IT Security Trends. The Australian Perspective. a presentation by. Viviani Paz, Security Assurance Manager
|
|
- Eustace Gaines
- 6 years ago
- Views:
Transcription
1 IT Security Trends The Australian Perspective a presentation by Viviani Paz, Security Assurance Manager Australian Computer Emergency Response Team The University of Queensland Brisbane, Queensland 4072 AUSTRALIA 1
2 Outline AusCERT History The attacker profile IT Security Trends 2
3 AusCERT Brief history Organisational Structure Services Role 3
4 In the beginning there was nothing 4
5 Brief history Morris Worm CERT/CC Formed in 1993 to provide incident response assistance to Australian universities - AARNET Membership based funding model late 90s National and International members from Government, Corporate, Sector National Information Infrastructure Protection Y2K & Consultative forum Increased focus on Global and Regional Initiatives Inaugural AusCERT Asia Pacific Information Technology Security Conference Officially recognised as Australia s National CERT PM s Business-Government Task Force on Critical Infrastructure National Initiatives ( 5
6 Organisational Structure Based at The University of Queensland Independent and not for profit 12+ full-time core staff and growing Coordination Centre 24x7 on call operations centre Alerts, advisories and incident response Budget Membership subscriptions 250 members Government project based funding Training Conference 6
7 Services Publications Member only content news letters, business impact statements Crime Survey in conjunction with Aust. Law enforcement agencies Other e.g. Unix Security Checklist Translated into other languages Security Bulletins To organisation alias and via profile National IT Security Alert Service (SMS) Early Warning Service Incident reporting (web, , Probe) National IT Security Incident Reporting AusCERT/AHTCC financial sector incident reporting Member Assistance in emergency Member forum, industry group mail lists (upon request) Training and Conference (discounts for members) 7
8 Relationships with Other Organisations Research Organisations Other Incident Response Teams Law Enforcement Agencies Government Agencies Vendors and Product Manufacturers Consultants Technical Experts Other Network Users 8
9 Role AusCERT is the trusted, single point of contact for the dissemination of advice about computer network threats and vulnerabilities for Australian organisations the coordination and handling of computer security incidents affecting Australian organisations for incidents sourced from anywhere around the globe National CERT for Australia 9
10 The Attacker Profile 10
11 Video: Sleepless Frights (2.05 minutes) from b-sec 11
12 The Attacker Profile A successful attack requires: Motive - Means - Opportunity The Discriminators are: Untargeted (an indiscriminate victim) A function of the Opportunity aspect Specifically targeted A function of any aspect Only Opportunity can be controlled by the victim The attacker controls the Motive and the Means Assume a motivated attacker: - Do NOT assume a technical motive only! 12
13 Attacker Motive Indiscriminate attack (eg after a network-scan) Curiosity (eg I was just testing! ) Vandalism or peer kudos (eg My kung-fu is the best! ) Fear, greed or malice (eg a disgruntled ex-employee) Hacktivism (eg We want full disclosure of vuls! ) Industrial espionage (eg stealing trade-secrets) Electronic warfare (eg website defacements) 13
14 Technical Goals of the Attacker Intelligence gathering Denial of Service Read protected information Modify information Execute arbitrary commands Sub-goals: Privileged access (ie root or Administrator ) Ensure future access 14
15 Outcomes sought Financial gain for attacker Cost to victim Media exposure Political agenda Any other outcome to service fear or greed 15
16 What can we do? Security is a business problem, not a technical problem. Not everything is solvable through technology. It requires input from multiple disciplines: IT, law, risk, education. Physical security Capacity planning Change control Procedures Continuity of service Recovery of service Purchasing criteria Service Level Agreements Administrative controls Technical defences Awareness programs 16
17 Balance An appropriate balance between security and competing interests is required. Security (%) Usability (%) Failures in security are often more about the processes (or lack off) for enabling new services or maintaining security. 17
18 IT Security Trends 18
19 Global Trends Economies increasing dependency on public network applications I.e. online banking, online stock trading, e-business, e-government, e- customs, e-etc Increase in Computer Network Attacks (CNA) against National Information Infrastructure (NII) frequency, sophistication and scale Hackers / Intruders increasing numbers and skills Attack tools more sophisticated, more powerful, easier to use Increased Web browser/mail client based attacks Rapid pace of change Faster cycle between vulnerability and active exploit 19
20 Local Trends Australian Computer Crime and Security Survey
21 Who we asked? 21
22 Respondents by industry sector Wholesale 2% Transportation 2% Educational 18% Retail 3% Utility 7% Local Government 4% State Government 13% Hospitality & Entertainment 3% Mining 6% Manufacturing 9% Media 2% Property & Construction 4% Other 5% Finance 8% Federal Government 5% Legal 1% Medical 4% IT 8% Source: 2004 Australian Computer Crime and Security Survey 2004: 199 respondents/83% 22
23 Key Findings Despite improvements in the levels of respondents using and applying various security countermeasures (technical and procedural): more harmful electronic attacks have been reported greater cost impacts have been reported fewer organisations are confident that they are managing their information security well Clearly measures taken to manage information security appear to be insufficient to protect against common security threats. A function of the rapidly changing threat and vulnerability environment in which organisations must operate 23
