SlideShare a Scribd company logo

Sense of Security Best practice strategies to improve your enterprise security

J
Jason Edelstein

Best practice strategies to improve your enterprise security Examining the recent cases of security breaches to understand where your network is weak Analysing your existing security platform to mitigate the risk of breaches and theft Understanding the risks of damages associated to data security breach and related data theft

TechnologyBusiness
1 of 54
Download to read offline
www.senseofsecurity.com.au © Sense of Security 2013 Page 1 – April 2013 Compliance, Protection & Business Confidence Sense of Security Pty Ltd Sydney Level 8, 66 King Street Sydney NSW 2000 Australia Melbourne Level 10, 401 Docklands Drv Docklands VIC 3008 Australia T: 1300 922 923 T: +61 (0) 2 9290 4444 F: +61 (0) 2 9290 4455 info@senseofsecurity.com.au www.senseofsecurity.com.au ABN: 14 098 237 908 Best practice strategies to improve your enterprise security Murray Goldschmidt, Chief Operating Officer April 2013 2nd Annual Australian Fraud Summit 2013
www.senseofsecurity.com.au © Sense of Security 2013 Page 2 – April 2013 Agenda 1. Recent Security Breaches 2. Identifying & Understanding Security Risks & Organisational Implications 3. Steps to mitigate risk of breaches & theft
.senseofsecurity.com.au © Sense of Security 2013 Page 3 – April 2013 Increasing threat / consequence Scope – increasing ability to exploit Cyber Threat Actors
.senseofsecurity.com.au © Sense of Security 2013 Page 4 – April 2013 Increasing threat / consequence Scope – increasing ability to exploit Cyber Threat Actors Agenda Targets
.senseofsecurity.com.au © Sense of Security 2013 Page 5 – April 2013 Increasing threat / consequence Scope – increasing ability to exploit Script Kiddies/Cyber Researchers Experimentation, Fun, Testing Cyber Threat Actors Agenda Targets
.senseofsecurity.com.au © Sense of Security 2013 Page 6 – April 2013 Increasing threat / consequence Scope – increasing ability to exploit Script Kiddies/Cyber Researchers Experimentation, Fun, Testing Cyber Threat Actors Agenda Targets
.senseofsecurity.com.au © Sense of Security 2013 Page 7 – April 2013 Increasing threat / consequence Scope – increasing ability to exploit Hacktivists Disruption, Reputational Damage,Political/Social, Script Kiddies/Cyber Researchers Experimentation, Fun, Testing Cyber Threat Actors Agenda Targets
.senseofsecurity.com.au © Sense of Security 2013 Page 8 – April 2013 Increasing threat / consequence Scope – increasing ability to exploit Hacktivists Disruption, Reputational Damage,Political/Social, Script Kiddies/Cyber Researchers Experimentation, Fun, Testing Cyber Threat Actors Agenda Targets
.senseofsecurity.com.au © Sense of Security 2013 Page 9 – April 2013 Increasing threat / consequence Scope – increasing ability to exploit Organised Crime Financial gain, fraud, ID theft Hacktivists Disruption, Reputational Damage,Political/Social, Script Kiddies/Cyber Researchers Experimentation, Fun, Testing Cyber Threat Actors Agenda Targets
.senseofsecurity.com.au © Sense of Security 2013 Page 10 – April 2013 Increasing threat / consequence Scope – increasing ability to exploit Organised Crime Financial gain, fraud, ID theft Hacktivists Disruption, Reputational Damage,Political/Social, Script Kiddies/Cyber Researchers Experimentation, Fun, Testing Cyber Threat Actors Agenda Targets
.senseofsecurity.com.au © Sense of Security 2013 Page 11 – April 2013 Increasing threat / consequence Scope – increasing ability to exploit Organised Crime Financial gain, fraud, ID theft Professionals/Companies/Terrorists Commercial advantage, Intellectual Property Hacktivists Disruption, Reputational Damage,Political/Social, Script Kiddies/Cyber Researchers Experimentation, Fun, Testing Cyber Threat Actors Agenda Targets
.senseofsecurity.com.au © Sense of Security 2013 Page 12 – April 2013 Increasing threat / consequence Scope – increasing ability to exploit Organised Crime Financial gain, fraud, ID theft Professionals/Companies/Terrorists Commercial advantage, Intellectual Property Hacktivists Disruption, Reputational Damage,Political/Social, Script Kiddies/Cyber Researchers Experimentation, Fun, Testing Cyber Threat Actors Agenda Targets
.senseofsecurity.com.au © Sense of Security 2013 Page 13 – April 2013 Increasing threat / consequence Scope – increasing ability to exploit Organised Crime Financial gain, fraud, ID theft Professionals/Companies/Terrorists Commercial advantage, Intellectual Property Nation States Economic, political or military advantage Hacktivists Disruption, Reputational Damage,Political/Social, Script Kiddies/Cyber Researchers Experimentation, Fun, Testing Cyber Threat Actors Agenda Targets
.senseofsecurity.com.au © Sense of Security 2013 Page 14 – April 2013 Increasing threat / consequence Scope – increasing ability to exploit Organised Crime Financial gain, fraud, ID theft Professionals/Companies/Terrorists Commercial advantage, Intellectual Property Nation States Economic, political or military advantage Hacktivists Disruption, Reputational Damage,Political/Social, Script Kiddies/Cyber Researchers Experimentation, Fun, Testing Cyber Threat Actors Agenda Targets
.senseofsecurity.com.au © Sense of Security 2013 Page 15 – April 2013 Activity –But Not Yet Cyber War http://www.economist.com/blogs/analects/2013/02/chinese-cyber-attacks
.senseofsecurity.com.au © Sense of Security 2013 Page 16 – April 2013 Hacktivist Attacks http://www.bankinfosecurity.com/american-express-a-5645 http://www.scmagazine.com/market-for-ddos-prevention-to-hit-870-million/article/287020/
.senseofsecurity.com.au © Sense of Security 2013 Page 17 – April 2013 Advanced Persistent Threat
.senseofsecurity.com.au © Sense of Security 2013 Page 18 – April 2013 Target org/person Advanced Persistent Threat
.senseofsecurity.com.au © Sense of Security 2013 Page 19 – April 2013 Target org/person Advanced Persistent Threat
.senseofsecurity.com.au © Sense of Security 2013 Page 20 – April 2013 Target org/person Advanced Persistent Threat
.senseofsecurity.com.au © Sense of Security 2013 Page 21 – April 2013 Target org/person Advanced Persistent Threat
.senseofsecurity.com.au © Sense of Security 2013 Page 22 – April 2013 Target org/person Advanced Persistent Threat
.senseofsecurity.com.au © Sense of Security 2013 Page 23 – April 2013 Target org/person Malware penetrates Advanced Persistent Threat
.senseofsecurity.com.au © Sense of Security 2013 Page 24 – April 2013 Target org/person Malware penetrates Advanced Persistent Threat
.senseofsecurity.com.au © Sense of Security 2013 Page 25 – April 2013 Target org/person Malware penetrates Advanced Persistent Threat
.senseofsecurity.com.au © Sense of Security 2013 Page 26 – April 2013 Target org/person Malware penetrates Advanced Persistent Threat
.senseofsecurity.com.au © Sense of Security 2013 Page 27 – April 2013 Target org/person Malware penetrates Command & Control Advanced Persistent Threat
.senseofsecurity.com.au © Sense of Security 2013 Page 28 – April 2013 Target org/person Malware penetrates Command & Control Advanced Persistent Threat
.senseofsecurity.com.au © Sense of Security 2013 Page 29 – April 2013 Target org/person Malware penetrates Command & Control Advanced Persistent Threat
.senseofsecurity.com.au © Sense of Security 2013 Page 30 – April 2013 Target org/person Malware penetrates Command & Control Advanced Persistent Threat
