Navigating the River of Woe to EPIC Vulnerability Assessments
|
|
- Louisa Jacobs
- 6 years ago
- Views:
Transcription
1 SEC460.3 Enterprise Threat and Vulnerability Assessment Navigating the River of Woe to EPIC Vulnerability Assessments Copyright Matthew Toussain All Rights Reserved
2 2
3 CHOICE You dash out of the cube farm knocking your boss out of the way whilst claiming explosive diarrhea You lean back in your chair the aspect of relaxation itself. You got this. Your awesome. Your boss needs to get with the program. Beyond Scanning Delivering Impact Driven Vulnerability Assessments 3
4 NOBODY LIKES GARY Beyond Scanning Delivering Impact Driven Vulnerability Assessments 4
5 THE IMPORTANCE OF COLLABORATION When attack meets defense the whole is greater than the sum of its parts Red Teams attack, Blue Teams defend -- but they share a common goal: Continuous Security Improvement SEC460 Enterprise Threat and Vulnerability Assessment 5
6 THE TEAMING CONCEPT The idea behind teaming is to create a representative role-based guide where different teams are assigned color coded objectives Blue Team The blue team is tasked with network defense Red Team The red team exists to evaluate and grow the blue team s capacity to perform network defense Less Common Teams Green Team The team tasked with remediation of security vulnerabilities Black Team Also know as the hunt team, the black team is focused cyberspace trapping and adversarial deception SEC460 Enterprise Threat and Vulnerability Assessment 6
7 THE TEAMING CONCEPT Non-participative groups essential to facilitating the teaming objective are referred to as cells White Cell The white cell s purpose is to enable the teaming event by acting as the intercessor between red and blue teams, validating findings and ensuring system availability Gray Cell The gray cell simulates an unwitting user or occasionally an insider threat. Gray cell s role adds realism to the network exercise and facilitates blue team growth by aiding red team exploitation SEC460 Enterprise Threat and Vulnerability Assessment 7
8 PURPLE TEAMING Purple Teaming is a newer concept focused on a direct collaborative relationship between blue and red functions The purple team is not adversarial! Often formed of members from both blue and red Simulation over Exploitation SEC460 Enterprise Threat and Vulnerability Assessment 8
9 YOU MAD BRO!? Beyond Scanning Delivering Impact Driven Vulnerability Assessments 9
10 CHOICE You reach for the crayons because there is nothing a kaleidoscope of colors cannot solve! You go to your quiet place (bean bag) to meditate on the choices that brought you here. Beyond Scanning Delivering Impact Driven Vulnerability Assessments 10
11 NONE OF OUR METRICS MAKE ANY SENSE!!! Beyond Scanning Delivering Impact Driven Vulnerability Assessments 11
12 Beyond Scanning Delivering Impact Driven Vulnerability Assessments 12
13 WHAT IS VULNERABILITY SCANNING? Vulnerability Scanning is the process of identifying services, configurations, and conditions that a threat actor could leverage to achieve maligned objectives. Beyond Scanning Delivering Impact Driven Vulnerability Assessments 13
14 THE VULNERABILITY SCANNER A vulnerability scanner moves beyond typical enumeration scanning procedures General Purpose Vulnerability Scanners Nessus Nexpose SAINT Retina Applications Specific Vulnerability Scanners Nikto Burpsuite IBM AppScan Qualys OpenVAS Accunetix WPScan VOIPAudit Beyond Scanning Delivering Impact Driven Vulnerability Assessments 14
15 GENERAL PURPOSE SCANNERS Vulnerability scanners have a robust feature set that goes beyond simpler port scanning tools Scanning Asset Discovery Scanning Service Detection Vulnerability Testing Banner Grabbing Vulnerability Correlation Validate Vulnerability Beyond Scanning Delivering Impact Driven Vulnerability Assessments 15
16 WHERE DO THEY COME FROM? Two categories of risk Identification Mitigation Mitigation blueprint an accurate measurement of unrealized risk must be taken Vulnerability assessors are responsible for identification, measurement, and triage of cybersecurity exposure Many testers fail to assess Sources Precomputation, database lookup Computational Blended Beyond Scanning Delivering Impact Driven Vulnerability Assessments 16
17 developing a concrete mitigation blueprint RISK MANAGEMENT CULTURE Developing an organizational risk management culture is iterative and cumulative Risk Identification Threat Assessment and risk ratings enable true network security insight Mitigation Develop a mitigation blueprint in order to Control the risk Beyond Scanning Delivering Impact Driven Vulnerability Assessments 17
