AGENDA. A New Look at Mainframe Hacking And Penetration Testing 01/11/2016. World Class z Specialists
|
|
- Francine Sheila Weaver
- 6 years ago
- Views:
Transcription
1 World Class z Specialists A New Look at Mainframe Hacking And Penetration Testing Delivering the best in z services, software, hardware and training. AGENDA What is the state of mainframe security? How do we stay up to date? How do we protect ourselves? The traditional stuff! What tools are out there today? How do these tool impact us? What are IBM and the vendors doing to help us? Introduction, Objectives and Scene Setting Summary and Questions 1
2 Introduction Being in IT for over 36 Years. Started in May 1980 as a Trainee Computer Operator Technical Director at RSM Partners I lead the Technical team at RSM that amounts to just over 50 technicians IT Security in particular mainframes is my specialist subject All forms of sport, especially Football Outside of work I have a passion for Scuba Diving Motorbikes 2
3 Setting the scene Setting The Scene We have spent several years discussing Mainframe Hacking, Pen Testing and Auditing with the associated risks and issues We have tended to focus on the traditional stuff: Privileged Library Access (APF, Parmlib, etc) SVC s and Exits Poorly written software that can be exploited, the unprotected magic SVC The top ten audit issues found So the idea of this session is to look at the other stuff out there Whats going on outside of the mainframe that can and will affect us? 3
4 Getting the language right Penetration Testing Done by the good people out there to stop the bad folks getting in This is the bit I enjoy the most Hacking The bad guys or gals its not necessarily a male dominated activity these days They are after our stuff. Getting the language right Vulnerability Scanning Scanning the code delivered by IBM and ISV s along with any code you may have developed yourself Test the code to see if it has any vulnerabilities that could be exploited by a knowledgably user 4
5 Getting the language right Auditing The process of checking that we are doing everything correctly These are the good guys and are here to help Work with them not against them Educate them, don t shun them we all had to start somewhere How many IT Auditors actually understand what we do? The traditional stuff! 5
6 The Traditional Stuff! None of the traditional stuff should be ignored, if anything they need even more attention than before If some of the other stuff we will discuss happens, then the risk associated with these issues actually rises: Privileged Library Access (APF, Parmlib, etc) SVC s and Exits Poorly written software that can be exploited, the unprotected magic SVC The top ten audit issues found that have been presented many times see next slide Still The -- Top Ten Audit Issues 1. Excessive Number of User ID s w/no Password Interval 2. Inappropriate Usage of z/os UNIX Superuser Privilege, UID = 0 3. Data Set Profiles with UACC Greater than READ 4. RACF Database is not Adequately Protected 5. Excessive Access to APF Libraries 6. General Resource Profiles in WARN Mode 7. Production Batch Jobs have Excessive Resource Access 8. Data Set Profiles with UACC of READ 9. Improper Use or Lack of UNIXPRIV Profiles 10. Started Task IDs are not Defined as PROTECTED IDs 6
7 01/11/2016 What tools are out there today? 7
8 What tools are out there today? Do a simple google search mainframe hacking tools There is plenty to read and research What tools are out there today? 8
9 What tools are out there today? Some really interesting stuff on the list My favorites are:
10 01/11/
11 Fully supports testing using a RACF database Rumour on the street is that they have already added support for the new IBM password KDFAES algorithm! You Tube inframe+hacking 11
12 Twitter Sublime 3 12
13 01/11/ How do these tool impact us? 13
14 How do these tool impact us? For me its awareness more than anything We have long since understood the risks But lets be honest, many of us have hidden behind the fact that nobody really took any notice of us More Security by obscurity Who knows what a reverse shell is??? I do and its very scary How do these tool impact us? 14
15 What s the state of mainframe security? What s the state of mainframe security? Unfortunately, in my opinion not great. We still see the same old issues The top ten are still the top ten Comments that the mainframe is secure and we dont need to worry or invest in this legacy technology...still happen today! wouldnt be saying that if the mainframe was hacked from a fridge!...buts thats for another day!! 15
