My Lessons Learned in Security Awareness. Pedro Serrano, CISSP Security Architect Cimarex Energy
|
|
- Austen Burke
- 6 years ago
- Views:
Transcription
1 My Lessons Learned in Security Awareness Pedro Serrano, CISSP Security Architect Cimarex Energy
2 Phishing, how ransomware and malware get delivered! Billion s sent and received per day in 2016! The change is upward we know this, because is how we do business 85% of organizations have suffered phishing attacks I call this the new normal (expected behavior) 90% of all malware starts via This key ingredients 1. Receive - with a link or malicious payload (unsuspicious user clicks) 2. Go get Internet access, download malicious data, start the damage 65% of mail users worldwide access their via a mobile device The phone is personal I carry in my pocket, the PC stays its disconnected When this access gets exploited I predict a change in how we access
3 But I have a new firewall! You can add all the technical controls that you want but if your employees click and enable the wrong link, its game over! I am not against technical controls, but technical controls were my excuse (scape goat). many organizations hide behind this excuse so that they do not have to do security awareness. The human element needs to be considered as a security risk What is your company culture tolerance
4 Why is security awareness the new hot topic? Because what you do at home you will tend to do at work Because Web, , and Social Media is now accepted behavior, after all is how we do business Because of the overwhelming realization that my users will not pay attention to s and click on the links after all this is what we do when we get an you have to read it In many companies receiving an requires action Because cost are less than physical controls this is huge in companies that work in a balanced budget environment
5 We emphasized on changing behavior How? Monthly newsletters (enhanced with images) one page, no attachments
6 Made it easy to report suspicious Implemented a new icon One Click button in the Outlook client where users could report suspicious for the security team to review. The premise make it so easy that my CEO would use it! And it worked once I made the reporting a one click away
7 Bribe with food! Created Lunch and Learns to talks about security awareness with lunch provided - we called this the honey effect. We did not enforced a mandatory meeting where employees attended because they were required, instead I wanted them to want to be there! all about the expectation! Convinced upper management to budget for $10.00 per meal / per employee This was the most difficult step. Actually our first meeting was a pilot (test), and it was so successful that after the meeting we had a commitment to continue. Executive team understood the dynamic and importance of cyber education
8 Create competition phishing campaign After the first round of test phishing send congratulating the winner groups Let me tell you my engineers like to win!!! Got high fives and dirty looks in the elevators Created buzz about Pedro s tricked s Many folks actually were impressed and wanted to know why they had fail the phishing This open the door to discuss how to review s and the 7 different places that I could trick you in an .
9 Made the training fun, animated, easy going This created acceptance This was not the security guys trying to get me! Trust I actually received calls of employees telling me that they had failed and that they would have never look at the from in the because everything else look legit. Elevator talks I got daily questions on web, s, or out of office etiquette
10 Summary what we learned is the delivery method let s learn how to stop it. Technical controls work but people are going to be people Security Awareness single most effective control for the least money Behavior modification Is key, so relate to what matters to users (home) Make it easy to report bad Bribe with Food. The Honey effect Make security awareness fun (acceptance factor) Above all create trust and acceptance, you are not the enemy!