.senseofsecurity.com.au © Sense of Security 2013 Page 31 – April 2013 Target org/person Malware penetrates Command & Control Advanced Persistent Threat
.senseofsecurity.com.au © Sense of Security 2013 Page 32 – April 2013 Target org/person Malware penetrates Command & Control Advanced Persistent Threat
.senseofsecurity.com.au © Sense of Security 2013 Page 33 – April 2013 Target org/person Malware penetrates Command & Control Advanced Persistent Threat
.senseofsecurity.com.au © Sense of Security 2013 Page 34 – April 2013 Target org/person Malware penetrates Command & Control Data harvest & exfiltrate Advanced Persistent Threat
.senseofsecurity.com.au © Sense of Security 2013 Page 35 – April 2013 Target org/person Malware penetrates Command & Control Data harvest & exfiltrate Advanced Persistent Threat
.senseofsecurity.com.au © Sense of Security 2013 Page 36 – April 2013 Target org/person Malware penetrates Command & Control Data harvest & exfiltrate Advanced Persistent Threat
www.senseofsecurity.com.au © Sense of Security 2013 Page 37 – April 2013 RBA Falls Victim to Cyber Attack http://www.afr.com/p/national/rba_confirms_cyber_attacks_ZsVpeJas8JX6UXCLwOVJKP
www.senseofsecurity.com.au © Sense of Security 2013 Page 38 – April 2013 Opportunistic Attack – Out of Business http://www.zdnet.com/distribute-it-claims-evil-behind-hack-1339319324/
www.senseofsecurity.com.au © Sense of Security 2013 Page 39 – April 2013 Identifying Security Risk Materiality Risk ASX Principle 7: “Recognise and Manage Risk” • A risk profile informs the board and management about material business risks, relevant to company (financial and non- financial) matters. Material business risks are the most significant areas of uncertainty or exposure at a whole of Company level that could impact the achievement of organisational objectives. Applies also to non listed entities!
www.senseofsecurity.com.au © Sense of Security 2013 Page 40 – April 2013 Small Business Also Affected http://www.staysmartonline.gov.au/alert_service/advisories/ransomware_attacks_will_increase_in_2013
www.senseofsecurity.com.au © Sense of Security 2013 Page 41 – April 2013 1 use application whitelisting to help prevent malicious software and other unapproved programs from running Just The Top 4 ….. At least 85% of the targeted cyber intrusions that Defence Signals Directorate (DSD) responds to could be prevented by following the first four mitigation strategies listed in DSD’s 35 Strategies to Mitigate Targeted Cyber Intrusions 2 3 4 patch applications such as PDF readers, Microsoft Office, Java, Flash Player and web browsers patch operating system vulnerabilities minimise the number of users with administrative privileges As of April 2013, the Top 4 Strategies to Mitigate Targeted Cyber Intrusions are mandatory for Australian Government agencies.
www.senseofsecurity.com.au © Sense of Security 2013 Page 42 – April 2013 Action Required Corporations & Government are generally becoming more aware to the need for improved governance and infosec capability
www.senseofsecurity.com.au © Sense of Security 2013 Page 43 – April 2013 Protect Your Data http://www.theaustralian.com.au/news/nation/personal-details-of-50000-people-exposed-as-abc-website-hacked/story-e6frg6nf-1226586895264
www.senseofsecurity.com.au © Sense of Security 2013 Page 44 – April 2013 Protect Your Data http://www.dailyfinance.com/2012/06/08/youve-been-hacked-again-why-linkedins-breach-is-worse-tha/
www.senseofsecurity.com.au © Sense of Security 2013 Page 45 – April 2013 Email Know Your Data There is no network perimeter. Your data is everywhere. Mobile Devices Corporate/Home Networks Databases/File Servers Cloud Services
www.senseofsecurity.com.au © Sense of Security 2013 Page 46 – April 2013 Data Centric, Not System Centric
www.senseofsecurity.com.au © Sense of Security 2013 Page 47 – April 2013 Availability Fundamentals Still Count the security controls used to protect data, and the communication channel designed to access it must be functioning correctly Integrity data integrity means maintaining and assuring the accuracy and consistency of data over its entire life-cycle Confidentiality preventing the disclosure of information to unauthorised individuals or systems
www.senseofsecurity.com.au © Sense of Security 2013 Page 48 – April 2013 Defence-in-Depth A solid Information Security capability requires resilience through defence-in- depth, sound fundamentals, accountability by executives and the ability to comply with regulations/legislation.
www.senseofsecurity.com.au © Sense of Security 2013 Page 49 – April 2013 Regulation & Legislation Government Privacy Act Australian Government - Information Security Manual (ISM), Protective Security Policy Framework (PSPF) State Government Standards, e.g. NSW Government Digital Information Security Policy based on ISO 27001 Industry Australian Prudential Regulatory Authority (PPG-234) PCI Security Standards Council (PCI Data Security Standard – PCI DSS)
www.senseofsecurity.com.au © Sense of Security 2013 Page 50 – April 2013 Self Examination What type of data do you have and is it classified? Whose owns it? Where does it reside (data sovereignty)? How is it accessed and by whom? What are your future technology objectives (BYOD, Cloud, Mobility…) Are there third parties suppliers involved? What are your compliance obligations? Do you a current/effective security governance capability? How would you respond in case of an incident?
www.senseofsecurity.com.au © Sense of Security 2013 Page 51 – April 2013 Information Security Governance Incorporate an industry recognised system of governance (e.g. ISO 27001 - Information Security Management System) Domains Information Security Management: Security Policy & Organisation Asset Management Human Resource Security Physical & Environmental Security Communications & Operations Management Access Control Information Systems Acquisition, Development & Maintenance Information Security Incident Management Business Continuity Management Compliance
www.senseofsecurity.com.au © Sense of Security 2013 Page 52 – April 2013 Management & Technical Standards Management standards and technical controls need to be defined and enforced. Management Practice Area Change Management Incident & Event Management Patch Management Disaster Recovery & Business Continuity Management Configuration Management Security Awareness Management Vulnerability Management Physical Security Threat Management Application Management Access Control Management 3rd Party Management
www.senseofsecurity.com.au © Sense of Security 2013 Page 53 – April 2013 Technical Assurance Vulnerability Management Program SDLC Governance, Static Code Analysis Configuration Management / Hardening Enterprise Security Architecture Testing of technology assets and social engineering threat assessments External/Internal penetration testing (ethical hacking) on networks and applications
www.senseofsecurity.com.au © Sense of Security 2013 Page 54 – April 2013 Questions? Thank you Head office is level 8, 66 King Street, Sydney, NSW 2000, Australia. Owner of trademark and all copyright is Sense of Security Pty Ltd. Neither text or images can be reproduced without written permission. T: 1300 922 923 info@senseofsecurity.com.au www.senseofsecurity.com.au