16 How do we keep up to date? How do we keep up to date? You need to find the time to do the research Attending meetings: This conference Vanguard Conference Defcon, Blackhat, etc RSA and other mainstream security conferences 16
17 How do we protect ourselves? How do we protect ourselves? Get on the front foot Be proactive Talk to the folks in your organization and understand what they are doing with: Identity and Access Management SIEM How many do we hear that the m/f is out of scope Privileged Users and Privileged Access Data classification 17
18 PEBKAC But remember stupidity rules! But lets not forget our users.we as a group can only go so far...but as long as we have users! Problem Exists Between Keyboard And Chair A useful term for demeaning the incompetent competent user without actually saying it to their face 18
19 But remember stupidity rules! Techie: This isn't working. I'll have to come over there and fix it in person Computer user: Really? Why? Techie: It's a PEBKAC issue sir. It's best handled in person PEBKAC!! 19
20 01/11/2016 PEBKAC!! 39 01/11/2016 Summary 20
21 The Perfect Storm What does that actually mean? From Wikipedia A "perfect storm" is an expression that describes an event where a rare combination of circumstances will aggravate a situation drastically The term is also used to describe an actual phenomenon that happens to occur in such a confluence, resulting in an event of unusual magnitude. In my opinion we have this today! Lack of investment Rising interest in mainframes and mainframe hacking The Internet of Things Stupidity in our user base or a lack of understanding Summary Our world is has changing changed We are not an isolated platform anymore In a connected, digital world, we are the big game in town The hackers, in whatever form are coming after us and they will succeedhave succeeded We need to wake our management up and make them realise years of underinvestment and a lack of attention will come back and bite them 21
22 01/11/2016 Summary Questions 22
23 Contact Mark Wilson RSM Partners mobile: +44 (0)
Performing a z/os Vulnerability Assessment. Part 2 - Data Analysis. Presented by Vanguard Integrity Professionals
Performing a z/os Vulnerability Assessment Part 2 - Data Analysis Presented by Vanguard Integrity Professionals Legal Notice Copyright 2014 Vanguard Integrity Professionals - Nevada. All Rights Reserved.
More informationMark Wilson Session Details: Footprinting
Everything you wanted to know about mainframe security, pen testing and vulnerability scanning.. But were too afraid to ask! Mark Wilson markw@rsmpartners.com Session Details: Footprinting Agenda Introduction
More informationPost exploit goodness on a Mainframe
Post exploit goodness on a Mainframe SPECIAL is the new root Ayoub ELAASSAL @ayoul3 Github.com/ayoul3 What I picture when talking about Mainframes What people picture when I talk about Mainframes In 2017
More informationPerforming a z/os Vulnerability Assessment. Part 3 - Remediation. Presented by Vanguard Integrity Professionals
Performing a z/os Vulnerability Assessment Part 3 - Remediation Presented by Vanguard Integrity Professionals Legal Notice Copyright 2014 Vanguard Integrity Professionals - Nevada. All Rights Reserved.
More informationTop Ten Security Vulnerabilities in z/os Security Doug Behrends Sr. Professional Services Consultant Vanguard Integrity Professionals
Top Ten Security Vulnerabilities in z/os Security Doug Behrends Sr. Professional Services Consultant Vanguard Integrity Professionals 1 The Issues Is your mainframe critical to your enterprise? Is it central
More informationPerforming a z/os Vulnerability Assessment. Part 1 - Data Collection. Presented by Vanguard Integrity Professionals
Performing a z/os Vulnerability Assessment Part 1 - Data Collection Presented by Vanguard Integrity Professionals Legal Notice Copyright 2014 Vanguard Integrity Professionals - Nevada. All Rights Reserved.
More informationWhat is PCI/DSS and What s new Presented by Brian Marshall Vanguard Professional Services
What is PCI/DSS and What s new Presented by Brian Marshall Vanguard Professional Services 4/28/2016 1 AGENDA 1.About Vanguard/Introductions 2.What is PCI DSS History 3.High Level Overview 4.PCI DSS 3.0/3.1/3.2
More informationIs Your z/os System Secure?
