrastructure security challenges? Steve Chasko Principal
More informationIntroduction to Ethical Hacking and Network Defense. Objectives. Hackers
Introduction to Ethical Hacking and Network Defense January 14, 2010 MIS 4600 - Abdou Illia Objectives Describe the role of an ethical hacker Describe what can an ethical hacker legally do Describe what
More informationINTRUSION DETECTION SYSTEM (IDS) D souza Adam Jerry Joseph 0925910 I MCA
INTRUSION DETECTION SYSTEM (IDS) D souza Adam Jerry Joseph 0925910 I MCA OVERVIEW Introduction Overview The IDS Puzzle Current State of IDS Threats I have a good firewall, why do I need an IDS? Expectations
More informationInformation Technology Risk Management
Find What Matters Information Technology Risk Management Control What Counts The Cyber-Security Discussion Series for Federal Government security experts... by Carson Associates your bridge to better IT
More informationCYBER SECURITY Is your Industrial Control System prepared? Presenter: Warwick Black Security Architect SCADA & MES Schneider-Electric
CYBER SECURITY Is your Industrial Control System prepared? Presenter: Warwick Black Security Architect SCADA & MES Schneider-Electric Challenges What challenges are there for Cyber Security in Industrial
More informationDASTA Guide to Business Continuity (BC) and Disaster Recovery (DR) Planning
Your Documents. Our Management. DASTA Guide to Business Continuity (BC) and Disaster Recovery (DR) Planning Dr. Robert L. Bailey, CRM, MIT, ECMp L E A R N M O R E A B O U T D A S T A A T W W W. D R M.
More informationThreat Modeling. Deepak Manohar
Threat Modeling Deepak Manohar Outline Motivation Past Security Approaches Common problems with past security approaches Adversary s perspective Vs Defender s perspective Why defender s perspective? Threat
More informationCyber Threats Insights from history and current operations. Prepared by Cognitio May 5, 2015
Cyber Threats Insights from history and current operations Prepared by Cognitio May 5, 2015 About Cognitio Cognitio is a strategic consulting and engineering firm led by a team of former senior technology
More informationBelmont Savings Bank. Are there Hackers at the gate? 2013 Wolf & Company, P.C.
Belmont Savings Bank Are there Hackers at the gate? 2013 Wolf & Company, P.C. MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2013 Wolf & Company, P.C. About Wolf & Company, P.C.
More informationDesktop and Laptop Security Policy
Desktop and Laptop Security Policy Appendix A Examples of Desktop and Laptop standards and guidelines 1. Implement anti-virus software An anti-virus program is necessary to protect your computer from malicious
More informationCITY UNIVERSITY OF HONG KONG Information Security Incident Management Standard
CITY UNIVERSITY OF HONG KONG Information Security Incident Management Standard (Approved by the Information Strategy and Governance Committee in December 2013; revision 1.1 approved by Chief Information
More informationCyber Security Initiatives and Issues
Cyber Security Initiatives and Issues NARUC Summer Committee Meetings Robert Schreiber, CISSP, CISA Director, Client Services and Security Operations ITS July 19, 2009 Water Utility History of SCADA Yesterday
More informationCyril Onwubiko Networking and Communications Group http://ncg. ncg.kingston.ac.