18 TYPES OF BUSINESS RISK Risk is the possibility of suffering a loss Probability of negative happening if the risk is realized Risk is a cost center There are many kinds, cybersecurity is only one subcategory Strategic risk Compliance risk Operational risk Financial risk Reputational risk Cybersecurity risk is often not the most frequently realized, and prone to be disregarded Low probability of occurrence, high impact when realized Beyond Scanning Delivering Impact Driven Vulnerability Assessments 18
19 THE RISK EQUATION Organizational Risk = Probability x Impact In cybersecurity Vulnerability magnitude relates to the potential for catastrophic impact The organizational threat (ransomware, intellectual property theft, sabotage) provides the motive for attack. Greater motive equals higher chances of becoming a target Final risk should factor in additional concerns that may go beyond intrinsic risk Countermeasures Human Cost Risk = Threat Probability x Vulnerability Severity Beyond Scanning Delivering Impact Driven Vulnerability Assessments 19
20 SEVERITY RISK RATING BY PRECOMPUTATION Severity is not risk Benefits of vulnerability rating lookup systems Unbiased Simple and Fast Easy to justify Negatives No inclusion of probability or impact metrics Beyond Scanning Delivering Impact Driven Vulnerability Assessments 20
21 VULNERABILITY DATABASE SEVERITY RATINGS Databases National Vulnerability Database Symantec Security Response VulDB CVE Details Microsoft Exploitability Index Scanner Databases: Rapid7, Qualys, Nessus, etc Beyond Scanning Delivering Impact Driven Vulnerability Assessments 21
22 INFOCON ISC RISK RATING Infocon Rubric Infocon reflects changes Connectivity Disruptions Known Malicious Traffic These criteria are judged as a series of true/false questions +2 Slammer-like impact on Internet wide operations +2 Remote arbitrary code execution +2 No vendor patch or effective mitigation Beyond Scanning Delivering Impact Driven Vulnerability Assessments 22
23 RISK ASSESSMENT MATRIX Risk Assessment Matrices also known as Risk Assignment Matrices enable simplistic quantitative risk assessment Advantages Elimination of personal biases Numerical identification creates black or white conditions that are easy to interpret Beyond Scanning Delivering Impact Driven Vulnerability Assessments 23
24 NETWORK DIAGRAM Services Enclave User Enclave DMZ PII SharePoint Workstation 1 Workstation 2 Public Webserver DC/DNS File Share Beyond Scanning Delivering Impact Driven Vulnerability Assessments 24
25 DRAFTING A RISK ASSIGNMENT MATRIX Severity Probability High (4) Medium (3) Low (2) Informational (1) High (4) MS ETERNALBLUE Web Directory Traversal Shared Local Admin (w/ DA) PII SharePoint Read Network File Share Full Access Domain Admin s Workstation Critical Customer Data Medium (3) PII SharePoint Write Website Directory Indexing Low (2) Informational (1) Scale Beyond Scanning Delivering Impact Driven Vulnerability Assessments 25
26 STICKY NOTE HELL! Beyond Scanning Delivering Impact Driven Vulnerability Assessments 26
27 CHOICE Use your mad skillz to triage and remediate vulnerabilities. Your boss will forever bask in the radiance of your glory. Frame Gary. Take the money. Nobody likes him anyway. Plus you deserve it. You are pretty awesome after all! Beyond Scanning Delivering Impact Driven Vulnerability Assessments 27
28 DMZ VULNERABILITY REPORT Public Webserver (H) Vulnerable to Directory Traversal (I) Directory Indexing Enabled DMZ H Public Webserver Directory Indexing Directory Traversal Beyond Scanning Delivering Impact Driven Vulnerability Assessments 28
29 SERVICES ENCLAVE VULNERABILITY REPORT PII SharePoint (I) Critical Customer Data (M) World Readable (M) World Writeable DC/DNS (I) Fully Patched Services Enclave M PII SharePoint L DC/DNS Beyond Scanning Delivering Impact Driven Vulnerability Assessments 29
30 USER ENCLAVE VULNERABILITY REPORT Workstation 1 MS ETERNALBLUE Shared Local Admin with workstation 2 No sensitive data on system Workstation 2 Domain Admin s Workstation Fully Patched Windows File Share Fully patched Full access for all domain users User Enclave C L Workstation 1 Workstation 2 L File Share Beyond Scanning Delivering Impact Driven Vulnerability Assessments 30
31 DEVELOPING A RISK ASSIGNMENT MATRIX SOLUTION Severity Probability High (4) Medium (3) Low (2) Informational (1) High (4) MS ETERNALBLUE Apache Struts RCE Shared Local Admin (w/ DA) PII SharePoint Read Network File Share Full Access Domain Admin s Workstation Critical Customer Data Medium (3) PII SharePoint Write Web Directory Traversal Website Directory Indexing Low (2) Informational (1) Scale Beyond Scanning Delivering Impact Driven Vulnerability Assessments 31
32 QUALITATIVE RATING RUBRIC Does the vulnerability affect compliance related systems/information? (+2) Is the vulnerability actively exploited in-the-wild by major intrusion sets? (+1) Is the vulnerable service publicly accessible? (+1) Can you think up/brainstorm others? Beyond Scanning Delivering Impact Driven Vulnerability Assessments 32