11 Pedro Serrano, CISSP President ISSA Oklahoma Speak Train
12 References 1. US Statistics Report,
Developing a culture of security awareness: Based on your culture
SANS STH Security Awareness Summit 2016 Developing a culture of security awareness: Based on your culture Akshay Shetty Information Security Program Manager 2016 Autodesk Autodesk and Me Leader in 3D design,
More informationSecuring the User: Winning Hearts & Minds to Drive Secure Behavior
Securing the User: Winning Hearts & Minds to Drive Secure Behavior Thomas Skill, CIO University of Dayto Spencer Mott, CIO-CISO Amg Dawn Sherizad, product manager of security, Macy Eleanor Dallaway, Editor
More informationWho We Are! Natalie Timpone
Who We Are! Natalie Timpone Manager of Security Business Management Office Enterprise Security Awareness Manager Carmelo Walsh Security, Risk, and Compliance Security Awareness Subject Matter Expert Who
More informationRANSOMWARE PROTECTION. A Best Practices Approach to Securing Your Enterprise
RANSOMWARE PROTECTION A Best Practices Approach to Securing Your Enterprise TABLE OF CONTENTS Introduction...3 What is Ransomware?...4 Employee Education...5 Vulnerability Patch Management...6 System Backups...7
More informationThanks for attending this session on April 6 th, 2016 If you have any question, please contact Jim at
Thanks! Thanks for attending this session on April 6 th, 2016 If you have any question, please contact Jim at jim@stickleyonsecurity.com Don t forget to checkout Stickley on Security and learn about our
More informationManaging and Preparing for Cyber Incidents
Managing and Preparing for Cyber Incidents Two Day Training Course Course Description Over the last few years the number of cyber incidents has grown, affecting organisations large and small. High profile
More informationA MULTILAYERED SECURITY APPROACH TO KEEPING HEALTHCARE DATA SECURE
SESSION ID: SPO2-W12 A MULTILAYERED SECURITY APPROACH TO KEEPING HEALTHCARE DATA SECURE Frank Bunton VP, CISO MedImpact Healthcare Systems, Security @frankbunton Larry Biggs Security Engineer III - Threat
More informationwith Advanced Protection
with Advanced Email Protection OVERVIEW Today s sophisticated threats are changing. They re multiplying. They re morphing into new variants. And they re targeting people, not just technology. As organizations
More informationGetting Your s Read!
Getting Your Emails Read! The time-tested, tried, and true methods for getting your emails read and opened. This is essential for anyone that wants to build a full time income from their list efforts.
More informationDEFENCE IN DEPTH HOW ANTIVIRUS, TRADITIONAL FIREWALLS, AND DNS FIREWALLS WORK TOGETHER
DEFENCE IN DEPTH HOW ANTIVIRUS, TRADITIONAL FIREWALLS, AND DNS FIREWALLS WORK TOGETHER D-Zone DNS Firewall 18-10-20171 EXECUTIVE SUMMARY Cyber attacks continue to grow at an alarming rate with ransomware
More informationAges Donʼt Fall for Fake: Activity 1 Don t bite that phishing hook! Goals for children. Letʼs talk
Ages 11-14 Donʼt Fall for : Activity 1 Don t bite that phishing hook! Children play a game where they study various emails and texts and try to decide which messages are legit and which are phishing scams.
More informationToo Little Too Late: Top Reasons Why You Got Hacked
TUESDAY MAY 23,2017 2:00-3:15 PM Too Little Too Late: Top Reasons Why You Got Hacked MODERATOR SPEAKERS John Gross Director of Financial Management, City of Long Beach, CA Chad Alvarado Supervisory Special
More informationfalanx Cyber Falanx Cyber Awareness Training: Educating your staff
falanx Cyber Falanx Cyber Awareness Training: Educating your staff Contents What is Cyber Security Awareness Training? 3 Why choose Falanx for your awareness training? 4 Types of training 5 Testimonials
More informationAKAMAI CLOUD SECURITY SOLUTIONS
AKAMAI CLOUD SECURITY SOLUTIONS Whether you sell to customers over the web, operate data centers around the world or in the cloud, or support employees on the road, you rely on the Internet to keep your
More informationOne Phish, Two Phish, Three! Building an Active Threat Management Framework for Malicious
One Phish, Two Phish, Three! Building an Active Threat Management Framework for Malicious Email - Ron Weiss, Incident Response Team lead Disclaimer: The information in this presentation is based on lessons
More informationThe Fight Against Phishing: Defining Metrics That Matter
The Fight Against Phishing: Defining Metrics That Matter Mark T. Chapman CFE CISSP President and Founder Quick Movie Reference After being subjected to terribly boring stories for days, Steve Martin s
More informationfalanx Cyber Falanx Phishing: Measure your resilience
falanx Cyber Falanx Email Phishing: Measure your resilience Contents What is Email Phishing? 3 Why should I carry out an Email Phishing exercise? 4 PhishEd Managed regular phishing 5 Single assessments
More informationKnowBe4 is the world s largest integrated platform for awareness training combined with simulated phishing attacks.
