Managing Cyber Security Risks


Published on

Capabilities to manage cyber security risks and mitigate operational risks.

  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • Ability to replay content exactly as it appeared in the original user’s communication
  • Managing Cyber Security Risks

    1. 1. The Internet & Network Communications Never Sleep<br />Network Security To Manage Your Risks!<br />
    2. 2. Do You Know What’s Traveling Through Your Network Communications Right Now?<br />
    3. 3. Data Leakage – Data Theft ?<br />
    4. 4. What Confidential, private or inappropriate information is passing through the Network?<br />
    5. 5. What Confidential, private or inappropriate information is passing through the Network?<br />Does Your IT Department Know?<br />
    6. 6. What Confidential, private or inappropriate information is passing through the Network?<br />Does Your IT Department Know?<br />Cyber Diligence Can Help You Manage Your IT & Operational Risks<br />
    7. 7. IT Risk Management<br />Keeping an Eye on Cyber Security<br />
    8. 8. Proactive Strategies and Incident Response<br />
    9. 9. Who We Are & What We Do<br />Cyber Diligence – Let Our Experience, Skills and Tools Work For You<br />
    10. 10. Who We Are<br />Experienced Computer Crime Investigators<br />Law Enforcement Backgrounds with the Largest Law Enforcement Agency in the United States<br />Recognized Experts in the Field<br />Equipped with the Specialized Tools and State-of-the-Art Lab to get the Job Done!<br />
    11. 11. Cyber Diligence: What We Do<br />Information Technology Investigations <br />Network Forensics<br />Computer Forensics<br />Incident Response<br />E-Discovery<br />Expert Witness and Litigation Support<br />Training and Briefings<br />Technical Experts for Investigations<br />Information Technology Security Assessments<br />IT / Communication TSCM<br />
    12. 12. Client Markets We’ve Serve<br />Financial and Investment Institutions<br />Healthcare Industry<br />Insurance Industry<br />Legal firms<br />Engineering & Architectural<br />Technology and Manufacturing Industry<br />Utilities<br />Energy and Fuel Industry<br />Supply Chain<br />Private Security & Investigation Firms<br />
    13. 13. Network Security Reviews<br />Examine a Company’s Ability to Protect Against Potential Liabilities:<br />Network Examination and review (Not CYA)<br />Basic<br />Mid-Level<br />Comprehensive<br />Identify Risks and help the Client to Understand and Manage their Operational and IT Risks<br />Compliance Audits<br />Provide the client with a report on the Cyber Security posture of the organization<br />
    14. 14. Cyber Diligence Capabilities<br />Deployable, all-in-one boxes, pre-configured to immediately capture “data in motion”<br />Flexible filters that capture based on defined criteria; “everything”, “everything but”, and “nothing except”<br />Passive non-intrusive devices easily deployed anywhere on a network<br />High speed monitoring for organizations with high bandwidth traffic<br />High storage capacity<br />Scalable – potential to monitor & record tens of thousands of users<br />
    15. 15. Cyber Diligence Capabilities continued<br />Provide visibility & intelligence into an organization’s “data” <br />Recording application content across network protocols, regardless of content type, platform, address, or port, without effecting network performance<br />Proactive Alerts based on policy<br />Playback of retrieved content exactly as it appeared in the original user communication<br />
    16. 16. Capturing Data in Motion<br />A contextual, perpetual drill-down summary report that covers statistics and information from captured network activities:<br />Usage across the network (Number of accesses, amount of data sent)<br />Relevant content associated with a user:<br />Most active user(s) identified by IP address, MAC address and NT/AD username<br />Most active protocols (Web, E-mail, IM, SSL, File transfers)<br />Most active Content Type (Application, Image, Video, Audio, etc. – over 510 types)<br />Most active Alerts (Based on user defined criteria and discussion on Alerts!)<br />Adherence to regulatory or internal use policies<br />Risks for data leakage<br />Risks for data theft <br />Risks or evidence of criminal activities like fraud or child pornography<br />Post Incident: Cyber Security Incident (CSI) Response<br />
    17. 17. Cyber Security Investigations (CSI)<br />
    18. 18. Cyber Security Investigations (CSI)<br />Experienced real-life investigators<br />Equipment that provides powerful real-time indexing and forensic fingerprinting on user communications and associated metadata entering & leaving a network<br />“Credible Content Reproduction”<br />Provide evidence of user activity that is both forensically accurate and credible<br />Point and click forensics capability<br />State-of-the-art Laboratory<br />Software capabilities:<br />Silent Runner, Encase, Gargoyle Investigator, Forensic Pro, <br />ProDiscover, Livewire Investigator, HB Gary,<br />Forensic Tool Kit, and many more….<br />
    19. 19. Cyber Diligence CSI Capabilities continued<br />Periodic Checks for Compliance with Corporate Responsibilities<br /><ul><li> Insider Threats
    20. 20. Outsider Threats
    21. 21. Operational Risks</li></li></ul><li>Identify and Manage Risks<br />Execute malware discovery across your networks<br />Conduct Live Network Investigations<br />Collect, monitor, record, research, analyze, report <br />Acquire system information, active port mapping, and examine installed software, updates, patches, etc. <br />Review IT Security Incident Logs<br />Provide Incident Response to Network Security and Policy Breaches<br />Detect unauthorized access, leakage or theft of confidential or personal identifiable info<br />Detect abuse of network resources<br />
    22. 22. Compliance Audits<br />Conduct scans on stand-alone system or network resources for known contraband, hostile, or “bad” programs<br />Periodic Audits of logs, policies and procedures<br />Conduct Penetration Tests<br />
    23. 23. Cyber Security Incident Response<br />Determine what happened<br />How did it happen<br />Attempt to identify who did it<br />Extent of loss<br />Responsibility<br />Corporate adherence to established policies<br />Was the event preventable<br />Mitigate IT & Operational Risks <br />
    24. 24. Let Cyber Diligence Show You How We Can Make a Difference<br />Contact Us:<br /> David Kondrup (516) 507-4322<br /> Vice President, Strategic Initiatives<br />Email:<br /><br />Cyber Diligence, Inc.<br />575 Underhill Blvd – suite 209<br />Syosset, N.Y. 11791<br />