Universities and Schools Under Cyber-Attack: How to Protect Your Institution of Excellence

Size: px
Start display at page:

Download "Universities and Schools Under Cyber-Attack: How to Protect Your Institution of Excellence"

Transcription

1 Universities and Schools Under Cyber-Attack: How to Protect Your Institution of Excellence

2 About ERM

3 About The Speaker Information Security Expert at ERM B.S. Software Engineering and Information Technology Recently Passed the CISSP Core Experience: Penetration Testing Regulatory Compliance and Standards Technical Security Assessment Social Engineering - University of Miami

4 Agenda Our Institutions Under Attack How it Works Compliance vs. Security Protecting Your Institution of Excellence

5 Money Is The Motive Tons of Sensitive Information Confidential Research Identity Theft

6 University Attacks in the News Team GhostShellclaimed credit for breaking into servers at 100 major universities from around the world Included U.S. News Top 10 universities A month ago, a large university reported that confidential files containing personal information on 72,000 people were hacked. A month ago, a major academic intution s Internet technology database was hacked and school officials made an announcement suggesting students and staff reset their passwords.

7 Types of Attacks Network Attack Physical Layer Social Engineering

8 NETWORK ATTACKS

9 DDoS Distributed Denial of Service Masters -system that is initially exploited due to a vulnerability Slaves Infected with malware distributed by the master Goal is to overload the network or a targeted application

10 Software Weaknesses SQL Injection Insertion of malicious SQL statements into an entry field Attacker attempts to dump the database contents to the attacker Zero-Day Exploits Exploits that exist in software in which patches have not yet been developed

11 BYOD (Bring-Your-Own-Device) Mobile Devices Access to sensitive information is authenticated by device Lost or Stolen Device Data Breach

12 Rouge Access Points BYOD part deux Bring your own wireless access point to campus Allow an attacker to see all traffic

13 PHYSICAL ATTACKS

14 Active Ports An attacker attempts to gain access to the wired network by testing for active Ethernet ports

15 Tailgating / Piggybacking Attempting to gain access to a secure premise through the exploitation of common courtesy or carelessness.

16 Dumpster Diving The act of searching through trash bins to discover sensitive information.

17 SOCIAL ENGINEERING

18 Social Engineering The art of manipulating people into performing actions or divulging confidential information. Relies on people s inability to keep up with a culture that relies heavily on information technology. Use your own employees to defeat your security controls and practices.

19 Social Engineering Attacks Phishing Malicious Attachment Click the link Fake Website Baiting Shoulder Surfing

20 Academic Institution Attack Scenario: Target DB Administrators and Finance AND you have 2 weeks Information Gathering: Google / LinkedIn: Name of all people in both departments Institution s Website: Lay out of entire building including desk location; Used PeopleSoft Application; s of identified staff; Dean s contact information, signature, and sample s Attack: Phishing: Crafted a spoofed pretending from the dean to the victims for a PeopleSoft training that they must take with a link to the site Fake Website: Victims entered their PeopleSoft credentials; took those credentials and logged into the institution s PeopleSoft site which happens to be externally facing.

21 Compliance vs. Security Annual grind is to become compliant with the numerous regulations Compliance and security are VERY DIFFERENT!! Implement security from the very foundation

22 Cloud Computing All about VENDOR MANAGEMENT Compliance is key Ensure that cloud computing companies comply with regulations (e.g. HIPAA, PCI, and GLBA) Compliance risk assessment

23 COUNTERMEASURES

24 Fight the DDoS Load Balancing Throttling Honeypots

25 Breach Health Check-ups Timely checkups for security breaches Bring in professionals who will analyze your network Large Organizations -> Once a quarter Smaller Organizations -> At least every six months

26 Data Assurance Data Destruction Origin of Data Data in Transit Identify and track the life cycle of information in the organization Ensure it is properly secured throughout the entire life cycle Data leakage prevention

27 Audits and Assessments Regular penetration testing Configuration assessments Patches, patches, patches!! Social Engineering Tests Physical Intrusion Tests Preventative Policies

28 Security Awareness Training

29 You re Not Alone Educause FBI College and University Security Effort (CAUSE) Multiple Tools

30 THE SECURITY OF YOUR ENTIRE INSTITUTION IS AS GOOD AS YOUR WEAKEST LINK!

31 Your go to advisors for all matters in information security. 800 S Douglas Road #940 Coral Gables, FL Phone:

Real World Healthcare Security Exposures. Brian Selfridge, Partner, Meditology Services

Real World Healthcare Security Exposures. Brian Selfridge, Partner, Meditology Services Real World Healthcare Security Exposures Brian Selfridge, Partner, Meditology Services 2 Agenda Introduction Background and Industry Context Anatomy of a Pen Test Top 10 Healthcare Security Exposures Lessons

