SlideShare a Scribd company logo

2016 ISACA NACACS - Audit As An Impact Player For Cybersecurity

Nathan Anderson
Nathan Anderson

Presentation by Nate Anderson and Lucas Morris at the ISACA North American CACS (NACACS) conference in 2016.

Technology
1 of 53
Download to read offline
Nathan Anderson, Director Internal Audit, Sears Holdings Lucas Morris, Senior Manager, Crowe Horwath
#NACACS WHO WE ARE • Nate Anderson – IT Audit Director, Sears Holdings Corporation • Lucas Morris – Senior Manager, Crowe Horwath LLP
#NACACS AGENDA “ security is no longer a function of IT, it’s part of enterprise risk management” 1. the case for cybersecurity 2. three lines of defense model and security roles 3. rethinking the role of internal audit
#NACACS THE CASE FOR CYBERSECURITY
#NACACS HIGH-PROFILE 2014 BREACHES¹ ¹ dell security 2015 threat report (modified): http://bit.ly/1UhOmyF 40m 56m
#NACACS HIGH-PROFILE 2015 BREACHES¹ ¹ dell security 2016 threat report: http://dell.to/1QeaJ4X 80m 37m
#NACACS BREACHES BY THE NUMBERS 58%24% 15% 2% 2% source of breach malicious outsider accidental loss malicious insider hacktivist state sponsored 43% 19% 17% 12% 6% 3% breaches by industry government healthcare other technology retail education ¹ breach level index: http://breachlevelindex.com
#NACACS BREACHES BY THE NUMBERS • Average cost per record lost in 2015 is $217 IBM 2015 Cost of Breach Study: http://ibm.co/1rnnBN3
#NACACS THREE LINES OF DEFENSE MODEL AND SECURITY ROLES
#NACACS THREE LINES OF DEFENSE MODEL Own & manage risk and control (front line operating management Monitor risk and control in support of management (risk, control, compliance functions put in place by management). Provide independent assurance to board & senior management concerning the effectiveness of management of risk and control. coso: three lines of defense: http://bit.ly/1I4XrQT
#NACACS THREE LINES – ROLES & RESPONSIBILITIES • integrate risk management into daily ops • mitigate risks • escalate risks 1 2 3 • set risk baselines, policies, & standards • monitor & call for action • oversight, checks & balances, consultation • review program effectiveness • update senior management & leaders • holistic risk view
#NACACS THREE LINES EXAMPLE: EMPLOYEE DATA Internal audit information security / it compliance human resources control requirements – cobit / nist risk assessment control gaps global view system & asset inventory control set
#NACACS ROLE OF BOARD OF DIRECTORS & AUDIT COMMITTEE 40% of boards deal with computer & information security issues 48% have board-level risk committee for privacy & security 65% [of directors] want at least “some” additional time and focus on IT risks like cybersecurity¹ 83% of the board or its committees are very or moderately engaged with overseeing/understanding the risk of cyberattacks. 65% of board or its committees are very or moderately engaged with overseeing/understanding the level of spend on cybersecurity. Deloitte: http://bit.ly/1pnZCN5 PwC: http://pwc.to/1RMkXWK
#NACACS RETHINKING THE ROLE OF INTERNAL AUDIT
#NACACS SECURITY AS ENTERPRISE RISK MANAGEMENT • identify your threat landscape: assets, threat actors, and threats¹ • assess defense and determine relevancy of attacks • audit and test defenses and technical controls • communicate and collaborate with other lines of defense and audit committee ¹ refer to appendix A. for recommended reading list.
#NACACS SECURITY AS ENTERPRISE RISK MANAGEMENT • identify your threat landscape: assets, threat actors, and threats • assess defense and determine relevancy of attacks • audit and test defenses and technical controls • communicate and collaborate with other lines of defense and audit committee
#NACACS IDENTIFY YOUR THREAT LANDSCAPE: ASSETS¹ what are your crown jewels? ¹ refer to appendix B. for security frameworks supporting an asset-driven approach.
#NACACS IDENTIFY YOUR THREAT LANDSCAPE: ASSETS where are your crown jewels? “an organization cannot properly protect [assets] it does not know about.” - nist¹ points of entry servers databases staging warehouse third parties cloud unstructured reports ¹ NIST Protecting PII: http://1.usa.gov/1DgxrRy
#NACACS IDENTIFY YOUR THREAT LANDSCAPE: THREAT ACTORS relevant external threat actors are relevant based on: - assets - industry nation states hacktivists criminal organizations terrorists individuals (internal & external) attack origination¹ external internal partner 80%+ 17% 3% relevant internal & third party threat actors ¹ verizon data breach investigations report: http://vz.to/1ILoZPv
#NACACS • Highly knowledgeable, highly funded • Looking for targets of value • Example: Lulzsec, Stuxnet, Nation Sponsored • Advanced attacks with specific targets • Worms, Application Vulnerabilities • Example: Conficker, Sasser • Leverage widely available tools • Look for targets of opportunity • Example: Website defacement • Employee, partners, contractors • Typically highest likelihood of monetary impact • Example: WikiLeaks THREAT ACTOR SOPHISTICATION insider threats “script kiddies” targeted attacks advanced persistent threats
#NACACS # OF BREACHES BY THREAT ACTIVE MOTIVE ¹ verizon dbir 2016: http://vz.to/1Svr72f
#NACACS IDENTIFY YOUR THREAT LANDSCAPE - THREATS phishing data leakage credentials trojan backdoor command & control malware
