Cognitive Bias and Critical Thinking in Open Source Intelligence (OSINT)
|
|
|
- Merilyn Gilmore
- 9 years ago
- Views:
Transcription
1 Cognitive Bias and Critical Thinking in Open Source Intelligence (OSINT)
2 Benjamin Brown Akamai Technologies Security Architecture * Law Enforcement Engagement * Systems Safety * Threat Intelligence * Security Research - Novel Attack Vectors - Multilayered Attacks
3 Coming To Terms - Cognitive Biases - Open Source Intelligence - Intelligence Analysis - Metacognition - Critical Thinking - Frameworks for Structured Analysis
4
5 Why We Care Actionable Intelligence - Accurate conclusions - Properly framed Cognitive Biases (faulty heuristics) - Can lead to inaccurate conclusions Metacognition and Critical Thinking - Recognize and correct for cognitive biases - Arrive at more accurate solutions more often
6 Why We Care Bad Data Biased Analysis False Conclusions Bad Intelligence
7 Why We Care
8 Open Source Intelligence (OSINT)
9 Defining OSINT "Intelligence produced from publicly available information" Army Techniques Publication (ATP), Open-Source Intelligence, July 2012.
10 Defining OSINT Typical Quality of Publicly Available Information:
11 Intelligence vs Information - Timely - Relevant - Actionable VS
12 OSINT Sources - Search engines - Social networks - Communication services - E-commerce site profiles - Business / tax records - Media
13 OSINT Tools - Recon-ng - ExifTool - theharvester - Maltego - Cree.py - fierce.pl - TAPIR - DNSRecon
14 Defining Cognitive Bias
15 Defining Cognitive Bias Note: Emotional, intrinsically cultural, spiritual, or faith-based biases are out of scope.
16 Defining Cognitive Bias - Patterns of subjective judgment. - Simplified information processing strategies. - Subconscious mental procedures for processing information.
17 Defining Cognitive Bias Deduction of color / shade
18 Defining Cognitive Bias Deduction of color / shade
19 Example Types of Cognitive Bias
20 Select Biases Confirmation Bias - Seek out evidence that confirms - Self-fulfilling prophecies - Avoid information supporting competing hypotheses.
21 Select Biases Self-serving Bias - Self-enhancement - Self-preservation - Self-esteem - Social and/or Career Advancement
22 Select Biases Echo Effect - Information repeated by source after source. * Media telephone * Sources obscured * Bandwagon effect * Promotes group-think
23 Select Biases Representativeness - Focus on similarities / Neglect differences
24 Select Biases Representativeness Cont. - Base Rate Neglect
25 Select Biases - Base Rate Neglect Cont. * Deadly Disease X * Afflicts.01% of Population * Cheap diagnostic test that finds the disease in 99.5% of those infected, false-positive rate of only 1.95% * Test = Positive (Oh God I m Dying! 99.5%!!!)
26 Select Biases - Base Rate Neglect Cont. 99.5% likely to find it if you have it % false-positive rate - 1 mill people tested, 100 of which are infected (.01%) - Test accurately identifies 99 of them as infected - BUT 19,500 uninfected receive a false-positive
27 Select Biases Availability Bias - Anecdata (first or second hand) - Topic s trend-power - Censorship - Language(s) of collector / analyst - Маскировка (Maskirovka) * Dezinformatsiia
28 Synthesis
29 Reddit vs. Boston Bombers
30 Reddit vs. Boston Bombers Methodology - Marathon Photos and Videos * not looking at the race - Warped police scanner snippets - Multiple suspects * Social media harassment / cyberstalking - Media outlets ran bad info from Reddit
31 Reddit vs. Boston Bombers
32 Reddit vs. Boston Bombers Bias - Bandwagon effect - Echo effect - Availability bias - Self-serving bias - Confirmation bias
33 Attack Attribution - APT APT: Advanced Persistent Threat = OMFGWTFBBQ CHINA!!1one!!
34 Attack Attribution - APT Evidence - Type of RAT (Remote Administration Tool) - Geo Loc of C2s (Command and Control) - Shared similarities with past APTs - Tool author s (not user s) native language - We re expert researchers, just trust us (Show me your methodology!)
35 Attack Attribution - APT (Vendor) Bias - Confirmation bias - Self-serving bias - Representativeness * Base rate / Population - Availability Bias
36 D0xing
37 White-Knight Syndrome - Suspected Amanda Todd bully - L337 Pro-Scientology hackers: * 59 year-old couple - LEO in Ferguson not involved * Family info used for ID fraud
38 DDoS FUD
39 DDoS FUD - Statistical methodology * Sample size * Length of collection time - Availability bias - Self-serving bias (vendors)
40 Newsweek vs The Creator of Bitcoin
41 Malaysia Airways flight MH370 (Google Maps)
42 Groundwork For Remedy
43 Defining Metacognition Thinking about thinking
44 Defining Critical Thinking - What do I think I know? - How do I think I know it? - When would it not be true?
45 The More You Know Know about cognitive biases. - Difficult to affect that which you don't know you don't know. - Everyone has them, you are not immune or invincible.
46 The More You Know [META INTENSIFIES] Beware The Bias Bias / Bias Blind Spot - Belief that your bias is actually insight
47 The More You Know Dr. Emily Pronin Princeton University - Dept of Psychology Subjects: - Report being less susceptible to bias - Infer bias in others holding contrary opinions Pronin, Emily, et al. PSPB, Vol. 2 No 3, The Bias Blind Spot: Perceptions of Bias in Self Versus Others, March 2002.
48 The More You Know Actively seek out: - Peer review - Diverse, outside expertise - Alternative mindsets
49 Defining Cognitive Bias Similar to optical illusions... [it] remains compelling even when one is fully aware of its nature. Heuer, Richards J., Jr. Psychology of Intelligence Analysis. Washington D.C.: CSI, 1999.