24 Key Findings Worm, virus and trojan infections Affects all industries and e-commerce customers Unless the trend changes, it has the potential to undermine public confidence in e-commerce and other forms of on-line security Computer security management 70% increased spending during last 12 months due to concerns about adequacy of organisation s computer security 24
25 Readiness to Protect IT Systems 25
26 Security technologies used Physical security Ant i-virus soft wa re Digit a l IDs, c ert ific at es Virt ual P rivat e Net work Encrypted login/sessions Encrypt ed files IDS Firewalls File integrity assessment tools Biometrics Smart cards, 1 time tokens Reusable passwords Access control Ot he r 0% 0% 0% 5% 5% 4% 3% 5% 4% 18% 18% 25% 34% 39% 33% 36% 46% 46% 48% 58% 48% 47% 47% 45% 53% 53% 53% 59% 74% 83% 94% 91% 98% 100% 99% 95% 95% 96% 100% 93% 95% 96% % 20% 40% 60% 80% 100% 120% Source: 2004 Australian Computer Crime and Security Survey 2004: 182 respondents/76%, 2003: 214 respondents/100%, Note: In 2002, respondents w ere not asked if they used file integrity assessment tools and in 2002 and 2003, respondents w ere not asked if they used 26
27 Computer security policies and procedures used Decommissioning Equipment procedures System audit policy Business continuity management Cryptographic controls procedures Clock synchronisation policy Monitoring system access and use procedures External Network Access Control Policies User responsibilit ies policies User Access Management Management of removable computer media Media Backup Procedures Controls against malicious software Segregation of Duties Forensic plan Incident Management Procedures Change control procedures Documented Operating Procedures Ot he r 6% 7% 1% 4% 11% 16% 31% 40% 51% 52% 43% 37% 50% 49% 6 41% 45% 51% 58% 58% 68% 66% 79% 75% 78% 75% 72% 62% 64% 75% 66% 83% 79% 94% 95% 95% 94% % 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% Source: 2004 Australian Computer Crime and Security Survey 2004: 173 respondents/72%, 2003: 213 respondents/99% Note: This question was not asked in the 2002 Australian Computer Crime and Security Survey. 27
28 Trends 28
29 Did your organisation experience one or more electronic attacks in the last 12 months? 80% 70% 67% 60% 50% 40% 42% 55% 49% 49% 30% 20% 10% 28% 4% 4% 2% % yes no don't know Source: 2004 Australian Computer Crime and Security Survey 2004: 238 respondents/99%, 2003: 212 respondents/99%, 2002: 92 respondents/97% Note: In 2004, an electronic attack was defined as an attack which harmed the confidentiality, integ rity o r availab ility o f netwo rk d ata o r systems. In 2003, the term "computer security incidents" was used instead of "electronic attacks" and was defined as an attack against a computer or network which harmed the confidentiality, integrity or availability of network data or systems. In 2002, a computer security incident was defined as an attack against a computer or network, either real or perceived. 29
30 Nature and Impact 30
31 Which of the following types of electronic attack, computer crime, computer access misuse, or abuse did your organisation detect in the last 12 months? Insider abuse of Internet access, or computer system resources Unauthorised access to information by insider (abuse of privileges) System penetr ation by outsider Laptop thef t Thef t of handheld computer s Thef t of other computer har dwar e or devices Virus, worm or trojan infection Inter ception of telecommunications (voice or data) Degr adation of networ k per f or mance associated with heavy networ k scanning Denial of service attack Web site defacement Sabotage of data or networ ks Telecommunications fraud Computer facilitated financial fraud Unauthorised privileged access Theft or breach of proprietary or confidential information 13% 16% 16% 13% 12% 20% 8% 0% 0% 0% 0% 29% 1% 1% 1% 28% 24% 33% 0% 7% 12% 8% 6% 15% 3% 5% 10% 6% 7% 16% 25% 28% 13% 9% 24% 41% 41% 43% 39% 53% 58% 62% 69% 80% 74% 76% 80% 88% % 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% Source: 2004 Australian Computer Crime and Security Survey 2004: 227 respondents/95%, 2003: 196 respondents/91%, Note: In 2002 and 2003, respondents were asked if they had experienced "telecommunications eavesdropping" or "wiretapping" instead of "interception of telecommunications (voice or data)". Also in 2002 and 2003, "theft of handheld computers" and "theft of other computer hardware or devices" were not included under this question. In 2002, web site defacement was not a category under this question. 31
32 The Cost of Computer Crime How losses were incurred Total Annual Loss Virus, worm, Trojan infection 891,100 2,223,900 7,097,100 Computer facilitated financial fraud 807,000 3,525,000 2,457,000 Degradation of network performance associated with network scanning 161, ,200 1,709,000 Laptop theft 1,263,900 2,258,183 1,484,244 Theft/breach of proprietary or confidential information 290, ,000 1,340,000 32
33 Financial impact trends 57% of all respondents quantified losses for 1 or more types of electronic attack, computer crime or computer access misuse In 2004, average annual losses increased by 20%: From $93,657 in 2003 to $116,212 in nd largest source of financial loss was due to computer facilitated financial fraud Totaled $2,457,000 or 15% of total losses reported 33
34 Computer Security Management 34
35 Computer security management The most common vulnerabilities that contributed to harmful electronic attacks were: Exploitation of unpatched or unprotected software vulnerabilities 60% Compared to 29% in 2003 A major reason for the large numbers of worm infections reported Inadequate staff training and education in security practices and procedures 49% Compared to 42% in 2003 Poor security culture in organisation 46% Compared to 49% in