KnowBe4 is the world s largest integrated platform for awareness training combined with simulated phishing attacks. About Us The world s most popular integrated Security Awareness Training and Simulated
More informationSecurity analytics: From data to action Visual and analytical approaches to detecting modern adversaries
Security analytics: From data to action Visual and analytical approaches to detecting modern adversaries Chris Calvert, CISSP, CISM Director of Solutions Innovation Copyright 2013 Hewlett-Packard Development
More informationCYBERSECURITY SAVE YOUR BOTTOM LINE IBC Annual Convention Anne Benigsen, Bankers Bank of the West
CYBERSECURITY SAVE YOUR BOTTOM LINE I t s n o t a l l a b o u t m o n e y - r e a l l y 1 WHO AM I? 24 years in IT. 10 years in IS. 7 years in banking. Small business. Large business. Government. Entertainment
More informationSecurity and social engineering
Focused on Security. Committed to Success. Security and social engineering Fcis,Mansoura University,Egtpt What is social engineer? Social engineering is satisfied attack from end user who behave confidence
More information2017 Annual Meeting of Members and Board of Directors Meeting
2017 Annual Meeting of Members and Board of Directors Meeting Dan Domagala; "Cybersecurity: An 8-Point Checklist for Protecting Your Assets" Join this interactive discussion about cybersecurity trends,
More informationTHE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION
BREACH & ATTACK SIMULATION THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION Cymulate s cyber simulation platform allows you to test your security assumptions, identify possible security gaps and receive
More informationHOW TO PHISH YOUR BUSINESS (AND GET MANAGEMENT S BUY-IN)
HOW TO PHISH YOUR BUSINESS (AND GET MANAGEMENT S BUY-IN) Answering key questions about the value, cost, risk, and execution of a phishing awareness program TABLE OF CONTENTS Introduction: What Management
More informationHearing Voices: The Cybersecurity Pro s View of the Profession
SESSION ID: AST2-W02 Hearing Voices: The Cybersecurity Pro s View of the Profession Jon Oltsik Senior Principal Analyst and ESG Fellow Enterprise Strategy Group @joltsik Candy Alexander, CISSP CISM International
More informationHow Cyber-Criminals Steal and Profit from your Data
How Cyber-Criminals Steal and Profit from your Data Presented by: Nick Podhradsky, SVP Operations SBS CyberSecurity www.sbscyber.com Consulting Network Security IT Audit Education 1 Agenda Why cybersecurity
More informationKaspersky Security Awareness
Kaspersky for Business Kaspersky Security Awareness Gamified training programs for all organizational levels www.kaspersky.com #truecybersecurity An effective way of building cybersafety across an organization
More information3 Ways to Prevent and Protect Your Clients from a Cyber-Attack. George Anderson Product Marketing Director Business October 31 st 2017
3 Ways to Prevent and Protect Your Clients from a Cyber-Attack George Anderson Product Marketing Director Business October 31 st 2017 Agenda One ounce of prevention is worth a pound of protection 01 Aiming
More informationThe First 12. An Hour-by-Hour Breakdown of a Threat Actor Inside Your Environment. Dr. Chase Cunningham ECSA,
The First 12 An Hour-by-Hour Breakdown of a Threat Actor Inside Your Environment Dr. Chase Cunningham ECSA, LPT HEAD OF THREAT RESEARCH & DEVELOPMENT, ARMOR @CynjaChaseC Hour 1 0100 HOURS Target Observation
More informationIntroduction to
Introduction to Email gcflearnfree.org/print/email101/introduction-to-email Introduction Do you ever feel like the only person who doesn't use email? You don't have to feel left out. If you're just getting
More informationTo learn more about Stickley on Security visit You can contact Jim Stickley at
Thanks for attending this session on March 15th. To learn more about Stickley on Security visit www.stickleyonsecurity.com You can contact Jim Stickley at jim@stickleyonsecurity.com Have a great day! Fraud
More informationEPISODE 23: HOW TO GET STARTED WITH MAILCHIMP
EPISODE 23: HOW TO GET STARTED WITH MAILCHIMP! 1 of! 26 HOW TO GET STARTED WITH MAILCHIMP Want to play a fun game? Every time you hear the phrase email list take a drink. You ll be passed out in no time.