Recommended

ICISS Newsletter Sept 14
ICISS Newsletter Sept 14ICISS Newsletter Sept 14
ICISS Newsletter Sept 14Capt SB Tyagi, COAC'CC*,FISM,CSC,
 
ICISS Newsletter Oct14
ICISS Newsletter Oct14ICISS Newsletter Oct14
ICISS Newsletter Oct14Capt SB Tyagi, COAC'CC*,FISM,CSC,
 
40 under 40 in cybersecurity. top cyber news magazine
40 under 40 in cybersecurity. top cyber news magazine40 under 40 in cybersecurity. top cyber news magazine
40 under 40 in cybersecurity. top cyber news magazineBradford Sims
 
14 june
14 june14 june
14 juneCapt SB Tyagi, COAC'CC*,FISM,CSC,
 
Tourism & Hospitality Security Asia Pacific 2016
Tourism & Hospitality Security Asia Pacific 2016Tourism & Hospitality Security Asia Pacific 2016
Tourism & Hospitality Security Asia Pacific 2016Justin Barin de Jesus
 
Microsoft Security Intelligence Report vol. 21
Microsoft Security Intelligence Report vol. 21Microsoft Security Intelligence Report vol. 21
Microsoft Security Intelligence Report vol. 21Ioannis Aligizakis, M.Sc.
 
2016 Trends in Security
2016 Trends in Security 2016 Trends in Security
2016 Trends in Security Ioannis Aligizakis, M.Sc.
 
DYN Sept-Oct 2016
DYN Sept-Oct 2016DYN Sept-Oct 2016
DYN Sept-Oct 2016Ann Longmore-Etheridge
 

Recommended

ICISS Newsletter Sept 14
ICISS Newsletter Sept 14ICISS Newsletter Sept 14
ICISS Newsletter Sept 14Capt SB Tyagi, COAC'CC*,FISM,CSC,
 
ICISS Newsletter Oct14
ICISS Newsletter Oct14ICISS Newsletter Oct14
ICISS Newsletter Oct14Capt SB Tyagi, COAC'CC*,FISM,CSC,
 
40 under 40 in cybersecurity. top cyber news magazine
40 under 40 in cybersecurity. top cyber news magazine40 under 40 in cybersecurity. top cyber news magazine
40 under 40 in cybersecurity. top cyber news magazineBradford Sims
 
14 june
14 june14 june
14 juneCapt SB Tyagi, COAC'CC*,FISM,CSC,
 
Tourism & Hospitality Security Asia Pacific 2016
Tourism & Hospitality Security Asia Pacific 2016Tourism & Hospitality Security Asia Pacific 2016
Tourism & Hospitality Security Asia Pacific 2016Justin Barin de Jesus
 
Microsoft Security Intelligence Report vol. 21
Microsoft Security Intelligence Report vol. 21Microsoft Security Intelligence Report vol. 21
Microsoft Security Intelligence Report vol. 21Ioannis Aligizakis, M.Sc.
 
2016 Trends in Security
2016 Trends in Security 2016 Trends in Security
2016 Trends in Security Ioannis Aligizakis, M.Sc.
 
DYN Sept-Oct 2016
DYN Sept-Oct 2016DYN Sept-Oct 2016
DYN Sept-Oct 2016Ann Longmore-Etheridge
 
4b - Security Management - Cyber Security Mgt (1).pptx
4b - Security Management - Cyber Security Mgt (1).pptx4b - Security Management - Cyber Security Mgt (1).pptx
4b - Security Management - Cyber Security Mgt (1).pptxromawoodz
 
Why Depending On Malware Prevention Alone Is No Longer An Option
Why Depending On Malware Prevention Alone Is No Longer An Option Why Depending On Malware Prevention Alone Is No Longer An Option
Why Depending On Malware Prevention Alone Is No Longer An Option Seculert
 
Rcs triumfant watchful_webinar_final
Rcs triumfant watchful_webinar_finalRcs triumfant watchful_webinar_final
Rcs triumfant watchful_webinar_finalPatrick Florer
 
Cybersecurity in Sudan: Challenges & Opportunities
Cybersecurity in Sudan: Challenges & OpportunitiesCybersecurity in Sudan: Challenges & Opportunities
Cybersecurity in Sudan: Challenges & OpportunitiesMohamed Amine Belarbi
 
DATA PROTECTION & BREACH READINESS GUIDE 2014
DATA PROTECTION & BREACH READINESS GUIDE 2014DATA PROTECTION & BREACH READINESS GUIDE 2014
DATA PROTECTION & BREACH READINESS GUIDE 2014- Mark - Fullbright
 
Data Breach Guide 2013
Data Breach Guide 2013Data Breach Guide 2013
Data Breach Guide 2013- Mark - Fullbright
 
Security Testing for Test Professionals
Security Testing for Test ProfessionalsSecurity Testing for Test Professionals
Security Testing for Test ProfessionalsTechWell
 
Cyber Security: Why your business needs protection & prevention measures
Cyber Security: Why your business needs protection & prevention measuresCyber Security: Why your business needs protection & prevention measures
Cyber Security: Why your business needs protection & prevention measuresCBIZ, Inc.
 
