Industrie Security 0.1?
|
|
|
- Gordon May
- 10 years ago
- Views:
Transcription
1 Industrie Security 0.1? Zur Notwendigkeit von Security Testing Prof. Dr. Hartmut Pohl, Jochen Klein
2 Information Security (INFOSEC) Informationssicherheit Zustand eines IT-Systems, mit folgenden Sachzielen: Confidentiality: Informationen nur für Berechtigte zugreifbar Integrity: Genauigkeit und Vollständigkeit, Verarbeitungsmethoden geschützt Availability: Nutzung von Daten und Anwendungen durch Berechtigte Authenticity: Daten stammen vom behaupteten Berechtigten ISO/IEC 270xx
3 Natanz Uranium Enrichment Facility Iranian President Mahmoud Ahmadinejad visits the Natanz uranium enrichment facilities, where a closed computer network was infected by malware introduced via a small flash drive softscheck
4 Professional Attacks Example: Stuxnet and Derivatives 100 % Stuxnet 2006 Code Red 2006 Flame 2007 Roter Oktober 2007 Duqu 2009 Mahdi 2011 Gauss 2012 Disttrack, Shamoon 2012 miniflame 2012 Narilam 2012 Havex 2014 Stealth Storm Worm % Viruses, Worms, Spam, Phishing, Spyware, Adware, (Botnets) Skript Kiddies, Students, Everybody Targeted
5 Attack Surface, Attack Paths Internet Successful Attacks essential exploiting Vulnerabilities: No Vulnerability no Attack! Attack Paths Attack Surface Organisation Information System Permitted Port Undetected, unpublished, unpatched Vulnerabilities Firewall, Intrusion Detection, Applications, Servers, SQL, IIS, Mails, FTP, CRM Patched Vulnerabilities Anti-Virus Assets - Data Encryption, Keys 5 idefense Vupen WabiSabiLabi ZDI
6 Vulnerability Lifecycle Black Risk Vulnerability-free Phase seemingly! Grey Risk Vulnerability discovered, used White Risk Vulnerability fully disclosed: Manufacturer Product Shipment Vulnerability discovered Attack: Exploit developed Vulnerability published Exploit published Patch published 1 Zero-Day-Vulnerability - nobody knows 2 Manufacturer knows unpublished 3 Manufacturer publishes Vulnerability 4 Manufacturer patches
7 Vulnerability Lifecycle Black Risk Vulnerability-free Phase seemingly! Grey Risk Vulnerability discovered, used White Risk Vulnerability fully disclosed: Manufacturer Zero Day Product Shipment Vulnerability discovered Attack: Exploit developed Vulnerability published Exploit published Patch published 1 Zero-Day-Vulnerability - nobody knows 2 Manufacturer knows unpublished 3 Manufacturer publishes Vulnerability 4 Manufacturer patches
8 Indispensible Security Measures Grundschutz ISO Family Access Control, Passwords Anti-Virus Scanner Firewall Encryption: Key Generation, Key Management IDS/IPS
9 Software Security Tested Kommerzielle Software Webapplications, ERM, CRM, SCM, ERP, E-Business, CIM, Apps für mobile Devices Sicherheitssoftware Firewalls, Router, Gateways, Verschlüsselung, Intrusion Detection Industrial Control Systems (PLC/SPS) Embedded Systems Smart Grid / Smart Meter Gateway Security, Energiemanagement und Smart Home
10 Security Testing Process ISO 27034: Identifying Zero-Day-Vulnerabilities Security Analysis: Requirements Architecture Analysis Threat Modeling Attack Paths, Attack Surface Static Source Code Analysis Conformity Testing, Covert Functions Explorative Testing: Manual Auditing Penetration Testing Dynamic Analysis: Fuzzing Exploits, Patches Secure Design Secure Implementation Requirements Product Security Design Implementation Release Verification Presentation Reports ISO 27034
11 Threat Modeling: Data Flow Diagram Advanced Metering Infrastructure (AMI) External-powered Meter Battery-powered Meter Electricity Gas Water Heat Metered Value Metered Value SMGW Admin Trusted Time Service Time Synchronization Firmware Download Measured Values - Tariffs Network Status Wake-up Call... LMN Smart Meter Gateway Customer Information Security Module HAN Authorized External Entity CLS Data Verteilnetzbetreiber (VNB) Messstellenbetreiber (MSB) Messdienstleister (MDL) Lieferant (LF) WAN Prosumer Visual Display Service Technician Controllable Local System (CLS)
