Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Как мы сделали security awareness в QIWI

149 views

Published on

Чтобы повысить уровень осведомленности сотрудников о проблемах информационной безопасности, в QIWI проводились викторины, квесты и CTF. Усвоенный материал проверяли с помощью внутреннего фишинга, подброса инфицированных носителей и пентеста.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Как мы сделали security awareness в QIWI

  1. 1. Security Awareness in QIWI Ekaterina Pukhareva
  2. 2. 2 Who am I ? IS Department QIWI ▪ security awareness ▪ IT compliance ▪ vulnerability management
  3. 3. 3 Why we do it? Profit? Reduction of possible incidents Raise understanding of responsibility in company as a whole Loyalty Open IT company (focus on user convenience without restrictions) Personal ~ 1300 Different level of awareness Budget ~ 1 000 000 rub/year for awareness
  4. 4. 4 Awareness programs ▪ Regular trainings on secure coding techniques ▪ Thematic conferences ▪ Welcoming book for new employees ▪ Subscriptions (vulners, SANS..) ▪ Annual security weeks
  5. 5. 5 Awareness programs Security week 2014 ▪ Posters ▪ Competitions ▪ Videos
  6. 6. 6 ▪ Quest ▪ CTF Awareness programs Security week 2015
  7. 7. 7 Awareness programs Security week 2016 ▪ Quiz ▪ Lectures
  8. 8. 8 Checks ▪ “BadUSB” ▪ Internal phishing ▪ Penetration test (inc. social engineering)
  9. 9. 9 Checks Internal phishing
  10. 10. 10 Checks Internal phishing
  11. 11. 11 ▪ Clicked on the phishing link ▪ Clicked on the phishing link and logged in ▪ Notified about the incident Checks
  12. 12. 12 ▪ What is phishing.. ▪ Which is bad, because.. ▪ Why so necessary to notify about the incident Communications
  13. 13. 13 How to make it efficient? ▪ Regular notifications ▪ Alive checks and explanations ▪ Writing policies ▪ Testing
  14. 14. 14 Technical prevention measures: ▪ SIEM ▪ Antispam ▪ IPS ▪ Sandbox ▪ 2factor authentication .. How to make it efficient?
  15. 15. 15 Thank you!

×