More information

Section 12 MUST BE COMPLETED BY: 4/22

Section 12 MUST BE COMPLETED BY: 4/22 Test Out Online Lesson 12 Schedule Section 12 MUST BE COMPLETED BY: 4/22 Section 12.1: Best Practices This section discusses the following security best practices: Implement the Principle of Least Privilege

More information

Data Security Breach. How to Respond

Data Security Breach. How to Respond Data Security Breach How to Respond About ERM About The Speaker Information Security Director at ERM CISSP, CISA, CRISC, PCIP, PCI-QSA Core Experience: Information Assurance Computer Forensics Penetration

More information

Information Security Addressing Your Advanced Threats

Information Security Addressing Your Advanced Threats Information Security Addressing Your Advanced Threats Where We are Going Information Security Landscape The Threats You Face How To Protect Yourself This Will Not Be Boring What Is Information Security?

More information

SECURING YOUR SMALL BUSINESS. Principles of information security and risk management

SECURING YOUR SMALL BUSINESS. Principles of information security and risk management SECURING YOUR SMALL BUSINESS Principles of information security and risk management The challenge Information is one of the most valuable assets of any organization public or private, large or small and

More information

Ed Ferrara, MSIA, CISSP eferrara@temple.edu. Fox School of Business

Ed Ferrara, MSIA, CISSP eferrara@temple.edu. Fox School of Business MIS 5208 Week 4 Cybersecurity & Fraud Ed Ferrara, MSIA, CISSP eferrara@temple.edu Hacking Source: www.youtube.com Computer Crime A cyber breach is any event that intentionally or unintentionally causes

More information

Hack Proof Your Webapps

Hack Proof Your Webapps Hack Proof Your Webapps About ERM About the speaker Web Application Security Expert Enterprise Risk Management, Inc. Background Web Development and System Administration Florida International University

More information

Information Security for the Rest of Us

Information Security for the Rest of Us Secure Your Way Forward. AuditWest.com Information Security for the Rest of Us Practical Advice for Small Businesses Brian Morkert President and Chief Consultant 1 Introduction President Audit West IT

More information

Social Engineering. Hacking Human Nature

Social Engineering. Hacking Human Nature Social Engineering Hacking Human Nature About ERM About The Speakers Stacey Blau Physical Security Penetration Expert with Enterprise Risk Management, Inc. B.S. from MIT in Mathematics and Computer Science

More information

Who Drives Cybersecurity in Your Business? Milan Patel, K2 Intelligence. AIBA Quarterly Meeting September 10, 2015

Who Drives Cybersecurity in Your Business? Milan Patel, K2 Intelligence. AIBA Quarterly Meeting September 10, 2015 Who Drives Cybersecurity in Your Business? Milan Patel, K2 Intelligence AIBA Quarterly Meeting September 10, 2015 The Answer 2 Everyone The relationship between the board, C-suite, IT, and compliance leaders

More information

What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things.

What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things. What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things. AGENDA Current State of Information Security Data Breach Statics Data Breach Case Studies Why current

More information

SecurityMetrics Vision whitepaper

SecurityMetrics Vision whitepaper SecurityMetrics Vision whitepaper 1 SecurityMetrics Vision: Network Threat Sensor for Small Businesses Small Businesses at Risk for Data Theft Small businesses are the primary target for card data theft,

More information

Emerging Network Security Threats and what they mean for internal auditors. December 11, 2013 John Gagne, CISSP, CISA

Emerging Network Security Threats and what they mean for internal auditors. December 11, 2013 John Gagne, CISSP, CISA Emerging Network Security Threats and what they mean for internal auditors December 11, 2013 John Gagne, CISSP, CISA 0 Objectives Emerging Risks Distributed Denial of Service (DDoS) Attacks Social Engineering

More information

KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES. www.kaspersky.com

KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES. www.kaspersky.com KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES www.kaspersky.com EXPERT SERVICES Expert Services from Kaspersky Lab are exactly that the services of our in-house experts, many of them global

More information

Where every interaction matters.

Where every interaction matters. Where every interaction matters. Peer 1 Vigilant Web Application Firewall Powered by Alert Logic The Open Web Application Security Project (OWASP) Top Ten Web Security Risks and Countermeasures White Paper

More information

Global Security Report 2011

Global Security Report 2011 Global Security Report 2011 Charles Henderson Director of Application Security Services Trustwave s SpiderLabs Agenda Introduction Incident Response Investigations Malware Statistics Attack Vector Evolution

More information

Cyber Security, Fraud and Corporate Account Takeovers LBA Bank Counsel Conference December 2014

Cyber Security, Fraud and Corporate Account Takeovers LBA Bank Counsel Conference December 2014 Cyber Security, Fraud and Corporate Account Takeovers LBA Bank Counsel Conference December 2014 Lisa D. Traina, CPA, CITP, CGMA Lisa Traina utilizes her 30+ years of experience as a CPA, CITP and CGMA

More information

Locking Down the Cloud for Healthcare. Kurt Hagerman Chief Information Security Officer