33 QUALITATIVE ADJUSTMENT & TRIAGE Rating Metric Vulnerability 10 Apache Struts RCE 9 MS ETERNALBLUE Rating Metric Vulnerability 5 Domain Admin s Workstation (I) 4 Website Directory Indexing (I) 9 PII SharePoint Read 8 PII SharePoint Write 7 Shared Local Admin (w/ DA) 6 Network File Share Full Access 5 Web Directory Traversal Beyond Scanning Delivering Impact Driven Vulnerability Assessments 33
34 TPS REPORTS!?!? WHAT THE ACTUAL Beyond Scanning Delivering Impact Driven Vulnerability Assessments 34
35 QUALITATIVE ADJUSTMENT & TRIAGE Rating Metric Vulnerability 10 Apache Struts RCE 9 MS ETERNALBLUE Rating Metric Vulnerability 5 Domain Admin s Workstation (I) 4 Website Directory Indexing (I) 9 PII SharePoint Read 8 PII SharePoint Write 7 Shared Local Admin (w/ DA) 6 Network File Share Full Access 5 Web Directory Traversal Beyond Scanning Delivering Impact Driven Vulnerability Assessments 35
36 HACK THE PLANET! Attacker Services Enclave User Enclave Web Attk??? DMZ Info-Disclosure Shared Admin PII SharePoint Workstation 1 Workstation 2 Public Webserver DC/DNS File Share Beyond Scanning Delivering Impact Driven Vulnerability Assessments 36
37 I M ON A BOAT Beyond Scanning Delivering Impact Driven Vulnerability Assessments 37
Chapter 5: Vulnerability Analysis
Chapter 5: Vulnerability Analysis Technology Brief Vulnerability analysis is a part of the scanning phase. In the Hacking cycle, vulnerability analysis is a major and important part. In this chapter, we
More informationVulnerability Management. If you only budget for one project this year...
Vulnerability Management If you only budget for one project this year... William Kyrouz Senior Manager, Information Security & Governance, Bingham McCutchen Nathaniel McInnis Information Security Lead,
More informationA Methodology to Build Lasting, Intelligent Cybersecurity Programs
EBOOK Risk-Centric Cybersecurity Management : A Methodology to Build Lasting, Intelligent Cybersecurity Programs A Brinqa ebook Think InfoSec is ready to keep your enterprise secure through the next transformative
More informationDesigning and Building a Cybersecurity Program
Designing and Building a Cybersecurity Program Based on the NIST Cybersecurity Framework (CSF) Larry Wilson lwilson@umassp.edu ISACA Breakfast Meeting January, 2016 Designing & Building a Cybersecurity
More informationIBM Security AppScan Enterprise v9.0.1 Importing Issues from Third Party Scanners
IBM Security AppScan Enterprise v9.0.1 Importing Issues from Third Party Scanners Anton Barua antonba@ca.ibm.com October 14, 2014 Abstract: To manage the challenge of addressing application security at
More informationSurprisingly Successful: What Really Works in Cyber Defense. John Pescatore, SANS
Surprisingly Successful: What Really Works in Cyber Defense John Pescatore, SANS 1 Largest Breach Ever 2 The Business Impact Equation All CEOs know stuff happens in business and in security The goal is
More informationA Government Health Agency Trusts Tenable to Protect Patient Data and Manage Expanding Attack Surface
A Government Health Agency Trusts Tenable to Protect Patient Data and Manage Expanding Attack Surface ORGANIZATION SNAPSHOT The level of visibility Tenable.io provides is phenomenal, something we just
More informationReinvent Your 2013 Security Management Strategy
Reinvent Your 2013 Security Management Strategy Laurent Boutet 18 septembre 2013 Phone:+33 6 25 34 12 01 Email:laurent.boutet@skyboxsecurity.com www.skyboxsecurity.com What are Your Key Objectives for
More informationNOTHING IS WHAT IT SIEMs: COVER PAGE. Simpler Way to Effective Threat Management TEMPLATE. Dan Pitman Principal Security Architect
NOTHING IS WHAT IT SIEMs: COVER PAGE Simpler Way to Effective Threat Management TEMPLATE Dan Pitman Principal Security Architect Cybersecurity is harder than it should be 2 SIEM can be harder than it should
More informationRiskSense Attack Surface Validation for IoT Systems
RiskSense Attack Surface Validation for IoT Systems 2018 RiskSense, Inc. Surfacing Double Exposure Risks Changing Times and Assessment Focus Our view of security assessments has changed. There is diminishing
More informationTHE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION
BREACH & ATTACK SIMULATION THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION Cymulate s cyber simulation platform allows you to test your security assumptions, identify possible security gaps and receive
More informationTestBraindump. Latest test braindump, braindump actual test
TestBraindump http://www.testbraindump.com Latest test braindump, braindump actual test Exam : CS0-001 Title : CompTIA Cybersecurity Analyst (CySA+) Exam Vendor : CompTIA Version : DEMO Get Latest & Valid
More informationSee What You ve Been Missing
Distribuidor autorizado See What You ve Been Missing Gain unprecedented visibility and intelligence of your attack surface SOLUTIONS OVERVIEW Vulnerability and Threat Management Security Policy Management