Ray Overby Key Resources, Inc. Info@kr-inc.com (312) KRI-0007 A complete z/os audit will: Evaluate your z/os system Identify vulnerabilities Generate exploits if necessary Require installation remediation
More information16898: A Forensic Analysis of Security Events on System z, Without the Use of SMF Data
16898: A Forensic Analysis of Security Events on System z, Without the Use of SMF Data Brian Marshall Vice President, Research and Development Vanguard Integrity Professionals Monday March 2, 2015 Insert
More informationz/os Operating System Vulnerabilities ( )
ARTICLE z/os Operating System Vulnerabilities (2013-2017) Cynthia Overby March 2, 2018 z/os Operating System Vulnerabilities (2013-2017) 01 Mainframe Integrity Vulnerabilities Key Resources, Inc. (KRI)
More informationTop Ten Critical Assessment Findings in IBM z/os (RACF ) Environment
Top Ten Critical Assessment Findings in IBM z/os (RACF ) Environment Philip Emrich Senior Professional Services Consultant pemrich@go2vanguard.com Anaheim, CA 9 14 March 2014 SHARE 122 Session 14965 Legal
More informationUsing Threat Analytics to Protect Privileged Access and Prevent Breaches
Using Threat Analytics to Protect Privileged Access and Prevent Breaches Under Attack Protecting privileged access and preventing breaches remains an urgent concern for companies of all sizes. Attackers
More informationIs Your Web Application Really Secure? Ken Graf, Watchfire
Is Your Web Application Really Secure? Ken Graf, Watchfire What we will discuss today Pressures on the application lifecycle Why application security defects matter How to create hacker resistant business
More informationshortcut Tap into learning NOW! Visit for a complete list of Short Cuts. Your Short Cut to Knowledge
shortcut Your Short Cut to Knowledge The following is an excerpt from a Short Cut published by one of the Pearson Education imprints. Short Cuts are short, concise, PDF documents designed specifically
More informationDeveloping Legacy Platform Security. Philip Young, Information Security Specialist, Visa, Inc. Professional Techniques T21
Developing Legacy Platform Security Philip Young, Information Security Specialist, Visa, Inc. Professional Techniques T21 About Me Philip Young Always interested in IT security Started with Audit Ernst
More informationTop Ten Security Vulnerabilities in z/os & RACF Security
Top Ten Security Vulnerabilities in z/os & RACF Security Philip Emrich Senior Professional Services Consultant pemrich@go2vanguard.com Insert Custom Session QR if Desired 9 14 August 2015 SHARE 125 Session
More informationCYBERSECURITY PENETRATION TESTING - INTRODUCTION
CYBERSECURITY PENETRATION TESTING - INTRODUCTION Introduction Pen-testing 101 University Focus Our Environment Openness and learning Sharing and collaboration Leads to Security Weaknesses What is Penetration
More informationMANEWS Issue Number 21 the Mainframe Audit News
This newsletter tells you stuff you need to know to audit IBM mainframe computers runinng with z/os and the MVS operating system. This issue we show you how to plan the data gathering for your audit. Table
More informationWelcome to the RFMA 2016 Annual Conference Mobile App!
Welcome to the RFMA 2016 Annual Conference Mobile App! You re the Star & We re Putting on the Show Simply everything you need to know, at your fingertips! The Restaurant Facility Management Association
More informationWho am I? I m a python developer who has been working on OpenStack since I currently work for Aptira, who do OpenStack, SDN, and orchestration
Who am I? I m a python developer who has been working on OpenStack since 2011. I currently work for Aptira, who do OpenStack, SDN, and orchestration consulting. I m here today to help you learn from my
More informationIBM i (iseries, AS/400) Security: the Good, the Bad, and the downright Ugly
2016 IBM i (iseries, AS/400) Security: the Good, the Bad, and the downright Ugly Today s Agenda Introductions Regulations on IBM i Conducting the Study The State of IBM i Security Study Questions and Answers
More informationEleven Steps to Make Mainframe Security Audits More Effective and Efficient
Eleven Steps to Make Mainframe Security Audits More Effective and Efficient These are some things I ve learned about auditing IBM mainframe computers by trying a lot of approaches, some of which worked
More informationP1_L3 Operating Systems Security Page 1
P1_L3 Operating Systems Security Page 1 that is done by the operating system. systems. The operating system plays a really critical role in protecting resources in a computer system. Resources such as
More informationImplementation of RBAC and Data Classification
Implementation of RBAC and Data Classification Steve Tresadern Rui Miguel Feio RSM Partners December 2014 v1.7 Agenda Introductions Data Classification & Ownership Role-Based Access Control (RBAC) Maintain
More informationClient Care Plan. Critical WordPress website care and support for your peace of mind, ongoing results & growth. So much more than just maintenance.