Locking Down the Cloud for Healthcare. Kurt Hagerman Chief Information Security Officer Locking Down the Cloud for Healthcare Kurt Hagerman Chief Information Security Officer SECURITY TRENDS Healthcare businesses are fighting REAL threats Threats are growing over time by percent of breaches

More information

Cyber Security 2014 SECURE BANKING SOLUTIONS, LLC

Cyber Security 2014 SECURE BANKING SOLUTIONS, LLC Cyber Security CHAD KNUTSON SECURE BANKING SOLUTIONS 2014 SECURE BANKING SOLUTIONS, LLC Presenter Chad Knutson Senior Information Security Consultant Masters in Information Assurance CISSP (Certified Information

More information

External Supplier Control Requirements

External Supplier Control Requirements External Supplier Control s Cyber Security For Suppliers Categorised as Low Cyber Risk 1. Asset Protection and System Configuration Barclays Data and the assets or systems storing or processing it must

More information

Financial Implications of Cybercrime Meeting the Information Security Management Challenge in the Cyber-Age

Financial Implications of Cybercrime Meeting the Information Security Management Challenge in the Cyber-Age Financial Implications of Cybercrime Meeting the Information Security Management Challenge in the Cyber-Age Southern California Association for Financial Professionals February 14, 2014 Stan Stahl, Ph.D.

More information

WHITE PAPER. The Need for Wireless Intrusion Prevention in Retail Networks

WHITE PAPER. The Need for Wireless Intrusion Prevention in Retail Networks WHITE PAPER The Need for Wireless Intrusion Prevention in Retail Networks The Need for Wireless Intrusion Prevention in Retail Networks Firewalls and VPNs are well-established perimeter security solutions.

More information

KEY STEPS FOLLOWING A DATA BREACH

KEY STEPS FOLLOWING A DATA BREACH KEY STEPS FOLLOWING A DATA BREACH Introduction This document provides key recommended steps to be taken following the discovery of a data breach. The document does not constitute an exhaustive guideline,

More information

Is your Organization SAFE?

Is your Organization SAFE? Is your Organization SAFE? About Enterprise Risk Management (ERM) About The Presenter Mike Sanchez, Senior Vice President at ERM Captain, USMC (Ret.) COBIT 5 Certified Possesses over 20 years of experience

More information

93% of large organisations and 76% of small businesses

93% of large organisations and 76% of small businesses innersecurity INFORMATION SECURITY Information Security Services 93% of large organisations and 76% of small businesses suffered security breaches in the last year. * Cyber attackers were the main cause.

More information

2012 Data Breach Investigations Report

2012 Data Breach Investigations Report 2012 Data Breach Investigations Report A study conducted by the Verizon RISK Team with cooperation from the Australian Federal Police, Dutch National High Tech Crime Unit, Irish Reporting & Information

More information

Cybersecurity Demystified: Information Technology Security Trends. Joe Oleksak, Plante Moran

Cybersecurity Demystified: Information Technology Security Trends. Joe Oleksak, Plante Moran Cybersecurity Demystified: Information Technology Security Trends Joe Oleksak, Plante Moran Agenda Data Security Trends Example Attacks Industry Examples An Answer 1 Who Are The Victims? Targets - victims

More information

CompTIA Security+ (Exam SY0-410)

CompTIA Security+ (Exam SY0-410) CompTIA Security+ (Exam SY0-410) Length: Location: Language(s): Audience(s): Level: Vendor: Type: Delivery Method: 5 Days 182, Broadway, Newmarket, Auckland English, Entry Level IT Professionals Intermediate

More information

Analyzing Security for Retailers An analysis of what retailers can do to improve their network security

Analyzing Security for Retailers An analysis of what retailers can do to improve their network security Analyzing Security for Retailers An analysis of what retailers can do to improve their network security Clone Systems Business Security Intelligence Properly Secure Every Business Network Executive Summary

More information

DATA SECURITY HACKS, HIPAA AND HUMAN RISKS

DATA SECURITY HACKS, HIPAA AND HUMAN RISKS DATA SECURITY HACKS, HIPAA AND HUMAN RISKS MSCPA HEALTH CARE SERVICES SEMINAR Ken Miller, CPA, CIA, CRMA, CHC, CISA Senior Manager, Healthcare HORNE LLP September 25, 2015 AGENDA 2015 The Year of the Healthcare

More information

Cyber Security An Exercise in Predicting the Future

Cyber Security An Exercise in Predicting the Future Cyber Security An Exercise in Predicting the Future Paul Douglas, August 25, 2014 AUDIT & ACCOUNTING + CONSULTING + TAX SERVICES + TECHNOLOGY I www.pncpa.com I www.pntech.net What is Cyber Security? Measures

More information

Cal Poly PCI DSS Compliance Training and Information. Information Security http://security.calpoly.edu 1