More informationVulnerability Assessments and Penetration Testing
CYBERSECURITY Vulnerability Assessments and Penetration Testing A guide to understanding vulnerability assessments and penetration tests. OVERVIEW When organizations begin developing a strategy to analyze
More informationCyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS
Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS Continual disclosed and reported
More informationCase Study: The Evolution of EMC s Product Security Office. Dan Reddy, CISSP, CSSLP EMC Product Security Office
Case Study: The Evolution of EMC s Product Security Office Dan Reddy, CISSP, CSSLP EMC Product Security Office 1 The Evolution of EMC Product Security 2000-2004 2005-2009 2010-Beyond External Drivers Hackers
More informationVulnerability Management
Vulnerability Management Service Definition Table of Contents 1 INTRODUCTION... 2 2 SERVICE OFFERINGS VULNERABILITY MANAGEMENT... 2 3 SOLUTION PURPOSE... 3 4 HOW IT WORKS... 3 5 WHAT S INCLUDED... 4 6
More informationSOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT
RSA ARCHER IT & SECURITY RISK MANAGEMENT INTRODUCTION Organizations battle growing security challenges by building layer upon layer of defenses: firewalls, antivirus, intrusion prevention systems, intrusion
More informationThink Like an Attacker
Think Like an Attacker Using Attack Intelligence to Ensure the Security of Critical Business Assets Current State of Information Security Focused on detection and response Desire to reduce detection to
More informationEnterprise Cybersecurity Best Practices Part Number MAN Revision 006
Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 April 2013 Hologic and the Hologic Logo are trademarks or registered trademarks of Hologic, Inc. Microsoft, Active Directory,
More informationCyberSecurity: Top 20 Controls
CyberSecurity: Top 20 Controls ISACA Kampala Chapter CPD Event - 30 March 2017 By Bernard Wanyama - CISA, CGEIT, CRISC, CISM Assume breach.. The CIS Top 20 Critical Security Controls CIS, SANS, NSA and
More informationSecurity Testing. - a requirement for a secure business. ISACA DAY in SOFIA. Gabriel Mihai Tanase, Director, Cyber Services KPMG in CEE
Gabriel Mihai Tanase, Director, Cyber Services KPMG in CEE Cyber Security Services Security Testing - a requirement for a secure business ISACA DAY in SOFIA Agenda No Agenda Some minimum theory More real
More informationSoftware Architectural Risk Analysis (SARA) Frédéric Painchaud Robustness and Software Analysis Group
Software Architectural Risk Analysis (SARA) Frédéric Painchaud Robustness and Software Analysis Group Defence Research and Development Canada Recherche et développement pour la défense Canada Canada Agenda
More informationSachin Shetty Old Dominion University April 10, Cyber Risk Scoring and Mitigation(CRISM)
Sachin Shetty Old Dominion University sshetty@odu.edu April 10, 2019 Cyber Risk Scoring and Mitigation(CRISM) Customer Need - Life in the Security Operation Center Intrusion Detection System alerts Prioritized
More informationSYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security
SYMANTEC: SECURITY ADVISORY SERVICES Symantec Security Advisory Services The World Leader in Information Security Knowledge, as the saying goes, is power. At Symantec we couldn t agree more. And when it
More informationIntegrating Cyber Security with Business Continuity Management to Build the Resilient Enterprise
February 11 14, 2018 Gaylord Opryland Resort and Convention Center, Nashville #DRI2018 Integrating Cyber Security with Business Continuity Management to Build the Resilient Enterprise Tejas Katwala CEO
More information10 FOCUS AREAS FOR BREACH PREVENTION
10 FOCUS AREAS FOR BREACH PREVENTION Keith Turpin Chief Information Security Officer Universal Weather and Aviation Why It Matters Loss of Personally Identifiable Information (PII) Loss of Intellectual
More informationSOLUTION BRIEF. RiskSense Platform. RiskSense Platform the industry s most comprehensive, intelligent platform for managing cyber risk.
RiskSense Platform RiskSense Platform the industry s most comprehensive, intelligent platform for managing cyber risk. 27 RiskSense, Inc. Executive Summary The RiskSense Platform is a Software-as-a-Service
More informationINFORMATION ASSURANCE DIRECTORATE
National Security Agency/Central Security Service INFORMATION ASSURANCE DIRECTORATE CGS Risk Monitoring Risk Monitoring assesses the effectiveness of the risk decisions that are made by the Enterprise.
More informationIngram Micro Cyber Security Portfolio
Ingram Micro Cyber Security Portfolio Ingram Micro Inc. 1 Ingram Micro Cyber Security Portfolio Services Trainings Vendors Technical Assessment General Training Consultancy Service Certification Training
More informationSecurity analysis and assessment of threats in European signalling systems?