50 Two Frameworks
51 Structures and Frameworks Checklists For Analysts - Defining the problem - Generating hypotheses - Collecting information - Evaluating hypotheses - Selecting the most likely hypothesis - Ongoing monitoring of new information Heuer, Richards J., Jr. Psychology of Intelligence Analysis, Washington D.C.: CSI, 1999.
52 Structures and Frameworks Defining The Problem - Right question - Framing - Audience - Specificity Heuer, Richards J., Jr. Psychology of Intelligence Analysis, Washington D.C.: CSI, 1999.
53 Structures and Frameworks Generating Hypotheses - Identify all plausible hypothesis - Consult peers and outside experts - Do not yet screen out or reject - Consider actor deception or denial Heuer, Richards J., Jr. Psychology of Intelligence Analysis, Washington D.C.: CSI, 1999.
54 Structures and Frameworks Collecting Information - Don t just focus on likely hypothesis - Suspend judgement - Notice /note info gaps Heuer, Richards J., Jr. Psychology of Intelligence Analysis, Washington D.C.: CSI, 1999.
55 Structures and Frameworks Evaluating Hypotheses - Develop arguments against each hypothesis - Check assumptions and their origins - Implement ACH frameworks (Analysis of Competing Hypothesis) Heuer, Richards J., Jr. Psychology of Intelligence Analysis, Washington D.C.: CSI, 1999.
56 Structures and Frameworks Selecting Most Likely Hypothesis - Least evidence against - Reject don t confirm - Note alternate hypotheses Heuer, Richards J., Jr. Psychology of Intelligence Analysis, Washington D.C.: CSI, 1999.
57 Structures and Frameworks Ongoing Monitoring - Add data sources - Plug-in alternate hypotheses - Keep conclusions tentative Heuer, Richards J., Jr. Psychology of Intelligence Analysis, Washington D.C.: CSI, 1999.
58 Structured Analytic Techniques for Improving Intelligence Analysis
59 Structures and Frameworks Structured Analytic Techniques for Improving Intelligence Analysis - Diagnostic Techniques - Contrarian Techniques - Imaginative Thinking Techniques US Government, A Tradecraft Primer: Structured Analytic Techniques for Improving Intelligence Analysis, March 2009.
60 Structures and Frameworks Diagnostic Techniques - Key Assumptions Check * What do we think we know? How do we think we know it? - Quality of Information Check - Indicators or Signposts of Change - Analysis of Competing Hypotheses US Government, A Tradecraft Primer: Structured Analytic Techniques for Improving Intelligence Analysis, March 2009.
61 Structures and Frameworks Contrarian Techniques - Devil s Advocacy - Team A / Team B - High-Impact / Low-Probability - What If? Analysis US Government, A Tradecraft Primer: Structured Analytic Techniques for Improving Intelligence Analysis, March 2009.
62 Structures and Frameworks Imaginative Thinking Techniques - Brainstorming - Outside-In Thinking - Red Team Analysis - Alternative Futures Analysis US Government, A Tradecraft Primer: Structured Analytic Techniques for Improving Intelligence Analysis, March 2009.
63 Structures and Frameworks US Government, A Tradecraft Primer: Structured Analytic Techniques for Improving Intelligence Analysis, March 2009.
64 Application
65 Application - Report - Clearly Define * Goals * Sources * Audience * Limitations & Assumptions...
66 Application METHODOLOGY Verizon, Trend Micro, Prolexic, Recorded Future
67 Further Research
68 Further Research - Context * Chrononarcissism and historical context * Socio-cultural and economic context - Unknown unknowns and blindspots - Data originator biases / data supply-chain pressures - Baked-in Bias for OSINT automation tools - Analysis of competing hypotheses (ACH)
69 Suggested Reading - Psychology of Intelligence Analysis, Richards J. Heuer, Jr. - A Tradecraft Primer: Structured Analytic Techniques for Improving Intelligence Analysis, US Government - Judgement in Managerial Decision Making, Max H. Bazerman and Don Moore
70 Contact Me
71 Cognitive Bias and Critical Thinking in Open Source Intelligence (OSINT)
72 Benjamin Brown Akamai Technologies Security Architecture * Law Enforcement Engagement * Systems Safety * Threat Intelligence * Security Research - Novel Attack Vectors - Multilayered Attacks
73 Coming To Terms - Cognitive Biases - Open Source Intelligence - Intelligence Analysis - Metacognition - Critical Thinking - Frameworks for Structured Analysis
74 The terms may layout a So, but we also need a So What
75 Why We Care Actionable Intelligence - Accurate conclusions - Properly framed Cognitive Biases (faulty heuristics) - Can lead to inaccurate conclusions Metacognition and Critical Thinking - Recognize and correct for cognitive biases - Arrive at more accurate solutions more often
76 Why We Care Bad Data Biased Analysis False Conclusions Bad Intelligence
77 Why We Care Think Bay of Pigs
78 Open Source Intelligence (OSINT)
79 Defining OSINT "Intelligence produced from publicly available information" Army Techniques Publication (ATP), Open-Source Intelligence, July 2012.
80 Defining OSINT Typical Quality of Publicly Available Information: You are relying on public information of variable quality to draw important conclusions that you intend to act upon. You damn well better be able to recognize bad information and bad analysis. Including you own!
81 Intelligence vs Information - Timely - Relevant VS - Actionable Information may look interesting, but is it really useful?
82 OSINT Sources - Search engines - Social networks - Communication services - E-commerce site profiles - Business / tax records - Media
83 OSINT Tools - Recon-ng - ExifTool - theharvester - Maltego - Cree.py - fierce.pl - TAPIR - DNSRecon
84 Defining Cognitive Bias
85 Defining Cognitive Bias Note: Emotional, intrinsically cultural, spiritual, or faith-based biases are out of scope.
86 Defining Cognitive Bias - Patterns of subjective judgment. - Simplified information processing strategies. - Subconscious mental procedures for processing information.
