Cyber forensic readiness cybercon2012 adv j fickJacqueline Fick
This document provides an overview of cyber forensic readiness and its importance for organizations. It defines cyber forensic readiness as an organization's ability to maximize the collection of credible digital evidence to aid investigations in order to reduce response time and costs. It discusses key trends like increased connectivity and data sharing that impact organizations. The document outlines why organizations need to be prepared to respond to cyber incidents, what happens to potential evidence before an investigation, and the risks of not properly managing digital evidence. It provides examples of how unprepared organizations can spend 34 hours investigating what took a hacker 30 minutes. The document closes by listing important questions for organizations to consider regarding their cyber forensic readiness and providing recommendations for developing plans and policies to improve readiness.
This document summarizes a webinar on mitigating insider threats. The webinar discussed research findings that malicious insiders often exhibit concerning behaviors and personal issues prior to attacks. It emphasized establishing capable guardianship, protecting critical assets, and reducing motivations for malicious acts. The webinar also covered different types of insider crimes, profiles of attackers, mitigation strategies like access controls and monitoring, and building a formal insider threat program with cross-functional participation.
How your nonprofit can avoid data breaches and ensure privacyTechSoup Canada
Increasingly, nonprofits hold large quantities of digital assets (such as donor information, grant application details, financial records, etc.). Organizations of all sizes and industries are being targeted by cyber criminals. Cyber-attacks will often devastate an organization’s operations and have significant financial, legal and reputational consequences.
In this webinar, Imran Ahmad of Miller Thomson, LLP will explain how implementing best practices from a pre-breach standpoint can go a long way to mitigate the negative consequences of a cyber-attack.
What you will learn:
- what the cyber threat landscape looks like
- how to ensure privacy of your digital assets
- steps to take in the aftermath of a cyber-attack
This presentation was given by Eric Vaughan to a meeting of the Security Special Interest Group (SIG) of the Software Developers (SD) Forum, in Palo Alto, CA, in July 2008.
Webinar: Be Cyber Smart – Stories from the TrenchesWithum
This document summarizes a presentation titled "Be Cyber Smart: Stories from the Trenches" which discusses cybersecurity best practices and lessons learned from cyber attacks. The presentation was given by cybersecurity experts from Withum and Axos Bank and covered topics like business email compromise, social engineering, and case studies of actual cyber attacks. It stresses the importance of having security protocols and awareness training, as any company can be a target regardless of industry. The goal is to help organizations assess their security posture and prioritize improving their defenses.
Creating cyber forensic readiness in your organisationJacqueline Fick
The document summarizes the presentation "Creating cyber forensic readiness within your organisation" given at the 2nd African Mine Security Summit. The presentation covered defining cyber crime, the current state of cyber crime in South Africa, why organizations are vulnerable, and what cyber forensic readiness planning entails. It discussed why organizations need to be prepared for cyber incidents, how to approach digital evidence, and provided steps to implement cyber forensic readiness plans, including defining scenarios requiring evidence, identifying evidence sources, and training staff on evidence handling procedures.
Cyber forensic readiness cybercon2012 adv j fickJacqueline Fick
This document provides an overview of cyber forensic readiness and its importance for organizations. It defines cyber forensic readiness as an organization's ability to maximize the collection of credible digital evidence to aid investigations in order to reduce response time and costs. It discusses key trends like increased connectivity and data sharing that impact organizations. The document outlines why organizations need to be prepared to respond to cyber incidents, what happens to potential evidence before an investigation, and the risks of not properly managing digital evidence. It provides examples of how unprepared organizations can spend 34 hours investigating what took a hacker 30 minutes. The document closes by listing important questions for organizations to consider regarding their cyber forensic readiness and providing recommendations for developing plans and policies to improve readiness.
This document summarizes a webinar on mitigating insider threats. The webinar discussed research findings that malicious insiders often exhibit concerning behaviors and personal issues prior to attacks. It emphasized establishing capable guardianship, protecting critical assets, and reducing motivations for malicious acts. The webinar also covered different types of insider crimes, profiles of attackers, mitigation strategies like access controls and monitoring, and building a formal insider threat program with cross-functional participation.
How your nonprofit can avoid data breaches and ensure privacyTechSoup Canada
Increasingly, nonprofits hold large quantities of digital assets (such as donor information, grant application details, financial records, etc.). Organizations of all sizes and industries are being targeted by cyber criminals. Cyber-attacks will often devastate an organization’s operations and have significant financial, legal and reputational consequences.
In this webinar, Imran Ahmad of Miller Thomson, LLP will explain how implementing best practices from a pre-breach standpoint can go a long way to mitigate the negative consequences of a cyber-attack.
What you will learn:
- what the cyber threat landscape looks like
- how to ensure privacy of your digital assets
- steps to take in the aftermath of a cyber-attack
This presentation was given by Eric Vaughan to a meeting of the Security Special Interest Group (SIG) of the Software Developers (SD) Forum, in Palo Alto, CA, in July 2008.
Webinar: Be Cyber Smart – Stories from the TrenchesWithum
This document summarizes a presentation titled "Be Cyber Smart: Stories from the Trenches" which discusses cybersecurity best practices and lessons learned from cyber attacks. The presentation was given by cybersecurity experts from Withum and Axos Bank and covered topics like business email compromise, social engineering, and case studies of actual cyber attacks. It stresses the importance of having security protocols and awareness training, as any company can be a target regardless of industry. The goal is to help organizations assess their security posture and prioritize improving their defenses.
Creating cyber forensic readiness in your organisationJacqueline Fick
The document summarizes the presentation "Creating cyber forensic readiness within your organisation" given at the 2nd African Mine Security Summit. The presentation covered defining cyber crime, the current state of cyber crime in South Africa, why organizations are vulnerable, and what cyber forensic readiness planning entails. It discussed why organizations need to be prepared for cyber incidents, how to approach digital evidence, and provided steps to implement cyber forensic readiness plans, including defining scenarios requiring evidence, identifying evidence sources, and training staff on evidence handling procedures.
Cloud Computing Legal for Pennsylvania Bar AssociationAmy Larrimore
This document discusses several topics related to cloud computing including:
1) Lawyer ethics of competence and confidentiality when using cloud services.