More informationManaged Enterprise Phishing Protection. Comprehensive protection delivered 24/7 by anti-phishing experts
Managed Enterprise Phishing Protection Comprehensive protection delivered 24/7 by anti-phishing experts MANAGED ENTERPRISE PHISHING PROTECTION 24/7 expert protection against phishing attacks that get past
More informationTreasury Services Group Number Treasury Management Officer
Commonwealth Bank & Trust Company is providing this information to you, our ACH Origination customers, as a part of our responsibilities as an Originating Depository Financial Institution. Commonwealth
More informationThe Invisible Threat of Modern Malware Lee Gitzes, CISSP Comm Solutions Company
The Invisible Threat of Modern Malware Lee Gitzes, CISSP Comm Solutions Company November 12, 2014 Malware s Evolution Why the change? Hacking is profitable! Breaches and Malware are Projected to Cost $491
More informationWHITEPAPER. Protecting Against Account Takeover Based Attacks
WHITEPAPER Protecting Against Account Takeover Based Email Attacks Executive Summary The onslaught of targeted email attacks such as business email compromise, spear phishing, and ransomware continues
More informationHow Breaches Really Happen
How Breaches Really Happen www.10dsecurity.com About Dedicated Information Security Firm Clients Nationwide, primarily in financial industry Services Penetration Testing Social Engineering Vulnerability
More informationEMERGING CYBER SECURITY - THREATS AND RISKS
EMERGING CYBER SECURITY - THREATS AND RISKS Ron Hulshizer Managing Director IT Risk Services Independent Bankers of Colorado September 2017 Vail, Colorado Technology The Dark Side 3 Objectives Cybersecurity
More informationService Provider View of Cyber Security. July 2017
Service Provider View of Cyber Security July 2017 Quick Stats Caribbean and LatAm: 3 rd largest population of Internet Users You Are Here Visualization from the Opte Project of the various routes through
More informationDelivering Integrated Cyber Defense for the Cloud Generation Darren Thomson
Delivering Integrated Cyber Defense for the Generation Darren Thomson Vice President & CTO, EMEA Region Symantec In 2009 there were 2,361,414 new piece of malware created. In 2015 that number was 430,555,582
More informationCOUNTERING CYBER CHAOS WITH HIPAA COMPLIANCE. Presented by Paul R. Hales, J.D. May 8, 2017
COUNTERING CYBER CHAOS WITH HIPAA COMPLIANCE Presented by Paul R. Hales, J.D. May 8, 2017 1 HIPAA Rules Combat Cyber Crime HIPAA Rules A Blueprint to Combat Cyber Crime 2 HIPAA Rules Combat Cyber Crime
More informationFighting Phishing I: Get phish or die tryin.