Find out more at: lovedadesign.co.uk Client Care Plan. Critical WordPress website care and support for your peace of mind, ongoing results & growth. So much more than just maintenance. WordPress Website
More informationThe Eight Rules of Security
The Eight Rules of Security The components of every security decision. Understanding and applying these rules builds a foundation for creating strong and formal practices through which we can make intelligent
More information2017 Results. Revealing the New State of IBM i Security: The Good, the Bad, and the Downright Ugly
Revealing the New State of IBM i Security: The Good, the Bad, and the Downright Ugly 2017 Results HelpSystems LLC. All rights reserved. All trademarks and registered trademarks are the property of their
More informationMQ Jumping... Or, move to the front of the queue, pass go and collect 200
MQ Jumping.... Or, move to the front of the queue, pass go and collect 200 Martyn Ruks DEFCON 15 2007-08-03 One Year Ago Last year I talked about IBM Networking attacks and said I was going to continue
More informationWhat's Missing in Mainframe InfoSec: (What We Don't Know We Don't Know)"
What's Missing in Mainframe InfoSec: (What We Don't Know We Don't Know)" Stu Henderson stu@stuhenderson.com 5702 Newington Road www.stuhenderson.com Bethesda, MD 20816 (301) 229-7187 ABSTRACT 2 In this
More informationLEARN READ ON TO MORE ABOUT:
For a complete picture of what s going on in your network, look beyond the network itself to correlate events in applications, databases, and middleware. READ ON TO LEARN MORE ABOUT: The larger and more
More informationEconomies of Scale in Hacking Dave Aitel Immunity
Economies of Scale in Hacking Dave Aitel Immunity Ekoparty, 2008 (Argentina) 10/01/08 1 Demand Side/Supply Side Economies of Scale Networked increase in value High barrier of entry Cheaper as you get bigger
More informationA Security Review of MVS/RACF: Part 2 Kurt Meiser Payoff
83-03-66 A Security Review of MVS/RACF: Part 2 Kurt Meiser Payoff An efficient and effective security review of an MVS/RACF system depends on several factors. Reviewers must use a well-considered methodology.
More informationLesson 3 Transcript: Part 1 of 2 - Tools & Scripting
Lesson 3 Transcript: Part 1 of 2 - Tools & Scripting Slide 1: Cover Welcome to lesson 3 of the db2 on Campus lecture series. Today we're going to talk about tools and scripting, and this is part 1 of 2
More informationPopping a shell on a mainframe, is that even possible?
Popping a shell on a mainframe, is that even possible? Ayoub ELAASSAL ayoub.elaassal@wavestone.com @ayoul3 WAVESTONE 1 What people think of when I talk about mainframes WAVESTONE 2 The reality: IBM zec
More informationTitle: Episode 11 - Walking through the Rapid Business Warehouse at TOMS Shoes (Duration: 18:10)
SAP HANA EFFECT Title: Episode 11 - Walking through the Rapid Business Warehouse at (Duration: 18:10) Publish Date: April 6, 2015 Description: Rita Lefler walks us through how has revolutionized their
More information(Refer Slide Time: 1:26)
Information Security-3 Prof. V Kamakoti Department of Computer science and Engineering Indian Institute of Technology Madras Basics of Unix and Network Administration Operating Systems Introduction Mod01,
More informationMIS Class 2. The Threat Environment
MIS 5214 Class 2 The Threat Environment Agenda In the News Models Risk Hackers Vulnerabilities Information System Categorization Risk Assessment Exercise Conceptual Modeling and Information Systems In
More informationWelcome to this IBM podcast, Realizing More. Value from Your IMS Compiler Upgrade. I'm Kimberly Gist
IBM Podcast [ MUSIC ] Welcome to this IBM podcast, Realizing More Value from Your IMS Compiler Upgrade. I'm Kimberly Gist with IBM. System z compilers continue to deliver the latest programming interfaces
More informationHow To Use My Alternative High
How To Use My Alternative High Preface Preface I put this together to address the issues and questions that come up all the time in class, especially for newer students. Preface I did this so that I could
More informationVolume 8, Issue 1 Payment Processing News from Shift4 Corporation November 2005
Volume 8, Issue 1 Payment Processing News from Shift4 Corporation November 2005 that attended and spoke at the event are offering a discounted rate to Shift4 merchants. There contact information is below.
More informationTOP DEVELOPERS MINDSET. All About the 5 Things You Don t Know.