12 Principle Fuzzing Process Fuzzer Target Expert Advice: Identification, Rating Report Patch, Fix
13 Full Fuzzing Process Test System Target System Identification Input Interfaces Code Coverage Proprietary Developed Fuzzer Proprietary Developed Attack Strings Fuzzer Target 2 Encryption I/A DB Target Processor ARM, AMD, IBM, Intel, Nvidia, PLC, Power PC, Qualcomm, Sun, Snapdragon, Target OS Android, CardOS, JCOB, Nucleus, OS X, QNX, Unix, VxWorks, Windows, S7, Monitor-Client Monitor/Debugger Expert Activities Expert Advice: Identification, Rating Proof of Concept Exploits Report Patch, Fix
14
15 Security Testing Achievements Method No. Vulnerabilities No. Tools used Architecture Analysis: Threat Modeling 112 (986) 1 Static Source Code Analysis Penetration Testing 0 (76) 4 + Dynamic Analysis: Fuzzing Sum 156 > 13
16 Indispensible Security Measures Security Level 0: Grundschutz ISO Family Access Control, Passwords Anti-Virus Scanner Firewall Encryption: Key Generation, Key Management IDS/IPS
17 Security Success 5 effective Methods: Security Requirements Threat Modeling Static Source Code Analysis Penetration Testing Dynamic Analysis: Fuzzing Many Tools of > 300 Every Software and Firmware (Hardware) All Processors & Operating Systems Every Software Development Process Common Criteria / Protection Profiles
18 Live Presentation Identifying Zero-Day-Vulnerabilities in PLC
19 Industrie Security 0.1? Zur Notwendigkeit von Security Testing Prof. Dr. Hartmut Pohl [email protected] + 49 (2241) softscheck GmbH Köln Büro: Bonnerstr Sankt Augustin www. softscheck.com
Threat Modeling Smart Metering Gateways
Threat Modeling Smart Metering Gateways Armin Lunkeit OpenLimit SignCubes GmbH Berlin, Germany [email protected] Tobias Voß Sankt Augustin, Germany [email protected] Hartmut Pohl Sankt
Zero-Day and Less-Than-Zero-Day Vulnerabilities and Exploits in Networked Infrastructures 1
Zero-Day and Less-Than-Zero-Day Vulnerabilities and Exploits in Networked Infrastructures 1 Hartmut Pohl All computers are at risk from security vulnerabilities that are generally unknown to the user and
Goals. Understanding security testing
Getting The Most Value From Your Next Network Penetration Test Jerald Dawkins, Ph.D. True Digital Security p. o. b o x 3 5 6 2 3 t u l s a, O K 7 4 1 5 3 p. 8 6 6. 4 3 0. 2 5 9 5 f. 8 7 7. 7 2 0. 4 0 3
Secure Your Mobile Workplace
Secure Your Mobile Workplace Sunny Leung Senior System Engineer Symantec 3th Dec, 2013 1 Agenda 1. The Threats 2. The Protection 3. Q&A 2 The Mobile Workplaces The Threats 4 Targeted Attacks up 42% in
Attacks from the Inside
Attacks from the Inside Eddy Willems, G Data Righard J. Zwienenberg, Norman Attacks from the Inside. Agenda - Social Networking / Engineering - Where are the threats coming from - Infection vectors - The
A Decision Maker s Guide to Securing an IT Infrastructure
A Decision Maker s Guide to Securing an IT Infrastructure A Rackspace White Paper Spring 2010 Summary With so many malicious attacks taking place now, securing an IT infrastructure is vital. The purpose
Information Technology Engineers Examination. Information Security Specialist Examination. (Level 4) Syllabus
Information Technology Engineers Examination Information Security Specialist Examination (Level 4) Syllabus Details of Knowledge and Skills Required for the Information Technology Engineers Examination
A Systems Engineering Approach to Developing Cyber Security Professionals
A Systems Engineering Approach to Developing Cyber Security Professionals D r. J e r r y H i l l Approved for Public Release; Distribution Unlimited. 13-3793 2013 The MITRE Corporation. All rights reserved.
