Security and privacy in the smartphone ecosystem: Final progress report
|
|
- Lucas Bryant
- 5 years ago
- Views:
Transcription
1 Security and privacy in the smartphone ecosystem: Final progress report Alexios Mylonas Athens University of Economics & Business
2 Overview 2 Research Motivation Related work Objective Approach Methodology Threat model Smartphone definition & data Contribution Browser controls User practices Malware mitigation Smartphone forensics Future work
3 Research Motivation 3 Smartphone ecosystem facts: Increase Popularity of devices Installations of third-party apps web browsing Great source of personal and business data Smartphones appealing target for attackers
4 Related work 4 Android-centered & focused on malware mitigation Permission system Policies, all-or-nothing Static analysis e.g. static analysis on manifest Dynamic analysis e.g. Taint analysis
5 Related work 4 Android-centered & focused on malware mitigation Permission system Problem: Static analysis 1. Require advanced technical skills! Policies, all-or-nothing manifest Dynamic analysis Taint analysis Instrumentation
6 Related work 4 Android-centered & focused on malware mitigation Permission system Problem: Static analysis 1. Require advanced technical skills! Policies, all-or-nothing manifest Dynamic analysis Taint analysis Instrumentation
7 Related work 4 Android-centered & focused on malware mitigation Permission system Problem: Static analysis 1. Require advanced technical skills! Policies, all-or-nothing manifest Dynamic analysis Taint analysis Instrumentation
8 Objectives 5 Study user practices adoption of security controls User-centric protection Include user input in our approach Users value their data types differently Case study: Smartphone forensics
9 Methodology 6 Survey of controls Analysis (user-centric) Security Finding Survey of threats Recommendation/Mitigation
10 Threat model 7 T1. Malicious web (servers) WEB
11 Threat model 7 T2. Physical access
12 Threat model 7 12 T3. Malicious apps Users App App App Application Repository App App...
13 A smartphone? 8 Cell\feature phone Smartphone used to access mobile network carrier services contains a smartcard a cell phone advanced hardware capabilities an identifiable OS supports 3 rd -party apps apps from app repository C5. Theoharidou M, Mylonas A, Gritzalis D. A risk assessment method for smartphones. In: Proc. of the 27th IFIP Information Security and Privacy Conference. Springer; AICT-376; p
14 Smartphone Data 8 Smartphones host heterogeneous data Application Sensor Device Smartphone Data SIM Card Messaging Usage History C4. Mylonas A, Meletiadis V, Tsoumas B, Mitrou L, Gritzalis D. Smartphone forensics: A proactive investigation scheme for evidence acquisition. In: 27th IFIP International Information Security and Privacy Conference. Springer; AICT-376; p
15 Browser controls 9 Manageability of browser security controls PC, smartphones Out-of-the box protection offered C7. Mylonas A, Tsalis N, Gritzalis D. Evaluating the manageability of web browsers controls. In: Proc. of the 9th International Workshop on Security and Trust Management (STM-2013), Springer; LNCS-8203; 2013; p
16 Browser Controls 9 Web threats Survey of controls Control enumeration in browser UIs Browser, Chrome, Firefox, Safari, IE, Opera, Opera Mini Identification and manageability Common controls (33) Usability Default values Configurability Unavailability of controls Out-of-the-box protection Usability issues Security-oriented configuration settings UI suggestions
17 Browser controls 10 Availability of controls PC vs. smartphone Smartphones browsers offer less controls
18 Browser controls 10 Availability of controls PC vs. smartphone Smartphones browsers offer less controls Blame the sandbox? Counterexamples Android and ios (10) e.g. block location data, block third-party cookies, enable DNT, certificate warning, private browsing,... (c.f. C.7) Android (5) i.e. block referrer, disable plugin, malware protection, master password, search engine manager
19 Mitigation of web threats 11 identified controls (32) enabled by-default editable Web threats ICT web threats Smartphone threats a) default protection/threat b) control manageability/threat
20 Default protection /threat Evaluating the Manageability of Web Browsers Controls
21 Default protection /threat Evaluating the Manageability of Web Browsers Controls
22 Default protection /threat Evaluating the Manageability of Web Browsers Controls
23 Manageability of controls /threat Evaluating the Manageability of Web Browsers Controls
24 Manageability of controls /threat Evaluating the Manageability of Web Browsers Controls
25 Manageability of controls /threat Evaluating the Manageability of Web Browsers Controls
26 Manageability of controls /threat Evaluating the Manageability of Web Browsers Controls
27 Recommendations 14 Vendor Settings & UI Functionality-oriented Users can disable controls without confirmation Security settings mixed with other settings Proposed Settings & UI Security-oriented all controls configurable & enabled discourage changes certificate warning, malware/ phishing protection confirmation for update settings ask default value block cookies, block location data, block 3 rd party cookies, enable DNT, and master password
28 Recommendations 14 Proposed settings restrictive Security vs. user experience Local blacklist Per-site configuration of controls User awareness Users trained to use control(s) correctly Users aware of web threats
29 User practices 15 Adoption of controls Physical attacks Malicious apps Statistical analysis (n=458, Athens, Fall 2011) C6. Mylonas A, Gritzalis D, Tsoumas B, Apostolopoulos T. A qualitative metrics vector for the awareness of smartphone security users. In: 10th International Conference on Trust, Privacy & Security in Digital Business p J1. Mylonas A, Kastania A, Gritzalis D. Delegate the smartphone user? Security awareness in smartphone platforms. Computers & Security 2013;34(0):47 66.