Protection You Need from the Partner You Trust
Protection You Need from the Partner You TrustProtection You Need from the Partner You Trust
Protection You Need from the Partner You TrustADP, LLC
 
Protection You Need from the Partner You Trust
Protection You Need from the Partner You TrustProtection You Need from the Partner You Trust
Protection You Need from the Partner You TrustADP, LLC
 
3 Perspectives Around Data Breaches
3 Perspectives Around Data Breaches3 Perspectives Around Data Breaches
3 Perspectives Around Data BreachesSymantec
 
The Value of Crowd-Sourced Threat Intelligence
The Value of Crowd-Sourced Threat IntelligenceThe Value of Crowd-Sourced Threat Intelligence
The Value of Crowd-Sourced Threat IntelligenceImperva
 
Security Testing for Testing Professionals
Security Testing for Testing ProfessionalsSecurity Testing for Testing Professionals
Security Testing for Testing ProfessionalsTechWell
 
Maritime Cyber Security
Maritime Cyber SecurityMaritime Cyber Security
Maritime Cyber SecurityDimitris Chalambalis
 
Trustwave: 7 Experts on Transforming Your Threat Detection & Response Strategy
Trustwave: 7 Experts on Transforming Your Threat Detection & Response StrategyTrustwave: 7 Experts on Transforming Your Threat Detection & Response Strategy
Trustwave: 7 Experts on Transforming Your Threat Detection & Response StrategyMighty Guides, Inc.
 
CyberSecurity: Protecting Law Firms - Vanderburg - JurInnov
CyberSecurity: Protecting Law Firms - Vanderburg - JurInnovCyberSecurity: Protecting Law Firms - Vanderburg - JurInnov
CyberSecurity: Protecting Law Firms - Vanderburg - JurInnovEric Vanderburg
 
Protecting the "Crown Jewels" by Henrik Bodskov, IBM
Protecting the "Crown Jewels" by Henrik Bodskov, IBMProtecting the "Crown Jewels" by Henrik Bodskov, IBM
Protecting the "Crown Jewels" by Henrik Bodskov, IBMInfinIT - Innovationsnetværket for it
 
vip_day_2._1130_cloud
vip_day_2._1130_cloudvip_day_2._1130_cloud
vip_day_2._1130_cloudNicholas Chia
 
Aftab Hasan Speaking at Cyber Security in Banking Conference - Dubai
Aftab Hasan Speaking at Cyber Security in Banking Conference - DubaiAftab Hasan Speaking at Cyber Security in Banking Conference - Dubai
Aftab Hasan Speaking at Cyber Security in Banking Conference - DubaiAftab Hasan
 
WHY IS SIRA APPROVAL IMPORTANT?
WHY IS SIRA APPROVAL IMPORTANT? WHY IS SIRA APPROVAL IMPORTANT?
WHY IS SIRA APPROVAL IMPORTANT?successdsp
 
Sense of security - Virtualisation Security for Regulated Environments
Sense of security - Virtualisation Security for Regulated EnvironmentsSense of security - Virtualisation Security for Regulated Environments
Sense of security - Virtualisation Security for Regulated EnvironmentsJason Edelstein
 
Sense of Security - Securing Virtualised Environments; Focus on the Fundamentals
Sense of Security - Securing Virtualised Environments; Focus on the FundamentalsSense of Security - Securing Virtualised Environments; Focus on the Fundamentals
Sense of Security - Securing Virtualised Environments; Focus on the FundamentalsJason Edelstein
 

More Related Content

Similar to Sense of Security Best practice strategies to improve your enterprise security

4b - Security Management - Cyber Security Mgt (1).pptx
4b - Security Management - Cyber Security Mgt (1).pptx4b - Security Management - Cyber Security Mgt (1).pptx
4b - Security Management - Cyber Security Mgt (1).pptxromawoodz
 
Why Depending On Malware Prevention Alone Is No Longer An Option
Why Depending On Malware Prevention Alone Is No Longer An Option Why Depending On Malware Prevention Alone Is No Longer An Option
Why Depending On Malware Prevention Alone Is No Longer An Option Seculert
 
Rcs triumfant watchful_webinar_final
Rcs triumfant watchful_webinar_finalRcs triumfant watchful_webinar_final
Rcs triumfant watchful_webinar_finalPatrick Florer
 
Cybersecurity in Sudan: Challenges & Opportunities
Cybersecurity in Sudan: Challenges & OpportunitiesCybersecurity in Sudan: Challenges & Opportunities
Cybersecurity in Sudan: Challenges & OpportunitiesMohamed Amine Belarbi
 
DATA PROTECTION & BREACH READINESS GUIDE 2014
DATA PROTECTION & BREACH READINESS GUIDE 2014DATA PROTECTION & BREACH READINESS GUIDE 2014
DATA PROTECTION & BREACH READINESS GUIDE 2014- Mark - Fullbright
 
Security Testing for Test Professionals
Security Testing for Test ProfessionalsSecurity Testing for Test Professionals
Security Testing for Test ProfessionalsTechWell
 
Cyber Security: Why your business needs protection & prevention measures
Cyber Security: Why your business needs protection & prevention measuresCyber Security: Why your business needs protection & prevention measures
Cyber Security: Why your business needs protection & prevention measuresCBIZ, Inc.
 
Protection You Need from the Partner You Trust
Protection You Need from the Partner You TrustProtection You Need from the Partner You Trust
Protection You Need from the Partner You TrustADP, LLC
 
Protection You Need from the Partner You Trust
Protection You Need from the Partner You TrustProtection You Need from the Partner You Trust
Protection You Need from the Partner You TrustADP, LLC
 
3 Perspectives Around Data Breaches
3 Perspectives Around Data Breaches3 Perspectives Around Data Breaches
3 Perspectives Around Data BreachesSymantec
 
The Value of Crowd-Sourced Threat Intelligence
The Value of Crowd-Sourced Threat IntelligenceThe Value of Crowd-Sourced Threat Intelligence
The Value of Crowd-Sourced Threat IntelligenceImperva
 
Security Testing for Testing Professionals
Security Testing for Testing ProfessionalsSecurity Testing for Testing Professionals
Security Testing for Testing ProfessionalsTechWell
 
Trustwave: 7 Experts on Transforming Your Threat Detection & Response Strategy
Trustwave: 7 Experts on Transforming Your Threat Detection & Response StrategyTrustwave: 7 Experts on Transforming Your Threat Detection & Response Strategy
Trustwave: 7 Experts on Transforming Your Threat Detection & Response StrategyMighty Guides, Inc.
 