CompTIA Security+ (Exam SY0-410)
CompTIA Security+ (Exam SY0-410) Length: Location: Language(s): Audience(s): Level: Vendor: Type: Delivery Method: 5 Days 182, Broadway, Newmarket, Auckland English, Entry Level IT Professionals Intermediate
Telecom Testing and Security Certification. A.K.MITTAL DDG (TTSC) Department of Telecommunication Ministry of Communication & IT
Telecom Testing and Security Certification A.K.MITTAL DDG (TTSC) Department of Telecommunication Ministry of Communication & IT 1 Need for Security Testing and Certification Telecom is a vital infrastructure
The Peak of Chaos Shane D. Shook, PhD 10/31/2012
w h a c k e r n a v k n d n h m y a w h o? n r h p e n c n o s a n w s o v y i d u n n n r n m s r k d e a i k o w i r c d i o m u t w e t w s u t s i v i t c a Shane D. Shook, PhD 10/31/2012 Cyber Crime
Internet Security Protecting Your Business. Hayden Johnston & Rik Perry WYSCOM
Internet Security Protecting Your Business Hayden Johnston & Rik Perry WYSCOM Introduction Protecting Your Network Securing Your Information Standards & Best Practices Tools & Options Into The Future Creating
Rapid Security Framework (RSF) Taxonomie, Bewertungsparameter und Marktanalyse zur Auswahl von Fuzzing-Tools
Rapid Security Framework (RSF) Taxonomie, Bewertungsparameter und Marktanalyse zur Auswahl von Fuzzing-Tools Prof. Dr. Hartmut Pohl Peter Sakal, B.Sc. M.Sc. Motivation Attacks Industrial espionage Sabotage
N-Dimension Solutions Cyber Security for Utilities
AGENDA ITEM NO.: 3.A. MEETING DATE; 08/18/2014 N-Dimension Solutions Cyber Security for Utilities Cyber Security Protection for Critical Infrastructure Assets The cyber threat is escalating - Confidential
Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006
Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 April 2013 Hologic and the Hologic Logo are trademarks or registered trademarks of Hologic, Inc. Microsoft, Active Directory,
Reducing Application Vulnerabilities by Security Engineering
Reducing Application Vulnerabilities by Security Engineering - Subash Newton Manager Projects (Non Functional Testing, PT CoE Group) 2008, Cognizant Technology Solutions. All Rights Reserved. The information
Jort Kollerie SonicWALL
Jort Kollerie Cloud 85% of businesses said their organizations will use cloud tools moderately to extensively in the next 3 years. 68% of spend in private cloud solutions. - Bain and Dell 3 Confidential
Trends in Malware DRAFT OUTLINE. Wednesday, October 10, 12
Trends in Malware DRAFT OUTLINE Presentation Synopsis Security is often a game of cat and mouse as security professionals and attackers each vie to stay one step ahead of the other. In this race for dominance,
Kaspersky Endpoint Security 10 for Windows. Deployment guide
Kaspersky Endpoint Security 10 for Windows Deployment guide Introduction Typical Corporate Network Network servers Internet Gateway Workstations Mail servers Portable media Malware Intrusion Routes Viruses
EMERGING THREATS & STRATEGIES FOR DEFENSE. Stephen Coty Chief Security Evangelist @StephenCoty
EMERGING THREATS & STRATEGIES FOR DEFENSE Stephen Coty Chief Security Evangelist @StephenCoty Industry Analysis 2014 Data Breaches - Ponemon Ponemon 2014 Data Breach Report *Statistics from 2013 Verizon
Integrigy Corporate Overview
mission critical applications mission critical security Application and Database Security Auditing, Vulnerability Assessment, and Compliance Integrigy Corporate Overview Integrigy Overview Integrigy Corporation
Best Practices For Department Server and Enterprise System Checklist
Best Practices For Department Server and Enterprise System Checklist INSTRUCTIONS Information Best Practices are guidelines used to ensure an adequate level of protection for Information Technology (IT)
Chapter 4 Application, Data and Host Security
Chapter 4 Application, Data and Host Security 4.1 Application Security Chapter 4 Application Security Concepts Concepts include fuzzing, secure coding, cross-site scripting prevention, crosssite request
Cybersecurity Health Check At A Glance