30 User practices against physical access 10 Physical threat Survey of controls User survey of adoption Exposure to physical threat (vulnerability) Control enumeration in handsets Android, BlackBerry, ios, Symbian, Windows Phone Common controls Password protection remote locator remote wipe encryption Adoption of controls Statistical analysis Risk Assessment method Training
31 User practices against physical access 16 Poor adoption of physical access controls device password encryption remote data wipe remote device locator none % of adoption 64,4 22,7 15,1 23,1 27,9
32 User practices against malware 10 Threat of malicious apps Survey of controls User survey of adoption Exposure to malicious apps (vulnerability) Control enumeration by security models Android, BlackBerry, ios, Symbian, Windows Phone Security indicators security messages reputation reviews Third-party security software User practices Statistical analysis Risk Assessment method Prediction model Training
33 User practices against malware 17 User practises when installing apps from the app repository Finding 5: Users who occasionally inspect security messages or ignore them at all are more likely to disable encryption 70 Finding 6: Users 60 who always inspect security messages are more likely technically and security savvy users 50 Finding 7: Users 40 who ignore security messages are more likely to also ignore agreement messages agreement pirated reputation reviews security msgs msgs apps % of adoption 10 8,7 10,5 38,6 60,7
34 User practices against malware 17 Poor use of smartphone security software Finding 5: Poor adoption of physical security controls 100 Finding 5.1: Encryption (22.7%) 80 Finding 5.2: Remote data wipe (15.1%) 60 Finding 5.3: Remote device locator (23.1%) 40 Finding 5.4: No adoption of any physical security control (27.9%) 20 Finding 6: 0 Users tend to have disabled smartphone secsoft along searched free with encryption, device smartphone PC secsoft password lock secsoft and remote smartphone device secsoft essential locator secsoft Unaware of smartphone secssoft % of adoption 85,8 24,5 34,
35 User practices against malware 17 Users believe that installing apps from the repository is secure (~3/4 users) These users are exposed to malware Unaware users of smartphone malware more likely trust the app repository Users who trust the repository tend to be unaware about smartphone secsoft Users who trust app repository are less likely to scrutinize security msgs
36 Malware Mitigation 19 Prediction model Trust repository cannot be otherwise identified User practices, skills Prediction Model (TrustRepo) Awareness Training Risk Assessment input Risk Assessment input
37 Malware Mitigation 19 Prediction model Trust repository cannot be otherwise identified p = exp(z) / (1 + exp(z)) User practices, skills Prediction Model (TrustRepo) Awareness Training Risk Assessment input Risk Assessment input
38 Malware Mitigation 19 Prediction model Trust repository cannot be otherwise identified z = 1.351*x *x *x *x *x *x *x 7 User practices, skills Prediction Model (TrustRepo) Awareness Training Risk Assessment input Risk Assessment input
39 Malware Mitigation 19 Prediction model Trust repository cannot be otherwise identified User practices, skills Prediction Model (TrustRepo) Awareness Training Risk Assessment input Risk Assessment input Score\Sample Greek (n=458) UK (n=102) Effectiveness 79.0% 78.4% Type I 74.5% 68.2 Type II 4.0% 8.7%
40 Malware Mitigation 19 Prediction model Trust repository cannot be otherwise identified User practices, skills Prediction Model (TrustRepo) Awareness Training Risk Assessment input Risk Assessment input J1. Mylonas A, Kastania A, Gritzalis D. Delegate the smartphone user? Security awareness in smartphone platforms. Computers & Security 2013;34(0):47 66.
41 Malware Mitigation 19 Risk Assessment for smartphones Treats the device s subassets and not as a whole Treats permission granting as a vulnerability User Impact for assets Past incidents, statistics Risk Assessment Risk Value Vulnerabilities C5. Theoharidou M, Mylonas A, Gritzalis D. A risk assessment method for smartphones. In: Proc. of the 27th IFIP Information Security and Privacy Conference. Springer; AICT-376; p
42 Malware Mitigation 19 Risk Assessment for smartphones Treats the device s subassets and not as a whole Treats permission granting as a vulnerability User Impact for assets (asset, permission combination, threat) Past incidents, statistics Risk Assessment Risk Value Vulnerabilities
43 Malware Mitigation 19 Risk Assessment for smartphones Treats the device s subassets and not as a whole Treats permission granting as a vulnerability User Impact for assets (asset impact, permission likelihood, threat likelihood) Threat Risk Past incidents, statistics Risk Assessment Risk Value Vulnerabilities