MINDSET TOP DEVELOPERS All About the 5 Things You Don t Know 1 INTRODUCTION Coding and programming are becoming more and more popular as technology advances and computer-based devices become more widespread.
More informationSocial Bookmarks. Blasting their site with them during the first month of creation Only sending them directly to their site
Hey guys, what's up? We have another, jammed packed and exciting bonus coming at you today. This one is all about the "Everyone knows Everybody" generation; where everyone is socially connected via the
More informationWelcome to this IBM Rational Podcast. I'm. Angelique Matheny. Joining me for this podcast, Delivering
Welcome to this IBM Rational Podcast. I'm Angelique Matheny. Joining me for this podcast, Delivering Next Generation Converged Applications with Speed and Quality, is Derek Baron, Worldwide Rational Communications
More information6 Tips to Help You Improve Configuration Management. by Stuart Rance
6 Tips to Help You Improve Configuration Management by Stuart Rance Introduction Configuration management provides information about what assets you own, how they are configured, and how they are connected
More informationThe Definitive Guide to Office 365 External Sharing. An ebook by Sharegate
The Definitive Guide to Office 365 External Sharing An ebook by Sharegate The Definitive Guide to External Sharing In any organization, whether large or small, sharing content with external users is an
More informationHow NOT To Get Hacked
How NOT To Get Hacked The right things to do so the bad guys can t do the wrong ones Mark Burnette Partner, LBMC -Risk Services October 25, 2016 Today s Agenda Protecting Against A Hack How should I start?
More informationAudit Like a Hacker. August 23, 2011 ISACA Geek Week Robert Morella MBA, CISA, CGEIT, CISSP
Audit Like a Hacker August 23, 2011 ISACA Geek Week Robert Morella MBA, CISA, CGEIT, CISSP Robo_geek@bellsouth.net 1 About Me Been there done that: IT Systems IT Architecture / Governance IT Security Cybercrime
More informationALTITUDE DOESN T MAKE YOU SAFE. Satcom Direct s Comprehensive Cyber Security Portfolio for Business Aviation
ALTITUDE DOESN T MAKE YOU SAFE Satcom Direct s Comprehensive Cyber Security Portfolio for Business Aviation CYBER SECURITY IS THE GREATEST THREAT TO EVERY COMPANY IN THE WORLD. IBM CEO GINNI ROMETTY SD
More informationThe Stack, Free Store, and Global Namespace
Pointers This tutorial is my attempt at clarifying pointers for anyone still confused about them. Pointers are notoriously hard to grasp, so I thought I'd take a shot at explaining them. The more information
More informationPractical Guide to Securing the SDLC
Practical Guide to Securing the SDLC Branko Ninkovic Dragonfly Technologies Founder Agenda Understanding the Threats Software versus Security Goals Secure Coding and Testing A Proactive Approach to Secure
More informationIC Memory Card : How to make it work with your FM-Towns computer or console (V /12/20)
IC Memory Card : How to make it work with your FM-Towns computer or console (V1.0 2005/12/20) Introduction I have downloaded many free games on the internet for FM-Towns computers, but some of them don
More informationContractors Guide to Search Engine Optimization
Contractors Guide to Search Engine Optimization CONTENTS What is Search Engine Optimization (SEO)? Why Do Businesses Need SEO (If They Want To Generate Business Online)? Which Search Engines Should You
More informationDiscover How to Watch the Mass Ascension of the Albuquerque International Balloon Fiesta Even if You Can t Be There
Attention: Balloon Enthusiasts Interested in Seeing the Balloon Fiesta Discover How to Watch the Mass Ascension of the Albuquerque International Balloon Fiesta Even if You Can t Be There Here s A New,
More informationLesson 3 Transcript: Part 2 of 2 Tools & Scripting
Lesson 3 Transcript: Part 2 of 2 Tools & Scripting Slide 1: Cover Welcome to lesson 3 of the DB2 on Campus Lecture Series. Today we are going to talk about tools and scripting. And this is part 2 of 2