CyberSecurity: Protecting Law Firms - Vanderburg - JurInnov
CyberSecurity: Protecting Law Firms - Vanderburg - JurInnovCyberSecurity: Protecting Law Firms - Vanderburg - JurInnov
CyberSecurity: Protecting Law Firms - Vanderburg - JurInnovEric Vanderburg
 
vip_day_2._1130_cloud
vip_day_2._1130_cloudvip_day_2._1130_cloud
vip_day_2._1130_cloudNicholas Chia
 
Aftab Hasan Speaking at Cyber Security in Banking Conference - Dubai
Aftab Hasan Speaking at Cyber Security in Banking Conference - DubaiAftab Hasan Speaking at Cyber Security in Banking Conference - Dubai
Aftab Hasan Speaking at Cyber Security in Banking Conference - DubaiAftab Hasan
 
WHY IS SIRA APPROVAL IMPORTANT?
WHY IS SIRA APPROVAL IMPORTANT? WHY IS SIRA APPROVAL IMPORTANT?
WHY IS SIRA APPROVAL IMPORTANT?successdsp
 

Similar to Sense of Security Best practice strategies to improve your enterprise security (20)

4b - Security Management - Cyber Security Mgt (1).pptx
4b - Security Management - Cyber Security Mgt (1).pptx4b - Security Management - Cyber Security Mgt (1).pptx
4b - Security Management - Cyber Security Mgt (1).pptx
 
Why Depending On Malware Prevention Alone Is No Longer An Option
Why Depending On Malware Prevention Alone Is No Longer An Option Why Depending On Malware Prevention Alone Is No Longer An Option
Why Depending On Malware Prevention Alone Is No Longer An Option
 
Rcs triumfant watchful_webinar_final
Rcs triumfant watchful_webinar_finalRcs triumfant watchful_webinar_final
Rcs triumfant watchful_webinar_final
 
Cybersecurity in Sudan: Challenges & Opportunities
Cybersecurity in Sudan: Challenges & OpportunitiesCybersecurity in Sudan: Challenges & Opportunities
Cybersecurity in Sudan: Challenges & Opportunities
 
DATA PROTECTION & BREACH READINESS GUIDE 2014
DATA PROTECTION & BREACH READINESS GUIDE 2014DATA PROTECTION & BREACH READINESS GUIDE 2014
DATA PROTECTION & BREACH READINESS GUIDE 2014
 
Data Breach Guide 2013
Data Breach Guide 2013Data Breach Guide 2013
Data Breach Guide 2013
 
Security Testing for Test Professionals
Security Testing for Test ProfessionalsSecurity Testing for Test Professionals
Security Testing for Test Professionals
 
Cyber Security: Why your business needs protection & prevention measures
Cyber Security: Why your business needs protection & prevention measuresCyber Security: Why your business needs protection & prevention measures
Cyber Security: Why your business needs protection & prevention measures
 
Protection You Need from the Partner You Trust
Protection You Need from the Partner You TrustProtection You Need from the Partner You Trust
Protection You Need from the Partner You Trust
 
Protection You Need from the Partner You Trust
Protection You Need from the Partner You TrustProtection You Need from the Partner You Trust
Protection You Need from the Partner You Trust
 
3 Perspectives Around Data Breaches
3 Perspectives Around Data Breaches3 Perspectives Around Data Breaches
3 Perspectives Around Data Breaches
 
The Value of Crowd-Sourced Threat Intelligence
The Value of Crowd-Sourced Threat IntelligenceThe Value of Crowd-Sourced Threat Intelligence
The Value of Crowd-Sourced Threat Intelligence
 
Security Testing for Testing Professionals
Security Testing for Testing ProfessionalsSecurity Testing for Testing Professionals
Security Testing for Testing Professionals
 
Maritime Cyber Security
Maritime Cyber SecurityMaritime Cyber Security
Maritime Cyber Security
 
Trustwave: 7 Experts on Transforming Your Threat Detection & Response Strategy
Trustwave: 7 Experts on Transforming Your Threat Detection & Response StrategyTrustwave: 7 Experts on Transforming Your Threat Detection & Response Strategy
Trustwave: 7 Experts on Transforming Your Threat Detection & Response Strategy
 
CyberSecurity: Protecting Law Firms - Vanderburg - JurInnov
CyberSecurity: Protecting Law Firms - Vanderburg - JurInnovCyberSecurity: Protecting Law Firms - Vanderburg - JurInnov
CyberSecurity: Protecting Law Firms - Vanderburg - JurInnov
 
Protecting the "Crown Jewels" by Henrik Bodskov, IBM
Protecting the "Crown Jewels" by Henrik Bodskov, IBMProtecting the "Crown Jewels" by Henrik Bodskov, IBM
Protecting the "Crown Jewels" by Henrik Bodskov, IBM
 
vip_day_2._1130_cloud
vip_day_2._1130_cloudvip_day_2._1130_cloud
vip_day_2._1130_cloud
 
Aftab Hasan Speaking at Cyber Security in Banking Conference - Dubai
Aftab Hasan Speaking at Cyber Security in Banking Conference - DubaiAftab Hasan Speaking at Cyber Security in Banking Conference - Dubai
Aftab Hasan Speaking at Cyber Security in Banking Conference - Dubai
 
WHY IS SIRA APPROVAL IMPORTANT?
WHY IS SIRA APPROVAL IMPORTANT? WHY IS SIRA APPROVAL IMPORTANT?
WHY IS SIRA APPROVAL IMPORTANT?
 