2) Due diligence processes and compliance considerations for cloud providers.
3) Legal issues involving jurisdiction, data privacy laws, e-discovery, and trade secret protection in cloud computing.
4) Risks of security breaches and data exposure are mitigated through proper due diligence and risk management practices for cloud providers.
The document discusses cyber terrorism and cyber security. It defines cyber terrorism as using computing resources to harm people, places, or systems through intimidation or coercion, especially via the internet, for political or religious goals. It notes that cyber terrorists have lower risks of capture than traditional terrorists. The document outlines different types of cyber attacks and criminals like crackers and script kiddies. It discusses motivations for cyber attacks and provides recommendations for improving network, server, desktop, and physical security to prevent cyber terrorism.
How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2TechSoup Canada
Part 1 of this webinar series provided an overview of cybersecurity and explained the cyber risks and legislation affecting nonprofits. In part 2 of the series, Imran Ahmad of Miller Thomson, LLP returns to answer your questions on cybersecurity and to delve deeper into cybersecurity maintenance and best practices to avoid data breaches. This includes the implementation of measures to prevent data breaches in the pre-attack phase, to the implementation of security best practices in the event of a cyber attack or breach.
What you will learn:
· How to develop key cybersecurity-related documents;
· How to maintain an internal matrix of when to notify affected individuals;
· How to review contracts from a cybersecurity compliance perspective.
Computer Usage Policy
Password Policy
Email Usage Policy
Social Media Policy
Remote Access Policy
Data Classification and Handling Policy
Incident Response Policy
Business Continuity and Disaster Recovery Policy
These policies help protect business assets and define expected
employee behavior. They should be reviewed and updated regularly.
Cyber Incident Response - When it happens, will you be ready?Dan Michaluk
Campbell from IT called the presenter on a Saturday to report that key servers at their organization, including the email and file servers, were inaccessible. A cryptic note was left demanding payment to regain access, indicating a potential ransomware attack. The presenter is advised to have Campbell contain the incident by disconnecting from the internet, not make any payments, and call in expert help from lawyers and incident response specialists to properly investigate and mitigate the risks. The presentation then outlines the typical incident response process and provides tips on internal communication, notifying affected individuals, and having an incident response plan in place ahead of time.
With every Security & Privacy Breach survey pointing towards insiders as a potential threat and incidents leading to data loss and violation of the corporate information security policy, it is imperative that we answer the following questions:
Who are these insiders?
What activities do they carry out to breach security?
Why an insider seeks to cause harm?
How do we mitigate this threat?
A Brave New World of Cyber Security and Data BreachJim Brashear
This document summarizes the key cybersecurity risks faced by organizations and provides recommendations for improving cybersecurity practices. It discusses how cyber attacks have become a major threat and concern for boards of directors. Common cyber attacks like data breaches, phishing, and hacking are described. The document recommends that organizations adopt frameworks like NIST and COSO to conduct risk assessments and oversee cybersecurity. It also stresses the importance of having an incident response plan and testing cybersecurity preparedness. Legal issues around data privacy laws, regulatory enforcement, and directors' liability for cyber incidents are covered as well. Overall, the document advocates for organizations to prioritize cybersecurity awareness, protections, and governance.
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...Casey Ellis
This document summarizes key topics from a presentation on cybersecurity issues and legal considerations, including:
1) Cyberattacks pose a significant and growing threat, with annual global costs of cybercrime estimated to rise from $3 trillion currently to $6 trillion by 2021. Data breaches continue to mount in size and frequency.
2) Responding to cyber incidents involves substantial costs beyond direct remediation, including brand impact, lost revenue, legal claims, and government fines. Companies are often under-resourced to address cybersecurity issues fully.
3) Bug bounty programs and security researchers can help companies identify vulnerabilities, but legal risks remain around disclosure of vulnerabilities to regulators or the public. Careful management
This document outlines the cybersecurity risks faced by law firms and the steps they should take to protect themselves and their clients. It discusses how law firms are vulnerable targets due to weaknesses in their security protocols. A security assessment is recommended to identify vulnerabilities, followed by continuous monitoring to maintain protection. Establishing attorney-client privilege for communications and properly structuring the role of outside agents are also covered. The presentation aims to educate law firms on cybersecurity best practices.
This document discusses insider threats and strategies for detecting and preventing them. It outlines that while most breaches are caused by external attackers, insiders still cause significant damage in some cases. It describes the different types of insider threats and notes that prevention and detection require logs of network activity as well as a multidisciplinary approach. Specific tools like StealthWatch can provide network visibility and user identity integration to help identify suspicious insider behavior like data exfiltration or hoarding.
This document discusses cyber risks and cyber liability insurance. It summarizes that many major companies have experienced data breaches in recent years. It outlines common cyber risks like computer intrusions, loss of physical devices, and social media issues. It recommends basic loss control techniques and identifies what cyber liability insurance can cover, such as first and third party losses from network security breaches, privacy breaches, and internet media liability. Coverage limits start at $100,000 with premiums as low as $250.
The internet as a corporate security resourceDan Michaluk
One hour presentation to in house lawyers at a federally regulated employer. Analysis is based on Canadian federal privacy legislation (PIPEDA) and Ontario Rules of Professoinal Conduct.
Presentation by Larry Clinton, President of the Internet Security Alliance (ISA) to the 66th Annual Fowler Seminar on Oct 12 2012 titled Evolution of the Cyber Threat - A Unified Systems Approach.
Cyber Risk: Exposures, prevention, and solutionsCapri Insurance
Paula Garrecht, Partner and Commercial Insurance Broker at Capri Insurance, explores the emerging risk of cyber attacks and data breaches with specific relation to public entities. In the ever changing landscape of business communications and processes we face ever changing risks as well. Learn how to:
1. Identify cyber exposures
2. Minimize those exposures
3. Find the right insurance policy to fit your unique cyber needs
Webinar: Understanding the Cyber Threat Landscape for NonprofitsWithum
This document discusses understanding the cyber threat landscape for nonprofits. It notes that nonprofits face a high risk of cyber intrusion due to complacency, lack of security expertise and budgets, and lack of independent security audits. Cybercriminals may target nonprofits for economic gain, hacktivism, personal information, or donor lists. Examples are given of past cyber attacks on nonprofits. Motivations of threat actors and potential impacts of security incidents are examined. Methods that could be used to damage nonprofits are outlined.