More informationKEYCLOUD BACKUP AND RECOVERY AS-A-SERVICE (BRAAS): A fully-managed backup and recovery solution for your mission critical data
KEYCLOUD BACKUP AND RECOVERY AS-A-SERVICE (BRAAS): A fully-managed backup and recovery solution for your mission critical data 1 BACKUPS ARE GENERALLY A THANKLESS JOB Every IT organization needs to run
More informationHow to Go About Setting Mainframe Security Options
How to Go About Setting Mainframe Security Options Stu Henderson stu@stuhenderson.com 5702 Newington Road Bethesda, MD 20816 www.stuhenderson.com (301) 229-7187 ABSTRACT 2 If you don't think that checklists
More informationChallenges and Issues for RACF Systems
Payment Card Industry (PCI) Challenges and Issues for RACF Systems Jim Yurek Vanguard Integrity Professionals February 28, 2011 Session Number 8507 The Problem: Credit Card Breaches As long as we have
More informationMeet our Example Buyer Persona Adele Revella, CEO
Meet our Example Buyer Persona Adele Revella, CEO 685 SPRING STREET, NO. 200 FRIDAY HARBOR, WA 98250 W WW.BUYERPERSONA.COM You need to hear your buyer s story Take me back to the day when you first started
More informationKernel Korner What's New in the 2.6 Scheduler
Kernel Korner What's New in the 2.6 Scheduler When large SMP systems started spending more time scheduling processes than running them, it was time for a change. by Rick Lindsley As work began on the 2.5
More informationSCALE 15x (c) 2017 Ty Shipman
Please view my linked-in page (under See more) to get a copy of this presenta
More informationThe Old is New Again Engineering Security in the Age of Data Access from Anywhere
The Old is New Again Engineering Security in the Age of Data Access from Anywhere Paul de Graaff Chief Strategy Officer Vanguard Integrity Professionals March 10, 2014 Session 14971 AGENDA History 1 This
More informationNational State Auditors Association Vulnerability Management: An Audit Primer September 20, 2018
Office of the Legislative Auditor State of Minnesota National State Auditors Association Vulnerability Management: An Audit Primer September 20, 2018 Christopher Buse Deputy Legislative Auditor Boot Camp
More informationIPV6 Deployment Experiences or what s it really like hearing IPv6 IPv6 IPv6 every day
IPV6 Deployment Experiences or what s it really like hearing IPv6 IPv6 IPv6 every day Hurricane Electric IPv6 Native Backbone Massive Peering! NANOG 51 Miami Florida 31 st January 2011 Martin J. Levy,
More informationDigital Marketing Manager, Marketing Manager, Agency Owner. Bachelors in Marketing, Advertising, Communications, or equivalent experience
Persona name Amanda Industry, geographic or other segments B2B Roles Digital Marketing Manager, Marketing Manager, Agency Owner Reports to VP Marketing or Agency Owner Education Bachelors in Marketing,
More informationmid=81#15143
Posted by joehillen - 06 Aug 2012 22:10 I'm having a terrible time trying to find the Lightworks source code. I was under the impression that Lightworks was open source. Usually that means that it's possible
More informationUnder the Hood: Amy DeMartine, Principal Analyst, Forrester Ray Overby, President, Key Resources, Inc. A Mainframe Vulnerability Management Playbook
Under the Hood: A Mainframe Vulnerability Management Playbook Amy DeMartine, Principal Analyst, Forrester Ray Overby, President, Key Resources, Inc. 2018 Key Resources, Inc. Reproduction Prohibited Objective:
More informationDigital Workflow 10 Tech Rules to Guide You
Last updated: 10/11/10 Digital Workflow 10 Tech Rules to Guide You Introduction Whether your goal is to become paperless, or just to get more out of the technology you use, you need to (1) find the easy
More informationBuilding a Case for Mainframe Security
Building a Case for Mainframe Security Dr. Paul Rohmeyer, Ph.D. Stevens Institute of Technology Hoboken, New Jersey June 13-15, 2010 1 AGENDA - Problem Statement - Defining Security - Understanding Mainframe
More informationHey there, I m (name) and today I m gonna talk to you about rate of change and slope.