More from Jason Edelstein

Sense of security - Virtualisation Security for Regulated Environments
Sense of security - Virtualisation Security for Regulated EnvironmentsSense of security - Virtualisation Security for Regulated Environments
Sense of security - Virtualisation Security for Regulated EnvironmentsJason Edelstein
 
Sense of Security - Securing Virtualised Environments; Focus on the Fundamentals
Sense of Security - Securing Virtualised Environments; Focus on the FundamentalsSense of Security - Securing Virtualised Environments; Focus on the Fundamentals
Sense of Security - Securing Virtualised Environments; Focus on the FundamentalsJason Edelstein
 
PCI What When AISA Sydney 2009
PCI What When AISA Sydney 2009PCI What When AISA Sydney 2009
PCI What When AISA Sydney 2009Jason Edelstein
 
PCI Compliance a Business Issue Isaca 2009
PCI Compliance a Business Issue Isaca 2009PCI Compliance a Business Issue Isaca 2009
PCI Compliance a Business Issue Isaca 2009Jason Edelstein
 
PCI Compliance What Does This Mean For the Australian Market Place 2007
PCI Compliance What Does This Mean For the Australian Market Place 2007PCI Compliance What Does This Mean For the Australian Market Place 2007
PCI Compliance What Does This Mean For the Australian Market Place 2007Jason Edelstein
 
Addressing Security Challenges of Mobility and Web 2.0 2009
Addressing Security Challenges of Mobility and Web 2.0 2009Addressing Security Challenges of Mobility and Web 2.0 2009
Addressing Security Challenges of Mobility and Web 2.0 2009Jason Edelstein
 
Achieving PCI Compliance Long And Short Term Strategies 2009
Achieving PCI Compliance Long And Short Term Strategies 2009Achieving PCI Compliance Long And Short Term Strategies 2009
Achieving PCI Compliance Long And Short Term Strategies 2009Jason Edelstein
 
Virtualisation: Pitfalls in Corporate VMware Implementations
Virtualisation: Pitfalls in Corporate VMware ImplementationsVirtualisation: Pitfalls in Corporate VMware Implementations
Virtualisation: Pitfalls in Corporate VMware ImplementationsJason Edelstein
 
VoIP: Attacks & Countermeasures in the Corporate World
VoIP: Attacks & Countermeasures in the Corporate WorldVoIP: Attacks & Countermeasures in the Corporate World
VoIP: Attacks & Countermeasures in the Corporate WorldJason Edelstein
 
Managing and Securing Web 2.0
Managing and Securing Web 2.0Managing and Securing Web 2.0
Managing and Securing Web 2.0Jason Edelstein
 

More from Jason Edelstein (10)

Sense of security - Virtualisation Security for Regulated Environments
Sense of security - Virtualisation Security for Regulated EnvironmentsSense of security - Virtualisation Security for Regulated Environments
Sense of security - Virtualisation Security for Regulated Environments
 
Sense of Security - Securing Virtualised Environments; Focus on the Fundamentals
Sense of Security - Securing Virtualised Environments; Focus on the FundamentalsSense of Security - Securing Virtualised Environments; Focus on the Fundamentals
Sense of Security - Securing Virtualised Environments; Focus on the Fundamentals
 
PCI What When AISA Sydney 2009
PCI What When AISA Sydney 2009PCI What When AISA Sydney 2009
PCI What When AISA Sydney 2009
 
PCI Compliance a Business Issue Isaca 2009
PCI Compliance a Business Issue Isaca 2009PCI Compliance a Business Issue Isaca 2009
PCI Compliance a Business Issue Isaca 2009
 
PCI Compliance What Does This Mean For the Australian Market Place 2007
PCI Compliance What Does This Mean For the Australian Market Place 2007PCI Compliance What Does This Mean For the Australian Market Place 2007
PCI Compliance What Does This Mean For the Australian Market Place 2007
 
Addressing Security Challenges of Mobility and Web 2.0 2009
Addressing Security Challenges of Mobility and Web 2.0 2009Addressing Security Challenges of Mobility and Web 2.0 2009
Addressing Security Challenges of Mobility and Web 2.0 2009
 
Achieving PCI Compliance Long And Short Term Strategies 2009
Achieving PCI Compliance Long And Short Term Strategies 2009Achieving PCI Compliance Long And Short Term Strategies 2009
Achieving PCI Compliance Long And Short Term Strategies 2009
 
Virtualisation: Pitfalls in Corporate VMware Implementations
Virtualisation: Pitfalls in Corporate VMware ImplementationsVirtualisation: Pitfalls in Corporate VMware Implementations
Virtualisation: Pitfalls in Corporate VMware Implementations
 
VoIP: Attacks & Countermeasures in the Corporate World
VoIP: Attacks & Countermeasures in the Corporate WorldVoIP: Attacks & Countermeasures in the Corporate World
VoIP: Attacks & Countermeasures in the Corporate World
 
Managing and Securing Web 2.0
Managing and Securing Web 2.0Managing and Securing Web 2.0
Managing and Securing Web 2.0
 

Recently uploaded

Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 

Recently uploaded (20)

Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 

Sense of Security Best practice strategies to improve your enterprise security

  • 1. www.senseofsecurity.com.au © Sense of Security 2013 Page 1 – April 2013 Compliance, Protection & Business Confidence Sense of Security Pty Ltd Sydney Level 8, 66 King Street Sydney NSW 2000 Australia Melbourne Level 10, 401 Docklands Drv Docklands VIC 3008 Australia T: 1300 922 923 T: +61 (0) 2 9290 4444 F: +61 (0) 2 9290 4455 info@senseofsecurity.com.au www.senseofsecurity.com.au ABN: 14 098 237 908 Best practice strategies to improve your enterprise security Murray Goldschmidt, Chief Operating Officer April 2013 2nd Annual Australian Fraud Summit 2013
  • 2. www.senseofsecurity.com.au © Sense of Security 2013 Page 2 – April 2013 Agenda 1. Recent Security Breaches 2. Identifying & Understanding Security Risks & Organisational Implications 3. Steps to mitigate risk of breaches & theft
  • 3. .senseofsecurity.com.au © Sense of Security 2013 Page 3 – April 2013 Increasing threat / consequence Scope – increasing ability to exploit Cyber Threat Actors
  • 4. .senseofsecurity.com.au © Sense of Security 2013 Page 4 – April 2013 Increasing threat / consequence Scope – increasing ability to exploit Cyber Threat Actors Agenda Targets
  • 5. .senseofsecurity.com.au © Sense of Security 2013 Page 5 – April 2013 Increasing threat / consequence Scope – increasing ability to exploit Script Kiddies/Cyber Researchers Experimentation, Fun, Testing Cyber Threat Actors Agenda Targets
  • 6. .senseofsecurity.com.au © Sense of Security 2013 Page 6 – April 2013 Increasing threat / consequence Scope – increasing ability to exploit Script Kiddies/Cyber Researchers Experimentation, Fun, Testing Cyber Threat Actors Agenda Targets
  • 7. .senseofsecurity.com.au © Sense of Security 2013 Page 7 – April 2013 Increasing threat / consequence Scope – increasing ability to exploit Hacktivists Disruption, Reputational Damage,Political/Social, Script Kiddies/Cyber Researchers Experimentation, Fun, Testing Cyber Threat Actors Agenda Targets
  • 8. .senseofsecurity.com.au © Sense of Security 2013 Page 8 – April 2013 Increasing threat / consequence Scope – increasing ability to exploit Hacktivists Disruption, Reputational Damage,Political/Social, Script Kiddies/Cyber Researchers Experimentation, Fun, Testing Cyber Threat Actors Agenda Targets
  • 9. .senseofsecurity.com.au © Sense of Security 2013 Page 9 – April 2013 Increasing threat / consequence Scope – increasing ability to exploit Organised Crime Financial gain, fraud, ID theft Hacktivists Disruption, Reputational Damage,Political/Social, Script Kiddies/Cyber Researchers Experimentation, Fun, Testing Cyber Threat Actors Agenda Targets
  • 10. .senseofsecurity.com.au © Sense of Security 2013 Page 10 – April 2013 Increasing threat / consequence Scope – increasing ability to exploit Organised Crime Financial gain, fraud, ID theft Hacktivists Disruption, Reputational Damage,Political/Social, Script Kiddies/Cyber Researchers Experimentation, Fun, Testing Cyber Threat Actors Agenda Targets
  • 11. .senseofsecurity.com.au © Sense of Security 2013 Page 11 – April 2013 Increasing threat / consequence Scope – increasing ability to exploit Organised Crime Financial gain, fraud, ID theft Professionals/Companies/Terrorists Commercial advantage, Intellectual Property Hacktivists Disruption, Reputational Damage,Political/Social, Script Kiddies/Cyber Researchers Experimentation, Fun, Testing Cyber Threat Actors Agenda Targets
  • 12. .senseofsecurity.com.au © Sense of Security 2013 Page 12 – April 2013 Increasing threat / consequence Scope – increasing ability to exploit Organised Crime Financial gain, fraud, ID theft Professionals/Companies/Terrorists Commercial advantage, Intellectual Property Hacktivists Disruption, Reputational Damage,Political/Social, Script Kiddies/Cyber Researchers Experimentation, Fun, Testing Cyber Threat Actors Agenda Targets
  • 13. .senseofsecurity.com.au © Sense of Security 2013 Page 13 – April 2013 Increasing threat / consequence Scope – increasing ability to exploit Organised Crime Financial gain, fraud, ID theft Professionals/Companies/Terrorists Commercial advantage, Intellectual Property Nation States Economic, political or military advantage Hacktivists Disruption, Reputational Damage,Political/Social, Script Kiddies/Cyber Researchers Experimentation, Fun, Testing Cyber Threat Actors Agenda Targets
  • 14. .senseofsecurity.com.au © Sense of Security 2013 Page 14 – April 2013 Increasing threat / consequence Scope – increasing ability to exploit Organised Crime Financial gain, fraud, ID theft Professionals/Companies/Terrorists Commercial advantage, Intellectual Property Nation States Economic, political or military advantage Hacktivists Disruption, Reputational Damage,Political/Social, Script Kiddies/Cyber Researchers Experimentation, Fun, Testing Cyber Threat Actors Agenda Targets
  • 15. .senseofsecurity.com.au © Sense of Security 2013 Page 15 – April 2013 Activity –But Not Yet Cyber War http://www.economist.com/blogs/analects/2013/02/chinese-cyber-attacks
  • 16. .senseofsecurity.com.au © Sense of Security 2013 Page 16 – April 2013 Hacktivist Attacks http://www.bankinfosecurity.com/american-express-a-5645 http://www.scmagazine.com/market-for-ddos-prevention-to-hit-870-million/article/287020/
  • 17. .senseofsecurity.com.au © Sense of Security 2013 Page 17 – April 2013 Advanced Persistent Threat
  • 18. .senseofsecurity.com.au © Sense of Security 2013 Page 18 – April 2013 Target org/person Advanced Persistent Threat
  • 19. .senseofsecurity.com.au © Sense of Security 2013 Page 19 – April 2013 Target org/person Advanced Persistent Threat
  • 20. .senseofsecurity.com.au © Sense of Security 2013 Page 20 – April 2013 Target org/person Advanced Persistent Threat
  • 21. .senseofsecurity.com.au © Sense of Security 2013 Page 21 – April 2013 Target org/person Advanced Persistent Threat
  • 22. .senseofsecurity.com.au © Sense of Security 2013 Page 22 – April 2013 Target org/person Advanced Persistent Threat
  • 23. .senseofsecurity.com.au © Sense of Security 2013 Page 23 – April 2013 Target org/person Malware penetrates Advanced Persistent Threat
  • 24. .senseofsecurity.com.au © Sense of Security 2013 Page 24 – April 2013 Target org/person Malware penetrates Advanced Persistent Threat
  • 25. .senseofsecurity.com.au © Sense of Security 2013 Page 25 – April 2013 Target org/person Malware penetrates Advanced Persistent Threat
  • 26. .senseofsecurity.com.au © Sense of Security 2013 Page 26 – April 2013 Target org/person Malware penetrates Advanced Persistent Threat
  • 27. .senseofsecurity.com.au © Sense of Security 2013 Page 27 – April 2013 Target org/person Malware penetrates Command & Control Advanced Persistent Threat
  • 28. .senseofsecurity.com.au © Sense of Security 2013 Page 28 – April 2013 Target org/person Malware penetrates Command & Control Advanced Persistent Threat
  • 29. .senseofsecurity.com.au © Sense of Security 2013 Page 29 – April 2013 Target org/person Malware penetrates Command & Control Advanced Persistent Threat
  • 30. .senseofsecurity.com.au © Sense of Security 2013 Page 30 – April 2013 Target org/person Malware penetrates Command & Control Advanced Persistent Threat
  • 31. .senseofsecurity.com.au © Sense of Security 2013 Page 31 – April 2013 Target org/person Malware penetrates Command & Control Advanced Persistent Threat