Fighting Phishing I: Get phish or die tryin. Micah Nelson and Max Hyppolite bit.ly/nercomp_sap918 Please, don t forget to submit your feedback for today s session at the above URL. If you use social media
More informationThe Credential Phishing Handbook. Why It Still Works and 4 Steps to Prevent It
The Credential Phishing Handbook Why It Still Works and 4 Steps to Prevent It Introduction Phishing is more than 20 years old, but still represents more than 90% of targeted attacks. The reason is simple:
More informationCyber Security Stress Test SUMMARY REPORT
Cyber Security Stress Test SUMMARY REPORT predict prevent respond detect FINAL SCORE PREDICT: PREVENT: Final score: RESPOND: DETECT: BRILLIANT! You got a 100/100. That's as good as it gets. So take a second
More informationCYBER SECURITY RISK ASSESSMENT: WHAT EVERY PENSION GOVERNMENTAL ENTITY NEEDS TO KNOW
CYBER SECURITY RISK ASSESSMENT: WHAT EVERY PENSION GOVERNMENTAL ENTITY NEEDS TO KNOW May 2018 Ed Plawecki General Counsel & Director of Government Relations UHY LLP Jamie See Manager UHY LLP Iowa Public
More informationWhat can we lose not implementing proper security in our IT environment? Aleksandar Pavlovic Security Account Manager Cisco
What can we lose not implementing proper security in our IT environment? Aleksandar Pavlovic Security Account Manager Cisco Increasing Digital Traffic Creates a Greater Attack Surface Global IP Traffic
More informationHOSTED SECURITY SERVICES
HOSTED SECURITY SERVICES A PROVEN STRATEGY FOR PROTECTING CRITICAL IT INFRASTRUCTURE AND DEVICES Being always-on, always-connected might be good for business, but it creates an ideal climate for cybercriminal
More informationTraining & Certification Guide
Training & Certification Guide Pragmatic EA Ltd December 2010 Version 2.0.5 Part of the Pragmatic Family Cutting Architecture To the Bone Contents INTRODUCTION 3 What is PEAF 3 Aim of this document 3 Non-Commercial
More informationSouth Central Power Stop Scams
Don t get tricked. People around the country have been receiving emails and phone calls from scammers. South Central Power wants to help you keep your money and prevent scams. Review the helpful tips below.
More informationStrategy is Key: How to Successfully Defend and Protect. Session # CS1, February 19, 2017 Karl West, CISO, Intermountain Healthcare
Strategy is Key: How to Successfully Defend and Protect Session # CS1, February 19, 2017 Karl West, CISO, Intermountain Healthcare 1 Speaker Introduction Karl West Chief Information Security Officer Intermountain
More informationOPERATIONS CENTER. Keep your client s data safe and business going & growing with SOC continuous protection
SECURITY OPERATIONS CENTER Keep your client s data safe and business going & growing with SOC continuous protection Business Need of Security Operations Center SOC Benefits NOC vs SOC UnderDefense Incident
More informationDigital Marketing Manager, Marketing Manager, Agency Owner. Bachelors in Marketing, Advertising, Communications, or equivalent experience
Persona name Amanda Industry, geographic or other segments B2B Roles Digital Marketing Manager, Marketing Manager, Agency Owner Reports to VP Marketing or Agency Owner Education Bachelors in Marketing,
More informationSecuring Digital Transformation
September 4, 2017 Securing Digital Transformation DXC Security Andreas Wuchner, CTO Security Innovation Risk surface is evolving and increasingly complex The adversary is highly innovative and sophisticated
More informationCYBER SECURITY EFFECTIVENESS FOR THE RESOURCE-CONSTRAINED ORGANIZATION
SELF-AUDIT GUIDE CYBER SECURITY EFFECTIVENESS FOR THE RESOURCE-CONSTRAINED ORGANIZATION A Primer for Moving Beyond AV and Firewalls 1 The Problem As software systems become more distributed and interactive
More informationSecurity Awareness & Best Practices Best Practices for Maintaining Data Security in Your Business Environment
Security Awareness & Best Practices Best Practices for Maintaining Data Security in Your Business Environment Ray Colado, Information Security Analyst Raise awareness around information security to help
More informationThe five questions I am being asked by National Policy Makers and Utility CEOs; My Best Answers; And Where the Questions Don't Have Answers
The five questions I am being asked by National Policy Makers and Utility CEOs; My Best Answers; And Where the Questions Don't Have Answers The 7th Annual North American SCADA and Process Control Summit
More information30/01/ Tips To Boost The Open & Response Rate Of Your Marketing Campaigns. Hi I m Jesse Forrest, chief copywriter at TheWebCopywriter.