Rate and Change of Slope A1711 Activity Introduction Hey there, I m (name) and today I m gonna talk to you about rate of change and slope. Slope is the steepness of a line and is represented by the letter
More informationWhat makes a good KRI? Using FAIR to discover meaningful metrics
SESSION ID: GRC-R02 What makes a good KRI? Using FAIR to discover meaningful metrics Steve Reznik Director, Operational Risk Management ADP Metrics Love them! or hate them? Without data, you are just another
More informationBring Your Own Device (BYOD)
Bring Your Own Device (BYOD) An information security and ediscovery analysis A Whitepaper Call: +44 345 222 1711 / +353 1 210 1711 Email: cyber@bsigroup.com Visit: bsigroup.com Executive summary Organizations
More informationMay 14, :30PM to 2:30PM CST. In Plain English: Cybersecurity and IT Exam Expectations
May 14, 2018 1:30PM to 2:30PM CST In Plain English: Cybersecurity and IT Exam Expectations Options to Join Webinar and audio Click on the link: https://www.webcaster4.com/webcast/page/584/24606 Choose
More informationCyberSecurity. Penetration Testing. Penetration Testing. Contact one of our specialists for more information CYBERSECURITY SERVICE DATASHEET
DATASHEET Gavin, Technical Director Ensures Penetration Testing Quality CyberSecurity Penetration Testing CHESS CYBERSECURITY CREST-ACCREDITED PEN TESTS PROVIDE A COMPREHENSIVE REVIEW OF YOUR ORGANISATION
More informationVanguard Advisor TM Your Way: Enhanced Masking, Report Formatting and Exception Criteria. Presented by Vanguard Integrity Professionals
Vanguard Advisor TM Your Way: Enhanced Masking, Report Formatting and Exception Criteria Presented by Vanguard Integrity Professionals Legal Notice Copyright 2013 Vanguard Integrity Professionals, Inc.
More informationAre You Avoiding These Top 10 File Transfer Risks?
Are You Avoiding These Top 10 File Transfer Risks? 1. 2. 3. 4. Today s Agenda Introduction 10 Common File Transfer Risks Brief GoAnywhere MFT Overview Question & Answer HelpSystems Corporate Overview.
More informationSecurity!Maturity Oc O t c o t b o er r 20 2, 0,
October 20, 2010 Security!Maturity About me - Joshua Jabra Abraham Security Consultant/Researcher at Rapid7 LLC. Past speaking engagements BlackHat, DefCon, ShmooCon, Infosec World, CSI, OWASP Conferences,
More informationPart 1 Simple Arithmetic
California State University, Sacramento College of Engineering and Computer Science Computer Science 10A: Accelerated Introduction to Programming Logic Activity B Variables, Assignments, and More Computers
More informationPrivacy Breach Response and Reporting
Privacy Breach Response and Reporting AFNIGC - Privacy Education Series October 18, 2017 Chris Stinner Senior Information and Privacy Manager Office of the Information and Privacy Commissioner of Alberta
More informationTerm Definition Introduced in: This option, located within the View tab, provides a variety of options to choose when sorting and grouping Arrangement
60 Minutes of Outlook Secrets Term Definition Introduced in: This option, located within the View tab, provides a variety of options to choose when sorting and grouping Arrangement messages. Module 2 Assign
More informationEthical Hacking Series: 0x01 - Hacking Methodologies. JaxHax Makerspace Travis Phillips
Ethical Hacking Series: 0x01 - Hacking Methodologies JaxHax Makerspace Travis Phillips About Me Member of Jax Hax since it opened. Specializes in Ethical Hacking, IT Security, and penetration testing.
More informationGuide to buying a better. build create
2018 WEBSITE Guide to buying a better build create OVERVIEW Introduction Part I: Which Content Management System is Right for Me? Part II: Choose the Right Developer Part III: Demystifying Website Hosting
More informationChrome if I want to. What that should do, is have my specifications run against four different instances of Chrome, in parallel.
Hi. I'm Prateek Baheti. I'm a developer at ThoughtWorks. I'm currently the tech lead on Mingle, which is a project management tool that ThoughtWorks builds. I work in Balor, which is where India's best
More informationSEO: SEARCH ENGINE OPTIMISATION
SEO: SEARCH ENGINE OPTIMISATION SEO IN 11 BASIC STEPS EXPLAINED What is all the commotion about this SEO, why is it important? I have had a professional content writer produce my content to make sure that
More informationmismatch between what is maybe possible today and what is going on in many of today's IDEs.
What will happen if we do very, very small and lightweight tools instead of heavyweight, integrated big IDEs? Lecturer: Martin Lippert, VMware and Eclispe tooling expert LIPPERT: Welcome, everybody, to
More informationModule 10A Lecture - 20 What is a function? Why use functions Example: power (base, n)
Programming, Data Structures and Algorithms Prof. Shankar Balachandran Department of Computer Science and Engineering Indian Institute of Technology, Madras Module 10A Lecture - 20 What is a function?
