BIG DATA TRIAGE & DIGITAL FORENSICS

Similar documents
CYBER SECURITY TRAINING SAFE AND SECURE

Secure by design: taking a strategic approach to cybersecurity

Cyber threat intelligence and the lessons from law enforcement. kpmg.com.au

developing your potential Cyber Security Training

Cyber security Building confidence in your digital future

POWERFUL SOFTWARE. FIGHTING HIGH CONSEQUENCE CYBER CRIME. KEY SOLUTION HIGHLIGHTS

MSc Cyber Security. identity. hacker. virus. network. information

ESKISP Manage security testing

The Cyber Threat Profiler

FedVTE Training Catalog SUMMER advance. Free cybersecurity training for government personnel. fedvte.usalearning.gov

ESKISP Conduct security testing, under supervision

GEARS Cyber-Security Services

Cisco Security Optimization Service

Cyber Security Evolved

Unified Cyber Security Monitoring and Management Framework By Vijay Bharti Happiest Minds, Security Services Practice

Cybersecurity and internal audit. August 15, 2014

FedVTE Training Catalog SPRING advance. Free cybersecurity training for government personnel. fedvte.usalearning.gov

Protecting against cyber threats and security breaches

Cyber threat intelligence and the lessons from law enforcement. kpmg.com/cybersecurity

Addressing Cyber Risk Building robust cyber governance

Overview TECHIS Carry out security testing activities

Penetration Testing Services. Demonstrate Real-World Risk

KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES.

Cyber security Building confidence in your digital future

CYBER SECURITY Audit, Test & Compliance

G- Cloud Specialist Cloud Services. Security and Penetration Testing. Overview

Sophisticated Indicators for the Modern Threat Landscape: An Introduction to OpenIOC

BT Assure Threat Intelligence

Cyber Security and Privacy Services. Working in partnership with you to protect your organisation from cyber security threats and data theft

CyberSecurity Solutions. Delivering

Committees Date: Subject: Public Report of: For Information Summary

Information Technology Security Review April 16, 2012

CYBERSTRAT IS PART OF GMTL LLP, 26 YORK STREET, LONDON, W1U 6PZ, UNITED KINGDOM

Cyber Security Metrics Dashboards & Analytics

ISO27032 Guidelines for Cyber Security

ISO Information Security Management Services (Lot 4)

IT AUDIT WHO WE ARE. Current Trends and Top Risks of /9/2015. Eric Vyverberg. Randy Armknecht. David Kupinski

(BDT) BDT/POL/CYB/Circular

MSc Cyber Security UKPASS P Course 1 Year Full-Time, 2-3 Years Part-Time

ASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES

Penetration Testing Service. By Comsec Information Security Consulting

Part-time MSc in Cyber Security from Northumbria University. masters.qa.com

2015 Vulnerability Statistics Report

FFIEC Cybersecurity Assessment Tool Overview for Chief Executive Officers and Boards of Directors

Cybersecurity Delivering Confidence in the Cyber Domain

Access FedVTE online at: fedvte.usalearning.gov

Protecting your business interests through intelligent IT security services, consultancy and training

Cyber Resilience Implementing the Right Strategy. Grant Brown Security specialist,

SPSP Phase III Recruiting, Selecting, and Developing Secure Power Systems Professionals: Job Profiles

Cisco Advanced Services for Network Security

WHITE PAPER. An Introduction to Network- Vulnerability Testing

Cyber Security. BDS PhantomWorks. Boeing Energy. Copyright 2011 Boeing. All rights reserved.

IBM SECURITY QRADAR INCIDENT FORENSICS

McAfee Security Architectures for the Public Sector

Microsoft s cybersecurity commitment

POSTGRADUATE PROGRAMME SPECIFICATION

FFIEC Cybersecurity Assessment Tool

Bio-inspired cyber security for your enterprise

NETWORK PENETRATION TESTING

Experience the commitment WHITE PAPER. Information Security Continuous Monitoring. Charting the Right Course. cgi.com 2014 CGI GROUP INC.

CBEST Implementation Guide

THE BRITISH LIBRARY. Unlocking The Value. The British Library s Collection Metadata Strategy Page 1 of 8

SOFTWARE LICENCE MANAGEMENT

Commercial Practices in IA Testing Panel

Network Security Audit. Vulnerability Assessment (VA)

Understanding SCADA System Security Vulnerabilities

FTI Consulting insurance services

The SIEM Evaluator s Guide

Smart Security. Smart Compliance.