Security analysis and assessment of threats in European signalling systems? New Challenges in Railway Operations Dr. Thomas Störtkuhl, Dr. Kai Wollenweber TÜV SÜD Rail Copenhagen, 20 November 2014 Slide
More informationInternet Scanner 7.0 Service Pack 2 Frequently Asked Questions
Frequently Asked Questions Internet Scanner 7.0 Service Pack 2 Frequently Asked Questions April 2005 6303 Barfield Road Atlanta, GA 30328 Tel: 404.236.2600 Fax: 404.236.2626 Internet Security Systems (ISS)
More informationMIS Class 2. The Threat Environment
MIS 5214 Class 2 The Threat Environment Agenda In the News Models Risk Hackers Vulnerabilities Information System Categorization Risk Assessment Exercise Conceptual Modeling and Information Systems In
More informationCybersecurity and Hospitals: A Board Perspective
Cybersecurity and Hospitals: A Board Perspective Cybersecurity is an important issue for both the public and private sector. At a time when so many of our activities depend on information systems and technology,
More informationService. Sentry Cyber Security Gain protection against sophisticated and persistent security threats through our layered cyber defense solution
Service SM Sentry Cyber Security Gain protection against sophisticated and persistent security threats through our layered cyber defense solution Product Protecting sensitive data is critical to being
More informationMitigation Controls on. 13-Dec-16 1
Mitigation Controls on 13-Dec-16 1 An organization s users are its greatest assets and its most challenging adversaries. one of the vulnerabilities posed by insiders is their knowledge of the quality of
More informationSecuring Dynamic Data Centers. Muhammad Wajahat Rajab, Pre-Sales Consultant Trend Micro, Pakistan &
Securing Dynamic Data Centers Muhammad Wajahat Rajab, Pre-Sales Consultant Trend Micro, Pakistan & Afghanistan @WajahatRajab Modern Challenges By 2020, 60% of Digital Businesses will suffer Major Service
More informationLive Adversary Simulation: Red and Blue Team Tactics
SESSION ID: HTA-T06 Live Adversary Simulation: Red and Blue Team Tactics James Lyne Head of R&D SANS Institute @JamesLyne Stephen Sims Security Researcher & Fellow SANS Institute @Steph3nSims Agenda 2
More informationLAB2 R12: Optimize Your Supply Chain Cyber Security
LAB2 R12: Optimize Your Supply Chain Cyber Security Post Conference Summary Allan Thomson Jamison M. Day, Ph.D. Table of Contents INTRODUCTION... 3 SUPPLY CHAIN CYBER SECURITY TRENDS... 4 Outsourcing Increases
More informationSOLUTION BRIEF esentire Risk Advisory and Managed Prevention (RAMP)
SOLUTION BRIEF esentire Risk Advisory and Managed Prevention (RAMP) Adaptive Cybersecurity at the Speed of Your Business Attackers Evolve. Risk is in Constant Fluctuation. Security is a Never-ending Cycle.
More informationIBM Security Guardium Analyzer
IBM Guardium Analyzer Highlights Assess security & compliance risk associated with GDPR data Find GDPR data across onpremises and cloud databases Scan for database vulnerabilities Leverage next-generation
More informationAdversary Playbooks. An Approach to Disrupting Malicious Actors and Activity
Adversary Playbooks An Approach to Disrupting Malicious Actors and Activity Overview Applying consistent principles to Adversary Playbooks in order to disrupt malicious actors more systematically. Behind
More informationWHITE PAPER. Operationalizing Threat Intelligence Data: The Problems of Relevance and Scale
WHITE PAPER Operationalizing Threat Intelligence Data: The Problems of Relevance and Scale Operationalizing Threat Intelligence Data: The Problems of Relevance and Scale One key number that is generally
More informationBuyer s Guide. What you need to know before selecting a cyber risk analytics solution
Buyer s Guide What you need to kw before selecting a cyber risk analytics solution Introduction Why Cyber Risk Management? 10% Magnified Risk, Amplified Costs In response to the unprecedented acceleration
More informationCompTIA Exam CAS-002 CompTIA Advanced Security Practitioner (CASP) Version: 6.0 [ Total Questions: 532 ]
s@lm@n CompTIA Exam CAS-002 CompTIA Advanced Security Practitioner (CASP) Version: 6.0 [ Total Questions: 532 ] Topic break down Topic No. of Questions Topic 1: Volume A 117 Topic 2: Volume B 122 Topic
More informationVendors and Security. Robert Smith Sr. Director Technology Student Affairs Technology Services
Vendors and Security Robert Smith Sr. Director Technology Student Affairs Technology Services The views expressed are my own. Opinions expressed are solely my own and do not express the views or opinions
More informationAdvanced Cyber Risk Management Threat Modeling & Cyber Wargaming April 23, 2018
Advanced Cyber Risk Management Threat Modeling & Cyber Wargaming April 23, 2018 The Homeland Security Systems Engineering and Development Institute (HSSEDI ) is a trademark of the U.S. Department of Homeland
More informationExternal Supplier Control Obligations. Cyber Security