This cybersecurity health check provides a quick view of compliance gaps and is not intended to replace a professional HIPAA Security Risk Analysis. Failing to have more than five security measures not
Section 12 MUST BE COMPLETED BY: 4/22
Test Out Online Lesson 12 Schedule Section 12 MUST BE COMPLETED BY: 4/22 Section 12.1: Best Practices This section discusses the following security best practices: Implement the Principle of Least Privilege
Spam, Spyware, Malware and You! Don't give up just yet! Presented by: Mervin Istace Provincial Library Saskatchewan Learning
Spam, Spyware, Malware and You! Don't give up just yet! Presented by: Mervin Istace Provincial Library Saskatchewan Learning Lee Zelyck Network Administrator Regina Public Library Malware, Spyware, Trojans
SECURITY PRACTICES FOR ADVANCED METERING INFRASTRUCTURE Elif Üstündağ Soykan, Seda Demirağ Ersöz 08.05.2014, ICSG 2014
SECURITY PRACTICES FOR ADVANCED METERING INFRASTRUCTURE Elif Üstündağ Soykan, Seda Demirağ Ersöz 08.05.2014, ICSG 2014 Table of Contents Introduction AMI Communication Architecture Security Threats Security
TECHNICAL VULNERABILITY & PATCH MANAGEMENT
INFORMATION SECURITY POLICY TECHNICAL VULNERABILITY & PATCH MANAGEMENT ISO 27002 12.6.1 Author: Owner: Organisation: Document No: Chris Stone Ruskwig TruePersona Ltd SP-12.6.1 Version No: 1.1 Date: 1 st
Intel Security Certified Product Specialist Security Information Event Management (SIEM)
Intel Security Certified Product Specialist Security Information Event Management (SIEM) Why Get Intel Security Certified? As technology and security threats continue to evolve, organizations are looking
10- Assume you open your credit card bill and see several large unauthorized charges unfortunately you may have been the victim of (identity theft)
1- A (firewall) is a computer program that permits a user on the internal network to access the internet but severely restricts transmissions from the outside 2- A (system failure) is the prolonged malfunction
ICANWK406A Install, configure and test network security
ICANWK406A Install, configure and test network security Release: 1 ICANWK406A Install, configure and test network security Modification History Release Release 1 Comments This Unit first released with
CEH Version8 Course Outline
CEH Version8 Course Outline Module 01: Introduction to Ethical Hacking Information Security Overview Information Security Threats and Attack Vectors Hacking Concepts Hacking Phases Types of Attacks Information
Analyzing Security for Retailers An analysis of what retailers can do to improve their network security
Analyzing Security for Retailers An analysis of what retailers can do to improve their network security Clone Systems Business Security Intelligence Properly Secure Every Business Network Executive Summary
INDUSTRIAL CONTROL SYSTEMS CYBER SECURITY DEMONSTRATION
INDUSTRIAL CONTROL SYSTEMS CYBER SECURITY DEMONSTRATION Prepared for the NRC Fuel Cycle Cyber Security Threat Conference Presented by: Jon Chugg, Ken Rohde Organization(s): INL Date: May 30, 2013 Disclaimer
What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things.
What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things. AGENDA Current State of Information Security Data Breach Statics Data Breach Case Studies Why current
Anomaly Detection and Vulnerability Management. Rolf Strehle, ditis Systeme Heidenheim
Anomaly Detection and Vulnerability Management Rolf Strehle, ditis Systeme Heidenheim 1 The Driver IT Risks 2 Application Risks 3 Vulnerabilities The vulnerabilty scan detected more than 200 vulnerabilities
Security aspects of e-tailing. Chapter 7
Security aspects of e-tailing Chapter 7 1 Learning Objectives Understand the general concerns of customers concerning security Understand what e-tailers can do to address these concerns 2 Players in e-tailing
Patch Management Policy
Patch Management Policy L2-POL-12 Version No :1.0 Revision History REVISION DATE PREPARED BY APPROVED BY DESCRIPTION Original 1.0 2-Apr-2015 Process Owner Management Representative Initial Version No.:
If you know the enemy and know yourself, you need not fear the result of a hundred battles.