More informationHow to Build a Culture of Security
How to Build a Culture of Security March 2016 Table of Contents You are the target... 3 Social Engineering & Phishing and Spear-Phishing... 4 Browsing the Internet & Social Networking... 5 Bringing Your
More informationLeakDAS Version 4 The Complete Guide
LeakDAS Version 4 The Complete Guide SECTION 4 LEAKDAS MOBILE Second Edition - 2014 Copyright InspectionLogic 2 Table of Contents CONNECTING LEAKDAS MOBILE TO AN ANALYZER VIA BLUETOOTH... 3 Bluetooth Devices...
More informationMITOCW ocw f99-lec12_300k
MITOCW ocw-18.06-f99-lec12_300k This is lecture twelve. OK. We've reached twelve lectures. And this one is more than the others about applications of linear algebra. And I'll confess. When I'm giving you
More informationSucuri Webinar Q&A HOW TO IDENTIFY AND FIX A HACKED WORDPRESS WEBSITE. Ben Martin - Remediation Team Lead
Sucuri Webinar Q&A HOW TO IDENTIFY AND FIX A HACKED WORDPRESS WEBSITE. Ben Martin - Remediation Team Lead 1 Question #1: What is the benefit to spammers for using someone elses UA code and is there a way
More informationctio Computer Hygiene /R S E R ich
Computer Hygiene Protect Yourself You don't want to be part of the problem If there is a serious attack, you want your systems to be clean You rely on your systems on the air these days Packet NBEMS Logging
More informationWhat s Cool About the CONNECT Command in RACF
What s Cool About the CONNECT Command in RACF Stu Henderson stu@stuhenderson.com 5702 Newington Road www.stuhenderson.com Bethesda, MD 20816 (301) 229-7187 AGENDA 2 1. We all know the CONNECT command 2.
More informationIncident Response Tools
Incident Response Tools James Madison University Dept. of Computer Science June 13, 2013 1 Introduction Being successfully attacked is inevitable. A determined hacker WILL be able to penetrate your network.
More informationCONTROLLING COMPUTER-BASED INFORMATION SYSTEMS, PART I
CHAPTER CONTROLLING COMPUTER-BASED INFORMATION SYSTEMS, PART I The basic topic of internal control was introduced in 3. These next two chapters discuss the implications of automating the accounting information
More informationHow Does all this Open Source Stuff Work? An Intro to the Wonderful WordPress Community
How Does all this Open Source Stuff Work? An Intro to the Wonderful WordPress Community Jim Echter www.tcturning.com jim@tcturning.com Twitter: @JimEchter YouTube: SpindleJim My Journey from Expensive
More informationPRACTICAL SECURITY PRINCIPLES FOR THE WORKING ARCHITECT. Eoin Woods,
PRACTICAL SECURITY PRINCIPLES FOR THE WORKING ARCHITECT Eoin Woods, Endava @eoinwoodz BACKGROUND Eoin Woods CTO at Endava (technology services, ~4000 people) 10 years in product development - Bull, Sybase,
More informationSearch Engine Optimization Lesson 2
Search Engine Optimization Lesson 2 Getting targeted traffic The only thing you care about as a website owner is getting targeted traffic. In other words, the only people you want visiting your website
More informationYour ultimate guide to Slack
Your ultimate guide to Slack Make your working life simpler, more pleasant and more productive. Alex Newton What is Slack? In short Slack is a team communications application making your business more
More informationThe Need for Confluence
The Need for Confluence The Essential Role of Incident Response in Secure Software Development Why do security incidents occur? What is the root cause? Faulty software (more often than not) What is the
More informationTesters vs Writers: Pen tests Quality in Assurance Projects. 10 November Defcamp7
Testers vs Writers: Pen tests Quality in Assurance Projects 10 November 2016 @ Defcamp7 Contents INTRODUCTION CONTEXT WHAT ABOUT AUDITING STANDARDS WHAT ABOUT INDEPENDENCE PEN TEST BETWEEN REGULATORY AND
More informationGibson: 3D Visualization and Modeling of Real Time Security Events. Dan Klinedinst
Gibson: 3D Visualization and Modeling of Real Time Security Events Dan Klinedinst gibson3d.org @dklinedinst Who Am I? Security Researcher at Carnegie Mellon University Security of enterprise systems Primarily
More information