10 Tips To Boost The Open & Response Rate Of Your Email Marketing Campaigns Hi I m Jesse Forrest, chief copywriter at TheWebCopywriter.com I run a copywriting agency with 100 s of satisfied clients from
More informationKey Findings from the Global State of Information Security Survey 2017 Indonesian Insights
www.pwc.com/id Key Findings from the State of Information Security Survey 2017 n Insights Key Findings from the State of Information Security Survey 2017 n Insights By now, the numbers have become numbing.
More informationUnderstanding the Changing Cybersecurity Problem
Understanding the Changing Cybersecurity Problem Keith Price BBus, MSc, CGEIT, CISM, CISSP Founder & Principal Consultant 1 About About me - Specialise in information security strategy, architecture, and
More informationEntertaining & Effective Security Awareness Training
Entertaining & Effective Security Awareness Training www.digitaldefense.com Technology Isn t Enough Improve Security with a Fun Training Program that Works! Social engineering, system issues and employee
More informationRansomware A case study of the impact, recovery and remediation events
Ransomware A case study of the impact, recovery and remediation events Palindrome Technologies 100 Village Court Suite 102 Hazlet, NJ 07730 www.palindrometech.com Peter Thermos President & CTO Tel: (732)
More informationWhat a lot of folks might call the class but as we ll see later, it s not entirely accurate.
1 What a lot of folks might call the class but as we ll see later, it s not entirely accurate. 2 Class composition; note that while CS students are the largest group, they re still only about a quarter
More informationSage Data Security Services Directory
Sage Data Security Services Directory PROTECTING INFORMATION ASSETS ENSURING REGULATORY COMPLIANCE FIGHTING CYBERCRIME Discover the Sage Difference Protecting your business from cyber attacks is a full-time
More informationThe GenCyber Program. By Chris Ralph
The GenCyber Program By Chris Ralph The Mission of GenCyber Provide a cybersecurity camp experience for students and teachers at the K-12 level. The primary goal of the program is to increase interest
More informationWelcome! Copyright 2017 MAC. All Rights Reserved.
Welcome! Copyright 2019 2017 MAC. MAC. All rights All reserved. Rights Reserved. Why QIR Matters-Breach Case Some large hospitality breaches involve multiple reseller companies across the USA. Because
More informationCyber Security Guide. For Politicians and Political Parties
Cyber Security Guide For Politicians and Political Parties Indian Election Integrity Initiative Design by ccm.design Cover Image by Paul Dufour Helping to Safeguard the Integrity of the Electoral Process
More informationEvolution of Spear Phishing. White Paper
Evolution of Spear Phishing White Paper Executive Summary Phishing is a well-known security threat, but few people understand the difference between phishing and spear phishing. Spear phishing is the latest
More informationA CFO s Guide to Cyber Security in the Coming Year
CYBER SECURITY A CFO s Guide to Cyber Security in the Coming Year LEVERAGE TECHNOLOGY AND YOUR FINANCIAL INSTITUTION TO BUILD BETTER DEFENSES www.cfo.com www.huntington.com A CFO s Guide to Cyber Security
More informationHyperDialer Tutorial By Phone Broadcast Club
HyperDialer Tutorial By Phone Broadcast Club Welcome to the Phone Broadcast Club HyperDialer - CRM Dialing System - Intelligent Technology - How bad do you want to bury yourself in success so deep and
More informationOPSEC and defense agains social engineering for devels, execs, and sart-ups
OPSEC and defense agains social engineering for devels, execs, and sart-ups @KirilsSolovjovs on twitter http://kirils.org for more Mg.sc.comp. Kirils Solovjovs Possible Security Problem: Social Engineering
More information2 User Guide. Contents