87 Defining Cognitive Bias Deduction of color / shade Human brain does not see the colors as they are, but deduces the shade of grey from other information presented.
88 Defining Cognitive Bias Deduction of color / shade Human brain does not see the colors as they are, but deduces the shade of grey from other information presented.
89 Example Types of Cognitive Bias
90 Select Biases Confirmation Bias - Seek out evidence that confirms - Self-fulfilling prophecies - Avoid information supporting competing hypotheses.
91 Select Biases Self-serving Bias - Self-enhancement - Self-preservation - Self-esteem - Social and/or Career Advancement
92 Select Biases Echo Effect - Information repeated by source after source. * Media telephone * Sources obscured * Bandwagon effect * Promotes group-think
93 Select Biases Representativeness - Focus on similarities / Neglect differences
94 Select Biases Representativeness Cont. - Base Rate Neglect Focusing on specific information and neglecting the importance of base rates
95 Select Biases - Base Rate Neglect Cont. * Deadly Disease X * Afflicts.01% of Population * Cheap diagnostic test that finds the disease in 99.5% of those infected, false-positive rate of only 1.95% * Test = Positive (Oh God I m Dying! 99.5%!!!)...But Wait, There s More... Focusing on specific information and neglecting the importance of base rates
96 Select Biases - Base Rate Neglect Cont. 99.5% likely to find it if you have it % false-positive rate - 1 mill people tested, 100 of which are infected (.01%) - Test accurately identifies 99 of them as infected - BUT 19,500 uninfected receive a false-positive (1.95%) Focusing on specific information and neglecting the importance of base rates
97 Select Biases Availability Bias - Anecdata (first or second hand) - Topic s trend-power - Censorship - Language(s) of collector / analyst - Маскировка (Maskirovka) * Dezinformatsiia
98 Synthesis
99 Reddit vs. Boston Bombers
100 Reddit vs. Boston Bombers Methodology - Marathon Photos and Videos * not looking at the race - Warped police scanner snippets - Multiple suspects * Social media harassment / cyberstalking - Media outlets ran bad info from Reddit
101 Reddit vs. Boston Bombers
102 Reddit vs. Boston Bombers Bias - Bandwagon effect - Echo effect - Availability bias - Self-serving bias - Confirmation bias Mad Internet points yo, rolling in the karma
103 Attack Attribution - APT APT: Advanced Persistent Threat = OMFGWTFBBQ CHINA!!1one!!
104 Attack Attribution - APT Evidence - Type of RAT (Remote Administration Tool) - Geo Loc of C2s (Command and Control) - Shared similarities with past APTs - Tool author s (not user s) native language - We re expert researchers, just trust us (Show me your methodology!) RAT - freely available source and compiled binaries Geo Loc services like Maxmind are notoriously unreliable Show Me Your Methodology!!
105 Attack Attribution - APT (Vendor) Bias - Confirmation bias - Self-serving bias - Representativeness * Base rate / Population - Availability Bias Most reports come from Vendors offering anti-apt services
106 D0xing
107 White-Knight Syndrome - Suspected Amanda Todd bully - L337 Pro-Scientology hackers: * 59 year-old couple - LEO in Ferguson not involved * Family info used for ID fraud
108 DDoS FUD
109 DDoS FUD - Statistical methodology * Sample size * Length of collection time - Availability bias - Self-serving bias (vendors)
110 Newsweek vs The Creator of Bitcoin
111 Malaysia Airways flight MH370 (Google Maps)
112 Groundwork For Remedy
113 Defining Metacognition Thinking about thinking
114 Defining Critical Thinking - What do I think I know? - How do I think I know it? - When would it not be true?
115 The More You Know Know about cognitive biases. - Difficult to affect that which you don't know you don't know. - Everyone has them, you are not immune or invincible. If you are familiar with them you are more likely to recognize them in yourself, your data, and others
116 The More You Know [META INTENSIFIES] Beware The Bias Bias / Bias Blind Spot - Belief that your bias is actually insight
117 The More You Know Dr. Emily Pronin Princeton University - Dept of Psychology Subjects: - Report being less susceptible to bias - Infer bias in others holding contrary opinions Pronin, Emily, et al. PSPB, Vol. 2 No 3, The Bias Blind Spot: Perceptions of Bias in Self Versus Others, March 2002.
118 The More You Know Actively seek out: - Peer review - Diverse, outside expertise - Alternative mindsets
119 Defining Cognitive Bias Similar to optical illusions... [it] remains compelling even when one is fully aware of its nature. Heuer, Richards J., Jr. Psychology of Intelligence Analysis. Washington D.C.: CSI, 1999.
120 Two Frameworks
121 Structures and Frameworks Checklists For Analysts - Defining the problem - Generating hypotheses - Collecting information - Evaluating hypotheses - Selecting the most likely hypothesis - Ongoing monitoring of new information Heuer, Richards J., Jr. Psychology of Intelligence Analysis, Washington D.C.: CSI, 1999.
122 Structures and Frameworks Defining The Problem - Right question - Framing - Audience - Specificity Heuer, Richards J., Jr. Psychology of Intelligence Analysis, Washington D.C.: CSI, 1999.
123 Structures and Frameworks Generating Hypotheses - Identify all plausible hypothesis - Consult peers and outside experts - Do not yet screen out or reject - Consider actor deception or denial Heuer, Richards J., Jr. Psychology of Intelligence Analysis, Washington D.C.: CSI, 1999.
124 Structures and Frameworks Collecting Information - Don t just focus on likely hypothesis - Suspend judgement - Notice /note info gaps Heuer, Richards J., Jr. Psychology of Intelligence Analysis, Washington D.C.: CSI, 1999.