Cal Poly PCI DSS Compliance Training and Information. Information Security http://security.calpoly.edu 1 Cal Poly PCI DSS Compliance Training and Information Information Security http://security.calpoly.edu 1 Training Objectives Understanding PCI DSS What is it? How to comply with requirements Appropriate

More information

Presentation for : The New England Board of Higher Education. Hot Topics in IT Security and Data Privacy

Presentation for : The New England Board of Higher Education. Hot Topics in IT Security and Data Privacy Presentation for : The New England Board of Higher Education Hot Topics in IT Security and Data Privacy October 22, 2010 Rocco Grillo, CISSP Managing Director Protiviti Inc. Quote of the Day "It takes

More information

The Business Case for Security Information Management

The Business Case for Security Information Management The Essentials Series: Security Information Management The Business Case for Security Information Management sponsored by by Dan Sullivan Th e Business Case for Security Information Management... 1 Un

More information

Security Awareness For Server Administrators. State of Illinois Central Management Services Security and Compliance Solutions

Security Awareness For Server Administrators. State of Illinois Central Management Services Security and Compliance Solutions Security Awareness For Server Administrators State of Illinois Central Management Services Security and Compliance Solutions Purpose and Scope To present a best practice approach to securing your servers

More information

CYBERTRON NETWORK SOLUTIONS

CYBERTRON NETWORK SOLUTIONS CYBERTRON NETWORK SOLUTIONS CybertTron Certified Ethical Hacker (CT-CEH) CT-CEH a Certification offered by CyberTron @Copyright 2015 CyberTron Network Solutions All Rights Reserved CyberTron Certified

More information

Course Content Summary ITN 261 Network Attacks, Computer Crime and Hacking (4 Credits)

Course Content Summary ITN 261 Network Attacks, Computer Crime and Hacking (4 Credits) Page 1 of 6 Course Content Summary ITN 261 Network Attacks, Computer Crime and Hacking (4 Credits) TNCC Cybersecurity Program web page: http://tncc.edu/programs/cyber-security Course Description: Encompasses

More information

10 Smart Ideas for. Keeping Data Safe. From Hackers

10 Smart Ideas for. Keeping Data Safe. From Hackers 0100101001001010010001010010101001010101001000000100101001010101010010101010010100 0100101001001010010001010010101001010101001000000100101001010101010010101010010100000 0100101001001010010001010010101001010101001000000100101001010101010010101010010100000

More information

WEB ATTACKS AND COUNTERMEASURES

WEB ATTACKS AND COUNTERMEASURES WEB ATTACKS AND COUNTERMEASURES February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in

More information

SECURITY CONSIDERATIONS FOR LAW FIRMS

SECURITY CONSIDERATIONS FOR LAW FIRMS SECURITY CONSIDERATIONS FOR LAW FIRMS Enterprise Risk Management Professional consulting firm that specializes in cyber security Founded in 1998 in Miami, Florida Serves more than 150 clients, locally,

More information

SESSION 507 Thursday, March 26, 11:15 AM - 12:15 PM Track: Desktop Support

SESSION 507 Thursday, March 26, 11:15 AM - 12:15 PM Track: Desktop Support SESSION 507 Thursday, March 26, 11:15 AM - 12:15 PM Track: Desktop Support Desktop Support and Data Breaches: The Unknown Dangers Bryan Hood Senior Solutions Engineer, Bomgar bhood@bomgar.com Session Description

More information

INFORMATION SECURITY FOR YOUR AGENCY

INFORMATION SECURITY FOR YOUR AGENCY INFORMATION SECURITY FOR YOUR AGENCY Presenter: Chad Knutson Secure Banking Solutions, LLC CONTACT INFORMATION Dr. Kevin Streff Professor at Dakota State University Director - National Center for the Protection

More information

Cybercrime myths, challenges and how to protect our business. Vladimir Kantchev Managing Partner Service Centrix

Cybercrime myths, challenges and how to protect our business. Vladimir Kantchev Managing Partner Service Centrix Cybercrime myths, challenges and how to protect our business Vladimir Kantchev Managing Partner Service Centrix Agenda Cybercrime today Sources and destinations of the attacks Breach techniques How to

More information

Digital Barracuda Information Security Reports that the Risk from Viruses and Worms is Only the Tip of the Iceberg FACT SHEET

Digital Barracuda Information Security Reports that the Risk from Viruses and Worms is Only the Tip of the Iceberg FACT SHEET Digital Barracuda Information Security Worms is Only the Tip FACT SHEET from Viruses and Worms is Only the Tip Do you have security with teeth? You had better, because if the worms don t get you, the viruses

More information

CYBERSECURITY HOT TOPICS

CYBERSECURITY HOT TOPICS 1 CYBERSECURITY HOT TOPICS Secure Banking Solutions 2 Presenter Chad Knutson VP SBS Institute Senior Information Security Consultant Masters in Information Assurance CISSP, CISA, CRISC www.protectmybank.com