The document provides an overview of data breaches based on an analysis of publicly disclosed breach incidents from 2005 to 2015. It finds that while large, "sensational" breaches receive headlines, the majority of breaches are smaller in size. The most common methods of breaches are hacking and theft, while the most compromised records are personal identifying information. Healthcare, government, retail, and financial organizations are most commonly affected. Defenses against breaches are an ongoing challenge as attacks increase in sophistication over time.
This document discusses data breaches and the risks they pose. It notes that data breaches are increasing, with 19 people becoming identity theft victims every minute due to breaches. Each breach costs on average $6.3 million, and large companies can't locate 2% of their PCs and lose a laptop a day on average. The document then discusses the black market value of different types of personal data and lists examples of data breaches at various organizations. It emphasizes that data risks are escalating and that employees are often the greatest data security threat.
This document provides an overview of computer forensics. It defines computer forensics as identifying, preserving, analyzing and presenting digital evidence in a legally acceptable manner. The objective is to find evidence related to cyber crimes. Computer forensics has a history in investigating financial fraud, such as the Enron case. It describes the types of digital evidence, tools used, and steps involved in computer forensic investigations. Key points are avoiding altering metadata and overwriting unallocated space when collecting evidence.
A presentation about cyberwar basics, the past, present and future directions of cyberwar and some needed changes in technology and long standing societal attitudes, to combat this escalating threat
This document discusses social engineering cyberattacks and how to prevent them, especially during COVID-19. It begins by defining social engineering and explaining how it relies on manipulating human psychology using fear, greed, curiosity, helpfulness, and urgency. Various social engineering attack types are described, including phishing and business email compromise scams. Technical defenses that can help prevent social engineering attacks are then outlined, such as multi-factor authentication, email filtering gateways, email banners, and outbound traffic filtering using firewalls and proxies.
Social Engineering - Human aspects of industrial and economic espionageMarin Ivezic
Social engineering is not just a supporting process to obtain system access; it could be the main attack. Organizations that focus only on a narrow definition of social engineering as an attack vector to obtain system access will fail to create awareness of all other possible social engineering attack methods.
Cloud Computing Legal for Pennsylvania Bar AssociationAmy Larrimore
This document discusses several topics related to cloud computing including:
1) Lawyer ethics of competence and confidentiality when using cloud services.
2) Due diligence processes and compliance considerations for cloud providers.
3) Legal issues involving jurisdiction, data privacy laws, e-discovery, and trade secret protection in cloud computing.
4) Risks of security breaches and data exposure are mitigated through proper due diligence and risk management practices for cloud providers.
The document discusses cyber terrorism and cyber security. It defines cyber terrorism as using computing resources to harm people, places, or systems through intimidation or coercion, especially via the internet, for political or religious goals. It notes that cyber terrorists have lower risks of capture than traditional terrorists. The document outlines different types of cyber attacks and criminals like crackers and script kiddies. It discusses motivations for cyber attacks and provides recommendations for improving network, server, desktop, and physical security to prevent cyber terrorism.
How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2TechSoup Canada
Part 1 of this webinar series provided an overview of cybersecurity and explained the cyber risks and legislation affecting nonprofits. In part 2 of the series, Imran Ahmad of Miller Thomson, LLP returns to answer your questions on cybersecurity and to delve deeper into cybersecurity maintenance and best practices to avoid data breaches. This includes the implementation of measures to prevent data breaches in the pre-attack phase, to the implementation of security best practices in the event of a cyber attack or breach.
What you will learn:
· How to develop key cybersecurity-related documents;
· How to maintain an internal matrix of when to notify affected individuals;
· How to review contracts from a cybersecurity compliance perspective.
Computer Usage Policy
Password Policy
Email Usage Policy
Social Media Policy
Remote Access Policy
Data Classification and Handling Policy
Incident Response Policy
Business Continuity and Disaster Recovery Policy
These policies help protect business assets and define expected
employee behavior. They should be reviewed and updated regularly.
Cyber Incident Response - When it happens, will you be ready?Dan Michaluk
Campbell from IT called the presenter on a Saturday to report that key servers at their organization, including the email and file servers, were inaccessible. A cryptic note was left demanding payment to regain access, indicating a potential ransomware attack. The presenter is advised to have Campbell contain the incident by disconnecting from the internet, not make any payments, and call in expert help from lawyers and incident response specialists to properly investigate and mitigate the risks. The presentation then outlines the typical incident response process and provides tips on internal communication, notifying affected individuals, and having an incident response plan in place ahead of time.
With every Security & Privacy Breach survey pointing towards insiders as a potential threat and incidents leading to data loss and violation of the corporate information security policy, it is imperative that we answer the following questions:
Who are these insiders?
What activities do they carry out to breach security?
Why an insider seeks to cause harm?
How do we mitigate this threat?
A Brave New World of Cyber Security and Data BreachJim Brashear
This document summarizes the key cybersecurity risks faced by organizations and provides recommendations for improving cybersecurity practices. It discusses how cyber attacks have become a major threat and concern for boards of directors. Common cyber attacks like data breaches, phishing, and hacking are described. The document recommends that organizations adopt frameworks like NIST and COSO to conduct risk assessments and oversee cybersecurity. It also stresses the importance of having an incident response plan and testing cybersecurity preparedness. Legal issues around data privacy laws, regulatory enforcement, and directors' liability for cyber incidents are covered as well. Overall, the document advocates for organizations to prioritize cybersecurity awareness, protections, and governance.
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...Casey Ellis
This document summarizes key topics from a presentation on cybersecurity issues and legal considerations, including:
1) Cyberattacks pose a significant and growing threat, with annual global costs of cybercrime estimated to rise from $3 trillion currently to $6 trillion by 2021. Data breaches continue to mount in size and frequency.
2) Responding to cyber incidents involves substantial costs beyond direct remediation, including brand impact, lost revenue, legal claims, and government fines. Companies are often under-resourced to address cybersecurity issues fully.