E-mail User Guide 2 E-mail User Guide Contents Logging in to your web mail... 3 Changing your password... 5 Editing your signature... 6 Adding an e-mail account to Outlook 2010/2013/2016... 7 Adding an
More informationThe Problem with Privileged Users
Flash Point Paper Enforce Access Control The Problem with Privileged Users Four Steps to Reducing Breach Risk: What You Don t Know CAN Hurt You Today s users need easy anytime, anywhere access to information
More informationAre You Too Busy? Practical Tips For Better Time Management
with Lorena Prime Are You Too Busy? Practical Tips For Better Time Management Is this How You Feel? What s a Productivity Expert? Focuses on offices (at work or virtual / home) Sets up file systems and
More informationAttack Vectors in Computer Security
Attack Vectors in Computer Security Who Am I @WillGoard My first proper hacksoc talk I speak fluent greek Sell more pizzas have more fun Why attack vectors? Didn t know what to do for my dissertation Started
More informationThe Eight Rules of Security
The Eight Rules of Security The components of every security decision. Understanding and applying these rules builds a foundation for creating strong and formal practices through which we can make intelligent
More informationcontents Take Action! writing a plan page 21 making money page 66 usability testing page 129 improving site speed page 218 increasing traffic page 266
contents Introduction 2 Take Action! writing a plan page 21 making money page 66 usability testing page 129 improving site speed page 218 increasing traffic page 266 improving search rank page 309 I Planning
More informationMachine-Powered Learning for People-Centered Security
White paper Machine-Powered Learning for People-Centered Security Protecting Email with the Proofpoint Stateful Composite Scoring Service www.proofpoint.com INTRODUCTION: OUTGUNNED AND OVERWHELMED Today
More informationCyber Hygiene Guide. Politicians and Political Parties
Cyber Hygiene Guide Politicians and Political Parties Canadian Election Integrity Initiative Design by ccm.design Cover Image by Songquan Deng Helping to Safeguard the Integrity of the Electoral Process
More informationCYBERSECURITY PENETRATION TESTING - INTRODUCTION
CYBERSECURITY PENETRATION TESTING - INTRODUCTION Introduction Pen-testing 101 University Focus Our Environment Openness and learning Sharing and collaboration Leads to Security Weaknesses What is Penetration
More informationInformation Governance, the Next Evolution of Privacy and Security
Information Governance, the Next Evolution of Privacy and Security Katherine Downing, MA, RHIA, CHPS, PMP Sr. Director AHIMA IG Advisors Follow me @HIPAAQueen 2017 2017 Objectives Part Part I IG Topic
More information10 Cybersecurity Questions for Bank CEOs and the Board of Directors
4 th Annual UBA Bank Executive Winter Conference February, 2015 10 Cybersecurity Questions for Bank CEOs and the Board of Directors Dr. Kevin Streff Founder, Secure Banking Solutions 1 Board of Directors
More informationLesson Guides PRE-INTERMEDIATE
Lesson Guides PRE-INTERMEDIATE British Council 2018 The British Council is the United Kingdom s international organisation for cultural relations and educational opportunities. PRE-INTERMEDIATE LESSON
More informationCybersecurity for IT Online. kaspersky.com/awareness #truecybersecurity. Kaspersky Enterprise Cybersecurity
Kaspersky Enterprise Cybersecurity Cybersecurity for IT Online First line incident response training for general IT specialists kaspersky.com/awareness #truecybersecurity Cybersecurity for IT Online (CITO)
More informationAll the Cool Kids Are Red Teaming Should You Be Drinking the Kool-aid Too?
All the Cool Kids Are Red Teaming Should You Be Drinking the Kool-aid Too? Exploring Different Approaches to Penetration Testing Cara Marie NCC Group ISSA-LA Aug 2017 Obligatory About Me NCC Group Principal
More informationEBOOK. Stopping Fraud. How Proofpoint Helps Protect Your Organization from Impostors, Phishers and Other Non-Malware Threats.