More information

Cyber Security for Non- Profit Organizations. Scott Lawler CISSP- ISSAP, ISSMP, HCISPP Copyright 2015 LP3

Cyber Security for Non- Profit Organizations. Scott Lawler CISSP- ISSAP, ISSMP, HCISPP Copyright 2015 LP3 Cyber Security for Non- Profit Organizations Scott Lawler CISSP- ISSAP, ISSMP, HCISPP Copyright 2015 LP3 May 2015 Agenda IT Security Basics e- Discovery Compliance Legal Risk Disaster Plans Non- Profit

More information

How a Company s IT Systems Can Be Breached Despite Strict Security Protocols

How a Company s IT Systems Can Be Breached Despite Strict Security Protocols How a Company s IT Systems Can Be Breached Despite Strict Security Protocols Brian D. Huntley, CISSP, PMP, CBCP, CISA Senior Information Security Advisor Information Security Officer, IDT911 Overview Good

More information

A Decision Maker s Guide to Securing an IT Infrastructure

A Decision Maker s Guide to Securing an IT Infrastructure A Decision Maker s Guide to Securing an IT Infrastructure A Rackspace White Paper Spring 2010 Summary With so many malicious attacks taking place now, securing an IT infrastructure is vital. The purpose

More information

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including: IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including: 1. IT Cost Containment 84 topics 2. Cloud Computing Readiness 225

More information

If you know the enemy and know yourself, you need not fear the result of a hundred battles.

If you know the enemy and know yourself, you need not fear the result of a hundred battles. Rui Pereira,B.Sc.(Hons),CIPS ISP/ITCP,CISSP,CISA,CWNA/CWSP,CPTE/CPTC Principal Consultant, WaveFront Consulting Group ruiper@wavefrontcg.com 1 (604) 961-0701 If you know the enemy and know yourself, you

More information

A Systems Engineering Approach to Developing Cyber Security Professionals

A Systems Engineering Approach to Developing Cyber Security Professionals A Systems Engineering Approach to Developing Cyber Security Professionals D r. J e r r y H i l l Approved for Public Release; Distribution Unlimited. 13-3793 2013 The MITRE Corporation. All rights reserved.

More information

Why The Security You Bought Yesterday, Won t Save You Today

Why The Security You Bought Yesterday, Won t Save You Today 9th Annual Courts and Local Government Technology Conference Why The Security You Bought Yesterday, Won t Save You Today Ian Robertson Director of Information Security Michael Gough Sr. Risk Analyst About

More information

Vulnerability and Threat Management and Prevention

Vulnerability and Threat Management and Prevention A1 Vulnerability and Threat Management and Prevention Weston Hecker Security Expert With KLJ Systems Network Analyst/Penetration Tester/President Of Computer Security Association Of North Dakota Slide

More information

Securing Virtual Desktop Infrastructures with Strong Authentication

Securing Virtual Desktop Infrastructures with Strong Authentication Securing Virtual Desktop Infrastructures with Strong Authentication whitepaper Contents VDI Access Security Loopholes... 2 Secure Access to Virtual Desktop Infrastructures... 3 Assessing Strong Authentication

More information

Fundamentals of Information Systems Security Unit 1 Information Systems Security Fundamentals

Fundamentals of Information Systems Security Unit 1 Information Systems Security Fundamentals Fundamentals of Information Systems Security Unit 1 Information Systems Security Fundamentals Learning Objective Explain the concepts of information systems security (ISS) as applied to an IT infrastructure.

More information

How Security Testing can ensure Your Mobile Application Security. Yohannes, CEHv8, ECSAv8, ISE, OSCP(PWK) Information Security Consultant

How Security Testing can ensure Your Mobile Application Security. Yohannes, CEHv8, ECSAv8, ISE, OSCP(PWK) Information Security Consultant How Security Testing can ensure Your Mobile Application Security Yohannes, CEHv8, ECSAv8, ISE, OSCP(PWK) Information Security Consultant Once More Consulting & Advisory Services IT Governance IT Strategic

More information

Fraud Threat Intelligence

Fraud Threat Intelligence About ERM About The Speaker Safe Browsing, Monitoring Services Product Manager, Easy Solutions Inc. 8+ years anti-fraud, fraud risk, and security intelligence programs Previously licensed Securities Principle

More information

Presented by Evan Sylvester, CISSP

Presented by Evan Sylvester, CISSP Presented by Evan Sylvester, CISSP Who Am I? Evan Sylvester FAST Information Security Officer MBA, Texas State University BBA in Management Information Systems at the University of Texas Certified Information

More information

Anthony Minnaar Dept of Criminology & Security Science School of Criminal Justice College of Law University of South Africa

Anthony Minnaar Dept of Criminology & Security Science School of Criminal Justice College of Law University of South Africa SECURING THE DIGITAL DIVIDE: COMBATING CYBERCRIME Anthony Minnaar Dept of Criminology & Security Science School of Criminal Justice College of Law University of South Africa INTRODUCTION q Given modern

