Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Cyber Security Awareness

215 views

Published on

Seminar of Cyber Security Awareness at PT PJB (Pembangkitan Jawa Bali ) Surabaya 2018

Published in: Education
  • Be the first to comment

Cyber Security Awareness

  1. 1. Cyber Security: Be Paranoid Please Presented by M.Syarifudin, ST, OSCP, OSWP Surabaya, 17 April 2018 Seminar of Cyber Security Awareness PT PJB (Pembangkitan Jawa Bali) !1
  2. 2. Hello From Me • Information Security Trainer & Speaker • OSCP & OSWP Certified • Official Indonesian Kali Linux Translator • Homepage: fl3x.us !2
  3. 3. We are going to Talk About • IT Security Awareness • The Importance of Security Awareness • Cyber Attack Trend • Essential Tips • ISO 27001 Overview • Pentest is needed !3
  4. 4. IT Security Awareness • Vital for an organization • Entire organization’s responsibility • IT system increase in complexity • The technologies and vendors are not the indication of success !4
  5. 5. IT Security Awareness • Should be supported regularly • A requirement for compliance • Weak security culture in the organization • Need a security awareness program !5
  6. 6. Security Awareness Program • A Way to ensure that everyone at the organization has a sense of security. Then it will be their responsibility. !6
  7. 7. Security Awareness Program As A CULTURE ATTITUDES PRACTICES POLICIES PROCESSES SUCCESS !7
  8. 8. Security Awareness Program Components Communication Content Checklists Controls !8
  9. 9. Communication • Regular Conversation • Clear, Relevant, and Fun • Security is very important for business !9
  10. 10. Checklists • Keep organized for developing, delivering, and maintaining security awareness program • Who, What, When, Where, Why, How !10
  11. 11. Content • Some references about security • Security handbook for all employees • Training program • Group chat ( security issue and discussion ) • Role based guidelines !11
  12. 12. Controls • Some rules • Need an approval based on role • Prevention !12
  13. 13. The Importance of Security Awareness • Reduce the biggest risk (employees) • Improve the awareness for protecting sensitive information • Helping employees to handle information securely !13
  14. 14. The Importance of Security Awareness • Reduce the risks of mishandling information • Increase organizational understanding implementation of security best practice • Helping organization to prevent attacks !14
  15. 15. Cyber Attack Trend • Malware • Ransomware • Phishing • Web Application Attack • DoS !15
  16. 16. Bad Habits • Default password • Same password for all accounts • Disclose sensitive information !16
  17. 17. Essential Tips • IT team “sell” the awareness mindset • Remind each other regarding the information security • Keep your privacy and sensitive information • Avoid reuse password • Enable two step verification !17
  18. 18. Essential Tips • Make sure always using secure connection • Make sure to always use the original software • Always update the software and make sure it’s the latest version • Backup the data regularly • Avoid torrent download (pirates && not safe) !18
  19. 19. ISO 27001 • ISO/IEC 27001 is the best-known standard in the family providing requirements for an information security management system (ISMS). • Helps organizations keep information assets secure !19
  20. 20. What is ISMS? • ISMS is a systematic approach to managing sensitive company information so that it remains secure. • By applying a risk management process. People Processes IT System !20
  21. 21. Pentest is needed !21
  22. 22. What is PenTest ? Real Attacks The Target Gain Access Application NetworkSystem 22
  23. 23. About PenTest 23 Compromise IT System Security Find SecurityVulnerabilitiesMust Have a Permission Be Creative Exploit the SecurityVuln. Bypass Security MechanismThink like an Attacker
  24. 24. Penetration Testing Execution Standard 24 Intelligence GatheringPre-engagement Threat ModellingVulnerability Analysis Exploitation Post Exploitation Reporting http://www.pentest-standard.org
  25. 25. Sample XSS Attack Vector Execute the JavaScript code Stealing Cookies Log in without credentials Get a shellG0t root !25
  26. 26. References • https://www.pcisecuritystandards.org/documents/ PCI_DSS_V1.0_Best_Practices_for_Implementing_Security _Awareness_Program.pdf • https://www.tripwire.com/state-of-security/security- awareness/how-to-build-a-successful-it-security- awareness-program/ • https://www.threatstack.com/blog/how-to-implement-a- security-awareness-program-at-your-organization/ • https://www.iso.org/isoiec-27001-information-security.html !26

×