3) Bug bounty programs and security researchers can help companies identify vulnerabilities, but legal risks remain around disclosure of vulnerabilities to regulators or the public. Careful management
This document outlines the cybersecurity risks faced by law firms and the steps they should take to protect themselves and their clients. It discusses how law firms are vulnerable targets due to weaknesses in their security protocols. A security assessment is recommended to identify vulnerabilities, followed by continuous monitoring to maintain protection. Establishing attorney-client privilege for communications and properly structuring the role of outside agents are also covered. The presentation aims to educate law firms on cybersecurity best practices.
This document discusses insider threats and strategies for detecting and preventing them. It outlines that while most breaches are caused by external attackers, insiders still cause significant damage in some cases. It describes the different types of insider threats and notes that prevention and detection require logs of network activity as well as a multidisciplinary approach. Specific tools like StealthWatch can provide network visibility and user identity integration to help identify suspicious insider behavior like data exfiltration or hoarding.
This document discusses cyber risks and cyber liability insurance. It summarizes that many major companies have experienced data breaches in recent years. It outlines common cyber risks like computer intrusions, loss of physical devices, and social media issues. It recommends basic loss control techniques and identifies what cyber liability insurance can cover, such as first and third party losses from network security breaches, privacy breaches, and internet media liability. Coverage limits start at $100,000 with premiums as low as $250.
The internet as a corporate security resourceDan Michaluk
One hour presentation to in house lawyers at a federally regulated employer. Analysis is based on Canadian federal privacy legislation (PIPEDA) and Ontario Rules of Professoinal Conduct.
Presentation by Larry Clinton, President of the Internet Security Alliance (ISA) to the 66th Annual Fowler Seminar on Oct 12 2012 titled Evolution of the Cyber Threat - A Unified Systems Approach.
Cyber Risk: Exposures, prevention, and solutionsCapri Insurance
Paula Garrecht, Partner and Commercial Insurance Broker at Capri Insurance, explores the emerging risk of cyber attacks and data breaches with specific relation to public entities. In the ever changing landscape of business communications and processes we face ever changing risks as well. Learn how to:
1. Identify cyber exposures
2. Minimize those exposures
3. Find the right insurance policy to fit your unique cyber needs
Webinar: Understanding the Cyber Threat Landscape for NonprofitsWithum
This document discusses understanding the cyber threat landscape for nonprofits. It notes that nonprofits face a high risk of cyber intrusion due to complacency, lack of security expertise and budgets, and lack of independent security audits. Cybercriminals may target nonprofits for economic gain, hacktivism, personal information, or donor lists. Examples are given of past cyber attacks on nonprofits. Motivations of threat actors and potential impacts of security incidents are examined. Methods that could be used to damage nonprofits are outlined.
The document provides an overview of data breaches based on an analysis of publicly disclosed breach incidents from 2005 to 2015. It finds that while large, "sensational" breaches receive headlines, the majority of breaches are smaller in size. The most common methods of breaches are hacking and theft, while the most compromised records are personal identifying information. Healthcare, government, retail, and financial organizations are most commonly affected. Defenses against breaches are an ongoing challenge as attacks increase in sophistication over time.
This document discusses data breaches and the risks they pose. It notes that data breaches are increasing, with 19 people becoming identity theft victims every minute due to breaches. Each breach costs on average $6.3 million, and large companies can't locate 2% of their PCs and lose a laptop a day on average. The document then discusses the black market value of different types of personal data and lists examples of data breaches at various organizations. It emphasizes that data risks are escalating and that employees are often the greatest data security threat.
This document provides an overview of computer forensics. It defines computer forensics as identifying, preserving, analyzing and presenting digital evidence in a legally acceptable manner. The objective is to find evidence related to cyber crimes. Computer forensics has a history in investigating financial fraud, such as the Enron case. It describes the types of digital evidence, tools used, and steps involved in computer forensic investigations. Key points are avoiding altering metadata and overwriting unallocated space when collecting evidence.
A presentation about cyberwar basics, the past, present and future directions of cyberwar and some needed changes in technology and long standing societal attitudes, to combat this escalating threat
This document discusses social engineering cyberattacks and how to prevent them, especially during COVID-19. It begins by defining social engineering and explaining how it relies on manipulating human psychology using fear, greed, curiosity, helpfulness, and urgency. Various social engineering attack types are described, including phishing and business email compromise scams. Technical defenses that can help prevent social engineering attacks are then outlined, such as multi-factor authentication, email filtering gateways, email banners, and outbound traffic filtering using firewalls and proxies.
Social Engineering - Human aspects of industrial and economic espionageMarin Ivezic
Social engineering is not just a supporting process to obtain system access; it could be the main attack. Organizations that focus only on a narrow definition of social engineering as an attack vector to obtain system access will fail to create awareness of all other possible social engineering attack methods.
Hacking the Human - How Secure Is Your Organization?CBIZ, Inc.
This presentation covers:
Social Engineering
Targets, Costs, Frequency
Real Life Examples
Mitigating Risks
Internal Programs
Data Security & Privacy Liability
Cyber Liability
Cyber Insurance
Financial Impact
Key Coverage Components
Checklist for Assessing your Level of Cyber Risk
Crossing the streams: How security professionals can leverage the NZ Privacy ...Chris Hails
Security professionals often struggle with the ‘double intangibility’ of security - the intangibility of risk and intangibility of protection.
Changes hearts and minds often requires legislation and new compliance frameworks to motivate investment.
New Zealand's new Privacy Act comes into play on 1st December 2020 and there are ways security professionals can leverage new aspects including mandatory breach notifications to focus efforts on securing personal information and preventing privacy harms.
This document discusses social engineering and managing the human element of cybersecurity. It begins with an introduction of the author, Dr. John McCarthy, and his background. It then discusses what social engineering is, how attacks are increasing, and the costs organizations face from such attacks. The document outlines common social engineering techniques like phishing and manipulating human psychology. It also discusses how attackers gather information and ways organizations can build countermeasures like security training and evaluating how sensitive information is handled.
This document discusses information security and ethics in business and society. It covers topics like ensuring privacy and monitoring employee computer usage. It provides remedies for potential issues like protecting devices from viruses, not giving out sensitive information over the phone, and using safe browsing practices. The document aims to educate employees on maintaining security and ethics in their work.