More information

CEH Version8 Course Outline

CEH Version8 Course Outline CEH Version8 Course Outline Module 01: Introduction to Ethical Hacking Information Security Overview Information Security Threats and Attack Vectors Hacking Concepts Hacking Phases Types of Attacks Information

More information

Cyber Security Metrics Dashboards & Analytics

Cyber Security Metrics Dashboards & Analytics Cyber Security Metrics Dashboards & Analytics Feb, 2014 Robert J. Michalsky Principal, Cyber Security NJVC, LLC Proprietary Data UNCLASSIFIED Agenda Healthcare Sector Threats Recent History Security Metrics

More information

Ethical Hacking Course Layout

Ethical Hacking Course Layout Ethical Hacking Course Layout Introduction to Ethical Hacking o What is Information Security? o Problems faced by the Corporate World o Why Corporate needs Information Security? Who is a Hacker? o Type

More information

Penetration Testing - a way for improving our cyber security

Penetration Testing - a way for improving our cyber security OWASP EU Tour Bucharest 2013 The OWASP Foundation http://www.owasp.org Penetration Testing - a way for improving our cyber security Adrian Furtunǎ, PhD, OSCP, CEH adif2k8@gmail.com Copyright The OWASP

More information

RLI PROFESSIONAL SERVICES GROUP PROFESSIONAL LEARNING EVENT PSGLE 123. Cybersecurity: A Growing Concern for Small Businesses

RLI PROFESSIONAL SERVICES GROUP PROFESSIONAL LEARNING EVENT PSGLE 123. Cybersecurity: A Growing Concern for Small Businesses RLI PROFESSIONAL SERVICES GROUP PROFESSIONAL LEARNING EVENT PSGLE 123 Cybersecurity: A Growing Concern for Small Businesses Copyright Materials This presentation is protected by US and International Copyright

More information

DATA SECURITY & PCI DSS COMPLIANCE PROTECTING CUSTOMER DATA

DATA SECURITY & PCI DSS COMPLIANCE PROTECTING CUSTOMER DATA DATA SECURITY & PCI DSS COMPLIANCE PROTECTING CUSTOMER DATA WHAT IS PCI DSS? PAYMENT CARD INDUSTRY DATA SECURITY STANDARD A SET OF REQUIREMENTS FOR ANY ORGANIZATION OR MERCHANT THAT ACCEPTS, TRANSMITS

More information

AUTHOR CONTACT DETAILS

AUTHOR CONTACT DETAILS AUTHOR CONTACT DETAILS Name Dinesh Shetty Profile Information Security Consultant Email ID dinesh.shetty@live.com Social Engineering Cyber security is an increasingly serious issue for the complete world

More information

Into the cybersecurity breach

Into the cybersecurity breach Into the cybersecurity breach Tim Sanouvong State Sector Cyber Risk Services Deloitte & Touche LLP April 3, 2015 Agenda Setting the stage Cyber risks in state governments Cyber attack vectors Preparing

More information

Data Management & Protection: Common Definitions

Data Management & Protection: Common Definitions Data Management & Protection: Common Definitions Document Version: 5.5 Effective Date: April 4, 2007 Original Issue Date: April 4, 2007 Most Recent Revision Date: November 29, 2011 Responsible: Alan Levy,

More information

Web Application Security. Vulnerabilities, Weakness and Countermeasures. Massimo Cotelli CISSP. Secure

Web Application Security. Vulnerabilities, Weakness and Countermeasures. Massimo Cotelli CISSP. Secure Vulnerabilities, Weakness and Countermeasures Massimo Cotelli CISSP Secure : Goal of This Talk Security awareness purpose Know the Web Application vulnerabilities Understand the impacts and consequences

More information

Belmont Savings Bank. Are there Hackers at the gate? 2013 Wolf & Company, P.C.

Belmont Savings Bank. Are there Hackers at the gate? 2013 Wolf & Company, P.C. Belmont Savings Bank Are there Hackers at the gate? 2013 Wolf & Company, P.C. MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2013 Wolf & Company, P.C. About Wolf & Company, P.C.

More information

Network/Cyber Security

Network/Cyber Security Network/Cyber Security SCAMPS Annual Meeting 2015 Joe Howland,VC3 Source: http://www.information-age.com/technology/security/123458891/how-7-year-old-girl-hacked-public-wi-fi-network-10-minutes Security

More information

COURSE NAME: INFORMATION SECURITY INTERNSHIP PROGRAM

COURSE NAME: INFORMATION SECURITY INTERNSHIP PROGRAM COURSE NAME: INFORMATION SECURITY INTERNSHIP PROGRAM Course Description This is the Information Security Training program. The Training provides you Penetration Testing in the various field of cyber world.

More information

1. For each of the 25 questions, multiply each question response risk value (1-5) by the number of times it was chosen by the survey takers.