44 20 Smartphone Forensics
45 Smartphone Forensics 20 What if the good guys collect the data? Can we control its abuse?
46 Smartphone Forensics Scheme 20 A scheme to avoid intelligence gathering Investigator Independent Authority Suspect P1a: Investigation Request P1b: Investigation Session P2: Evidence Type Selection (Request) P5: Storage P2: Evidence Type Selection (Execution) P4: Evidence Transmission P3: Collection Interface Evidence DB Software Agent
47 Smartphone Forensics Scheme 21 Scheme s processes Evidence Type Selection Investigation Request Investigation Session Evidence Collection Investigation Completion Evidence Transmission Evidence Storage (1 N)
48 Smartphone Forensics 22 Android implementation Mechanisms typically used by attackers Spyware, botnets, social engineering
49 Smartphone Forensics 22 A scheme to avoid intelligence gathering Android implementation
50 22 Smartphone Forensics
51 Future work 24 New user study of the adoption of security controls User study on the usability of web browser controls Design and implement standardized interface for web browsers Study the security models of new platforms Examination of alternative misuse mechanisms for proactive forensics
52 References Mylonas, A., Kastania, A., Gritzalis, D., Delegate the smartphone user? Security awareness in smartphone platforms, Computers & Security, Vol. 34, pp , Mylonas, A., Meletiadis, V., Mitrou, L., Gritzalis, D., Smartphone sensor data as digital evidence, Computers & Security (Special Issue: Cybercrime in the Digital Economy), Vol. 38, pp , Mylonas, A., Dritsas, S., Tsoumas, B., Gritzalis, D., Smartphone security evaluation: The malware attack case, in Proc. of the International Conference on Security and Cryptography, SciTePress; p , Spain Mylonas, A., Tsoumas, B., Dritsas, S., Gritzalis, D., A secure smartphone applications roll-out scheme, in Proc. of the 8 th International Conference on Trust, Privacy & Security in Digital Business, Springer, LNCS-6863, p , Kandias, M., Mylonas, A., Theoharidou, M., Gritzalis, D., Exploitation of auctions for outsourcing security-critical projects, in Proc. of the 16 th IEEE Symposium on Computers and Communications, p , Greece, Mylonas, A., Meletiadis, V., Tsoumas, B., Mitrou, L., Gritzalis, D., Smartphone forensics: A proactive investigation scheme for evidence acquisition, in Proc. of the 27 th IFIP International Information Security and Privacy Conference, Springer, AICT-376, p , Greece, Theoharidou, M., Mylonas, A., Gritzalis, D., A risk assessment method for smartphones, in Proc. of the 27 th IFIP Information Security and Privacy Conference, Springer, AICT-376, p , Greece, Mylonas, A., Gritzalis, D., Tsoumas, B., Apostolopoulos, T., A qualitative metrics vector for the awareness of smartphone security users, in Proc. of the 10 th International Conference on Trust, Privacy & Security in Digital Business, p , Chech Republic, Mylonas, A., Tsalis, N., Gritzalis, D., Evaluating the manageability of web browsers controls, in Proc. of the 9 th International Workshop on Security and Trust Management, Springer, LNCS-8203, p , United Kingdom, Mylonas, A., Dritsas, S., Tsoumas, B., Gritzalis, D., On the feasibility of malware attacks in smartphone platforms, in Security and Cryptography, Springer, p , 2012.
Online (in)security: The current threat landscape Nikolaos Tsalis
Online (in)security: The current threat landscape Nikolaos Tsalis November 2015 Online (in)security: The current threat landscape Nikolaos Tsalis (ntsalis@aueb.gr) Information Security & Critical Infrastructure
More informationA qualitative metrics vector for the awareness of smartphone security users
A qualitative metrics vector for the awareness of smartphone security users Alexios Mylonas, Dimitris Gritzalis, Bill Tsoumas, Theodore Apostolopoulos Information Security and Critical Infrastructure Protection
More informationCollaborative Security Management Services for Port Information Systems
Collaborative Security Management Services for Port Information Systems Theodoros Ntouskas, Dimitris Gritzalis Theodoros Ntouskas, Dimitris Gritzalis December 2015 Collaborative Security Management Services
More informationSPHINX: A system for telling computers and humans apart through audio CAPTCHA. Yannis Soupionis
SPHINX: A system for telling computers and humans apart through audio CAPTCHA Yannis Soupionis Outline Introduction Internet Telephony Spam over Internet Telephony (SPIT) SPIT Phenomenon Methodology Research
More informationMobile Devices prioritize User Experience
Mobile Security 1 Uniqueness of Mobile Mobile Devices are Shared More Often Mobile Devices are Used in More Locations Mobile Devices prioritize User Experience Mobile Devices have multiple personas Mobile
More informationQuick Heal Total Security for Android. Anti-Theft Security. Web Security. Backup. Real-Time Protection. Safe Online Banking & Shopping.
Quick Heal Total Security for Android Anti-Theft Security. Web Security. Backup. Real-Time Protection. Safe Online Banking & Shopping. Product Highlights Complete protection for your Android device that
More informationAuthor: Tonny Rabjerg Version: Company Presentation WSF 4.0 WSF 4.0
Author: Tonny Rabjerg Version: 20150730 Company Presentation WSF 4.0 WSF 4.0 Cybercrime is a growth industry. The returns are great, and the risks are low. We estimate that the likely annual cost to the
More informationDefense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation
Defense-in-Depth Against Malicious Software Speaker name Title Group Microsoft Corporation Agenda Understanding the Characteristics of Malicious Software Malware Defense-in-Depth Malware Defense for Client
More informationA Risk Assessment Method for Smartphones
A Risk Assessment Method for Smartphones Marianthi Theoharidou, Alexios Mylonas, and Dimitris Gritzalis Information Security and Critical Infrastructure Protection Research Laboratory Dept. of Informatics,
More informationGoogle on BeyondCorp: Empowering employees with security for the cloud era
SESSION ID: EXP-F02 Google on BeyondCorp: Empowering employees with security for the cloud era Jennifer Lin Director, Product Management, Security & Privacy Google Cloud What is BeyondCorp? Enterprise
More informationSecurity+ SY0-501 Study Guide Table of Contents
Security+ SY0-501 Study Guide Table of Contents Course Introduction Table of Contents About This Course About CompTIA Certifications Module 1 / Threats, Attacks, and Vulnerabilities Module 1 / Unit 1 Indicators
More informationQuick Heal Total Security for Android. Anti-Theft Security. Web Security. Backup. Real-Time Protection. Safe Online Banking & Shopping.