Hackers exploited a vulnerability in the company's website, gaining access to client records containing personal information for 3,000 people. The hackers threatened to release the data unless a ransom was paid. In response, the company's legal, IT forensics, public relations, and cybersecurity teams worked to investigate the breach, notify regulators and affected individuals, recover systems, and manage reputational fallout. The total costs of responding were estimated at £1.8 million, demonstrating why cyber insurance is recommended to help cover expenses from such incidents.
Secrets to managing your Duty of Care in an ever- changing world.
How well do you know your risks?
Are you keeping up with your responsibilities to provide Duty of Care?
How well are you prioritising Cybersecurity initiatives?
Liability for Cybersecurity attacks sits with Executives and Board members who may not have the right level of technical security knowledge. This session will outline what practical steps executives can take to implement a Cybersecurity Roadmap that is aligned with its strategic objectives.
Led by Krist Davood, who has spent over 28 years implementing secure mission critical systems for executives. Krist is an expert in protecting the interconnectedness of technology, intellectual property and information systems, as evidenced through his roles at The Good Guys, Court Services Victoria and Schiavello.
The seminar will cover:
• Fiduciary responsibility
• How to efficiently deal with personal liability and the threat of court action
• The role of a Cybersecurity Executive Dashboard and its ability to simplify risk and amplify informed decision making
• How to identify and bridge the gap between your Cybersecurity Compliance Rating and the threat of court action
QuestionConsider the Citibank incident in 2005 where more than 3.9.pdfinfomalad
Question
Consider the Citibank incident in 2005 where more than 3.9 million customer’s personal
financial information disappeared during shipment from its Weehawken, NY facility.
Was this an unpreventable incident, or did Citibank fail to implement enough safeguards to
minimize this incident from occurring? Could Citibank’s corporate culture have played a part in
the incident occurring? Which aspect of the contingency planning process came up short, the IR,
BP, CP or a combination of a few. What benefits, if any, would have been gained if Citibank had
developed such a plan you have proposed? If you were Citibank’s CSO, what would you have
done differently? What practices and procedures would you have put in place? How should the
media have been secured, transmitted, and stored? How would you have guided the efforts of the
CSIRT, or were they not needed for this type of incident? Why do you believe that your direction
would have worked?
take that incident as refernce and provide me answers for questions provided in second
paragraph.
please provide me with citations and APA GUidelines.
Solution
Citibank
The information was lost by UPS. This happened while the information was in transit to a credit
bureau. It was the biggest breach of employee or customer data reported so far. The data loss
occurred in spite of the security procedures required of the couriers by Citibank. Customers had
received their loans. There was little risk of the accounts being compromised. Without the
customers\' approval, additional credit could not be issued. The tapes were produced in a
sophisticated mainframe data center environment, and, would have been difficult to decode
without the right equipment and special software.
The tapes included personal identification information, for example, Social Security numbers.
The thieves who managed to access the data could commit identity thefts or open accounts at
other financial institutions. Account information is sent regularly by financial institutions to
credit bureaus. This is for keeping consumers credit reports up to date.
CSIRT is a service organization responsible for reviewing and, receiving computer security
incident reports. Organizations can define computer security for their sites in the following
manner:
· The act of violating an implied or explicit security policy
· Any suspected event in relation to security of computer networks or computer systems
Activities for CSIRT include:
· An attempt to gain unauthorized access to a system or its data
· unwanted denial of service or disruption
· unauthorized processing or storage of data or use of a system
· changes to firmware, system hardware, or software characteristics without the owner\'s
knowledge, instruction, or, consent
Computer security incident activity is a network or host activity that threatens the security of
computer systems. CSIRT is required as intrusions are possible despite the presence of an
information security infrastructure. CSIRT can recommend .
Cyber Resilience presented at the Malta Association of Risk Management (MARM) Cybercrime Seminar of 24 June 2013 by Mr Donald Tabone. Mr Tabone, Associate Director and Head of Information Protection and Business Resilience Services at KPMG Malta, presented a six-point action plan corporate entities can follow in order to reach a sustainable level of cyber resilience.
Companies are generally very good at protecting themselves against external attacks, but only rarely do they guard themselves against internal attacks. By using what’s known as ‘Social Engineering’, hackers exploit unsuspecting people who in good faith open up their doors to unwanted strangers.
Social engineering, or SE, is the art of manipulating people into performing actions or so they give up confidential information. Social Engineering can mean different things to different people.
Bug Bounties, Ransomware, and Other Cyber Hype for Legal CounselCasey Ellis
This document summarizes a presentation on cybersecurity legal issues for companies. It discusses the growing costs and impacts of cyberattacks like data breaches and ransomware. Bug bounty programs that hire security researchers are presented as a way for companies to find vulnerabilities, but they may also increase legal obligations to notify breaches. The role of legal counsel in addressing these issues is examined, including maintaining technical competence. Elements of effective cybersecurity programs and incident response planning are outlined to help mitigate risks and consequences.
The document discusses various threats to information security that organizations must be aware of and protect against. It describes threats such as malware infections, system penetrations by outsiders, software piracy breaching intellectual property, internet service disruptions, power outages, espionage, hacking, human error, social engineering, information extortion, and sabotage/vandalism. Management is responsible for being informed of these threats and implementing appropriate security controls and contingency plans to address them.
The document discusses various threats to information security that organizations must be aware of and protect against. It describes threats such as malware infections, system penetrations by outsiders, software piracy breaching intellectual property, internet service disruptions, power outages, espionage, hacking, human error, social engineering, information extortion, and sabotage/vandalism. The threats can originate from hackers, employees, forces of nature, errors, or other sources; and they pose risks to an organization's data, systems, services, and reputation. An effective information security program requires awareness of the threats and implementing appropriate controls and response plans.
Social Engineering as the Art of "Human OS" hacking
Main points of the presentation (1) Overall introduction on social engineering (2) Case studies (3) Defending against Social Engineering.
for: http://armsec.org/
This document discusses challenges with hardware-near programming and proposes solutions like object-oriented design, test-driven development, and mocking hardware for testing in C. It provides examples of encapsulating hardware registers in C and writing tests that check register values and function outputs without the physical hardware. The document concludes that while setting up the tools is an initial investment, TDD is possible and helps create safe, maintainable low-level software.