125 Structures and Frameworks Evaluating Hypotheses - Develop arguments against each hypothesis - Check assumptions and their origins - Implement ACH frameworks (Analysis of Competing Hypothesis) Heuer, Richards J., Jr. Psychology of Intelligence Analysis, Washington D.C.: CSI, 1999.
126 Structures and Frameworks Selecting Most Likely Hypothesis - Least evidence against - Reject don t confirm - Note alternate hypotheses Heuer, Richards J., Jr. Psychology of Intelligence Analysis, Washington D.C.: CSI, 1999.
127 Structures and Frameworks Ongoing Monitoring - Add data sources - Plug-in alternate hypotheses - Keep conclusions tentative Heuer, Richards J., Jr. Psychology of Intelligence Analysis, Washington D.C.: CSI, 1999.
128 Structured Analytic Techniques for Improving Intelligence Analysis
129 Structures and Frameworks Structured Analytic Techniques for Improving Intelligence Analysis - Diagnostic Techniques - Contrarian Techniques - Imaginative Thinking Techniques US Government, A Tradecraft Primer: Structured Analytic Techniques for Improving Intelligence Analysis, March 2009.
130 Structures and Frameworks Diagnostic Techniques - Key Assumptions Check * What do we think we know? How do we think we know it? - Quality of Information Check - Indicators or Signposts of Change - Analysis of Competing Hypotheses US Government, A Tradecraft Primer: Structured Analytic Techniques for Improving Intelligence Analysis, March Key Assumptions Check - What do we think we know? Why do we think we know it?
131 Structures and Frameworks Contrarian Techniques - Devil s Advocacy - Team A / Team B - High-Impact / Low-Probability - What If? Analysis US Government, A Tradecraft Primer: Structured Analytic Techniques for Improving Intelligence Analysis, March Team A / Team B: Using separate analytic teams to contrast competing hypotheses High-Impact / Low-Probability Analysis: Highlighting Black Swan Events
132 Structures and Frameworks Imaginative Thinking Techniques - Brainstorming - Outside-In Thinking - Red Team Analysis - Alternative Futures Analysis US Government, A Tradecraft Primer: Structured Analytic Techniques for Improving Intelligence Analysis, March Outside-In Thinking: Identifying the full range of basic forces, factors, and trends that would indirectly shape an issue. Red Team Analysis: Modeling adversaries Alternative Futures Analysis: Systematically exploring multiple ways a situation can develop
133 Structures and Frameworks US Government, A Tradecraft Primer: Structured Analytic Techniques for Improving Intelligence Analysis, March 2009.
134 Application
135 Application - Report - Clearly Define * Goals * Sources * Audience * Limitations & Assumptions...
136 Application METHODOLOGY Verizon, Trend Micro, Prolexic, Recorded Future
137 Further Research
138 Further Research - Context * Chrononarcissism and historical context * Socio-cultural and economic context - Unknown unknowns and blindspots - Data originator biases / data supply-chain pressures - Baked-in Bias for OSINT automation tools - Analysis of competing hypotheses (ACH)
139 Suggested Reading - Psychology of Intelligence Analysis, Richards J. Heuer, Jr. - A Tradecraft Primer: Structured Analytic Techniques for Improving Intelligence Analysis, US Government - Judgement in Managerial Decision Making, Max H. Bazerman and Don Moore
140 Contact Me
The Five Habits of the Master Thinker
Volume 6 Number 3 Fall 2013 Journal of Strategic Security Article 5 The Five Habits of the Master Thinker Randolph H. Pherson Pherson Associates, LLC, [email protected] Follow this and additional works
Intelligence Analysis for Homeland Security RPAD 557
Intelligence Analysis for Homeland Security RPAD 557 Instructor: Dr. James E. Steiner Public Service Professor Rockefeller College SUNY Albany 518-708-4183 Office hours: by appointment 423 State Street
Social Perception and Attribution
4 Social Perception and Attribution Chapter An Information Processing Model of Perception Stereotypes: Perceptions about Groups of People Self-Fulfilling Prophecy: The Pygmalion Effect Causal Attribution
Cyber Security Metrics Dashboards & Analytics
Cyber Security Metrics Dashboards & Analytics Feb, 2014 Robert J. Michalsky Principal, Cyber Security NJVC, LLC Proprietary Data UNCLASSIFIED Agenda Healthcare Sector Threats Recent History Security Metrics
College of Arts and Sciences: Social Science and Humanities Outcomes
College of Arts and Sciences: Social Science and Humanities Outcomes Communication Information Mgt/ Quantitative Skills Valuing/Ethics/ Integrity Critical Thinking Content Knowledge Application/ Internship
ACH 1.1 : A Tool for Analyzing Competing Hypotheses Technical Description for Version 1.1
ACH 1.1 : A Tool for Analyzing Competing Hypotheses Technical Description for Version 1.1 By PARC AI 3 Team with Richards Heuer Lance Good, Jeff Shrager, Mark Stefik, Peter Pirolli, & Stuart Card ACH 1.1
Session 9: Changing Paradigms and Challenges Tools for Space Systems Cyber Situational Awareness
Session 9: Changing Paradigms and Challenges Tools for Space Systems Cyber Situational Awareness Wayne A. Wheeler The Aerospace Corporation GSAW 2015, Los Angeles, CA, March 2015 Agenda Emerging cyber
Protecting critical infrastructure from Cyber-attack
Protecting critical infrastructure from Cyber-attack ACI-NA BIT Workshop, Session 6 (Cybersecurity) Long Beach, California October 4, 2015 Ben Trethowan Aviation Systems & Security Architect The scale
Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst
ESG Brief Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst Abstract: APTs first came on the scene in 2010, creating a wave
Book Note: In Doubt: The Psychology Of The Criminal Justice Process, by Dan Simon
Osgoode Hall Law Journal Volume 51, Issue 2 (Winter 2014) Article 13 Book Note: In Doubt: The Psychology Of The Criminal Justice Process, by Dan Simon Jennifer McKee Follow this and additional works at:
CYBER SECURITY INFORMATION SHARING & COLLABORATION
Corporate Information Security CYBER SECURITY INFORMATION SHARING & COLLABORATION David N. Saul Senior Vice President & Chief Scientist 28 June 2013 Discussion Flow The Evolving Threat Environment Drivers
MassMutual Cyber Security. University of Massachusetts Internship Opportunities Within Enterprise Information Risk Management
MassMutual Cyber Security University of Massachusetts Internship Opportunities Within Enterprise Information Risk Management Position Title: Threat Intelligence Intern Job Location: Boston, MA Timeframe:
The Need for Intelligent Network Security: Adapting IPS for today s Threats
The Need for Intelligent Network Security: Adapting IPS for today s Threats James Tucker Security Engineer Sourcefire Nordics A Bit of History It started with passive IDS. Burglar alarm for the network
A Primer on Cyber Threat Intelligence
A Primer on Cyber Threat Intelligence AS ADVERTISED 2 BUZZWORD BINGO! 3 TODAY S CYBER SECURITY CHALLENGES CISOs finding it difficult to define security ROI to executives Short shelf life for CISOs Vastly
THE BLIND SPOT IN THREAT INTELLIGENCE THE BLIND SPOT IN THREAT INTELLIGENCE
THE BLIND SPOT IN THREAT INTELLIGENCE THE BLIND SPOT IN THREAT INTELLIGENCE How application threat intelligence can make existing enterprise security infrastructures smarter THE BLIND SPOT IN THREAT INTELLIGENCE
Part I: Decision Support Systems
Part I: Decision Support Systems MBA 8473 1 Cognitive Objectives 43. Identify information processing as the foundation of managerial work. 44. Identify which media are more suitable for supporting managerial
Cyber security trends & strategy for business (digital?)
Cyber security trends & strategy for business (digital?) Presentation by Anwer Yusoff Head, Industry & Business Development C y b e r S e c u r i t y M a l a y s i a NATIONAL CYBERSECURITY TECHNICAL SPECIALIST
Threat Intelligence is Dead. Long Live Threat Intelligence!
SESSION ID: STR-R02 Threat Intelligence is Dead. Long Live Threat Intelligence! Mark Orlando Director of Cyber Operations Foreground Security Background Threat Intelligence is Dead. Long Live Threat Intelligence!
Federal Bureau of Investigation
Federal Bureau of Investigation SSA John Caruthers Cyber Criminal Section SSA Kenneth Schmutz Cyber National Security Section April 11, 2012 FBI Mission Cyber Threats FBI Response 1. Protect the United
Intrusive vs. Non-Intrusive Vulnerability Scanning Technology
WHITE PAPER Intrusive vs. Non-Intrusive Vulnerability Scanning Technology Retina Network Security Scanner Table of Contents The Smash-and-Grab: Taking the Low Road 3 The Smooth Caper: Taking the High Road
Undergraduate Psychology Major Learning Goals and Outcomes i
Undergraduate Psychology Major Learning Goals and Outcomes i Goal 1: Knowledge Base of Psychology Demonstrate familiarity with the major concepts, theoretical perspectives, empirical findings, and historical
CONTINUOUS MONITORING THE MISSING PIECE TO SECURITY OPERATION (SOC) TODAY
CONTINUOUS MONITORING THE MISSING PIECE TO SECURITY OPERATION (SOC) TODAY MATTHIAS YEO Chief Technology Officer - APAC CISSP, CISA, CISM, PMP 1 OVER REACTING VS UNDER REACTING Reason for the world today
The Big Data Paradigm Shift. Insight Through Automation
The Big Data Paradigm Shift Insight Through Automation Agenda The Problem Emcien s Solution: Algorithms solve data related business problems How Does the Technology Work? Case Studies 2013 Emcien, Inc.
LEARNING OUTCOMES FOR THE PSYCHOLOGY MAJOR
LEARNING OUTCOMES FOR THE PSYCHOLOGY MAJOR Goal 1. Knowledge Base of Psychology Demonstrate familiarity with the major concepts, theoretical perspectives, empirical findings, and historical trends in psychology.
Rethinking Design Thinking in Technology. Dr David Spendlove The University of Manchester, England. [email protected].
Rethinking Design Thinking in Technology Education Rethinking Design Thinking in Technology Education Dr David Spendlove The University of Manchester, England [email protected] A starting
Disciple-LTA: Learning, Tutoring and Analytic Assistance 1
Journal of Intelligence Community Research and Development, July 2008. Disclaimer: The views and opinions expressed in this article are those of the authors and do not necessarily reflect the official
CHAPTER 3 : INCIDENT RESPONSE THREAT INTELLIGENCE GLOBAL THREAT INTELLIGENCE REPORT 2015 :: COPYRIGHT 2015 NTT INNOVATION INSTITUTE 1 LLC
: INCIDENT RESPONSE THREAT INTELLIGENCE 1 THREAT INTELLIGENCE How it applies to our clients, and discuss some of the key components and benefits of a comprehensive threat intelligence strategy. Threat
Philosophical argument
Michael Lacewing Philosophical argument At the heart of philosophy is philosophical argument. Arguments are different from assertions. Assertions are simply stated; arguments always involve giving reasons.