External Supplier Control Obligations Cyber Security Control Title Control Description Why this is important 1. Cyber Security Governance The Supplier must have cyber risk governance processes in place
More informationAdvanced IT Risk, Security management and Cybercrime Prevention
Advanced IT Risk, Security management and Cybercrime Prevention Course Goal and Objectives Information technology has created a new category of criminality, as cybercrime offers hackers and other tech-savvy
More informationExpress Monitoring 2019
Express Monitoring 2019 WHY CHOOSE PT EXPRESS MONITORING PT Express Monitoring provides a quick evaluation of the current signaling network protection level. This service helps to discover critical vulnerabilities
More informationCSE 3482 Introduction to Computer Security. Security Risk Management Cost-Benefit Analysis
CSE 3482 Introduction to Computer Security Security Risk Management Cost-Benefit Analysis Instrutor: N. Vlajic, Winter 2017 Security Risk Management Risk Management Risk Identification Risk Control Identify
More informationCCISO Blueprint v1. EC-Council
CCISO Blueprint v1 EC-Council Categories Topics Covered Weightage 1. Governance (Policy, Legal, & Compliance) & Risk Management 1.1 Define, implement, manage and maintain an information security governance
More informationDr. Stephanie Carter CISM, CISSP, CISA
Dr. Stephanie Carter CISM, CISSP, CISA Learning Objectives (LO) LO1 Will learn the theological and practitioner definition of cybersecurity LO2 Will learn the dependency between physical and cyber security
More informationEvaluating the Security of Your IT Network. Vulnerability Scanning & Network Map
Click to edit Master title style Evaluating the Security of Your IT Network Vulnerability Scanning & Network Map Kyle Stafford / M-CEITA 5/12/2017 1 1 Disclaimer This presentation was current at the time
More informationSymantec Business Continuity Solutions for Operational Risk Management
Symantec Business Continuity Solutions for Operational Risk Management Manage key elements of operational risk across your enterprise to keep critical processes running and your business moving forward.
More informationImproving Your Network Defense. Joel M Snyder Senior Partner Opus One
Improving Your Network Defense Joel M Snyder Senior Partner Opus One jms@opus1.com Agenda: Improving Your Network Defense What s the Thesis? Intrusion Detection Collecting Information Enabling Features
More informationDiscover threats quickly, remediate immediately, and mitigate the impact of malware and breaches
Discover threats quickly, remediate immediately, and mitigate the impact of malware and breaches Introduction No matter how hard you work to educate your employees about the constant and evolving threats
More informationSoftware & Supply Chain Assurance: Enabling Enterprise Resilience through Security Automation, Software Assurance and Supply Chain Risk Management
Software & Supply Chain Assurance: Enabling Enterprise Resilience through Security Automation, Software Assurance and Supply Chain Risk Management Joe Jarzombek, PMP, CSSLP Director for Software & Supply
More informationCASE STUDY. How 16 Penetration Tests Missed A Vulnerability Which Could ve Cost One Company Over $103 Million In PCI Fines
CASE STUDY How 16 Penetration Tests Missed A Vulnerability Which Could ve Cost One Company Over $103 Million In PCI Fines IN A RECENT ENHANCED RED TEAM/ADVANCED PENETRATION TEST, OUR TEAM OF TESTERS UNCOVERED
More informationMake IR Effective with Risk Evaluation and Reporting
SESSION ID: AIR-R02 Make IR Effective with Risk Evaluation and Reporting Mischel Kwon President/CEO MKA Cyber @mkacyber Justin Monti Sr. VP Security Engineering MKA Cyber You ve Got an Incident Now What?
More informationRiskSense Attack Surface Validation for Web Applications
RiskSense Attack Surface Validation for Web Applications 2018 RiskSense, Inc. Keeping Pace with Digital Business No Excuses for Not Finding Risk Exposure We needed a faster way of getting a risk assessment
More informationData Security and Privacy : Compliance to Stewardship. Jignesh Patel Solution Consultant,Oracle
Data Security and Privacy : Compliance to Stewardship Jignesh Patel Solution Consultant,Oracle Agenda Connected Government Security Threats and Risks Defense In Depth Approach Summary Connected Government
More informationThink Like an Attacker
Think Like an Attacker The Core Security Attack Intelligence Platform Core Security Presenter: Jackie Kalter Core Security Jackie Kalter has been in the Network Security industry for over 15 years. An
More informationBusiness Risk Management
slide 1 Business Risk Management Agenda slide 2 Business Risk Management Overall Issues Risk Defined Approach BRM Structure Business Operations & Critical Functions Asset Identification and Vulnerability
More informationThis shows a typical architecture that enterprises use to secure their networks: The network is divided into a number of segments Firewalls restrict