Anti-Theft Security. Web Security. Backup. Real-Time Protection. Safe Online Banking & Shopping. Product Highlights Complete protection for your Android device that simplifies security and significantly
More informationCERTIFIED SECURE COMPUTER USER COURSE OUTLINE
CERTIFIED SECURE COMPUTER USER COURSE OUTLINE Page 1 TABLE OF CONTENT 1 COURSE DESCRIPTION... 3 2 MODULE-1: INTRODUCTION TO DATA SECURITY... 4 3 MODULE-2: SECURING OPERATING SYSTEMS... 6 4 MODULE-3: MALWARE
More informationAdvanced IT Risk, Security management and Cybercrime Prevention
Advanced IT Risk, Security management and Cybercrime Prevention Course Goal and Objectives Information technology has created a new category of criminality, as cybercrime offers hackers and other tech-savvy
More information10 FOCUS AREAS FOR BREACH PREVENTION
10 FOCUS AREAS FOR BREACH PREVENTION Keith Turpin Chief Information Security Officer Universal Weather and Aviation Why It Matters Loss of Personally Identifiable Information (PII) Loss of Intellectual
More informationA Response Strategy Model for Intrusion Response Systems
A Response Strategy Model for Intrusion Response Systems Nor Badrul Anuar 1,2, Maria Papadaki 1, Steven Furnell 1,3, and Nathan Clarke 1,3 1 Centre for Security, Communications and Network Research (CSCAN),
More informationMANAGING SECURITY THREATS IN THE NEW CONNECTED WORLD THROUGH FORENSIC READINESS
MANAGING SECURITY THREATS IN THE NEW CONNECTED WORLD THROUGH FORENSIC READINESS Mohamad Firham Efendy Bin Md Senan Specialist, Digital Forensics Department CyberSecurity Malaysia firham@cybersecurity.my
More informationSOCIAL NETWORKING IN TODAY S BUSINESS WORLD
SOCIAL NETWORKING IN TODAY S BUSINESS WORLD AGENDA Review the use of social networking applications within the business environment Review current trends in threats, attacks and incidents Understand how
More informationReview Kaspersky Internet Security - multi-device 2015 online software downloader ]
Review Kaspersky Internet Security - multi-device 2015 online software downloader ] Description: Benefits Protecting all your connected devices the one-licence, easy-touse solution Kaspersky Internet Security
More informationCybersecurity Auditing in an Unsecure World
About This Course Cybersecurity Auditing in an Unsecure World Course Description $5.4 million that s the average cost of a data breach to a U.S.-based company. It s no surprise, then, that cybersecurity
More informationANDROID PRIVACY & SECURITY GUIDE ANDROID DEVICE SETTINGS
ANDROID PRIVACY & SECURITY GUIDE WESNET The Women s Services Network Smartphones store a lot of personal information, including email or social media accounts, reminders and notes, the number of steps
More informationPrivate Browsing: an Inquiry on Usability and Privacy Protection
Private Browsing: an Inquiry on Usability and Privacy Protection Xianyi Gao*, Yulong Yang*, Huiqing Fu*, Janne Lindqvist*, Yang Wang+ *Rutgers University +Syracuse University Published in WPES 2014 What
More informationSymantec Endpoint Protection Family Feature Comparison
Symantec Endpoint Protection Family Feature Comparison SEP SBE SEP Cloud SEP Cloud SEP 14.2 Device Protection Laptop, Laptop Laptop, Tablet Laptop Tablet & & Smartphone Smartphone Meter Per Device Per
More informationSTANDARD INFORMATION SHARING FORMATS. Will Semple Head of Threat and Vulnerability Management New York Stock Exchange
STANDARD INFORMATION SHARING FORMATS Will Semple Head of Threat and Vulnerability Management New York Stock Exchange AGENDA Information Sharing from the Practitioner s view Changing the focus from Risk
More informationCYBER SECURITY AND MITIGATING RISKS
CYBER SECURITY AND MITIGATING RISKS 01 WHO Tom Stewart Associate Director Technology Consulting Chicago Technical Security Leader Protiviti Slides PRESENTATION AGENDA 3 START HACKING DEFINITION BRIEF HISTORY
More informationthe SWIFT Customer Security
TECH BRIEF Mapping BeyondTrust Solutions to the SWIFT Customer Security Controls Framework Privileged Access Management and Vulnerability Management Table of ContentsTable of Contents... 2 Purpose of This
More informationitexamdump 최고이자최신인 IT 인증시험덤프 일년무료업데이트서비스제공
itexamdump 최고이자최신인 IT 인증시험덤프 http://www.itexamdump.com 일년무료업데이트서비스제공 Exam : CISA Title : Certified Information Systems Auditor Vendor : ISACA Version : DEMO Get Latest & Valid CISA Exam's Question and
More informationChanging face of endpoint security
Changing face of endpoint security S A N T H O S H S R I N I V A S A N C I S S P, C I S M, C R I S C, C E H, C I S A, G S L C, C G E I T D I R E C T O R S H A R E D S E R V I C E S, H C L T E C H N O L
More informationHacker Academy Ltd COURSES CATALOGUE. Hacker Academy Ltd. LONDON UK
Hacker Academy Ltd COURSES CATALOGUE Hacker Academy Ltd. LONDON UK TABLE OF CONTENTS Basic Level Courses... 3 1. Information Security Awareness for End Users... 3 2. Information Security Awareness for
More informationCopyright
1 SECURITY TEST Data flow -- Can you establish an audit trail for data, what goes where, is data in transit protected, and who has access to it? Data storage -- Where is data stored, and is it encrypted?