36 Challenges Most challenging or problematic areas of computer security management: Changing users attitudes and behavior regarding computer security practices 65% Keeping up to date with computer threats and vulnerabilities 61% both factors are likely contributors to the prevalence of virus, worm and trojan infections reported by respondents 36
37 Conclusion More organisations have improved their readiness to protect their information systems But there remains a high percentage who are dissatisfied with the capacity of their organisation to effectively protect their information systems Major reasons for this are: Worsening number of electronic attacks, particularly virus, worm and trojan infections and their consequent damage to the organisation the nature of the external threat environment which organisations must operate and the inherent vulnerability of system software being used on their networks Organisations believe their ability to consistently and effectively apply appropriate security measures is not keeping pace with factors beyond their control primarily the external threat environment and software vulnerabilities 37
38 AusCERT Contact Information 24 Hour Hotline: (07) (After( After Hours for Emergencies) International: (GMT+1000) Facsimile: (07) International: Electronic Mail: auscert@auscert.org.au World Wide Web: Postal: AusCERT The University of Queensland Brisbane Qld Australia 38
ITU Regional Cybersecurity Forum for Asia-Pacific
ITU Regional Cybersecurity Forum for Asia-Pacific Incident Management Capabilities Australia Country Case Study Graham Ingram General Manager AusCERT July 2008 Copyright 2008 AusCERT Not for further distribution
More informationCSIRT in general CSIRT Service Categories Reactive Services Proactive services Security Quality Management Services CSIRT. Brmlab, hackerspace Prague
Brmlab, hackerspace Prague Lightning talks, November 2016 in general in general WTF is an? in general WTF is an? Computer Security in general WTF is an? Computer Security Incident Response in general WTF
More informationA practical guide to IT security
Data protection A practical guide to IT security Ideal for the small business The Data Protection Act states that appropriate technical and organisational measures shall be taken against unauthorised or
More informationPreventing Insider Sabotage: Lessons Learned From Actual Attacks
Preventing Insider Sabotage: Lessons Learned From Actual Attacks Dawn Cappelli November 14, 2005 2005 Carnegie Mellon University Report Documentation Page Form Approved OMB No. 0704-0188 Public reporting
More information2005 E-Crime Watch Survey Survey Results Conducted by CSO magazine in cooperation with the U.S. Secret Service and CERT Coordination Center
OVERALL RESULTS E-Crime Watch Survey: 2005 Field Dates: 3/3/05 3/14/05 Total completed surveys: 819 Margin of Error: +/- 3.4% NOTE TO EDITOR For the purpose of this survey, electronic crime, intrusion,
More informationCompTIA Security Research Study Trends and Observations on Organizational Security. Carol Balkcom, Product Manager, Security+
CompTIA Security Research Study 2007 Trends and Observations on Organizational Security Carol Balkcom, Product Manager, Security+ Goals of this session To share some trends and observations related to
More informationENISA & Cybersecurity. Dr. Udo Helmbrecht Executive Director, European Network & Information Security Agency (ENISA) 25 October 2010
ENISA & Cybersecurity Dr. Udo Helmbrecht Executive Director, European Network & Information Security Agency (ENISA) 25 October 2010 Agenda Some Definitions Some Statistics ENISA & Cybersecurity Conclusions
More informationInsider Threat Program: Protecting the Crown Jewels. Monday, March 2, 2:15 pm - 3:15 pm
Insider Threat Program: Protecting the Crown Jewels Monday, March 2, 2:15 pm - 3:15 pm Take Away Identify your critical information Recognize potential insider threats What happens after your critical
More informationA Security Model for Space Based Communication. Thom Stone Computer Sciences Corporation
A Security Model for Space Based Communication Thom Stone Computer Sciences Corporation Prolog Everything that is not forbidden is compulsory -T.H. White They are after you Monsters in the Closet Virus
More informationBuilding Global CSIRT Capabilities
Building Global CSIRT Capabilities Barbara Laswell, Ph.D. September 2003 CERT Centers Software Engineering Institute Carnegie Mellon Pittsburgh, PA 15213 Sponsored by the U.S. Department of Defense 1 2003
More informationCIRT: Requirements and implementation
CIRT: Requirements and implementation By : Muataz Elsadig Sudan CERT Joint ITU-ATU Workshop on Cyber-security Strategy in African Countries Khartoum, Republic of Sudan, 24 26 July 2016 There is no globally
More informationCyber Security. It s not just about technology. May 2017
Cyber Security It s not just about technology May 2017 Introduction The Internet has opened a new frontier in warfare: everything is networked and anything networked can be hacked. - World Economic Forum
More informationCybersecurity A Regulatory Perspective Sara Nielsen IT Manager Federal Reserve Bank of Kansas City
1 Cybersecurity A Regulatory Perspective Sara Nielsen IT Manager Federal Reserve Bank of Kansas City The opinions expressed are those of the presenters and are not those of the Federal Reserve Banks, the
More informationTARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS
Target2-Securities Project Team TARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS Reference: T2S-07-0270 Date: 09 October 2007 Version: 0.1 Status: Draft Target2-Securities - User s TABLE OF CONTENTS
More informationAre you safe? Your business growth strategies are at the heart of the cyber risks your organization faces
Are you safe? Your business growth strategies are at the heart of the cyber risks your organization faces 36 Deloitte A Middle East Point of View Summer 2015 Cyber Security Most reports on cyber security
More informationFTA 2017 SEATTLE. Cybersecurity and the State Tax Threat Environment. Copyright FireEye, Inc. All rights reserved.