Rui Pereira,B.Sc.(Hons),CIPS ISP/ITCP,CISSP,CISA,CWNA/CWSP,CPTE/CPTC Principal Consultant, WaveFront Consulting Group [email protected] 1 (604) 961-0701 If you know the enemy and know yourself, you
Data Center security trends
Data Center security trends Tomislav Tucibat Major accounts Manager, Adriatic Copyright Fortinet Inc. All rights reserved. IT Security evolution How did threat market change over the recent years? Problem:
BCS IT User Syllabus IT Security for Users Level 2. Version 1.0
BCS IT User Syllabus IT for Users Level 2 Version 1.0 June 2009 ITS2.1 System Performance ITS2.1.1 Unwanted messages ITS2.1.2 Malicious ITS2.1.1.1 ITS2.1.1.2 ITS2.1.2.1 ITS2.1.2.2 ITS2.1.2.3 ITS2.1.2.4
Cloud Services Prevent Zero-day and Targeted Attacks
Cloud Services Prevent Zero-day and Targeted Attacks WOULD YOU OPEN THIS ATTACHMENT? 2 TARGETED ATTACKS BEGIN WITH ZERO-DAY EXPLOITS Duqu Worm Causing Collateral Damage in a Silent Cyber-War Worm exploiting
COURSE NAME: INFORMATION SECURITY INTERNSHIP PROGRAM
COURSE NAME: INFORMATION SECURITY INTERNSHIP PROGRAM Course Description This is the Information Security Training program. The Training provides you Penetration Testing in the various field of cyber world.
Course: Information Security Management in e-governance. Day 1. Session 5: Securing Data and Operating systems
Course: Information Security Management in e-governance Day 1 Session 5: Securing Data and Operating systems Agenda Introduction to information, data and database systems Information security risks surrounding
Security appliances with integrated switch- Even more secure and more cost effective
Security appliances with integrated switch- Even more secure and more cost effective There is currently a great deal of discussion about the issue of cyber security and its optimisation. But not many businesses
HACKING RELOADED. Hacken IS simple! Christian H. Gresser [email protected]
HACKING RELOADED Hacken IS simple! Christian H. Gresser [email protected] Agenda About NESEC IT-Security and control Systems Hacking is easy A short example where we currently are Possible solutions IT-security
Technical Security in Smart Metering Devices: A German Perspective S4 SCADA Security Scientific Symposium 2012-01-18, Miami Beach FL / USA
Technical Security in Smart Metering Devices: A German Perspective S4 SCADA Security Scientific Symposium 2012-01-18, Miami Beach FL / USA Dr. Stephan Beirer [email protected] Sichere ebusiness
Devising a Server Protection Strategy with Trend Micro
Devising a Server Protection Strategy with Trend Micro A Trend Micro White Paper Trend Micro, Incorporated» A detailed account of why Gartner recognizes Trend Micro as a leader in Virtualization and Cloud
How NETGEAR ProSecure UTM Helps Small Businesses Meet PCI Requirements
How NETGEAR ProSecure UTM Helps Small Businesses Meet PCI Requirements I n t r o d u c t i o n The Payment Card Industry Data Security Standard (PCI DSS) was developed in 2004 by the PCI Security Standards
Common Cyber Threats. Common cyber threats include:
Common Cyber Threats: and Common Cyber Threats... 2 Phishing and Spear Phishing... 3... 3... 4 Malicious Code... 5... 5... 5 Weak and Default Passwords... 6... 6... 6 Unpatched or Outdated Software Vulnerabilities...
Industrial Security for Process Automation
Industrial Security for Process Automation SPACe 2012 Siemens Process Automation Conference Why is Industrial Security so important? Industrial security is all about protecting automation systems and critical
Computer Security DD2395
Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/dd2395/dasakh11/ Fall 2011 Sonja Buchegger [email protected] Lecture 7 Malicious Software DD2395 Sonja Buchegger 1 Course Admin Lab 2: - prepare
Devising a Server Protection Strategy with Trend Micro
Devising a Server Protection Strategy with Trend Micro A Trend Micro White Paper» Trend Micro s portfolio of solutions meets and exceeds Gartner s recommendations on how to devise a server protection strategy.
