Web & Social Media Analytics Previous Year Question Paper.pdf
Cyber Security Awareness
1. Cyber Security:
Be Paranoid Please
Presented by
M.Syarifudin, ST, OSCP, OSWP
Surabaya, 17 April 2018
Seminar of Cyber Security Awareness
PT PJB (Pembangkitan Jawa Bali)
!1
2. Hello From Me
• Information Security Trainer & Speaker
• OSCP & OSWP Certified
• Official Indonesian Kali Linux Translator
• Homepage: fl3x.us
!2
3. We are going to Talk About
• IT Security Awareness
• The Importance of Security Awareness
• Cyber Attack Trend
• Essential Tips
• ISO 27001 Overview
• Pentest is needed
!3
4. IT Security Awareness
• Vital for an organization
• Entire organization’s responsibility
• IT system increase in complexity
• The technologies and vendors are not the indication of
success
!4
5. IT Security Awareness
• Should be supported regularly
• A requirement for compliance
• Weak security culture in the organization
• Need a security awareness program
!5
6. Security Awareness Program
• A Way to ensure that everyone at the organization has a
sense of security. Then it will be their responsibility.
!6
10. Checklists
• Keep organized for developing, delivering, and
maintaining security awareness program
• Who, What, When, Where, Why, How
!10
11. Content
• Some references about security
• Security handbook for all employees
• Training program
• Group chat ( security issue and discussion )
• Role based guidelines
!11
13. The Importance of Security Awareness
• Reduce the biggest risk (employees)
• Improve the awareness for protecting sensitive
information
• Helping employees to handle information securely
!13
14. The Importance of Security Awareness
• Reduce the risks of mishandling information
• Increase organizational understanding implementation of
security best practice
• Helping organization to prevent attacks
!14
15. Cyber Attack Trend
• Malware
• Ransomware
• Phishing
• Web Application Attack
• DoS
!15
16. Bad Habits
• Default password
• Same password for all accounts
• Disclose sensitive information
!16
17. Essential Tips
• IT team “sell” the awareness mindset
• Remind each other regarding the information security
• Keep your privacy and sensitive information
• Avoid reuse password
• Enable two step verification
!17
18. Essential Tips
• Make sure always using secure connection
• Make sure to always use the original software
• Always update the software and make sure it’s the latest
version
• Backup the data regularly
• Avoid torrent download (pirates && not safe)
!18
19. ISO 27001
• ISO/IEC 27001 is the best-known standard in the family
providing requirements for an information security
management system (ISMS).
• Helps organizations keep information assets secure
!19
20. What is ISMS?
• ISMS is a systematic approach to managing sensitive
company information so that it remains secure.
• By applying a risk management process.
People
Processes
IT System
!20
22. What is PenTest ?
Real Attacks The Target Gain
Access
Application NetworkSystem
22
23. About PenTest
23
Compromise IT System Security
Find SecurityVulnerabilitiesMust Have a Permission
Be Creative Exploit the SecurityVuln.
Bypass Security MechanismThink like an Attacker
24. Penetration Testing Execution Standard
24
Intelligence GatheringPre-engagement
Threat ModellingVulnerability Analysis
Exploitation Post Exploitation
Reporting
http://www.pentest-standard.org
25. Sample XSS Attack Vector
Execute the
JavaScript code Stealing Cookies
Log in without
credentials
Get a shellG0t root
!25