Cyril Onwubiko Networking and Communications Group http://ncg ncg.kingston.ac..ac.uk http://ncg.kingston.ac.uk +44 (0)20 8547 2000 Security Threats & Vulnerabilities in assets are two most fundamental
More informationDigital Barracuda Information Security Reports that the Risk from Viruses and Worms is Only the Tip of the Iceberg FACT SHEET
Digital Barracuda Information Security Worms is Only the Tip FACT SHEET from Viruses and Worms is Only the Tip Do you have security with teeth? You had better, because if the worms don t get you, the viruses
More informationThe Cyber Threat Profiler
Whitepaper The Cyber Threat Profiler Good Intelligence is essential to efficient system protection INTRODUCTION As the world becomes more dependent on cyber connectivity, the volume of cyber attacks are
More informationNetwork Incident Report
To submit copies of this form via facsimile, please FAX to 202-406-9233. Network Incident Report United States Secret Service Financial Crimes Division Electronic Crimes Branch Telephone: 202-406-5850
More informationENISA s Study on the Evolving Threat Landscape. European Network and Information Security Agency
ENISA s Study on the Evolving Threat Landscape European Network and Information Security Agency Agenda Introduction to ENISA Preliminary remarks The ENISA report Major findings Conclusions 2 ENISA The
More informationPOLIWALL: AHEAD OF THE FIREWALL
POLIWALL: AHEAD OF THE FIREWALL FIREWALL HISTORY Since the earliest days of the Internet, when hackers sat in their darkened basements dialing into networks with dial-up modems, both network threats and
More informationManagement of IT Risks
10 number 39 // 2-2006 Management of IT Risks Esther Cerdeño Deputy Director of IT MAPFRE REASEGUROS (Spain) The market needs insurers to study the feasibility of insuring costs relating to loss of information;
More informationOffice of Emergency Communications (OEC) Mobile Applications for Public Safety (MAPS)
Office of Emergency Communications (OEC) Mobile Applications for Public Safety (MAPS) PSCR Public Safety Broadband Stakeholder Conference June 4 th, 2014 Alex Kreilein Technology Policy Strategist Office
More informationCyber- Attacks: The New Frontier for Fraudsters. Daniel Wanjohi, Technology Security Specialist
Cyber- Attacks: The New Frontier for Fraudsters Daniel Wanjohi, Technology Security Specialist What is it All about The Cyber Security Agenda ; Protecting computers, networks, programs and data from unintended
More informationData Management Policies. Sage ERP Online
Sage ERP Online Sage ERP Online Table of Contents 1.0 Server Backup and Restore Policy... 3 1.1 Objectives... 3 1.2 Scope... 3 1.3 Responsibilities... 3 1.4 Policy... 4 1.5 Policy Violation... 5 1.6 Communication...
More informationSNAP WEBHOST SECURITY POLICY
SNAP WEBHOST SECURITY POLICY Should you require any technical support for the Snap survey software or any assistance with software licenses, training and Snap research services please contact us at one
More informationIntroduction. Jason Lawrence, MSISA, CISSP, CISA Manager, EY Advanced Security Center Atlanta, Georgia jason.lawrence@ey.com Twitter: @ethical_infosec
Introduction Jason Lawrence, MSISA, CISSP, CISA Manager, EY Advanced Security Center Atlanta, Georgia jason.lawrence@ey.com Twitter: @ethical_infosec More than 20 years of experience in cybersecurity specializing
More informationManaging IT Security with Penetration Testing
Managing IT Security with Penetration Testing Introduction Adequately protecting an organization s information assets is a business imperative one that requires a comprehensive, structured approach to
More informationThe Four-Step Guide to Understanding Cyber Risk
Lifecycle Solutions & Services The Four-Step Guide to Understanding Cyber Risk Identifying Cyber Risks and Addressing the Cyber Security Gap TABLE OF CONTENTS Introduction: A Real Danger It is estimated
More informationEXIN Information Security Foundation based on ISO/IEC 27002. Sample Exam
EXIN Information Security Foundation based on ISO/IEC 27002 Sample Exam Edition June 2016 Copyright 2016 EXIN All rights reserved. No part of this publication may be published, reproduced, copied or stored
More informationCyber security in an organization-transcending way
Cyber security in an organization-transcending way EASEE-gas meeting March 19, 2015 Paul Bloemen ICT Security Manager Gasunie Chair Dutch Energy ISAC March 19, 2015 2 What to talk about Why is cyber security
More informationTahoe Tech Group serves as your technology partner with a focus on providing cost effective and long term solutions.
Tahoe Tech Group LLC Cyber Security Briefing Truckee Donner Chamber of Commerce March 6, 2015 Tahoe Tech Group serves as your technology partner with a focus on providing cost effective and long term solutions.
More informationDeltaV System Cyber-Security
January 2013 Page 1 This paper describes the system philosophy and guidelines for keeping your DeltaV System secure from Cyber attacks. www.deltav.com January 2013 Page 2 Table of Contents Introduction...