EBOOK Stopping Email Fraud How Proofpoint Helps Protect Your Organization from Impostors, Phishers and Other Non-Malware Threats www.proofpoint.com EBOOK Stopping Email Fraud 2 Today s email attacks have
More informationDepartment of Management Services REQUEST FOR INFORMATION
RESPONSE TO Department of Management Services REQUEST FOR INFORMATION Cyber-Security Assessment, Remediation, and Identity Protection, Monitoring, and Restoration Services September 3, 2015 250 South President
More informationThreat analysis. Tuomas Aura CS-C3130 Information security. Aalto University, autumn 2017
Threat analysis Tuomas Aura CS-C3130 Information security Aalto University, autumn 2017 Outline What is security Threat analysis Threat modeling example Systematic threat modeling 2 WHAT IS SECURITY 3
More informationGovernance Ideas Exchange
www.pwc.com.au Anatomy of a Hack Governance Ideas Exchange Robert Di Pietro October 2018 Cyber Security Anatomy of a Hack Cyber Security Introduction Who are the bad guys? Profiling the victim Insights
More informationIBM Security Systems. IBM X-Force 2012 & CISO Survey. Cyber Security Threat Landscape IBM Corporation IBM Corporation
IBM X-Force 2012 & CISO Survey Cyber Security Threat Landscape 1 2012 IBM Corporation IBM X-Force 2011 Trend and Risk Report Highlights The mission of the IBM X-Force research and development team is to:
More informationAdvanced Systems Security: Putting It Together Systems
Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security:
More informationHow To Build or Buy An Integrated Security Stack
SESSION ID: PDIL-W03 How To Build or Buy An Integrated Security Stack Jay Leek CISO Blackstone Haddon Bennett CISO Change Healthcare Defining the problem 1. Technology decisions not reducing threat 2.
More informationCyber fraud and its impact on the NHS: How organisations can manage the risk
Cyber fraud and its impact on the NHS: How organisations can manage the risk Chair: Ann Utley, Preparation Programme Manager, NHS Providers Arno Franken, Cyber Specialist, RSM Sheila Pancholi, Partner,
More informationArcSight Activate Framework
ArcSight Activate Framework Petropoulos #HPProtect 44% Have trouble managing their SIEM eiqnetworks 2013 SIEM Survey #1 challenge Identification of key events SANS 2012 Log Management and Event Management
More informationHow to Build a Culture of Security
How to Build a Culture of Security March 2016 Table of Contents You are the target... 3 Social Engineering & Phishing and Spear-Phishing... 4 Browsing the Internet & Social Networking... 5 Bringing Your
More informationSecurity at the Digital Cocktail Party. Social Networking meets IAM
Security at the Digital Cocktail Party Social Networking meets IAM What I m going to talk about Social Networking and its benefits Social Networking is an Identity Management System But not always a very
More informationVOXOX. A Tell-All Guide EVERYTHING YOU NEED TO KNOW ABOUT HOSTED PBX. a VOXOX ebook VOXOX, Inc A Comprehensive Guide
VOXOX A Tell-All Guide EVERYTHING YOU NEED TO KNOW ABOUT HOSTED PBX a VOXOX ebook 2017 VOXOX, Inc A Comprehensive Guide CONTENTS 3 INTRODUCTION 4 WHAT IS HOSTED PBX 6 ANATOMY OF A HOSTED PBX CALL 8 GETTING
More informationCybersecurity Risk Mitigation: Protect Your Member Data. Introduction
Cybersecurity Risk Mitigation: Protect Your Member Data Presented by Matt Mitchell, CISSP Knowledge Consulting Group Introduction Matt Mitchell- Director Risk Assurance 17 years information security experience
More informationCybersecurity in the Financial Sector. Aquiles A. Almansi Lead Financial Sector Specialist
Cybersecurity in the Financial Sector Aquiles A. Almansi Lead Financial Sector Specialist aalmansi@worldbank.org Cyber incidents in the financial sector today The average financial institution monitored
More informationMANAGING CYBERSECURITY AWARENESS BY EXPERIENCE
MANAGING CYBERSECURITY AWARENESS BY EXPERIENCE Kaspersky Interactive Protection Simulation security awareness training for top managers and decision makers 2017 Kaspersky Lab. All rights reserved. 1 CYBERSECURITY
More informationCisco Advanced Malware Protection (AMP) for Endpoints
Cisco Advanced Malware Protection (AMP) for Endpoints Endpoints continue to be the primary point of entry for attacks! 70% of breaches start on endpoint devices WHY? Gaps in protection Gaps in visibility
More information