FTA 2017 SEATTLE Cybersecurity and the State Tax Threat Environment 1 Agenda Cybersecurity Trends By the Numbers Attack Trends Defensive Trends State and Local Intelligence What Can You Do? 2 2016: Who
More informationCyber Risks in the Boardroom Conference
Cyber Risks in the Boardroom Conference Managing Business, Legal and Reputational Risks Perspectives for Directors and Executive Officers Preparing Your Company to Identify, Mitigate and Respond to Risks
More information716 West Ave Austin, TX USA
Fundamentals of Computer and Internet Fraud GLOBAL Headquarters the gregor building 716 West Ave Austin, TX 78701-2727 USA TABLE OF CONTENTS I. INTRODUCTION What Is Computer Crime?... 2 Computer Fraud
More informationInformation Security Controls Policy
Information Security Controls Policy Classification: Policy Version Number: 1-00 Status: Published Approved by (Board): University Leadership Team Approval Date: 30 January 2018 Effective from: 30 January
More informationWhat is ISO ISMS? Business Beam
1 Business Beam Contents 2 Your Information is your Asset! The need for Information Security? About ISO 27001 ISMS Benefits of ISO 27001 ISMS 3 Your information is your asset! Information is an Asset 4
More informationBradford J. Willke. 19 September 2007
A Critical Information Infrastructure Protection Approach to Multinational Cyber Security Events Bradford J. Willke 19 September 2007 Overview A framework for national Critical Information Infrastructure
More informationAUSTRALIA Building Digital Trust with Australian Healthcare Consumers
AUSTRALIA Building Digital Trust with Australian Healthcare Consumers Accenture 2017 Consumer Survey on Healthcare Cybersecurity and Digital Trust 2 Consumers in Australia trust healthcare organisations
More informationEHR Privacy Risk Assessment Using Qualitative Methods. Maria Madsen CQUniversity, Gladstone, Queensland
EHR Privacy Risk Assessment Using Qualitative Methods Maria Madsen CQUniversity, Gladstone, Queensland EHR Privacy Risk Assessment A Systems Perspective Compliance Need Perform privacy risk Perform privacy
More informationCanada Life Cyber Security Statement 2018
Canada Life Cyber Security Statement 2018 Governance Canada Life has implemented an Information Security framework which supports standards designed to establish a system of internal controls and accountability
More informationUnderstanding the Changing Cybersecurity Problem
Understanding the Changing Cybersecurity Problem Keith Price BBus, MSc, CGEIT, CISM, CISSP Founder & Principal Consultant 1 About About me - Specialise in information security strategy, architecture, and
More information2017 RIMS CYBER SURVEY
2017 RIMS CYBER SURVEY This report marks the third year that RIMS has surveyed its membership about cyber risks and transfer practices. This is, of course, a topic that only continues to captivate the
More informationSpecial Action Plan on Countermeasures to Cyber-terrorism of Critical Infrastructure (Provisional Translation)
Special Action Plan on Countermeasures to Cyber-terrorism of Critical Infrastructure (Provisional Translation) December 15, 2000 1. Goals of the Special Action Plan The goal of this action plan is to protect
More informationCyber fraud and its impact on the NHS: How organisations can manage the risk
Cyber fraud and its impact on the NHS: How organisations can manage the risk Chair: Ann Utley, Preparation Programme Manager, NHS Providers Arno Franken, Cyber Specialist, RSM Sheila Pancholi, Partner,
More informationPreempting Cyber Fraud: SWIFT Threat Indicator Sharing Tool. Cyber Security 3.0 Better Together August 18, 2017
Preempting Cyber Fraud: SWIFT Threat Indicator Sharing Tool Cyber Security 3.0 Better Together August 18, 2017 Research Overview Problem Statement Research Goals & Methodology Defining Insider Cashout
More informationSecurity analysis and assessment of threats in European signalling systems?