More informationCYBER SECURITY THREAT REPORT Q1
CYBER SECURITY THREAT REPORT Q1 Moving Forward Published by UMC IT Security April 2015 0 U.S. computer networks and databases are under daily cyber-attack by nation states, international crime organizations,
More informationA 360 degree approach to security
June 2012, issue 1-1 SCADA communications A 360 degree approach to security Contents 1. The need for 360 degree security 2 2. Considerations in a 360 degree approach 3 3. Implementing a 360 degree approach
More informationEnergy Cybersecurity Regulatory Brief
Energy Understand the regulations that impact the energy industry and accelerate information security initiatives. Contents Overview 3 A Highly Vulnerable Energy Industry 4 Key Regulations to Consider
More informationCompliance. Review. Our Compliance Review is based on an in-depth analysis and evaluation of your organization's:
Security.01 Penetration Testing.02 Compliance Review.03 Application Security Audit.04 Social Engineering.05 Security Outsourcing.06 Security Consulting.07 Security Policy and Program.08 Training Services
More informationAs global mobile internet penetration increases the cybercrime and cyberterrorism vector is extended
As global mobile internet penetration increases the cybercrime and cyberterrorism vector is extended Global Cybercrime has an estimated cost of US$ 110 Billion per year Every second, 18 adults become a
More informationThis chapter covers the following topics: Why Network Security Is Necessary Secure Network Design Defined Categorizing Network Security Threats How
This chapter covers the following topics: Why Network Security Is Necessary Secure Network Design Defined Categorizing Network Security Threats How Network Security Is Breached Network Security Policy
More informationWelcome to this ACT webinar
Welcome to this ACT webinar Cybersecurity: threats and responses 02 June 2015 12.30-13.15 Sponsored BST by Sponsored by Introduction James Lockyer Development Director ACT Interactive widgets Please take
More informationNetwork Security Foundations
Network Security Foundations Matthew Strebe O San SrBBC Francisco London Introduction xv Chapter 1 Security Principles 1 Why Computers Aren't Secure 2 The History of Computer Security 4-1945 5 1945-1955
More informationBoston University Security Awareness. What you need to know to keep information safe and secure
What you need to know to keep information safe and secure Introduction Welcome to Boston University s Security Awareness training. Depending on your reading speed, this presentation will take approximately
More informationToday s Global Cyber Security Status and Trustworthy Systems That Leverage Distrust Amongst Sovereigns
Today s Global Cyber Security Status and Trustworthy Systems That Leverage Distrust Amongst Sovereigns Benjamin GITTINS Ronald KELSON What is cyberspace and why is it so important? US Government Cyberspace
More informationOctober Is National Cyber Security Awareness Month!
(0 West Virginia Executive Branch Privacy Tip October Is National Cyber Security Awareness Month! In recognition of National Cyber Security Month, we are supplying tips to keep you safe in your work life
More informationPOLIWALL: AHEAD OF THE FIREWALL
POLIWALL: AHEAD OF THE FIREWALL FIREWALL HISTORY Since the earliest days of the Internet, when hackers sat in their darkened basements dialing into networks with dial-up modems, both network threats and
More informationDefending Against Data Beaches: Internal Controls for Cybersecurity
Defending Against Data Beaches: Internal Controls for Cybersecurity Presented by: Michael Walter, Managing Director and Chris Manning, Associate Director Protiviti Atlanta Office Agenda Defining Cybersecurity
More informationSOMEBODY'S WATCHING YOU! Maritime Cyber Security White Paper. Safeguarding data through increased awareness
SOMEBODY'S WATCHING YOU! Maritime Cyber Security White Paper Safeguarding data through increased awareness November 2015 1 Contents Executive Summary 3 Introduction 4 Martime Security 5 Perimeters Breached
More informationCybersecurity Global status update. Dr. Hamadoun I. Touré Secretary-General, ITU
Cybersecurity Global status update Dr. Hamadoun I. Touré Secretary-General, ITU Cybercrime takes a toll on the global economy - Online fraud, identity theft, and lost intellectual property; - On governments,
More informationPresented by Evan Sylvester, CISSP
Presented by Evan Sylvester, CISSP Who Am I? Evan Sylvester FAST Information Security Officer MBA, Texas State University BBA in Management Information Systems at the University of Texas Certified Information
More informationRISK ASSESSMENT GUIDELINES
RISK ASSESSMENT GUIDELINES A Risk Assessment is a business tool used to gauge risks to the business and to assist in safeguarding against that risk by developing countermeasures and mitigation strategies.
More informationYOUR HIPAA RISK ANALYSIS IN FIVE STEPS
Ebook YOUR HIPAA RISK ANALYSIS IN FIVE STEPS A HOW-TO GUIDE FOR YOUR HIPAA RISK ANALYSIS AND MANAGEMENT PLAN 2015 SecurityMetrics YOUR HIPAA RISK ANALYSIS IN FIVE STEPS 1 YOUR HIPAA RISK ANALYSIS IN FIVE
More information