This document summarizes an embedded software project that used object-oriented modeling and design with UML, along with Safety-Critical Java and C programming. A team of students created a model car that could be remotely controlled via an app. The project followed an object-oriented development process, including use case modeling, component diagrams, and testing of components using mock objects. The design included a layered architecture with hardware abstraction and platform abstraction layers. Missions in Safety-Critical Java were used to model different car modes like Park and Drive. Unit testing of components and testing on the execution platform helped evaluate memory usage and schedulability. The document concludes that this approach helped manage complexity in the embedded system.
The document summarizes a company's conversion of its embedded controller software from C to C++ over a two month period. It involved converting 8 projects with 30% shared code across 18 developers. Challenges included converting callbacks and dealing with scripting errors. Opportunities included improving code quality, team building, and evaluating new static analysis tools. The conversion was successful with minimal performance impacts and many bugs were found and fixed during the process. Future plans include C++ training and refactoring code to fully utilize C++ features.
This document discusses embedded Linux development from a manager's perspective. It provides the speaker's background working with C and C++ on embedded systems. Key expectations of programming languages for embedded systems are outlined, including flexibility, low cost, and real-time performance. The document discusses why C is commonly used for embedded development and outlines best practices like code reviews when using C to avoid issues. It also discusses moving to C++ and using Linux for embedded projects.
The document discusses the C programming language. It provides some key facts about C:
- C was developed in the late 1960s and early 1970s by Dennis Ritchie at Bell Labs.
- C became popular due to its use in developing the UNIX operating system.
- The IT world widely uses C, as evidenced by its use in operating systems like Linux, Windows, and iOS.
- The C language has undergone standardization with standards published in 1989 (C89), 1999 (C99), 2011 (C11), and 2018 (C18).
- C influenced many other popular programming languages and remains one of the most widely used languages today.
The document discusses the evolution of industrial revolutions and key elements of Industry 4.0, including intelligent automation and production facilities, smart products, virtual production, and more. It also examines the increasing need for systems engineering as products and production become more complex. Finally, it outlines six key fields that must be mastered for successful digital transformation: usage, data, technology, process, role, and culture.
Emergent synthetic processes (ESP) is a new paradigm for implementing process changes without needing agreement from all participants. It works by having organizational members define service descriptions stating what tasks they are willing to do and under what conditions. Processes are then synthesized in real-time from these service descriptions for each specific case, finding the optimal route through the organization. This allows service descriptions and partially completed processes to be updated at any time without requiring agreement. ESP enables a more flexible and distributed approach to processes and workflow.
This document discusses the integration of DCR (Dynamic Case Resolution) with the KMD Workzone case management platform to enable more automated and adaptive case resolution. It envisions using technologies like machine learning, artificial intelligence, and automation to handle more routine case activities while still allowing for human judgment and deviations from standard workflows. The approach is described as evolutionary rather than revolutionary, breaking large changes into smaller, configurable steps and getting users involved to identify automatable activities and ensure the system meets their needs. Demostrations are provided of Workzone's flexible configuration capabilities and how DCR could be integrated to iteratively introduce more automated case resolution over time.
SupWiz is a spin-off from world-leading AI experts that develops omni-channel AI software to disrupt customer service and support. Their platform makes different customer service channels intelligent and links them together using techniques like intelligent virtual agents, knowledge management, and analytics. The platform integrates with infrastructure components and has been proven valuable at several customers, accurately answering questions and reducing response times. SupWiz aims to improve the customer experience throughout the entire journey with AI-powered solutions.
The document discusses NNIT's vision for its Service Support Center to improve user productivity through reducing demand for support. Key points include:
- Integrating all user interaction data across systems to create a single source of truth data warehouse for metrics and reporting.
- Implementing configuration management policies, SLA policies, and integrating different levels of knowledge and problem management to reduce support demand and minimize downtime.
- The goal is machine-learning enabled intelligent automation that is flexible, consistent and cost-efficient to provide support across channels like phone, chat, and with multi-language translation available 24/7 globally.
- Statistics are presented on ticket routing optimization using AI to reduce unnecessary ticket jumps between support agents.
This document discusses how natural language processing (NLP) can be used for customer support. It outlines several NLP applications for customer support like search, fraud detection, and translation. It also discusses how NLP can help answer previously unasked questions by generating questions from knowledge bases and documents. Finally, it proposes a "customer support Turing test" to evaluate NLP systems for their ability to fool classifiers that distinguish customer support agents from customers.
This document provides information about an AI conference on the future of customer service. The conference will feature presentations from leaders in various AI and data organizations, as well as a panel debate. Statistics are presented showing the growing importance and impact of AI and chatbots on customer service interactions and cost savings over the coming years. The AMAOS project from the University of Copenhagen is also introduced, which focuses on advanced machine learning for automated omni-channel customer support.
The document discusses a project aimed at improving quality of life for citizens with affective disorders like depression. It outlines a vision called "Psyche" that aims to anticipate and alleviate acute depression through a digital platform. A configuration table presents the rationale, strategy, and tactics for a prospect to realize this vision, including leveraging the user's digital diary and questionnaire responses to detect emerging depressive episodes and provide alleviation measures. The table identifies challenges like ineffective intervention and underused platform potential, noting that anticipation works but could be improved and alleviation measures are sometimes weak or misplaced.
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...SOFTTECHHUB
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
HCL Notes and Domino License Cost Reduction in the World of DLAUpanagenda
Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-and-domino-license-cost-reduction-in-the-world-of-dlau/
The introduction of DLAU and the CCB & CCX licensing model caused quite a stir in the HCL community. As a Notes and Domino customer, you may have faced challenges with unexpected user counts and license costs. You probably have questions on how this new licensing approach works and how to benefit from it. Most importantly, you likely have budget constraints and want to save money where possible. Don’t worry, we can help with all of this!