Security analysis and assessment of threats in European signalling systems? New Challenges in Railway Operations Dr. Thomas Störtkuhl, Dr. Kai Wollenweber TÜV SÜD Rail Copenhagen, 20 November 2014 Slide
More informationNine Steps to Smart Security for Small Businesses
Nine Steps to Smart Security for Small Businesses by David Lacey Co-Founder, Jericho Forum Courtesy of TABLE OF CONTENTS INTRODUCTION... 1 WHY SHOULD I BOTHER?... 1 AREN T FIREWALLS AND ANTI-VIRUS ENOUGH?...
More informationIT risks and controls
Università degli Studi di Roma "Tor Vergata" Master of Science in Business Administration Business Auditing Course IT risks and controls October 2018 Agenda I IT GOVERNANCE IT evolution, objectives, roles
More informationDefending Our Digital Density.
New Jersey Cybersecurity & Communications Integration Cell Defending Our Digital Density. @NJCybersecurity www.cyber.nj.gov NJCCIC@cyber.nj.gov The New Jersey Cybersecurity & Communications Integration
More informationCybersecurity 2016 Survey Summary Report of Survey Results
Introduction In 2016, the International City/County Management Association (ICMA), in partnership with the University of Maryland, Baltimore County (UMBC), conducted a survey to better understand local
More informationNEW DATA REGULATIONS: IS YOUR BUSINESS COMPLIANT?
NEW DATA REGULATIONS: IS YOUR BUSINESS COMPLIANT? What the new data regulations mean for your business, and how Brennan IT and Microsoft 365 can help. THE REGULATIONS: WHAT YOU NEED TO KNOW Australia:
More informationCybersecurity. Overview. Define Cyber Security Importance of Cyber Security 2017 Cyber Trends Top 10 Cyber Security Controls
Cybersecurity Hospitality Finance and Technology Professionals June 27, 2017 Presented by: Harvey Johnson, CPA Partner Overview Define Cyber Security Importance of Cyber Security 2017 Cyber Trends 1 About
More informationCyber Security Technologies
1 / Cyber Security Technologies International Seminar on Cyber Security: An Action to Establish the National Cyber Security Center Lisbon, 12 th September 2013 23 / Key highlights - Thales Group Thales
More informationUnit 3 Cyber security
2016 Suite Cambridge TECHNICALS LEVEL 3 IT Unit 3 Cyber security Y/507/5001 Guided learning hours: 60 Version 3 - revised September 2016 ocr.org.uk/it LEVEL 3 UNIT 3: Cyber security Y/507/5001 Guided learning
More informationSwedish IT Incident Centre
Swedish IT Incident Centre Establishing a Government CERT from scratch the Swedish experience Establishment phase 2003 2004 CERTs in Europe Lessons Learned and Good Practices, Brussels 2005-12-13 Presentation
More informationFlorida Government Finance Officers Association. Staying Secure when Transforming to a Digital Government
Florida Government Finance Officers Association Staying Secure when Transforming to a Digital Government Agenda Plante Moran Introductions Technology Pressures and Challenges Facing Government Technology
More informationGlobal Security Consulting Services, compliancy and risk asessment services
Global Security Consulting Services, compliancy and risk asessment services Introduced by Nadine Dereza Presented by Suheil Shahryar Director of Global Security Consulting Today s Business Environment
More informationTrusted Computing Group
Trusted Computing Group Backgrounder May 2003 Copyright 2003 Trusted Computing Group (www.trustedcomputinggroup.org.) All Rights Reserved Trusted Computing Group Enabling the Industry to Make Computing
More informationDefine information security Define security as process, not point product.
