Law r32

•

0 likes•73 views

Session ID:
Session Classification:
Banking Fraud: Where is the Liability –
With the Customer, Bank or Vendor?

This document provides an overview of cyberespionage and international cyber operations as weapons. It defines key terms, gives a brief history of cyberespionage dating back to the 1980s, describes the anatomy of a typical cyberespionage attack, discusses implications for nation-state policy, and outlines what individuals should do to protect themselves. The presenter is Mark Russinovich, author of Zero Day and Trojan Horse, speaking at an intermediate-level conference session.

Exp t18

SelectedPresentations

This document summarizes the plateau effect through 7 elements: 1) immunity to interventions over time, 2) greed leading to local optima, 3) bad timing of interventions, 4) flow issues in automated systems, 5) distorted data obscuring real risks, 6) distraction reducing performance, and 7) failing slowly over many small incremental changes. The document provides examples and studies to illustrate each element and argues that understanding the plateau effect is important to causing meaningful long-term change.

Exp t19 exp-t19

SelectedPresentations

This document discusses the challenges facing the IT security industry in an era of increasing cyberwarfare and sophisticated cyberattacks. It outlines the major sources of attacks, including criminals, hacktivists, and government agencies. It also describes the motivations behind attacks, such as financial gain or political sabotage. Additionally, it examines some of the key attributes of cyberweapons like attribution difficulty and the ease of developing attacks. The document analyzes high-profile past attacks and the anatomy of how such targeted strikes are carried out. It also discusses approaches for protecting against sophisticated targeted attacks through technologies, policies, and international cooperation. Finally, it notes how the threats and attackers have evolved over time, posing new challenges for the IT security industry.

Exp w21

SelectedPresentations

Stuart McClure, CEO of Cylance Inc., gave a presentation on securing embedded systems and devices. He began by noting the vast number of embedded systems worldwide that were designed without security. He then demonstrated live hacks against a Samsung smart TV, a Tridium building management system, and an electronic lockbox. To conclude, he discussed countermeasures organizations can implement to prevent attacks on embedded systems, such as disabling unnecessary ports, patching vulnerabilities, restricting physical and remote access, and using firewalls, IDS systems and encryption.

Exp w23

SelectedPresentations

Exp w22 exp-w22

SelectedPresentations

The document discusses several emerging cyber threats including the increasing militarization of cyber space by governments, the rise of offensive forensics techniques and purposeful misattribution of attacks, and computer attacks that can result in kinetic impacts in the real world by targeting industrial control and critical infrastructure systems. It also describes the CyberCity project, which is a miniature simulated city that security experts can use to visualize how cyber attacks can achieve kinetic effects. The document uses a case study to illustrate how an actual power grid attack may have progressed by exploiting vulnerabilities across different systems and networks.

Exp w25SelectedPresentations

Grc f41

SelectedPresentations

This document summarizes a presentation on adapting security strategies as control is lost over IT systems. It discusses how virtualization, cloud computing, and increased mobility have reduced administrative control. It defines the "Control Quotient" as optimizing security controls within one's sphere of control. Examples show how control has shifted between users, customers and providers in cloud models. The presentation argues that security must focus on controls that can still be influenced rather than what is lost.

Law r32

Recommended

Recommended

More Related Content

More from SelectedPresentations

More from SelectedPresentations (20)

Law r32