The purpose of this Unit is to develop an awareness of the knowledge and skills used by ethical and malicious hackers.

How To Protect Your Network From Attack From A Network Security Threat

A strategic approach to fraud

Cyber Liability Insurance Data Security, Privacy and Multimedia Protection

i Network, Inc Technology Solutions, Products & Services Providing the right information, to the right customer, at the right time.

Security and Privacy Trends 2014

defense through discovery

CONSULTING IMAGE PLACEHOLDER

DIGITAL FORENSICS AND CYBER INCIDENT RESPONSE SERVICES

How To Audit Health And Care Professions Council Security Arrangements

IT Professional Standards. Information Security Discipline. Sub-discipline 605 Information Security Testing and Information Assurance Methodologies

Incident Response. Six Best Practices for Managing Cyber Breaches.

External Supplier Control Requirements

Transcription:

BIG DATA TRIAGE & DIGITAL FORENSICS Lead by Professor John Walker FRSA FBCS CITP ITPC CRISC MFSoc INTERGRAL SECURITY XSSURANCE LTD

WHAT IS DATA TRIAGE & DIGITAL FORENSICS? Triage is a process used to assess the criticality of a problem; predominantly used in the medical profession to help prioritise the importance of a condition The process used in the digital world is not that dissimilar to the process used by medical practitioners We use a structured process to discover, assess, determine and prioritise any exposures found. These exposures could lead to hacks or threats. Using specialist forensic techniques we look to discover digital footprints We assess and evaluate the criticality of the exposure We determine the priority of each exposure; Critical, Severe or Moderate The evaluation and severity of the prioritised exposures are then reported on

WHAT IS FOOTPRINTING? Footprinting is the method used to identify the nucleic acid sequence that binds with proteins In the digital world, footprinting is the process of accumulating data regarding a specific network environment, usually for the purpose of finding ways to intrude into the environment. Footprinting can reveal system vulnerabilities and improve the ease with which they can be exploited Digital footprint analysis is where most hackers will start to help build up the intel needed to plan an attack

WHAT IS FOOTPRINTING CONT? Footprinting begins by determining the location and objective of an intrusion. Once this is known, specific information about the organisation is gathered using non-intrusive methods. For example, the organisation's own Web page may provide a personnel directory or employee bios, which may prove useful if the hacker needs to use social engineering to reach the objective. Conducting a whois query on the Web provides the domain names and associated networks related to a specific organisation. Other information obtained may include learning the Internet technologies being used; the operating system and hardware being used; IP addresses; e-mail addresses and phone numbers; and policies and procedures.

WHY IS IT AN ISSUE? Know it or not, we all leave footprints or digital shadows of our activities on the internet an imprint of where we ve been and what we ve been doing. The more we use the net, the more footprints we leave behind. Leave enough and you can soon create a picture of your activities, information about your points of access/entry (IP & email addresses for example) or even information about your own identity Much information about an individual or organisation can be found on the web as a result of your footprints; if you know where and how to look for it this is one of the first steps a hacker takes to build a picture to complete the jigsaw puzzle. This allows the hacker to locate easy points of access to attack and infiltrate the network and can even take over the identity of individual employees

WHAT ARE THE BENEFITS? Most organisations don t know what digital footprints exist or can be found, and therefore don t know the severity of the exposures that could lead to attacks By having the knowledge and access to this information allows you to take the appropriate course of action to ensure you are less exposed and more secure our reports and recommendations will guide you through the necessary processes

THE DATA TRIAGE SERVICE The ISX data triage service is a unique offering of passive in-depth analytics, utilising advanced search engine techniques. The service is used to uncover hidden exposures and vulnerabilities that lead to threats. We use specialist techniques and tools that are completely non-intrusive. The service is performed remotely and has no time impact on your staff or IT team. Specialist applications and systems are used to locate, interrogate, acquire and conduct analysis. The objective of footprinting both single and multiple targets is to identify actual or inferred security anomalies, which may expose the environments or domain to exploitation. The service is constructed of 5 phases; Investigative Phase, Acquisition Phase, Analysis Phase, Discovery Phase and Reporting Stage

THE DATA TRIAGE PHASES Investigative Phase: This Phase will initiate the process of mining the elements of public records and other associated big data in order to identify any objects or information of interest to the assignment. Acquisition Phase: Following on from Phase 1, the process will then seek to acquire any information or objects of interest. Analysis Phase: In this phase the acquired artifacts will be subject to deep analysis. Discovery Phase: Following on from Phase 3, the process will then seek to discover any deep items of information or metadata, which may be relevant to the focus of the activity. Reporting Stage: This Stage will document the findings of the 4 previous Phases and outline both the direct and indirect threats. Once we have arrived at the conclusions stage we make recommendations, offering mitigations for negating the exposure to the located areas of vulnerabilities.