CSA 223 Network and Web Security Chapter One What is information security. Look at: Define information security Define security as process, not point product. Define information security Information is
More informationInsider Threat Detection Including review of 2017 SolarWinds Federal Cybersecurity Survey
Insider Threat Detection Including review of 2017 SolarWinds Federal Cybersecurity Survey CyberMaryland Conference 2017 Bob Andersen, Sr. Manager Federal Sales Engineering robert.andersen@solarwinds.com
More informationNever a dull moment. Media Conference «Clarity on Cyber Security» 24 May 2016
Never a dull moment Media Conference «Clarity on Cyber Security» 24 May 2016 1 Introduction 2 Why this study? 3 Methodology of the survey Online survey with 43 questions 60 participants from C-Level 35
More informationReducing Cybersecurity Costs & Risk through Automation Technologies
Reducing Cybersecurity Costs & Risk through Automation Technologies Sponsored by Juniper Networks Independently conducted by Ponemon Institute LLC Publication Date: November 2017 Ponemon Institute Research
More informationWhitepaper on AuthShield Two Factor Authentication with SAP
Whitepaper on AuthShield Two Factor Authentication with SAP By AuthShield Labs Pvt. Ltd Table of Contents Table of Contents...2 1.Overview...4 2. Threats to account passwords...5 2.1 Social Engineering
More informationPosition Description. Computer Network Defence (CND) Analyst. GCSB mission and values. Our mission. Our values UNCLASSIFIED
Position Description Computer Network Defence (CND) Analyst Position purpose: Directorate overview: The CND Analyst seeks to discover, analyse and report on sophisticated computer network exploitation
More informationHow to be cyber secure A practical guide for Australia s mid-size business
How to be cyber secure A practical guide for Australia s mid-size business Introduction The digital age has bred opportunity for mid-size business. From ecommerce to social media, agile organisations have
More informationInsider Threats: Actual Attacks by Current and Former Software Engineers
Insider Threats: Actual Attacks by Current and Former Software Engineers 9 June 2011 Dawn Cappelli 2007-2011 Carnegie Mellon University Agenda Introduction to the CERT Insider Threat Center CERT s Insider
More informationBUSINESS LECTURE TWO. Dr Henry Pearson. Cyber Security and Privacy - Threats and Opportunities.
BUSINESS LECTURE TWO Dr Henry Pearson Cyber Security and Privacy - Threats and Opportunities. Introduction Henry started his talk by confessing that he was definitely not a marketer, as he had been occupied
More information10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS
10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS WHITE PAPER INTRODUCTION BANKS ARE A COMMON TARGET FOR CYBER CRIMINALS AND OVER THE LAST YEAR, FIREEYE HAS BEEN HELPING CUSTOMERS RESPOND
More informationSecurity Policies and Procedures Principles and Practices
Security Policies and Procedures Principles and Practices by Sari Stern Greene Chapter 3: Information Security Framework Objectives Plan the protection of the confidentiality, integrity and availability
More informationSafeguarding company from cyber-crimes and other technology scams ASSOCHAM
www.pwc.com Safeguarding company from cyber-crimes and other technology scams ASSOCHAM Rahul Aggarwal - Director The new digital business ecosystem is complex and highly interconnected The new business
More informationCybersecurity Session IIA Conference 2018
www.pwc.com/me Cybersecurity Session IIA Conference 2018 Wael Fattouh Partner PwC Cybersecurity and Technology Risk PwC 2 There are only two types of companies: Those that have been hacked, and those that
More informationCyber Security. Building and assuring defence in depth
Cyber Security Building and assuring defence in depth The Cyber Challenge Understanding the challenge We live in an inter-connected world that brings a wealth of information to our finger tips at the speed
More informationThe Honest Advantage
The Honest Advantage READY TO CHALLENGE THE STATUS QUO GSA Security Policy and PCI Guidelines The GreenStar Alliance 2017 2017 GreenStar Alliance All Rights Reserved Table of Contents Table of Contents
More informationSecurity of Information Technology Resources IT-12
Security of Information Technology Resources About This Policy Effective Dates: 11-28-2007 Last Updated: 10-23-2017 Responsible University Administrator: Office of the Vice President for Information Technology
More informationCYBER RESILIENCE & INCIDENT RESPONSE
CYBER RESILIENCE & INCIDENT RESPONSE www.nccgroup.trust Introduction The threat landscape has changed dramatically over the last decade. Once the biggest threats came from opportunist attacks and preventable
More informationISO/IEC Information technology Security techniques Code of practice for information security management
This is a preview - click here to buy the full publication INTERNATIONAL STANDARD ISO/IEC 17799 Second edition 2005-06-15 Information technology Security techniques Code of practice for information security
More informationThe Common Controls Framework BY ADOBE
The Controls Framework BY ADOBE The following table contains the baseline security subset of control activities (derived from the Controls Framework by Adobe) that apply to Adobe s enterprise offerings.
More informationFebruary Introduction
Proposed Security Guidelines For Mobile Banking And Payments Introduction PIN Security Transactions Logs Fraud Detection Bank Accounts Store Value Accounts Technology Risk Management... 3 Security Practices...
More informationDefining Computer Security Incident Response Teams
Defining Computer Security Incident Response Teams Robin Ruefle January 2007 ABSTRACT: A computer security incident response team (CSIRT) is a concrete organizational entity (i.e., one or more staff) that
More informationNORTH AMERICAN SECURITIES ADMINISTRATORS ASSOCIATION Cybersecurity Checklist for Investment Advisers
Identify Protect Detect Respond Recover Identify: Risk Assessments & Management 1. Risk assessments are conducted frequently (e.g. annually, quarterly). 2. Cybersecurity is included in the risk assessment.