1 This shows a typical architecture that enterprises use to secure their networks: The network is divided into a number of segments Firewalls restrict access between segments This creates a layered defense
More informationdeep (i) the most advanced solution for managed security services
deep (i) the most advanced solution for managed security services TM deep (i) suite provides unparalleled threat intelligence and incident response through cutting edge Managed Security Services Cybersecurity
More informationVULNERABILITY ASSESSMENT: SYSTEM AND NETWORK PENETRATION TESTING. Presented by: John O. Adeika Student ID:
VULNERABILITY ASSESSMENT: SYSTEM AND NETWORK PENETRATION TESTING. Presented by: John O. Adeika Student ID: 000205600 What is Penetration A penetration test, is a method of evaluating the security of a
More informationCyber Risk in the Marine Transportation System
Cyber Risk in the Marine Transportation System Cubic Global Defense MAR'01 1 Cubic.com/Global-Defense/National-Security 1 Cubic Global Defense Global Security Team Capabilities Program Management Integration
More informationThe SANS Institute Top 20 Critical Security Controls. Compliance Guide
The SANS Institute Top 20 Critical Security Controls Compliance Guide February 2014 The Need for a Risk-Based Approach A common factor across many recent security breaches is that the targeted enterprise
More informationn Explain penetration testing concepts n Explain vulnerability scanning concepts n Reconnaissance is the first step of performing a pen test
Chapter Objectives n Explain penetration testing concepts n Explain vulnerability scanning concepts Chapter #4: Threats, Attacks, and Vulnerabilities Vulnerability Scanning and Penetration Testing 2 Penetration
More informationDevice Discovery for Vulnerability Assessment: Automating the Handoff
Device Discovery for Vulnerability Assessment: Automating the Handoff O V E R V I E W While vulnerability assessment tools are widely believed to be very mature and approaching commodity status, they are
More informationVulnerability Assessment Process
Process Coleman Kane Coleman.Kane@ge.com January 14, 2015 Security Process 1 / 12 is the practice of discovering the vulnerabilties posed by an environment, determining their negative risk impact, and
More informationDefense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation
Defense-in-Depth Against Malicious Software Speaker name Title Group Microsoft Corporation Agenda Understanding the Characteristics of Malicious Software Malware Defense-in-Depth Malware Defense for Client
More informationEFFECTIVE VULNERABILITY MANAGEMENT USING QUALYSGUARD 1
EFFECTIVE VULNERABILITY MANAGEMENT USING QUALYSGUARD 1 EFFECTIVE VULNERABILITY MANAGEMENT USING QUALYSGUARD ICTN 6823 BOYD AARON SIGMON EAST CAROLINA UNIVERSITY EFFECTIVE VULNERABILITY MANAGEMENT USING
More informationSymantec Ransomware Protection
Symantec Ransomware Protection Protection Against Ransomware Defense in depth across all control points is required to stop ransomware @ Email Symantec Email Security.cloud, Symantec Messaging Gateway
More informationQuestion No: 1 After running a packet analyzer on the network, a security analyst has noticed the following output:
Volume: 75 Questions Question No: 1 After running a packet analyzer on the network, a security analyst has noticed the following output: Which of the following is occurring? A. A ping sweep B. A port scan
More informationThe Cyber Threat. Bob Gourley, Partner, Cognitio June 22, How we think. 1
The Cyber Threat Bob Gourley, Partner, Cognitio June 22, 2016 How we think. 1 About This Presentation Based on decades of experience in cyber conflict Including cyber defense, cyber intelligence, cyber
More informationISC2 EXAM - CISSP. Certified Information Systems Security Professional. Buy Full Product.
ISC2 EXAM - CISSP Certified Information Systems Security Professional Buy Full Product http://www.examskey.com/cissp.html Examskey ISC2 CISSP exam demo product is here for you to test the quality of the
More informationMedical Device Vulnerability Management
Medical Device Vulnerability Management MDISS / NH-ISAC Process Draft Dale Nordenberg, MD June 2015 Market-based public health: collaborative acceleration Objectives Define a trusted and repeatable process
More informationSecure Product Design Lifecycle for Connected Vehicles
Secure Product Design Lifecycle for Connected Vehicles Lisa Boran Vehicle Cybersecurity Manager, Ford Motor Company SAE J3061 Chair SAE/ISO Cybersecurity Engineering Chair AGENDA Cybersecurity Standards
More informationSustainable Security Operations
Sustainable Security Operations Optimize processes and tools to make the most of your team s time and talent The number and types of security incidents organizations face daily are steadily increasing,
More informationCyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.
Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK. In today s escalating cyber risk environment, you need to make sure you re focused on the right priorities by
More informationTransforming Security from Defense in Depth to Comprehensive Security Assurance
Transforming Security from Defense in Depth to Comprehensive Security Assurance February 28, 2016 Revision #3 Table of Contents Introduction... 3 The problem: defense in depth is not working... 3 The new
More informationChristopher Covert. Principal Product Manager Enterprise Solutions Group. Copyright 2016 Symantec Endpoint Protection Cloud
Christopher Covert Principal Product Manager Enterprise Solutions Group Copyright 2016 Symantec Endpoint Protection Cloud THE PROMISE OF CLOUD COMPUTING We re all moving from challenges like these Large
More informationCYBER SECURITY AND MITIGATING RISKS
CYBER SECURITY AND MITIGATING RISKS 01 WHO Tom Stewart Associate Director Technology Consulting Chicago Technical Security Leader Protiviti Slides PRESENTATION AGENDA 3 START HACKING DEFINITION BRIEF HISTORY
More informationDOWNLOAD OR READ : THREAT AND VULNERABILITY MANAGEMENT COMPLETE SELF ASSESSMENT GUIDE PDF EBOOK EPUB MOBI
DOWNLOAD OR READ : THREAT AND VULNERABILITY MANAGEMENT COMPLETE SELF ASSESSMENT GUIDE PDF EBOOK EPUB MOBI Page 1 Page 2 threat and vulnerability management complete self assessment guide threat and vulnerability
More informationSession 5311 Critical Testing Programs for Security Operations
Session 5311 Critical Testing Programs for Security Operations Introduction Neil Lakomiak UL Rodney Thayer Smithee Spelvin Agnew & Plinge, Inc. Coleman Wolf Environmental Systems Design, Inc. Testing Programs
More informationAGILE AND CONTINUOUS THREAT MODELS
SESSION ID: DEV-R04 AGILE AND CONTINUOUS THREAT MODELS Nancy Davoust Vice President, Security Architecture and Technology Solutions Comcast CONTEXT FOR AGILE AND CONTINUOUS THREAT MODELING The Landscape
More informationEnhancing the Cybersecurity of Federal Information and Assets through CSIP
TECH BRIEF How BeyondTrust Helps Government Agencies Address Privileged Access Management to Improve Security Contents Introduction... 2 Achieving CSIP Objectives... 2 Steps to improve protection... 3
More informationThe University of Queensland
UQ Cyber Security Strategy 2017-2020 NAME: UQ Cyber Security Strategy DATE: 21/07/2017 RELEASE:0.2 Final AUTHOR: OWNER: CLIENT: Marc Blum Chief Information Officer Strategic Information Technology Council
More informationRBI GUIDELINES ON CYBER SECURITY AND RAKSHA APPROACH
RBI GUIDELINES ON CYBER SECURITY AND RAKSHA APPROACH RBI GUIDELINES ON CYBER SECURITY AND RAKSHA APPROACH CONTEXT RBI has provided guidelines on Cyber Security Framework circular DBS. CO/CSITE/BC.11/33.01.001/2015-16
More informationBUILDING APPLICATION SECURITY INTO PRODUCTION CONTAINER ENVIRONMENTS Informed by the National Institute of Standards and Technology
BUILDING APPLICATION SECURITY INTO PRODUCTION CONTAINER ENVIRONMENTS Informed by the National Institute of Standards and Technology ebook BUILDING APPLICATION SECURITY INTO PRODUCTION CONTAINER ENVIRONMENTS
More informationCloudSOC and Security.cloud for Microsoft Office 365
Solution Brief CloudSOC and Email Security.cloud for Microsoft Office 365 DID YOU KNOW? Email is the #1 delivery mechanism for malware. 1 Over 40% of compliance related data in Office 365 is overexposed
More informationTool-Supported Cyber-Risk Assessment
Tool-Supported Cyber-Risk Assessment Security Assessment for Systems, Services and Infrastructures (SASSI'15) Bjørnar Solhaug (SINTEF ICT) Berlin, September 15, 2015 1 Me Bjørnar Solhaug Bjornar.Solhaug@sintef.no
More informationAutomating the Top 20 CIS Critical Security Controls
20 Automating the Top 20 CIS Critical Security Controls SUMMARY It s not easy being today s CISO or CIO. With the advent of cloud computing, Shadow IT, and mobility, the risk surface area for enterprises
More informationCyber Security. Our part of the journey
Cyber Security Our part of the journey The Journey Evolved Built on the past Will be continued Not always perfect Small Steps moving forward The Privileged How to make enemies quickly Ask before acting
More informationTiger Scheme QST/CTM Standard
Tiger Scheme QST/CTM Standard Title Tiger Scheme Qualified Security Tester Team Member Standard Version 1.2 Status Public Release Date 21 st June 2011 Author Professor Andrew Blyth (Tiger Technical Panel)
More informationHow were the Credit Card Numbers Published on the Web? February 19, 2004
How were the Credit Card Numbers Published on the Web? February 19, 2004 Agenda Security holes? what holes? Should I worry? How can I asses my exposure? and how can I fix that? Q & A Reference: Resources
More informationGetting over Ransomware - Plan your Strategy for more Advanced Threats
Getting over Ransomware - Plan your Strategy for more Advanced Threats Kaspersky Lab Hong Kong Eric Kwok General Manager Lapcom Ltd. BEYOND ANTI-VIRUS: TRUE CYBERSECURITY FROM KASPERSKY LAB 20 years ago
More informationIT Vulnerabilities: What an IT Auditor Should be Thinking About
IT Vulnerabilities: What an IT Auditor Should be Thinking About Evolving in a Changing Landscape OCTOBER 23-25 HOTEL NIKKO - SF Agenda 1. About the Speaker 2. IT Vulnerability: The Term Defined 3. Identification
More information