Cyber Threats Insights from history and current operations. Prepared by Cognitio May 5, 2015
Cyber Threats Insights from history and current operations Prepared by Cognitio May 5, 2015 About Cognitio Cognitio is a strategic consulting and engineering firm led by a team of former senior technology
Reasoning and Decision Making
Reasoning and Decision Making Learning Objective Topics Deductive vs. Inductive Reasoning Inductive Reasoning l Heuristics Utility and Emotions Neuroscience l Prefrontal Damage l Neuroeconomics 1 Reasoning
The Critical Skills Students Need
The Critical Skills Students Need 2 Why do I keep calling these critical skills? I use the term critical here, and in the title of the book, in two ways. First, I believe the skills I mentioned in Chapter
BUILDING AN OFFENSIVE SECURITY PROGRAM BUILDING AN OFFENSIVE SECURITY PROGRAM
BUILDING AN OFFENSIVE SECURITY PROGRAM Common Gaps in Security Programs Outsourcing highly skilled security resources can be cost prohibitive. Annual assessments don t provide the coverage necessary. Software
Requirements When Considering a Next- Generation Firewall
White Paper Requirements When Considering a Next- Generation Firewall What You Will Learn The checklist provided in this document details six must-have capabilities to look for when evaluating a nextgeneration
This historical document is derived from a 1990 APA presidential task force (revised in 1997).
LEARNER-CENTERED PSYCHOLOGICAL PRINCIPLES: A Framework for School Reform & Redesign TABLE OF CONTENTS: Background Learner-Centered Principles Prepared by the Learner-Centered Principles Work Group of the
Cyber threat intelligence and the lessons from law enforcement. kpmg.com/cybersecurity
Cyber threat intelligence and the lessons from law enforcement kpmg.com/cybersecurity Introduction Cyber security breaches are rarely out of the media s eye. As adversary sophistication increases, many
ADDENDUM D: NEW COURSES: THEIR DESCRIPTIONS AND LEARNING GOALS
ADDENDUM D: NEW COURSES: THEIR DESCRIPTIONS AND LEARNING GOALS Applicable to All New Courses: 1. All courses will be offered primarily for business majors. 2. All courses will have a one-unit value. 3.
Protection Against Advanced Persistent Threats
Protection Against Advanced Persistent Threats Peter Mesjar Systems Engineer, CCIE 17428 October 2014 Agenda Modern Threats Advanced Malware Protection Solution Why Cisco? Cisco Public 2 The Problem are
How to use the National Cybersecurity Workforce Framework. Your Implementation Guide
How to use the National Cybersecurity Workforce Framework Your Implementation Guide A NATIONAL PROBLEM The Nation needs greater cybersecurity awareness. The US workforce lacks cybersecurity experts. Many
What is SIEM? Security Information and Event Management. Comes in a software format or as an appliance.
Ross Spooner Cyber Security for Government Conference 6 August 2013 What is SIEM? Security Information and Event Management Centralised security log management Long term storage, analysis and reporting
A Network Administrator s Guide to Web App Security
A Network Administrator s Guide to Web App Security Speaker: Orion Cassetto, Product Marketing Manager, Incapsula Moderator: Rich Nass, OpenSystems Media Agenda Housekeeping Presentation Questions and
CSI/FBI 2000 COMPUTER CRIME AND SECURITY SURVEY
CSI/FBI 00 COMPUTER CRIME AND SECURITY SURVEY Statement of intent This survey was conducted by the Computer Security Institute (CSI) in association with the San Francisco Computer Crime Squad of the Federal
Perception and Individual Decision Making
Robbins & Judge Organizational Behavior 13th Edition Perception and Individual Decision Making Bob Stretch Southwestern College 2009 Prentice-Hall Inc. All rights reserved. 5-0 Chapter Learning Objectives
9-12 Critical Thinking/Problem Solving Goal A: [Student] will develop inquiry skills (identification and
9-12 Critical Thinking/Problem Solving Goal A: [Student] will develop inquiry skills (identification and evaluation of evidence, use of analysis and synthesis to guide decision making and communicate clearly
Particles, Flocks, Herds, Schools
CS 4732: Computer Animation Particles, Flocks, Herds, Schools Robert W. Lindeman Associate Professor Department of Computer Science Worcester Polytechnic Institute [email protected] Control vs. Automation Director's
The Future of the Advanced SOC
The Future of the Advanced SOC Developing a platform for more effective security management and compliance Steven Van Ormer RSA Technical Security Consultant 1 Agenda Today s Security Landscape and Why
Symantec Cyber Threat Analysis Program Program Overview. Symantec Cyber Threat Analysis Program Team
Symantec Cyber Threat Analysis Program Symantec Cyber Threat Analysis Program Team White Paper: Symantec Security Intelligence Services Symantec Cyber Threat Analysis Program Contents Overview...............................................................................................
EMERGING THREATS & STRATEGIES FOR DEFENSE. Stephen Coty Chief Security Evangelist @StephenCoty
EMERGING THREATS & STRATEGIES FOR DEFENSE Stephen Coty Chief Security Evangelist @StephenCoty Industry Analysis 2014 Data Breaches - Ponemon Ponemon 2014 Data Breach Report *Statistics from 2013 Verizon
Take the Red Pill: Becoming One with Your Computing Environment using Security Intelligence
Take the Red Pill: Becoming One with Your Computing Environment using Security Intelligence Chris Poulin Security Strategist, IBM Reboot Privacy & Security Conference 2013 1 2012 IBM Corporation Securing
Cyber Security. BDS PhantomWorks. Boeing Energy. Copyright 2011 Boeing. All rights reserved.
Cyber Security Automation of energy systems provides attack surfaces that previously did not exist Cyber attacks have matured from teenage hackers to organized crime to nation states Centralized control
Integrating MSS, SEP and NGFW to catch targeted APTs
#SymVisionEmea #SymVisionEmea Integrating MSS, SEP and NGFW to catch targeted APTs Tom Davison Information Security Practice Manager, UK&I Antonio Forzieri EMEA Solution Lead, Cyber Security 2 Information
California Lutheran University Information Literacy Curriculum Map Graduate Psychology Department
California Lutheran University Information Literacy Curriculum Map Graduate Psychology Department Student Learning Outcomes Learning Outcome 1 LO1 literate student determines the nature and extent of the
Please bear in mind the following when finalising your choices: You must have an even balance of Autumn and Spring Term modules.