More informationCyber Security and Cyber Fraud
Cyber Security and Cyber Fraud Remarks by Andrew Ross Director, Payments and Cyber Security Canadian Bankers Association for Senate Standing Committee on Banking, Trade, and Commerce October 26, 2017 Ottawa
More informationlocuz.com SOC Services
locuz.com SOC Services 1 Locuz IT Security Lifecycle services combine people, processes and technologies to provide secure access to business applications, over any network and from any device. Our security
More informationThe University of Queensland
UQ Cyber Security Strategy 2017-2020 NAME: UQ Cyber Security Strategy DATE: 21/07/2017 RELEASE:0.2 Final AUTHOR: OWNER: CLIENT: Marc Blum Chief Information Officer Strategic Information Technology Council
More informationCYBER FRAUD & DATA BREACHES 16 CPE s May 16-17, 2018
CYBER FRAUD & DATA BREACHES 16 CPE s May 16-17, 2018 Cyber fraud attacks happen; they can t all be stopped. The higher order question must be how can we, as fraud examiners and assurance professionals,
More informationPCI Compliance. What is it? Who uses it? Why is it important?
PCI Compliance What is it? Who uses it? Why is it important? Definitions: PCI- Payment Card Industry DSS-Data Security Standard Merchants Anyone who takes a credit card payment 3 rd party processors companies
More informationA new approach to Cyber Security
A new approach to Cyber Security Feel Free kpmg.ch We believe cyber security should be about what you can do not what you can t. DRIVEN BY BUSINESS ASPIRATIONS We work with you to move your business forward.
More informationComputer Security Policy
Administration and Policy: Computer usage policy B 0.2/3 All systems Computer and Rules for users of the ECMWF computer systems May 1995 Table of Contents 1. The requirement for computer security... 1
More informationCo-operation against cybercrime CSIRTs LE private sector
Co-operation against cybercrime CSIRTs LE private sector Octopus Interface 2010 Kauto Huopio Sr. Infosec Advisor Finnish Communications Regulatory Authority CERT-FI Finnish national CSIRT authority { National
More informationCyber Security in Smart Commercial Buildings 2017 to 2021
Smart Buildings Cyber Security in Smart Commercial Buildings 2017 to 2021 Published: Q2 2017 Cyber Security in Smart Buildings Synopsis 2017 This report will help all stakeholders and investors in the
More informationACTIVE SHOOTER RESPONSE CAPABILITY STATEMENT. Dynamiq - Active Shooter Response
ACTIVE SHOOTER RESPONSE CAPABILITY STATEMENT ACTIVE SHOOTER RESPONSE Responding to armed assault acts of terrorism and active shooter incidents Acts of terrorism and shootings in public places have become
More informationTECHLAW AUSTRALIA. Update on cyber security and data protection. Thursday, 22 June Thursday, 22 June
TECHLAW AUSTRALIA Update on cyber security and data protection Thursday, 22 June 2017 www.dlapiper.com Thursday, 22 June 2017 0 Overview Current threat environment why now? What is required/expected? Scenarios:
More informationNEN The Education Network
NEN The Education Network School e-security Checklist This checklist sets out 20 e-security controls that, if implemented effectively, will help to ensure that school networks are kept secure and protected
More informationEMPOWER PEOPLE IMPROVE LIVES INSPIRE SUCCESS
Information Technology Shared Service Team North Dakota Cyber Security Across North Dakota Threats and Opportunities 15 September 2018 EMPOWER PEOPLE IMPROVE LIVES INSPIRE SUCCESS AGENDA SIRN / FirstNet
More informationIntroduction. Controlling Information Systems. Threats to Computerised Information System. Why System are Vulnerable?
Introduction Controlling Information Systems When computer systems fail to work as required, firms that depend heavily on them experience a serious loss of business function. M7011 Peter Lo 2005 1 M7011
More informationPersonal Cybersecurity
Personal Cybersecurity The Basic Principles Jeremiah School, CEO How big is the issue? 9 8 7 6 5 4 3 2 1 Estimated global damages in 2018 0 2016 2018 2020 2022 2024 2026 2028 2030 Internet Users Billions
More informationThe Republic of Korea. economic and social benefits. However, on account of its open, anonymous and borderless
The Republic of Korea Executive Summary Today, cyberspace is a new horizon with endless possibilities, offering unprecedented economic and social benefits. However, on account of its open, anonymous and
More informationPerspectives on Threat
Commerce Threats Perspectives on Threat Higher level approach Define and characterize the threat rather list the what if scenarios Where to find accurate information on information Part I: Business Traditional
More informationInternet of Things Toolkit for Small and Medium Businesses
Your Guide #IoTatWork to IoT Security #IoTatWork Internet of Things Toolkit for Small and Medium Businesses Table of Contents Introduction 1 The Internet of Things (IoT) 2 Presence of IoT in Business Sectors
More informationProfessional Training Course - Cybercrime Investigation Body of Knowledge -
Overview The expanded use of the Internet has facilitated rapid advances in communications, systems control, and information sharing. Those advances have created enormous opportunities for society, commerce
More informationThe Case for National CSIRTs
The Case for National CSIRTs ENOG 12 Yerevan 3-4 Oct 2016 What is a CERT (CSIRT)? A Computer Security Incident Response Team (CSIRT) is a service organization that is responsible for receiving, reviewing,
More informationData Breaches: Is IBM i Really At Risk? All trademarks and registered trademarks are the property of their respective owners.