More informationCOMPUTER FORENSICS (CFRS)
Computer Forensics (CFRS) 1 COMPUTER FORENSICS (CFRS) 500 Level Courses CFRS 500: Introduction to Forensic Technology and Analysis. 3 credits. Presents an overview of technologies of interest to forensics
More informationIT Security Mandatory Solutions. Andris Soroka 2nd of July, RIGA
IT Security Mandatory Solutions Andris Soroka 2nd of July, 2014 @LPS, RIGA Data Security Solutions business card Specialization IT Security IT Security services (consulting, audit, pen-testing, market
More informationCEH: CERTIFIED ETHICAL HACKER v9
CEH: CERTIFIED ETHICAL HACKER v9 SUMMARY The Certified Ethical Hacker (CEH) program is the core of the most desired information security training system any information security professional will ever
More informationSecuring the SMB Cloud Generation
Securing the SMB Cloud Generation Intelligent Protection Against the New Generation of Threats Colin Brackman, National Distribution Manager, Consumer Sales, Symantec Christopher Covert Principal Product
More informationRELEVANT IMPACT: Building a Successful Threat Management Program. NTX ISSA 3 rd Semi-Annual Cyber Security Conference
RELEVANT IMPACT: Building a Successful Threat Management Program NTX ISSA 3 rd Semi-Annual Cyber Security Conference 10-2-15 Threat Management Definition Current State of Threat Management in Most Organizations
More informationfor businesses with more than 25 seats
for businesses with more than 25 seats ESET Business Solutions 1/6 Whether your business is just starting out or is established, there are a few things that you should expect from the software you use
More information01/02/2014 SECURITY ASSESSMENT METHODOLOGIES SENSEPOST 2014 ALL RIGHTS RESERVED
01/02/2014 SECURITY ASSESSMENT METHODOLOGIES SENSEPOST 2014 ALL RIGHTS RESERVED Contents 1. Introduction 3 2. Security Testing Methodologies 3 2.1 Internet Footprint Assessment 4 2.2 Infrastructure Assessments
More informationCertified Cyber Security Analyst VS-1160
VS-1160 Certified Cyber Security Analyst Certification Code VS-1160 Vskills certification for Cyber Security Analyst assesses the candidate as per the company s need for cyber security and forensics. The
More informationCollaborative Security Management Services for Port Information Systems. Theodoros Ntouskas, Dimitris Gritzalis October 2015
Collaborative Security Management Services for Port Information Systems Theodoros Ntouskas, Dimitris Gritzalis October 2015 Collaborative Security Management Services for Port Information Systems Ημερίδα
More informationEnterprise Ready. Sean Yarger. Sr. Manager, Mobility and Identity. Making Android Enterprise Ready 1
Making Enterprise Ready Sean Yarger Sr. Manager, Mobility and Identity Making Android Enterprise Ready 1 Enterprise Benefits of Android Java-based, get up and running with ease Open source, no license
More information4 Information Security
4 Information Security 1. Identify the five factors that contribute to the increasing vulnerability of information resources, and provide a specific example of each one. 2. Compare and contrast human mistakes
More informationENTERPRISE ENDPOINT PROTECTION BUYER S GUIDE
ENTERPRISE ENDPOINT PROTECTION BUYER S GUIDE TABLE OF CONTENTS Overview...3 A Multi-Layer Approach to Endpoint Security...4 Known Attack Detection...5 Machine Learning...6 Behavioral Analysis...7 Exploit
More informationMobile Experience and Security - A Delicate Balance. Jeff Keller, CISA, CIA, CFSA SVP/Senior Audit Director, Technology, Projects, Due Diligence
Mobile Experience and Security - A Delicate Balance Jeff Keller, CISA, CIA, CFSA SVP/Senior Audit Director, Technology, Projects, Due Diligence Admin Items Please put phones on vibrate Please take calls
More informationMODULE: INTERNET SECURITY ASSIGNMENT TITLE: INTERNET SECURITY DECEMBER 2012
MODULE: INTERNET SECURITY ASSIGNMENT TITLE: INTERNET SECURITY DECEMBER 2012 Important Notes: Please refer to the Assignment Presentation Requirements for advice on how to set out your assignment. These
More informationPerimeter Defenses T R U E N E T W O R K S E C U R I T Y DEPENDS ON MORE THAN
T R U E N E T W O R K S E C U R I T Y DEPENDS ON MORE THAN Perimeter Defenses Enterprises need to take their security strategy beyond stacking up layers of perimeter defenses to building up predictive
More information6 MILLION AVERAGE PAY. CYBER Security. How many cyber security professionals will be added in 2019? for popular indursty positions are
PROGRAM Objective Cyber Security is the most sought after domain, and NASSCOM projects a requirment of over 1 million trained professionals by 2025. Tevel training program is an industry & employability