FINAL YEAR MODULE OPTIONS FOR 2015/2016 Dear Students FINAL YEAR MODULE OPTIONS 2015-16 Now that you have had the briefing session, here are the guidelines to assist you with choosing your final year modules.
Mgmt 301 Managers as Decision Makers. Exploring Management. [Nathan Neale]
Mgmt 301 Managers as Decision Makers Exploring Management [Nathan Neale] Slide # 1 Slide Title: WSU Online Title Slide [piano introduction] Slide #2 Slide Title: Chapter 4 Managers as Decisions Makers
The FBI Cyber Program. Bauer Advising Symposium //UNCLASSIFIED
The FBI Cyber Program Bauer Advising Symposium October 11, 2012 Today s Agenda What is the threat? Who are the adversaries? How are they attacking you? What can the FBI do to help? What can you do to stop
There are three kinds of people in the world those who are good at math and those who are not. PSY 511: Advanced Statistics for Psychological and Behavioral Research 1 Positive Views The record of a month
A Tradecraft Primer: Structured Analytic Techniques for Improving Intelligence Analysis. Prepared by the US Government
A Tradecraft Primer: Structured Analytic Techniques for Improving Intelligence Analysis Prepared by the US Government March 2009 This primer highlights structured analytic techniques some widely used in
Who Drives Cybersecurity in Your Business? Milan Patel, K2 Intelligence. AIBA Quarterly Meeting September 10, 2015
Who Drives Cybersecurity in Your Business? Milan Patel, K2 Intelligence AIBA Quarterly Meeting September 10, 2015 The Answer 2 Everyone The relationship between the board, C-suite, IT, and compliance leaders
The Increasing Threat of Malware for Android Devices. 6 Ways Hackers Are Stealing Your Private Data and How to Stop Them
The Increasing Threat of Malware for Android Devices 6 Ways Hackers Are Stealing Your Private Data and How to Stop Them INTRODUCTION If you own a smartphone running the Android operating system, like the
The Advanced Attack Challenge. Creating a Government Private Threat Intelligence Cloud
The Advanced Attack Challenge Creating a Government Private Threat Intelligence Cloud The Advanced Attack Challenge One of the most prominent and advanced threats to government networks is advanced delivery
Threat Intelligence Buyer s Guide
Threat Intelligence Buyer s Guide SANS CTI Summit, 10 February 2014 Rick Holland @rickhholland Principal Analyst Last year 2014 Forrester Research, Inc. Reproduction Prohibited 2 This year, Arnold s back!!
The Basics of Promoting and Marketing Online
How to Start Growing Your Business Online The Basics of Promoting and Marketing Online Revision v1.0 Website Services and Web Consulting Where do you see your business? We see it in the cloud How to Start
Cyber threat intelligence and the lessons from law enforcement. kpmg.com.au
Cyber threat intelligence and the lessons from law enforcement kpmg.com.au Introduction Cyber security breaches are rarely out of the media s eye. As adversary sophistication increases, many organisations
2015 CEO & Board University Cybersecurity on the Rise. Matthew J. Putvinski, CPA, CISA, CISSP
2015 CEO & Board University Cybersecurity on the Rise Matthew J. Putvinski, CPA, CISA, CISSP MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2011 Wolf & Company, P.C. About Wolf
Ty Miller. Director, Threat Intelligence Pty Ltd
Ty Miller Director, Threat Intelligence Pty Ltd Security Specialist Creator of Threat Analytics CREST Tech Lead, Assessor, Board of Directors Trained likes of FBI, US DoD, US Mil, International Govt agencies,
Rethinking Information Security for Advanced Threats. CEB Information Risk Leadership Council
Rethinking Information Security for Advanced Threats CEB Information Risk Leadership Council Advanced threats differ from conventional security threats along many dimensions, making them much more difficult
OPERA SOLUTIONS CAPABILITIES. ACH and Wire Fraud: advanced anomaly detection to find and stop costly attacks
OPERA SOLUTIONS CAPABILITIES ACH and Wire Fraud: advanced anomaly detection to find and stop costly attacks 2 The information you need to fight fraud does exist You just have to know it when you see it
Effective IDS/IPS Network Security in a Dynamic World with Next-Generation Intrusion Detection & Prevention
Effective IDS/IPS Network Security in a Dynamic World with Next-Generation Intrusion Detection & Prevention Your Security Challenges Defending the Dynamic Network! Dynamic threats 䕬 䕬 䕬 䕬 Many threats
NXP Basestation Site Scanning proposal with AISG modems
NXP Basestation Site Scanning proposal with modems Advanced Systems White Paper by Jaijith Radhakrishnan There are a number of connectivity issues associated with cellular base stations that can increase
Protecting against cyber threats and security breaches
Protecting against cyber threats and security breaches IBM APT Survival Kit Alberto Benavente Martínez [email protected] IBM Security Services Jun 11, 2015 (Madrid, Spain) 12015 IBM Corporation So
Practical Steps To Securing Process Control Networks
Practical Steps To Securing Process Control Networks Villanova University Seminar Rich Mahler Director, Commercial Cyber Solutions Lockheed Martin Lockheed Martin Corporation 2014. All Rights Reserved.