1. For each of the 25 questions, multiply each question response risk value (1-5) by the number of times it was chosen by the survey takers. Employee Security Awareness Survey Trenton Bond trent.bond@gmail.com Admin - Version 1.3 Security Awareness One of the most significant security risks that organizations and corporations face today is

More information

PCI Compliance Updates

PCI Compliance Updates PCI Compliance Updates E-Commerce / Cloud Security Adam Goslin, Chief Operations Officer AGoslin@HighBitSecurity.com Direct: 248.388.4328 PCI Guidance Google: PCI e-commerce guidance https://www.pcisecuritystandards.org/pdfs/pci_dss_v2_ecommerce_guidelines.pdf

More information

TRAINING SERVICES elearning

TRAINING SERVICES elearning SECURELY ENABLING BUSINESS Securely Enabling Your Business TRAINING SERVICES elearning Engaging and Effective Overview FishNet Security s Training Services team offers engaging, interactive elearning courses

More information

Jort Kollerie SonicWALL

Jort Kollerie SonicWALL Jort Kollerie Cloud 85% of businesses said their organizations will use cloud tools moderately to extensively in the next 3 years. 68% of spend in private cloud solutions. - Bain and Dell 3 Confidential

More information

TRAINING SERVICES elearning

TRAINING SERVICES elearning Securely Enabling Your Business TRAINING SERVICES elearning Engaging and Effective Overview FishNet Security s Training Services team offers engaging, interactive elearning courses that cover a range of

More information

ETHICAL HACKING 010101010101APPLICATIO 00100101010WIRELESS110 00NETWORK1100011000 101001010101011APPLICATION0 1100011010MOBILE0001010 10101MOBILE0001

ETHICAL HACKING 010101010101APPLICATIO 00100101010WIRELESS110 00NETWORK1100011000 101001010101011APPLICATION0 1100011010MOBILE0001010 10101MOBILE0001 001011 1100010110 0010110001 010110001 0110001011000 011000101100 010101010101APPLICATIO 0 010WIRELESS110001 10100MOBILE00010100111010 0010NETW110001100001 10101APPLICATION00010 00100101010WIRELESS110

More information

The 9 Best Practices for Network Security for Banks in 2009. Sponsored by April 14, 2009 Gary S. Miliefsky, President NetClarity, Inc.

The 9 Best Practices for Network Security for Banks in 2009. Sponsored by April 14, 2009 Gary S. Miliefsky, President NetClarity, Inc. The 9 Best Practices for Network Security for Banks in 2009 Sponsored by April 14, 2009 Gary S. Miliefsky, President NetClarity, Inc. 2009, NetClarity, Inc. Reprinted with permission, exclusively for the

More information

Auditing After a Cyber Attack JAX IIA Chapter Meeting Cybersecurity and Law Enforcement

Auditing After a Cyber Attack JAX IIA Chapter Meeting Cybersecurity and Law Enforcement Auditing After a Cyber Attack JAX IIA Chapter Meeting Cybersecurity and Law Enforcement Copyright Elevate Consult LLC. All Rights Reserved 1 Presenter Ray Guzman MBA, CISSP, CGEIT, CRISC, CISA Over 25

More information

Defensible Strategy To. Cyber Incident Response

Defensible Strategy To. Cyber Incident Response Cyber Incident Response Defensible Strategy To Cyber Incident Response Cyber Incident Response Plans Every company should develop a written plan (cyber incident response plan) that identifies cyber attack

More information

Certified Ethical Hacker Exam 312-50 Version Comparison. Version Comparison

Certified Ethical Hacker Exam 312-50 Version Comparison. Version Comparison CEHv8 vs CEHv7 CEHv7 CEHv8 19 Modules 20 Modules 90 Labs 110 Labs 1700 Slides 1770 Slides Updated information as per the latest developments with a proper flow Classroom friendly with diagrammatic representation

More information

Protecting Sensitive Data Reducing Risk with Oracle Database Security

Protecting Sensitive Data Reducing Risk with Oracle Database Security Protecting Sensitive Data Reducing Risk with Oracle Database Security Antonio.Mata.Gomez@oracle.com Information Security Architect Agenda 1 2 Anatomy of an Attack Three Steps to Securing an Oracle Database

More information

Sitefinity Security and Best Practices

Sitefinity Security and Best Practices Sitefinity Security and Best Practices Table of Contents Overview The Ten Most Critical Web Application Security Risks Injection Cross-Site-Scripting (XSS) Broken Authentication and Session Management

More information

A Network Administrator s Guide to Web App Security

A Network Administrator s Guide to Web App Security A Network Administrator s Guide to Web App Security Speaker: Orion Cassetto, Product Marketing Manager, Incapsula Moderator: Rich Nass, OpenSystems Media Agenda Housekeeping Presentation Questions and

More information

CNA NetProtect Essential SM. 1. Do you implement virus controls and filtering on all systems? Background:

CNA NetProtect Essential SM. 1. Do you implement virus controls and filtering on all systems? Background: 1. Do you implement virus controls and filtering on all systems? Anti-Virus anti-virus software packages look for patterns in files or memory that indicate the possible presence of a known virus. Anti-virus

More information

Penetration testing & Ethical Hacking. Security Week 2014

Penetration testing & Ethical Hacking. Security Week 2014 Penetration testing & Ethical Hacking Security Week 2014 Agenda Penetration Testing Vulnerability Scanning Social engineering Security Services offered by Endava 2 3 Who I am Catanoi Maxim Information

More information

Chapter 6: Fundamental Cloud Security

Chapter 6: Fundamental Cloud Security Chapter 6: Fundamental Cloud Security Nora Almezeini MIS Department, CBA, KSU From Cloud Computing by Thomas Erl, Zaigham Mahmood, and Ricardo Puttini(ISBN: 0133387526) Copyright 2013 Arcitura Education,

More information

Top Five Ways to Protect Your Network. A MainNerve Whitepaper

Top Five Ways to Protect Your Network. A MainNerve Whitepaper A MainNerve Whitepaper Overview The data security challenges within the business world have never been as challenging as they are today. Not only must organizations providers comply with stringent State

More information

全 球 資 安 剖 析, 您 做 確 實 了 嗎? Albert Yung Barracuda Networks

全 球 資 安 剖 析, 您 做 確 實 了 嗎? Albert Yung Barracuda Networks 全 球 資 安 剖 析, 您 做 確 實 了 嗎? Albert Yung Barracuda Networks Agenda Challenges and PCI DSS 3.0 Updates Personal Information Protection Act Strategy to Protect against leak of Confidential Personal and Corporate

More information

AUDIT TAX SYSTEMS ADVISORY

AUDIT TAX SYSTEMS ADVISORY AUDIT TAX SYSTEMS ADVISORY Presented by: Jim Rumph Introduction JIM RUMPH, CISA Systems Manager Jim is a graduate of the University of Georgia with a Bachelor of Business Administration in Accounting and

More information

Information Security and Risk Management

Information Security and Risk Management Information Security and Risk Management COSO and COBIT Standards and Requirements Page 1 Topics Information Security Industry Standards and COBIT Framework Relation to COSO Internal Control Risk Management

More information

Jumpstarting Your Security Awareness Program

Jumpstarting Your Security Awareness Program Jumpstarting Your Security Awareness Program Michael Holcomb Director, Information Security HO20110473 1 Jumpstarting Your Security Awareness Program Classification: Confidential Owner: Michael Holcomb

More information

Passing PCI Compliance How to Address the Application Security Mandates

Passing PCI Compliance How to Address the Application Security Mandates Passing PCI Compliance How to Address the Application Security Mandates The Payment Card Industry Data Security Standards includes several requirements that mandate security at the application layer. These

More information

Guide to Preventing Social Engineering Fraud

Guide to Preventing Social Engineering Fraud Guide to Preventing Social Engineering Fraud GUIDE TO PREVENTING SOCIAL ENGINEERING FRAUD CONTENTS Social Engineering Fraud Fundamentals and Fraud Strategies... 4 The Psychology of Social Engineering (And

More information

A Rackspace White Paper Spring 2010

A Rackspace White Paper Spring 2010 Achieving PCI DSS Compliance with A White Paper Spring 2010 Summary The Payment Card Industry Data Security Standard (PCI DSS) is a global information security standard defined by the Payment Card Industry

More information

GFI White Paper PCI-DSS compliance and GFI Software products

GFI White Paper PCI-DSS compliance and GFI Software products White Paper PCI-DSS compliance and Software products The Payment Card Industry Data Standard () compliance is a set of specific security standards developed by the payment brands* to help promote the adoption

More information

BYOD: End-to-End Security

BYOD: End-to-End Security BYOD: End-to-End Security Alen Lo MBA(CUHK), BSc(HKU), CISA, CCP, CISSP, CISM, CEH IRCA Certified ISMS Lead Auditor, itsmf ISO 20000 Auditor Principal Consultant i-totalsecurity Consulting Limited alenlo@n2nsecurity.com

More information

The Top Web Application Attacks: Are you vulnerable?

The Top Web Application Attacks: Are you vulnerable? QM07 The Top Web Application Attacks: Are you vulnerable? John Burroughs, CISSP Sr Security Architect, Watchfire Solutions jburroughs@uk.ibm.com Agenda Current State of Web Application Security Understanding

More information

TEMPLE UNIVERSITY POLICIES AND PROCEDURES MANUAL

TEMPLE UNIVERSITY POLICIES AND PROCEDURES MANUAL TEMPLE UNIVERSITY POLICIES AND PROCEDURES MANUAL Title: Computer and Network Security Policy Policy Number: 04.72.12 Effective Date: November 4, 2003 Issuing Authority: Office of the Vice President for

More information