More informationThreat Modeling. Bart De Win Secure Application Development Course, Credits to
Threat Modeling Bart De Win bart.dewin@ascure.com Secure Application Development Course, 2009 Credits to Frank Piessens (KUL) for the slides 2 1 Overview Introduction Key Concepts Threats, Vulnerabilities,
More informationEXAMINATION [The sum of points equals to 100]
Student name and surname: Student ID: EXAMINATION [The sum of points equals to 100] PART I: Meeting Scheduling example Description: Electronic meeting Scheduling system helps meeting initiator to schedule
More informationSecurity and networks
Security and networks Creating a secure business in a hyper connected world SHIV K. BAKHSHI, PH.D. VP, INDUSTRY RELATIONS, GROUP FUNCTION TECHNOLOGY ITU Regional workshop, Algiers, Algeria, FeBruary 12,
More informationThe Inconvenient Truth About the State of Browser Security Wolfgang Kandek Qualys, Inc. Session ID: SPO1-204 Session Classification: Intermediate
The Inconvenient Truth About the State of Browser Security Wolfgang Kandek Qualys, Inc. Session ID: SPO1-204 Session Classification: Intermediate Agenda Browser Security Project Browser Plugins Resulting
More informationSystemic Analyser in Network Threats
Systemic Analyser in Network Threats www.project-saint.eu @saintprojecteu #saintprojecteu John M.A. Bothos jbothos@iit.demokritos.gr Integrated System Laboratory Institute of Informatics & Telecommunication
More information2017 Annual Meeting of Members and Board of Directors Meeting
2017 Annual Meeting of Members and Board of Directors Meeting Dan Domagala; "Cybersecurity: An 8-Point Checklist for Protecting Your Assets" Join this interactive discussion about cybersecurity trends,
More informationJuniper Vendor Security Requirements
Juniper Vendor Security Requirements INTRODUCTION This document describes measures and processes that the Vendor shall, at a minimum, implement and maintain in order to protect Juniper Data against risks
More informationITU Regional Cybersecurity Forum for Asia-Pacific
ITU Regional Cybersecurity Forum for Asia-Pacific Incident Management Capabilities Australia Country Case Study Graham Ingram General Manager AusCERT July 2008 Copyright 2008 AusCERT Not for further distribution
More informationThe State of the Trust Gap in 2015
The State of the Trust Gap in 2015 The widespread use of mobile devices for work has driven a profound change in how employees think about the privacy of their personal data on mobile devices. Ten years
More informationENDPOINT SECURITY WHITE PAPER. Endpoint Security and the Case For Automated Sandboxing
WHITE PAPER Endpoint Security and the Case For Automated Sandboxing A World of Constant Threat We live in a world of constant threat. Every hour of every day in every country around the globe hackers are
More informationFP7 NEMESYS Project: Advances on Mobile Network Security
Enhanced Network Security for Seamless Service Provisioning in the Smart Mobile Ecosystem FP7 NEMESYS Project: Advances on Mobile Network Security Elina Theodoropoulou R&D Projects Section Manager etheodorop@cosmote.gr
More informationUniversity of Pittsburgh Security Assessment Questionnaire (v1.7)
Technology Help Desk 412 624-HELP [4357] technology.pitt.edu University of Pittsburgh Security Assessment Questionnaire (v1.7) Directions and Instructions for completing this assessment The answers provided
More informationCSWAE Certified Secure Web Application Engineer
CSWAE Certified Secure Web Application Engineer Overview Organizations and governments fall victim to internet based attacks every day. In many cases, web attacks could be thwarted but hackers, organized
More informationAdvent IM Ltd ISO/IEC 27001:2013 vs
Advent IM Ltd ISO/IEC 27001:2013 vs 2005 www.advent-im.co.uk 0121 559 6699 bestpractice@advent-im.co.uk Key Findings ISO/IEC 27001:2013 vs. 2005 Controls 1) PDCA as a main driver is now gone with greater
More informationAT&T Endpoint Security
AT&T Endpoint Security November 2016 Security Drivers Market Drivers Online business 24 x 7, Always on Globalization Virtual Enterprise Business Process / IT Alignment Financial Drivers CapEx / OpEx Reduction
More informationKASPERSKY ANTI-MALWARE PROTECTION SYSTEM BE READY FOR WHAT S NEXT. Kaspersky Open Space Security
KASPERSKY ANTI-MALWARE PROTECTION SYSTEM BE READY FOR WHAT S NEXT Open Space Security Cyber-attacks are real. Today alone, Lab technology prevented nearly 3 million of them aimed at our customers worldwide.