EXTENDING NETWORK SECURITY: TAKING A THREAT CENTRIC APPROACH TO SECURITY
EXTENDING NETWORK SECURITY: TAKING A THREAT CENTRIC APPROACH TO SECURITY Dean Frye Sourcefire Session ID: SEC-W05 Session Classification: Intermediate Industrialisation of Threat Factories Goal: Glory,
Chapter 13. Prejudice: Causes and Cures
Chapter 13 Prejudice: Causes and Cures Prejudice Prejudice is ubiquitous; it affects all of us -- majority group members as well as minority group members. Prejudice Prejudice is dangerous, fostering negative
Automation in the Incident Response Process: Creating an Effective Long-Term Plan
A SANS Whitepaper Written by Alissa Torres February 2015 Sponsored by Bit9 + Carbon Black 2015 SANS Institute Introduction If 2014 was the year of the mega breach, with corporate giants falling prey to
IBM Security re-defines enterprise endpoint protection against advanced malware
IBM Security re-defines enterprise endpoint protection against advanced malware Break the cyber attack chain to stop advanced persistent threats and targeted attacks Highlights IBM Security Trusteer Apex
CAPACITY BUILDING TO STRENGTHEN CYBERSECURITY. Sazali Sukardi Vice President Research CyberSecurity Malaysia
CAPACITY BUILDING TO STRENGTHEN CYBERSECURITY by Sazali Sukardi Vice President Research CyberSecurity Malaysia SCOPE INTRODUCTION CYBER SECURITY INCIDENTS IN MALAYSIA CAPACITY BUILDING The Council For
Symantec Cyber Security Services: DeepSight Intelligence
Symantec Cyber Security Services: DeepSight Intelligence Actionable intelligence to get ahead of emerging threats Overview: Security Intelligence Companies face a rapidly evolving threat environment with
JUNIPER NETWORKS SPOTLIGHT SECURE THREAT INTELLIGENCE PLATFORM
JUNIPER NETWORKS SPOTLIGHT SECURE THREAT INTELLIGENCE PLATFORM May 2015 Nguyễn Tiến Đức ASEAN Security Specialist Agenda Modern Malware: State of the Industry Dynamic Threat Intelligence on the Firewall
Vulnerability Management
Vulnerability Management Buyer s Guide Buyer s Guide 01 Introduction 02 Key Components 03 Other Considerations About Rapid7 01 INTRODUCTION Exploiting weaknesses in browsers, operating systems and other
FRONT END INNOVATION Ideation methods
FRONT END INNOVATION Ideation methods CONTENT Different thinking modes for in innovation Ideation methods TOOLS AND METHODS Brainstorming Brainstorming based on personas Brainstorming Scamper Lotus blossom
Presented by Evan Sylvester, CISSP
Presented by Evan Sylvester, CISSP Who Am I? Evan Sylvester FAST Information Security Officer MBA, Texas State University BBA in Management Information Systems at the University of Texas Certified Information
The Web AppSec How-to: The Defenders Toolbox
The Web AppSec How-to: The Defenders Toolbox Web application security has made headline news in the past few years. Incidents such as the targeting of specific sites as a channel to distribute malware
PSYCHOLOGY PROGRAM LEARNING GOALS AND OUTCOMES BY COURSE LISTING
PSYCHOLOGY PROGRAM LEARNING GOALS AND OUTCOMES BY COURSE LISTING Psychology 1010: General Psychology Learning Goals and Outcomes LEARNING GOAL 1: KNOWLEDGE BASE OF PSYCHOLOGY Demonstrate familiarity with
September 20, 2013 Senior IT Examiner Gene Lilienthal
Cyber Crime September 20, 2013 Senior IT Examiner Gene Lilienthal The following presentation are views and opinions of the speaker and does not necessarily reflect the views of the Federal Reserve Bank
FBI CHALLENGES IN A CYBER-BASED WORLD
FBI CHALLENGES IN A CYBER-BASED WORLD Federal Bureau of Investigation Assistant General Counsel Robert Bergida 202-651-3209 Overview Cyber Threats FBI Mission FBI Response Terrorism remains the FBI s top
Technosocial Predictive Analytics Creating decision advantage through the integration of human and physical models. Antonio Sanfilippo
Technosocial Predictive Analytics Creating decision advantage through the integration of human and physical models Antonio Sanfilippo Overview Motivations, needs and requirements General approach and challenges
Optimizing Network Vulnerability
SOLUTION BRIEF Adding Real-World Exposure Awareness to Vulnerability and Risk Management Optimizing Network Vulnerability Management Using RedSeal november 2011 WHITE PAPER RedSeal Networks, Inc. 3965
Analytics, Big Data, & Threat Intelligence: How Security is Transforming
Analytics, Big Data, & Threat Intelligence: How Security is Transforming Jason Sloderbeck Director, Product Management RSA Web Threat Detection 1 Presentation Overview The Largest Threat How Can Big Data
How to Justify Your Security Assessment Budget
2BWhite Paper How to Justify Your Security Assessment Budget Building a Business Case For Penetration Testing WHITE PAPER Introduction Penetration testing has been established as a standard security practice
CyberReady Solutions. Integrated Threat Intelligence and Cyber Operations MONTH DD, YYYY SEPTEMBER 8, 2014
CR CyberReady Solutions Actionable Insight for the Digital Enterprise Integrated Threat Intelligence and Cyber Operations MONTH DD, YYYY SEPTEMBER 8, 2014 INTELLIGENCE-DRIVEN OPERATIONS The Game Has Changed
actionable big data. maximum roi. Making Analytics Make Actionable Sense: PART 2
actionable big data. maximum roi. Making Analytics Make Actionable Sense: PART 2 Why read this paper? The Big Data explosion has had a major fallout component: how do I track and measure all this data
Clinic. Richard Smith, LCSW Leonard Savage, Consumer Steven I. Aronin, MD FACP, Program Director
Positive Psychology Peer Led Programs Waterbury Hospital Infectious Disease Clinic Richard Smith, LCSW Leonard Savage, Consumer Steven I. Aronin, MD FACP, Program Director Ryan White All Grantee Meeting