OUR EXPERT TRIAGE INVESTIGATOR As well as being ISX s Director of CSIRT & Cyber Forensics, John Walker is a Visiting Professor at the School of Computing and Informatics, Nottingham Trent University (NTU), owner and CTO of SBLTD, a specialist Contracting/Consultancy in the arena of IT Security & Forensics and Analytics. He is also actively involved with supporting the countering of ecrime, efraud, and on-line Child Abuse, an ENISA CEI Listed Expert, an Editorial Member of the Cyber Security Research Institute (CRSI), the Chair of the ISACA London SAG. In July 2012 John was appointed Member of the ISACA International Guidance & Practices Committee (GPC) and is a Fellow of the British Computer Society (BCS). John is also a practicing Expert Witness in the area of IT, and the originator and author of a CPD/MSc Module, covering Digital Forensics and Investigations.

POST TRIAGE SERVICES To follow on from the Triage service, ISX has developed and created a cost effective suite of services and tools. The suite delivers a range of services including cyber security training, vulnerability assessments, specialist security software, various policy and process based documentation and optional continuous support through our board of advisors. Modular Cyber Training Course Knowledge transfer & practical training Cyber Toolkit A collection of services and tools to deliver an immediate, secure & resilient network Vulnerability Testing Analyse other areas of exposure, test the effectiveness of security tools and report and recommend E-Disclosure Workshop An all encompassing course specifically created to aid with the new European parliamentary e-disclosure policy Liability & Loss Mitigation Insurance advise on what to cover, how best to secure and reduce premiums

ISX SERVICE OVERVIEW Our services have been developed over a number of years by highly skilled individuals (members of our team regularly consult the UK government and International Intelligence Agencies and are frequently requested and commissioned to write or comment on behalf of some very well known security based publications) we provide you with a specialist toolkit that helps to combat many issues in one single hit; in essence either replacing the need to constantly use new tools or replace existing out-of-date systems that are no longer effective. We will help to implement the most robust solutions possible, whilst constantly checking and verifying their usefulness. We will update the internal security team with each new known threat and again offer guidance and support all the way. Our service is about baselining the environment, plugging the exposures (through the use of people skills and tools) and giving on-going support via a knowledge share service, helping you to implement the necessary changes and tweaks in order to remain secure.

WHY IS ISX ANY DIFFERENT TO OTHER PROVIDERS? ISX take a different approach to network security - instead of simply checking the security tools you have in place and assessing their effectiveness (*attack and penetration test), we take the view of a hacker and look at a far more granular level. We look to identify and disclose all points of vulnerability in order to give an accurate assessment of the gaps. We show you how to close those gaps, making the environment immediately more secure and less exposed to future attacks. As part of this approach ISX offer an all-encompassing cyber security service, a complete lifecycle of services ranging from security foot-printing and triage to forensic investigations and training (how to handle attacks and what processes to follow when they do occur).

WHY CONSIDER INTEGRAL Integral brings a wealth of experience in the cyber security and risk management domain. As part of our information security work with private and public organisations in all industries, we have been delivering comprehensive risk assessments for many years. All our consultants are qualified and experienced practitioners. We have an advisory board of heavyweight security experts with over 60 years experience of executive education and containment of cyber threats. The board has developed a suite of cyber education workshops and tools underpinned by an analytics platform. Organisations benefit from an independent assessment of their blended framework, sustainability advice, peace of mind surrounding emerging threats and the evidence to strengthen negotiations for insurance premium reduction.

WHY CONSIDER INTEGRAL An effective and different approach The benefits to our approach: A visionary approach - an inside knowledge on how the hacker thinks Key industry knowledge - published and highly regarded white papers and articles Understanding - the ability to inform and educate clients Proven track record - to access and manage risks & attacks Agility - to react quickly to new threats and help protect clients Comfort - ensuring clients have the level of protection they need

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information