More informationCertified Secure Web Application Engineer
Certified Secure Web Application Engineer ACCREDITATIONS EXAM INFORMATION The Certified Secure Web Application Engineer exam is taken online through Mile2 s Assessment and Certification System ( MACS ),
More informationQuick Heal Mobile Security. Free protection for your Android phone against virus attacks, unwanted calls, and theft.
Quick Heal Mobile Security Free protection for your Android phone against virus attacks, unwanted calls, and theft. Product Highlights Complete protection for your Android device that simplifies security
More informationIncident Response Lessons From the Front Lines. Session 276, March 8, 2018 Nolan Garrett, CISO, Children s Hospital Los Angeles
Incident Response Lessons From the Front Lines Session 276, March 8, 2018 Nolan Garrett, CISO, Children s Hospital Los Angeles 1 Conflict of Interest Nolan Garrett Has no real or apparent conflicts of
More informationNETWORK FORENSIC ANALYSIS IN THE AGE OF CLOUD COMPUTING.
NETWORK FORENSIC ANALYSIS IN THE AGE OF CLOUD COMPUTING. The old mantra of trust but verify just is not working. Never trust and verify is how we must apply security in this era of sophisticated breaches.
More informationCYBER SECURITY OPERATION CENTER
CYBER OPERATION CENTER Reply s new Cyber Security Operation Centre is a structure specialised in the provision of Premium-level security services, tailored to the customer's needs, processes, and the specific
More informationA Strategy for a secure Information Society Dialogue, Partnership and empowerment
A Strategy for a secure Information Society Dialogue, Partnership and empowerment Gerard.Galler@ec.europa.eu European Commission DG Information Society & Media Unit INFSO/A3: Internet; Network & Information
More informationHow technology changed fraud investigations. Jean-François Legault Senior Manager Analytic & Forensic Technology June 13, 2011
How technology changed fraud investigations Jean-François Legault Senior Manager Analytic & Forensic Technology June 13, 2011 The Changing Cyberfraud Landscape Underground Economy Malware Authors Organized
More informationfor businesses with more than 25 seats
for businesses with more than 25 seats ESET Business Solutions 1/6 Whether your business is just starting out or is established, there are a few things that you should expect from the software you use
More informationQuick Heal Mobile Security. Anti-Theft Security. Real-Time Protection. Safe Online Banking & Shopping.
Anti-Theft Security. Real-Time Protection. Safe Online Banking & Shopping. Product Highlights With an easy-to-update virus protection and a dynamic yet simple interface, virus removal from your mobile
More informationOpera Mini Manual For Android Tablet Internet
Opera Mini Manual For Android Tablet Internet Download Opera Mini for your Android tablet now. Enjoy faster and cheaper internet with Opera Mini, one of the world's most popular mobile browsers. Opera
More informationThe GenCyber Program. By Chris Ralph
The GenCyber Program By Chris Ralph The Mission of GenCyber Provide a cybersecurity camp experience for students and teachers at the K-12 level. The primary goal of the program is to increase interest
More informationIT Needs More Control
IT Needs More Control Over Network Access Privileges Copyright 1999-2016 BeyondTrust Inc. All rights reserved. High-profile data breaches like those that hit the U.S. Office of Personnel Management, the
More information716 West Ave Austin, TX USA
Fundamentals of Computer and Internet Fraud GLOBAL Headquarters the gregor building 716 West Ave Austin, TX 78701-2727 USA TABLE OF CONTENTS I. INTRODUCTION What Is Computer Crime?... 2 Computer Fraud
More informationProvide you with a quick introduction to web application security Increase you awareness and knowledge of security in general Show you that any
OWASP Top 10 Provide you with a quick introduction to web application security Increase you awareness and knowledge of security in general Show you that any tester can (and should) do security testing
More informationBest Practices Guide to Electronic Banking
Best Practices Guide to Electronic Banking City Bank & Trust Company offers a variety of services to our customers. As these services have evolved over time, a much higher percentage of customers have
More informationFigure 11-1: Organizational Issues. Managing the Security Function. Chapter 11. Figure 11-1: Organizational Issues. Figure 11-1: Organizational Issues
1 Managing the Security Function Chapter 11 Panko, Corporate Computer and Network Security Copyright 2004 Prentice-Hall Top Management Support Top-Management security awareness briefing (emphasis on brief)
More informationPage 1 of 15. Applicability. Compatibility EACMS PACS. Version 5. Version 3 PCA EAP. ERC NO ERC Low Impact BES. ERC Medium Impact BES
002 5 R1. Each Responsible Entity shall implement a process that considers each of the following assets for purposes of parts 1.1 through 1.3: i. Control Centers and backup Control Centers; ii. Transmission
More informationSecuring Today s Mobile Workforce
WHITE PAPER Securing Today s Mobile Workforce Secure and Manage Mobile Devices and Users with Total Defense Mobile Security Table of Contents Executive Summary..................................................................................
More informationZimperium Global Threat Data
Zimperium Global Threat Report Q2-2017 700 CVEs per Year for Mobile OS 500 300 100 07 08 09 10 11 12 13 14 15 16 17 Outdated ios Outdated ANDROID 1 of 4 Devices Introduces Unnecessary Risk 1 out of 50
More informationCourse Outline (version 2)
Course Outline (version 2) Page. 1 CERTIFIED SECURE COMPUTER USER This course is aimed at end users in order to educate them about the main threats to their data s security. It also equips the students
More informationIntrusion prevention systems are an important part of protecting any organisation from constantly developing threats.