Security Awareness For Server Administrators. State of Illinois Central Management Services Security and Compliance Solutions
Security Awareness For Server Administrators State of Illinois Central Management Services Security and Compliance Solutions Purpose and Scope To present a best practice approach to securing your servers
Secure Clouds - Secure Services Trend Micro best-in-class solutions enable data center to deliver trusted and secure infrastructures and services
Secure Clouds - Secure Services Trend Micro best-in-class solutions enable data center to deliver trusted and secure infrastructures and services Udo Schneider Trend Micro [email protected] 26.03.2013
Cyber Security and Critical Information Infrastructure
Cyber Security and Critical Information Infrastructure Dr. Gulshan Rai Director General Indian Computer Emergency Response Team (CERT- In) grai [at] cert-in.org.in The Complexity of Today s Network Changes
Avaya TM G700 Media Gateway Security. White Paper
Avaya TM G700 Media Gateway Security White Paper March 2002 G700 Media Gateway Security Summary With the Avaya G700 Media Gateway controlled by the Avaya S8300 or S8700 Media Servers, many of the traditional
Avaya G700 Media Gateway Security - Issue 1.0
Avaya G700 Media Gateway Security - Issue 1.0 Avaya G700 Media Gateway Security With the Avaya G700 Media Gateway controlled by the Avaya S8300 or S8700 Media Servers, many of the traditional Enterprise
Certified Ethical Hacker Exam 312-50 Version Comparison. Version Comparison
CEHv8 vs CEHv7 CEHv7 CEHv8 19 Modules 20 Modules 90 Labs 110 Labs 1700 Slides 1770 Slides Updated information as per the latest developments with a proper flow Classroom friendly with diagrammatic representation
Honeywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014
Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Process Solutions (HPS) June 4, Industrial Cyber Security Industrial Cyber Security is the leading provider of cyber security
13 Ways Through A Firewall
Industrial Control Systems Joint Working Group 2012 Fall Meeting 13 Ways Through A Firewall Andrew Ginter Director of Industrial Security Waterfall Security Solutions Proprietary Information -- Copyright
13 Ways Through A Firewall What you don t know will hurt you
Scientech 2013 Symposium: Managing Fleet Assets and Performance 13 Ways Through A Firewall What you don t know will hurt you Andrew Ginter VP Industrial Security Waterfall Security Solutions andrew. ginter
SECURING YOUR SMALL BUSINESS. Principles of information security and risk management
SECURING YOUR SMALL BUSINESS Principles of information security and risk management The challenge Information is one of the most valuable assets of any organization public or private, large or small and
The Internet of Things (IoT) and Industrial Networks. Guy Denis [email protected] Rockwell Automation Alliance Manager Europe 2015
The Internet of Things (IoT) and Industrial Networks Guy Denis [email protected] Rockwell Automation Alliance Manager Europe 2015 Increasingly Everything will be interconnected 50 Billion Smart Objects
Modular Network Security. Tyler Carter, McAfee Network Security
Modular Network Security Tyler Carter, McAfee Network Security Surviving Today s IT Challenges DDos BOTS PCI SOX / J-SOX Data Exfiltration Shady RAT Malware Microsoft Patches Web Attacks No Single Solution
CRYPTUS DIPLOMA IN IT SECURITY
CRYPTUS DIPLOMA IN IT SECURITY 6 MONTHS OF TRAINING ON ETHICAL HACKING & INFORMATION SECURITY COURSE NAME: CRYPTUS 6 MONTHS DIPLOMA IN IT SECURITY Course Description This is the Ethical hacking & Information
Endpoint protection for physical and virtual desktops
datasheet Trend Micro officescan Endpoint protection for physical and virtual desktops In the bring-your-own-device (BYOD) environment, protecting your endpoints against ever-evolving threats has become
Promoting Network Security (A Service Provider Perspective)
Promoting Network Security (A Service Provider Perspective) Prevention is the Foundation H S Gupta DGM (Technical) Data Networks, BSNL [email protected] DNW, BSNL 1 Agenda Importance of Network Security
INFORMATION SECURITY TRAINING CATALOG (2015)
INFORMATICS AND INFORMATION SECURITY RESEARCH CENTER CYBER SECURITY INSTITUTE INFORMATION SECURITY TRAINING CATALOG (2015) Revision 3.0 2015 TÜBİTAK BİLGEM SGE Siber Güvenlik Enstitüsü P.K. 74, Gebze,
Detailed Description about course module wise:
Detailed Description about course module wise: Module 1: Basics of Networking and Major Protocols 1.1 Networks and its Types. 1.2 Network Topologies 1.3 Major Protocols and their Functions 1.4 OSI Reference
Astaro Gateway Software Applications
Astaro Overview Astaro Products - Astaro Security Gateway - Astaro Web Gateway - Astaro Mail Gateway - Astaro Command Center - Astaro Report Manager Astaro Gateway Software Applications - Network Security