Data Breaches: Is IBM i Really At Risk? HelpSystems LLC. All rights reserved. All trademarks and registered trademarks are the property of their respective owners. ROBIN TATAM, CBCA CISM PCI-P Global Director
More informationUniversity of Pittsburgh Security Assessment Questionnaire (v1.7)
Technology Help Desk 412 624-HELP [4357] technology.pitt.edu University of Pittsburgh Security Assessment Questionnaire (v1.7) Directions and Instructions for completing this assessment The answers provided
More informationNew Zealand National Cyber Security Centre Incident Summary
New Zealand National Cyber Security Centre 2013 Incident Summary National Cyber Security Centre 2013 Incident Summary Foreword The incidents summarised in this report reinforce that cyber security is truly
More informationAn overview of the CERT/CC and CSIRT Community
An overview of the CERT/CC and CSIRT Community Jason A. Rafail October 2007 2007 Carnegie Mellon University Overview CERT/CC CSIRTs with National Responsibility Partnerships and Trust Training Conclusion
More informationU.S. State of Cybercrime
EXCLUSIVE RESEARCH FROM EXECUTIVE SUMMARY 2017 U.S. State of Cybercrime IDG Communications, Inc. 2017 U.S. State of Cybercrime TODAY S CYBERCRIMES ARE BECOMING MORE TARGETED AND BUILT FOR MAXIMUM IMPACT,
More informationA GUIDE TO CYBERSECURITY METRICS YOUR VENDORS (AND YOU) SHOULD BE WATCHING
A GUIDE TO 12 CYBERSECURITY METRICS YOUR VENDORS (AND YOU) SHOULD BE WATCHING There is a major difference between perceived and actual security. Perceived security is what you believe to be in place at
More informationNew York Cybersecurity. New York Cybersecurity. Requirements for Financial Services Companies (23NYCRR 500) Solution Brief
Publication Date: March 10, 2017 Requirements for Financial Services Companies (23NYCRR 500) Solution Brief EventTracker 8815 Centre Park Drive, Columbia MD 21045 About EventTracker EventTracker s advanced
More informationMIS5206-Section Protecting Information Assets-Exam 1
Your Name Date 1. Which of the following contains general approaches that also provide the necessary flexibility in the event of unforeseen circumstances? a. Policies b. Standards c. Procedures d. Guidelines
More informationItu regional workshop
Itu regional workshop "Key Aspects of Cybersecurity in the Context of Internet of Things (IoT) Natalia SPINU 18 September, 2017 Tashkent, Uzbekistan AGENDA 1. INTRODUCTI ON 2. Moldovan public policy on
More informationCybersecurity The Evolving Landscape
Cybersecurity The Evolving Landscape 1 Presenter Zach Shelton, CISA Principal DHG IT Advisory Zach.Shelton@DHG.com Raleigh, NC 14+ years of experience in IT Consulting 11+ years of experience with DHG
More informationDHS Cybersecurity. Election Infrastructure as Critical Infrastructure. June 2017
DHS Cybersecurity Election Infrastructure as Critical Infrastructure June 2017 Department of Homeland Security Safeguard the American People, Our Homeland, and Our Values Homeland Security Missions 1.
More informationISO/IEC Solution Brief ISO/IEC EventTracker 8815 Centre Park Drive, Columbia MD 21045
Solution Brief 8815 Centre Park Drive, Columbia MD 21045 About delivers business critical software and services that transform high-volume cryptic log data into actionable, prioritized intelligence that
More informationRetail Security in a World of Digital Touchpoint Complexity
Retail Security in a World of Digital Touchpoint Complexity Author Greg Buzek, President of IHL Services Sponsored by Cisco Systems Inc. Featuring industry research by Previously in part 1 and part 2 of
More informationCybersecurity: Incident Response Short
Cybersecurity: Incident Response Short August 2017 Center for Development of Security Excellence Contents Lesson 1: Incident Response 1-1 Introduction 1-1 Incident Definition 1-1 Incident Response Capability
More informationIs your privacy secure? HIPAA Compliance Workshop September Presented by: Andrés Castañeda, Senior Manager Steve Nouss, Partner
Is your privacy secure? HIPAA Compliance Workshop September 2008 Presented by: Andrés Castañeda, Senior Manager Steve Nouss, Partner Agenda Have you secured your key operational, competitive and financial
More informationitexamdump 최고이자최신인 IT 인증시험덤프 일년무료업데이트서비스제공
itexamdump 최고이자최신인 IT 인증시험덤프 http://www.itexamdump.com 일년무료업데이트서비스제공 Exam : CISA Title : Certified Information Systems Auditor Vendor : ISACA Version : DEMO Get Latest & Valid CISA Exam's Question and
More information