Network IPS Overview Intrusion prevention systems are an important part of protecting any organisation from constantly developing threats. By using protocol recognition, identification, and traffic analysis
More informationC1: Define Security Requirements
OWASP Top 10 Proactive Controls IEEE Top 10 Software Security Design Flaws OWASP Top 10 Vulnerabilities Mitigated OWASP Mobile Top 10 Vulnerabilities Mitigated C1: Define Security Requirements A security
More informationDigital Health Cyber Security Centre
Digital Health Cyber Security Centre Current challenges Ransomware According to the ACSC Threat Report 2017, cybercrime is a prevalent threat for Australia. Distributed Denial of Service (DDoS) Targeting
More informationSafelayer's Adaptive Authentication: Increased security through context information
1 Safelayer's Adaptive Authentication: Increased security through context information The password continues to be the most widely used credential, although awareness is growing that it provides insufficient
More informationCyber Security. Our part of the journey
Cyber Security Our part of the journey The Journey Evolved Built on the past Will be continued Not always perfect Small Steps moving forward The Privileged How to make enemies quickly Ask before acting
More informationSO YOU THINK YOU ARE PROTECTED? THINK AGAIN! NEXT GENERATION ENDPOINT SECURITY
SO YOU THINK YOU ARE PROTECTED? THINK AGAIN! NEXT GENERATION ENDPOINT SECURITY www.securelink.net BACKGROUND Macro trends like cloud and mobility change the requirements for endpoint security. Data can
More informationProtect Your Application with Secure Coding Practices. Barrie Dempster & Jason Foy JAM306 February 6, 2013
Protect Your Application with Secure Coding Practices Barrie Dempster & Jason Foy JAM306 February 6, 2013 BlackBerry Security Team Approximately 120 people work within the BlackBerry Security Team Security
More informationQuick recap on ing Security Recap on where to find things on Belvidere website & a look at the Belvidere Facebook page
Workshop #7 Email Security Previous workshops 1. Introduction 2. Smart phones & Tablets 3. All about WatsApp 4. More on WatsApp 5. Surfing the Internet 6. Emailing Quick recap on Emailing Email Security
More informationHOLY ANGEL UNIVERSITY COLLEGE OF INFORMATION AND COMMUNICATIONS TECHNOLOGY CYBER SECURITY COURSE SYLLABUS
HOLY ANGEL UNIVERSITY LLEGE OF INFORMATION AND MMUNICATIONS TECHNOLOGY CYBER SECURITY URSE SYLLABUS Course Code : 6CSEC Prerequisite : 6MPRO2L Course Credit : 3 Units (2 hours LEC,3 hours LAB) Year Level:
More informationACS / Computer Security And Privacy. Fall 2018 Mid-Term Review
ACS-3921-001/4921-001 Computer Security And Privacy Fall 2018 Mid-Term Review ACS-3921/4921-001 Slides Used In The Course A note on the use of these slides: These slides has been adopted and/or modified
More informationCeedo Client Family Products Security
ABOUT THIS DOCUMENT Ceedo Client Family Products Security NOTE: This document DOES NOT apply to Ceedo Desktop family of products. ABOUT THIS DOCUMENT The purpose of this document is to define how a company
More informationSMART DEVICES: DO THEY RESPECT YOUR PRIVACY?
SMART DEVICES: DO THEY RESPECT YOUR PRIVACY? Systems and Mobile Research Lab, Department of Computer Science and Engineering INDIAN INSTITUTE OF TECHNOLOGY KHARAGPUR Presenter: Sandip Chakraborty sandipc@cse.iitkgp.ac.in
More informationIC B01: Internet Security Threat Report: How to Stay Protected
IC B01: Internet Security Threat Report: How to Stay Protected Piero DePaoli Director, Product Marketing IC B01: Internet Security Threat Report: How to Stay Protected 1 Topics 1 Targeted Attacks 2 Spam
More informationMapping BeyondTrust Solutions to
TECH BRIEF Taking a Preventive Care Approach to Healthcare IT Security Table of Contents Table of Contents... 2 Taking a Preventive Care Approach to Healthcare IT Security... 3 Improvements to be Made
More informationCombatting Browser Fingerprinting with ChromeDust
Combatting Browser Fingerprinting with ChromeDust Ram Bhaskar Rishikesh Tirumala Timmy Galvin 6.858 Final Project (Lab 7) December 12, 2013 Introduction
More informationTHE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION
BREACH & ATTACK SIMULATION THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION Cymulate s cyber simulation platform allows you to test your security assumptions, identify possible security gaps and receive
More informationRequirements for IT Infrastructure
Requirements for IT Infrastructure This information contained in this document is taken from the NCSC Website directly via: https://www.cyberessentials.ncsc.gov.uk/requirements-for-it-infrastructure.html
More informationSecurity by Default: Enabling Transformation Through Cyber Resilience
Security by Default: Enabling Transformation Through Cyber Resilience FIVE Steps TO Better Security Hygiene Solution Guide Introduction Government is undergoing a transformation. The global economic condition,
More information