  • 32. .senseofsecurity.com.au © Sense of Security 2013 Page 32 – April 2013 Target org/person Malware penetrates Command & Control Advanced Persistent Threat
  • 33. .senseofsecurity.com.au © Sense of Security 2013 Page 33 – April 2013 Target org/person Malware penetrates Command & Control Advanced Persistent Threat
  • 34. .senseofsecurity.com.au © Sense of Security 2013 Page 34 – April 2013 Target org/person Malware penetrates Command & Control Data harvest & exfiltrate Advanced Persistent Threat
  • 35. .senseofsecurity.com.au © Sense of Security 2013 Page 35 – April 2013 Target org/person Malware penetrates Command & Control Data harvest & exfiltrate Advanced Persistent Threat
  • 36. .senseofsecurity.com.au © Sense of Security 2013 Page 36 – April 2013 Target org/person Malware penetrates Command & Control Data harvest & exfiltrate Advanced Persistent Threat
  • 37. www.senseofsecurity.com.au © Sense of Security 2013 Page 37 – April 2013 RBA Falls Victim to Cyber Attack http://www.afr.com/p/national/rba_confirms_cyber_attacks_ZsVpeJas8JX6UXCLwOVJKP
  • 38. www.senseofsecurity.com.au © Sense of Security 2013 Page 38 – April 2013 Opportunistic Attack – Out of Business http://www.zdnet.com/distribute-it-claims-evil-behind-hack-1339319324/
  • 39. www.senseofsecurity.com.au © Sense of Security 2013 Page 39 – April 2013 Identifying Security Risk Materiality Risk ASX Principle 7: “Recognise and Manage Risk” • A risk profile informs the board and management about material business risks, relevant to company (financial and non- financial) matters. Material business risks are the most significant areas of uncertainty or exposure at a whole of Company level that could impact the achievement of organisational objectives. Applies also to non listed entities!
  • 40. www.senseofsecurity.com.au © Sense of Security 2013 Page 40 – April 2013 Small Business Also Affected http://www.staysmartonline.gov.au/alert_service/advisories/ransomware_attacks_will_increase_in_2013
  • 41. www.senseofsecurity.com.au © Sense of Security 2013 Page 41 – April 2013 1 use application whitelisting to help prevent malicious software and other unapproved programs from running Just The Top 4 ….. At least 85% of the targeted cyber intrusions that Defence Signals Directorate (DSD) responds to could be prevented by following the first four mitigation strategies listed in DSD’s 35 Strategies to Mitigate Targeted Cyber Intrusions 2 3 4 patch applications such as PDF readers, Microsoft Office, Java, Flash Player and web browsers patch operating system vulnerabilities minimise the number of users with administrative privileges As of April 2013, the Top 4 Strategies to Mitigate Targeted Cyber Intrusions are mandatory for Australian Government agencies.
  • 42. www.senseofsecurity.com.au © Sense of Security 2013 Page 42 – April 2013 Action Required Corporations & Government are generally becoming more aware to the need for improved governance and infosec capability
  • 43. www.senseofsecurity.com.au © Sense of Security 2013 Page 43 – April 2013 Protect Your Data http://www.theaustralian.com.au/news/nation/personal-details-of-50000-people-exposed-as-abc-website-hacked/story-e6frg6nf-1226586895264
  • 44. www.senseofsecurity.com.au © Sense of Security 2013 Page 44 – April 2013 Protect Your Data http://www.dailyfinance.com/2012/06/08/youve-been-hacked-again-why-linkedins-breach-is-worse-tha/
  • 45. www.senseofsecurity.com.au © Sense of Security 2013 Page 45 – April 2013 Email Know Your Data There is no network perimeter. Your data is everywhere. Mobile Devices Corporate/Home Networks Databases/File Servers Cloud Services
  • 46. www.senseofsecurity.com.au © Sense of Security 2013 Page 46 – April 2013 Data Centric, Not System Centric
  • 47. www.senseofsecurity.com.au © Sense of Security 2013 Page 47 – April 2013 Availability Fundamentals Still Count the security controls used to protect data, and the communication channel designed to access it must be functioning correctly Integrity data integrity means maintaining and assuring the accuracy and consistency of data over its entire life-cycle Confidentiality preventing the disclosure of information to unauthorised individuals or systems
  • 48. www.senseofsecurity.com.au © Sense of Security 2013 Page 48 – April 2013 Defence-in-Depth A solid Information Security capability requires resilience through defence-in- depth, sound fundamentals, accountability by executives and the ability to comply with regulations/legislation.
  • 49. www.senseofsecurity.com.au © Sense of Security 2013 Page 49 – April 2013 Regulation & Legislation Government Privacy Act Australian Government - Information Security Manual (ISM), Protective Security Policy Framework (PSPF) State Government Standards, e.g. NSW Government Digital Information Security Policy based on ISO 27001 Industry Australian Prudential Regulatory Authority (PPG-234) PCI Security Standards Council (PCI Data Security Standard – PCI DSS)
  • 50. www.senseofsecurity.com.au © Sense of Security 2013 Page 50 – April 2013 Self Examination What type of data do you have and is it classified? Whose owns it? Where does it reside (data sovereignty)? How is it accessed and by whom? What are your future technology objectives (BYOD, Cloud, Mobility…) Are there third parties suppliers involved? What are your compliance obligations? Do you a current/effective security governance capability? How would you respond in case of an incident?
  • 51. www.senseofsecurity.com.au © Sense of Security 2013 Page 51 – April 2013 Information Security Governance Incorporate an industry recognised system of governance (e.g. ISO 27001 - Information Security Management System) Domains Information Security Management: Security Policy & Organisation Asset Management Human Resource Security Physical & Environmental Security Communications & Operations Management Access Control Information Systems Acquisition, Development & Maintenance Information Security Incident Management Business Continuity Management Compliance
  • 52. www.senseofsecurity.com.au © Sense of Security 2013 Page 52 – April 2013 Management & Technical Standards Management standards and technical controls need to be defined and enforced. Management Practice Area Change Management Incident & Event Management Patch Management Disaster Recovery & Business Continuity Management Configuration Management Security Awareness Management Vulnerability Management Physical Security Threat Management Application Management Access Control Management 3rd Party Management
  • 53. www.senseofsecurity.com.au © Sense of Security 2013 Page 53 – April 2013 Technical Assurance Vulnerability Management Program SDLC Governance, Static Code Analysis Configuration Management / Hardening Enterprise Security Architecture Testing of technology assets and social engineering threat assessments External/Internal penetration testing (ethical hacking) on networks and applications
  • 54. www.senseofsecurity.com.au © Sense of Security 2013 Page 54 – April 2013 Questions? Thank you Head office is level 8, 66 King Street, Sydney, NSW 2000, Australia. Owner of trademark and all copyright is Sense of Security Pty Ltd. Neither text or images can be reproduced without written permission. T: 1300 922 923 info@senseofsecurity.com.au www.senseofsecurity.com.au