2014 Teradici Corporation.
VDI Client Comparison Thick, Thin, and PCoIP Zero Clients Agenda > Thick, Thin, and PCoIP Zero Clients > Repurposed PCs to Thin Clients > Thin Clients > PCoIP Zero Clients > Total Cost of Ownership Review
Guidelines for Website Security and Security Counter Measures for e-e Governance Project
and Security Counter Measures for e-e Governance Project Mr. Lalthlamuana PIO, DoICT Background (1/8) Nature of Cyber Space Proliferation of Information Technology Rapid Growth in Internet Increasing Online
Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 2 Systems Threats and Risks
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 2 Systems Threats and Risks Objectives Describe the different types of software-based attacks List types of hardware attacks Define
Securing mobile devices in the business environment
IBM Global Technology Services Thought Leadership White Paper October 2011 Securing mobile devices in the business environment By I-Lung Kao, Global Strategist, IBM Security Services 2 Securing mobile
Professional Services Overview
Professional Services Overview INFORMATION SECURITY ASSESSMENT AND ADVISORY NETWORK APPLICATION MOBILE CLOUD IOT Praetorian Company Overview HISTORY Founded in 2010 Headquartered in Austin, TX Self-funded
Network Security and the Small Business
Network Security and the Small Business Why network security is important for a small business Many small businesses think that they are less likely targets for security attacks as compared to large enterprises,
FORBIDDEN - Ethical Hacking Workshop Duration
Workshop Course Module FORBIDDEN - Ethical Hacking Workshop Duration Lecture and Demonstration : 15 Hours Security Challenge : 01 Hours Introduction Security can't be guaranteed. As Clint Eastwood once
Hong Kong Information Security Outlook 2015 香 港 資 訊 保 安 展 望
Hong Kong Information Security Outlook 2015 香 港 資 訊 保 安 展 望 Agenda Information Security Trends Year 2014 in Review Outlook for 2015 Advice to the Public Hong Kong Computer Emergency Response Team Coordination
Symantec AntiVirus Enterprise Edition
Symantec AntiVirus Enterprise Edition Comprehensive threat protection for every network tier, including client-based spyware prot e c t i o n, in a single product suite Overview Symantec AntiVirus Enterprise
Contact details For contacting ENISA or for general enquiries on information security awareness matters, please use the following details:
Malicious software About ENISA The European Network and Information Security Agency (ENISA) is an EU agency created to advance the functioning of the internal market. ENISA is a centre of excellence for
Spyware. Michael Glenn Technology Management [email protected]. 2004 Qwest Communications International Inc.
Spyware Michael Glenn Technology Management [email protected] Agenda Security Fundamentals Current Issues Spyware Definitions Overlaps of Threats Best Practices What Service Providers are Doing References
Total Defense Endpoint Premium r12
DATA SHEET Total Defense Endpoint Premium r12 Overview: Total Defense Endpoint Premium Edition r12 offers comprehensive protection for networks, endpoints and groupware systems from intrusions, malicious
Cyber Security, Fraud and Corporate Account Takeovers LBA Bank Counsel Conference December 2014
Cyber Security, Fraud and Corporate Account Takeovers LBA Bank Counsel Conference December 2014 Lisa D. Traina, CPA, CITP, CGMA Lisa Traina utilizes her 30+ years of experience as a CPA, CITP and CGMA
Intro to QualysGuard IT Risk & Asset Management. Marek Skalicky, CISM, CRISC Regional Account Manager for Central & Adriatic Eastern Europe
Intro to QualysGuard IT Risk & Asset Management Marek Skalicky, CISM, CRISC Regional Account Manager for Central & Adriatic Eastern Europe A Unified and Continuous View of ICT Security, Risks and Compliance
CSCI 454/554 Computer and Network Security. Instructor: Dr. Kun Sun
CSCI 454/554 Computer and Network Security Instructor: Dr. Kun Sun About Instructor Dr. Kun Sun, Assistant Professor of Computer Science http://www.cs.wm.edu/~ksun/ Phone: (757) 221-3457 Email: [email protected]
NETWORK AND CERTIFICATE SYSTEM SECURITY REQUIREMENTS
NETWORK AND CERTIFICATE SYSTEM SECURITY REQUIREMENTS Scope and Applicability: These Network and Certificate System Security Requirements (Requirements) apply to all publicly trusted Certification Authorities
PTSv2 in pills: The Best First for Beginners who want to become Penetration Testers. Self-paced, online, flexible access
The Best First for Beginners who want to become Penetration Testers PTSv2 in pills: Self-paced, online, flexible access 900+ interactive slides and 3 hours of video material Interactive and guided learning
Web App Security Audit Services
locuz.com Professional Services Web App Security Audit Services The unsecured world today Today, over 80% of attacks against a company s network come at the Application Layer not the Network or System