We’ll show you how to fix common misconfigurations that cause higher-than-expected user counts, and how to identify accounts which you can deactivate to save money. There are also frequent patterns that can cause unnecessary cost, like using a person document instead of a mail-in for shared mailboxes. We’ll provide examples and solutions for those as well. And naturally we’ll explain the new licensing model.
Join HCL Ambassador Marc Thomas in this webinar with a special guest appearance from Franz Walder. It will give you the tools and know-how to stay on top of what is going on with Domino licensing. You will be able lower your cost through an optimized configuration and keep it low going forward.
These topics will be covered
- Reducing license cost by finding and fixing misconfigurations and superfluous accounts
- How do CCB and CCX licenses really work?
- Understanding the DLAU tool and how to best utilize it
- Tips for common problem areas, like team mailboxes, functional/test users, etc
- Practical examples and best practices to implement right away
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?Speck&Tech
ABSTRACT: A prima vista, un mattoncino Lego e la backdoor XZ potrebbero avere in comune il fatto di essere entrambi blocchi di costruzione, o dipendenze di progetti creativi e software. La realtà è che un mattoncino Lego e il caso della backdoor XZ hanno molto di più di tutto ciò in comune.
Partecipate alla presentazione per immergervi in una storia di interoperabilità, standard e formati aperti, per poi discutere del ruolo importante che i contributori hanno in una comunità open source sostenibile.
BIO: Sostenitrice del software libero e dei formati standard e aperti. È stata un membro attivo dei progetti Fedora e openSUSE e ha co-fondato l'Associazione LibreItalia dove è stata coinvolta in diversi eventi, migrazioni e formazione relativi a LibreOffice. In precedenza ha lavorato a migrazioni e corsi di formazione su LibreOffice per diverse amministrazioni pubbliche e privati. Da gennaio 2020 lavora in SUSE come Software Release Engineer per Uyuni e SUSE Manager e quando non segue la sua passione per i computer e per Geeko coltiva la sua curiosità per l'astronomia (da cui deriva il suo nickname deneb_alpha).
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfMalak Abu Hammad
Discover how MongoDB Atlas and vector search technology can revolutionize your application's search capabilities. This comprehensive presentation covers:
* What is Vector Search?
* Importance and benefits of vector search
* Practical use cases across various industries
* Step-by-step implementation guide
* Live demos with code snippets
* Enhancing LLM capabilities with vector search
* Best practices and optimization strategies
Perfect for developers, AI enthusiasts, and tech leaders. Learn how to leverage MongoDB Atlas to deliver highly relevant, context-aware search results, transforming your data retrieval process. Stay ahead in tech innovation and maximize the potential of your applications.
#MongoDB #VectorSearch #AI #SemanticSearch #TechInnovation #DataScience #LLM #MachineLearning #SearchTechnology
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!SOFTTECHHUB
As the digital landscape continually evolves, operating systems play a critical role in shaping user experiences and productivity. The launch of Nitrux Linux 3.5.0 marks a significant milestone, offering a robust alternative to traditional systems such as Windows 11. This article delves into the essence of Nitrux Linux 3.5.0, exploring its unique features, advantages, and how it stands as a compelling choice for both casual users and tech enthusiasts.
Threats to mobile devices are more prevalent and increasing in scope and complexity. Users of mobile devices desire to take full advantage of the features
available on those devices, but many of the features provide convenience and capability but sacrifice security. This best practices guide outlines steps the users can take to better protect personal devices and information.
How to Get CNIC Information System with Paksim Ga.pptxdanishmna97
Pakdata Cf is a groundbreaking system designed to streamline and facilitate access to CNIC information. This innovative platform leverages advanced technology to provide users with efficient and secure access to their CNIC details.
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
For the full video of this presentation, please visit: https://www.edge-ai-vision.com/2024/06/building-and-scaling-ai-applications-with-the-nx-ai-manager-a-presentation-from-network-optix/
Robin van Emden, Senior Director of Data Science at Network Optix, presents the “Building and Scaling AI Applications with the Nx AI Manager,” tutorial at the May 2024 Embedded Vision Summit.
In this presentation, van Emden covers the basics of scaling edge AI solutions using the Nx tool kit. He emphasizes the process of developing AI models and deploying them globally. He also showcases the conversion of AI models and the creation of effective edge AI pipelines, with a focus on pre-processing, model conversion, selecting the appropriate inference engine for the target hardware and post-processing.
van Emden shows how Nx can simplify the developer’s life and facilitate a rapid transition from concept to production-ready applications.He provides valuable insights into developing scalable and efficient edge AI solutions, with a strong focus on practical implementation.
Communications Mining Series - Zero to Hero - Session 1DianaGray10
This session provides introduction to UiPath Communication Mining, importance and platform overview. You will acquire a good understand of the phases in Communication Mining as we go over the platform with you. Topics covered:
• Communication Mining Overview
• Why is it important?
• How can it help today’s business and the benefits
• Phases in Communication Mining
• Demo on Platform overview
• Q/A
Unlocking Productivity: Leveraging the Potential of Copilot in Microsoft 365, a presentation by Christoforos Vlachos, Senior Solutions Manager – Modern Workplace, Uni Systems
1. Social engineering, Insiders,
and Security
Christian W Probst
Technical University of Denmark
infinIT seminar om insidertrusler
NetIQ, 2015/03/12
2. 2
What is the Problem?
• We depend increasingly upon complex information
systems
• Focus on the vulnerability to
– Computer crime
– Security attacks [RAND Report, 2004]
“The insider threat is
perhaps the greatest threat
to [society, information
system, ...]”
3. 3
Securing Against the Inside
• Protect against attacks from an insider
• Insider has
– Better knowledge/information
– Better access
• Hard or impossible to distinguish from admissible
actions
• Little research on analysing socio-technical systems
4. 4
What is an Insider?
• An insider is an entity that has been legitimately
empowered with the right to access, represent, or
decide about one or more assets of the
organization’s structure.
• A program can also be an insider
• It is sufficient to have access to an asset containing
the asset in question
5. 5
Example 1: The Hard Disk Example
Naive user and absent policy
In 2003, Banner Therapy employee Christina Binney, a co-
founder of the company, was discharged from her position for
“misconduct”, and instructed not to return to the office. BT
claimed she impermissibly removed a hard drive from her work
computer and took it home over the weekend to prepare for a
client meeting.
6. 6
Example 1: The Hard Disk Example (ctd)
Naive user and absent policy
BT claimed that the removal crippled Banners operations and
placed vital data at risk. Binney explained that a customer
requested a meeting on a Friday for the following Monday
morning. To prepare, she chose to remove the entire hard drive
from her work computer, rather than to transfer the files to a
disk. At the time, BT had neither company policy about taking
work equipment home nor established computing protocols.
When Binney attempted to return to work on Monday, she was
denied access; this prevented her from returning the drive as
she claimed she had planned.
7. 7
Example 2: The Trade Secret Example
Malicious user steals trade secrets
In 2007, FBI agents arrested two engineers, who had worked for
NetLogic Microsystems (NLM) until 2003. The two men used
money from mainland China to create and incorporate a
company for the sole purpose of exploiting the secrets they
stole. They downloaded sensitive NLM documents onto their
home computers, top-level confidential technical descriptions
in enough specificity to enable someone to produce the
technology. Together, the men accumulated the information
needed to design and produce their own lines of
microprocessors and microchips.
8. 8
Example 2: The Trade Secret Example (ctd)
Malicious user steals trade secrets
To finance the business, the men contacted Beijing FBNI
Electronic Technology Development Company Ltd, and entered
into an agreement to develop and sell microprocessor chips.
Both men were able to access proprietary information without
exceeding their individual authorizations. Investigators
uncovered evidence that the venture capitalist had ties to the
Chinese government and military.
9. 9
Example 3: The Tax Fraud Example
Perimeter definition and system design
H. Walters and others are accused for perpetrating the biggest
fraud in Washingtons history. Until her arrest, “Walters was a
26-year tax employee known as a problem solver with a knack
for finding solutions by using the departments antiquated and
balky computers or finding a way around them.” She allegedly
used her position to produce fake checks for bogus refunds
with fictitious names; the total is said to exceed $50 million.
10. 10
Example 3: The Tax Fraud Example (ctd)
Perimeter definition and system design
The scheme involved Washingtons new Integrated Tax System.
During design phase, Walters “contributed to the decision that
her unit, which handled real estate tax refunds, be left out of it.”
At the time, the decision seemed to make sense for cost
reasons.
The scheme exploited several loopholes: each check was under
the threshold for requiring a supervisor’s approval, and no
action was taken to cancel the first check or confirm that it had
not already been cashed.
11. 11
Example 4: The Cloud Provider Sysadmin
Perimeter definition
A system administrator in the facilities of a cloud provider
allegedly used a package sniffer to record the image of a
migrating virtual machine of a financial institution.
The virtual machine was migrated from one server to another,
possibly triggered by some action of the system administrator,
allowing him to capture the network traffic.
Once home, he replayed the network traffic, and reinstantiated
the virtual machine, giving him access to all the data of the VM.
12. 12
Elements of Insider Threats
• An owner of an asset
• An inside entity that can access the asset
• The possibility that the insider might do something
with which the owner does not allowed it to do
– This might be the access to the asset, or some
action using the asset
13. 13
Possible Insider Threats
• Accidental Insider
– Ooops... I REALLY did not want that
• Malicious insider
– Motivation is to harm the organisation
– Or personal gain
• Unaware insider
– Could you just do this...
– Social engineered to do something
14. 14
Accidental Insider
• Hard to control
• But potentially catastrophic consequences
– Leaving door unlocked
– Sending confidential files
– ...
15. 15
Malicious Insider
• The "typical" insider
• Disgruntled employee
• Motivation, opportunity, abilities
• Often developing over time
• Motivation
– Harm the organisation, revenge
– Monetary gain
– Make a point
16. 16
Unaware Insider
• Is "convinced" by an attacker to perform an action
• Usually social engineering
• Believes to do "the right thing" or a favor
• Severe consequences
• Can be anything from opening a door, providing access,
installing something
18. 18
Detecting Inside attacker is "easy"
• Need a concise model of human behaviour
• Dependencies on the surroundings,
• A sufficiently precise surveillance system, and
• An evaluation system, that can draw the necessary
conclusions from its input.
• Neither “easy” to realise, or in any form desirable.
• Lack techniques to model human behaviour.
• Surveillance systems depend on legal boundaries.
19. 19
Containing Insider Threats
• Three major components
– Identification of potential insider attackers
– Monitoring of operations
– Training of employees
20. 20
Identify Factors
• Important areas are legal frameworks, policies, and human
behaviour
• Goal: provide classifications of events and observations
• Analyse policies to determine short-comings, contradictions,
inconsistencies, and loopholes
– These are often exploited to realise insider attacks.
21. 21
Monitoring
• analyses the events in an organisation for signs of insider
threats
• Should be adapted to the expected level of threat and the
value of assets
• Challenge 1: ensure that the right data is collected, and that
the data can be analysed
• Challenge 2: differentiate legal actions by legal users, illegal
actions by legal users, and illegal actions by illegal users.
– How to deal with false positives/negatives?
22. 22
Training
• Important component in containing insider threats.
• Main goal: rising awareness for insider threats.
• Subgoals:
– Streamline policies, detect distortions, or sharpen alertness
• Tap into employees' knowledge about faulty policies and
workflows, insider threats, and counter measures
23. 23
Social Engineering
• Mix of science, psychology, and art.
• Skillfully maneuver somebody to take action or not in some
aspect of their life.
• Dress up as courier with heavy box, ask to open door;
• Telephone technician;
• Clorius technician;
• Santa Claus;
• Call employee, pretend to be from IT service; or many other.
24. 24
Social Engineering
• Works by building up a pretext.
• Goal:
– Make it likely that attack succeeds, and
– Give the victim a good reason to excuse their actions to
themselves.
• Heavy box;
• Construct scenario of urgency based on cover story; or
• Give reason to believe that you belong into the picture.
25. 25
How to defend against Social Engineering
• Perform physical security / social engineering tests.
• Teach your employees social engineering.
– The more they know, the easier they can identify them.
• Create a security awareness "program"
– Enforce regular training activities.
– Re-enact "typical" scenarios.
• Make employees aware of
– The value of assets, and
– The consequences of actions.