#NACACS THREATS – USER CREDENTIALS • at risk credentials – weak, reused, default credentials – easy method for attackers to gain and expand access • how do they obtain them: – guessing – stealing them encrypted from memory or storage – stealing them while in use (unencrypted) – stealing the users session or token • enable attacker to: – gather significant amounts of low risk information – access files – search and scan for additional access, moving both laterally and vertically credentials
#NACACS THREATS – THIRD PARTIES • it’s 10:30 am monday morning and IT gets a call… “Hello, this is Tom from procurement. We have a vendor that will be here at 2:00 and they are requesting that we provide them an internal IP address for the installation.” • recent breaches show compliance is not the goal • right to audit clause • more hands on testing – vendors will hate this – small organizations will struggle credentials
#NACACS THREATS – DATA LEAKAGE internet third parties shares email printers intranetapplications backups media database local files data leakage
#NACACS THREATS – SOCIAL ENGINEERING From: “Client Content Filter System" <client-web-filter@FAKEBUTLOOKSREAL.org> Subject: Potential Acceptable Use Violation Michael, Our web traffic monitoring service has reported that your account has visited potentially malicious web sites, including sites that are restricted per ABC’s Acceptable Use Policy. We do realize that this type of activity is often caused by viruses and other types of malware. The following link will direct you to the detailed report of the malicious web sites your system has visited as reported by the monitoring service; please review this list for accuracy. https://www.FAKEBUTLOOKSREAL.org/ABC/?sessionid=chris.wilkinson@abc.com The file has been encrypted for privacy and requires Microsoft Word macros to be enabled for viewing. If you believe that any of the sites listed in the report have been reported erroneously or that all sites noted are false positives, please reply to this email and a manual review will be conducted by Information Security. phishing
#NACACS THREATS – PHISHING SCENARIO EXAMPLE 1 user receives phishing Email; clicks attachment 2 malicious malware installed that enables backdoor 3 communication between User system & attacker 4 attacker scans network for targets, lateral movement phishing
#NACACS SECURITY AS ENTERPRISE RISK MANAGEMENT • identify your threat landscape: assets, threat actors, and threats • assess defense and determine relevancy of attacks • audit and test defenses and technical controls • communicate and collaborate with other lines of defense and audit committee
#NACACS ASSESS DEFENSE Initial Point of Entry The Point of Entry represents how the attacker obtains initial access. Examples could include social engineering, unpatched Internet accessible systems, or weak passwords on externally accessible systems. Fortify Access and Access Data As the attacker pivots around the network, they continue to attempt to escalate their authority until they have the necessary access. They will typically fortify their access by installing malware or backdoors to maintain access. Persistent Administrator access is the end goal. Pivot Point The initial access typically does not provide the information the attacker is looking for. They will leverage the access they do have to try to increase authority on the network. This could be occur through shared passwords, unpatched systems, or excessive privileges. Data Exfiltration Once the attacker has data, they need to get it out of the network. This can be completed through a variety of vehicles email or FTP. This has forced the maturity in the approach to Information Security from only focusing on prevention to include detection and response.
#NACACS ASSESS RELEVANCY – ATTACK SCENARIOS & PATTERNS¹ ¹ refer to appendices C. through F. for additional threat pattern and scenario details. ² verizon dbir 2015: http://vz.to/1ILoZPv ³ verizon data breach digest 2016: http://vz.to/21zkult social engineering financial pretexting insider threat usb infection peripheral tampering rogue connection logic switch sql injection cms compromise backdoor access ram scraping credential theft over the previous three years, just 12 attack scenarios represent over 60% of our investigations.³ pos intrusions web application attacks cyberespionage crimeware insider/privilege misuse payment card skimmers miscellaneous errors physical theft & loss denial of service “while we saw many changes in the threat landscape the last 12 months, [9] patterns still covered the vast majority of incidents (96%).” ²
#NACACS ASSESS THREAT RELEVANCY – TOP PATTERNS frequency of incident patterns across all security incidents¹ frequency of incident patterns with confirmed data breaches¹ ¹ verizon dbir 2015: http://vz.to/1ILoZPv
#NACACS # OF BREACHES PER THREAT ACTION TYPE top 5 C2 (malware) use of stolen creds export data (malware) use of backdoor or C2 phishing (social) ¹ verizon dbir 2016: http://vz.to/1Svr72f
#NACACS SECURITY AS ENTERPRISE RISK MANAGEMENT • identify your threat landscape: assets, threat actors, and threats • assess defense and determine relevancy of attacks • audit and test defenses and technical controls • communicate and collaborate with other lines of defense and audit committee
#NACACS AUDIT & TEST – IDENTIFICATION OF SENSITIVE ASSETS focus on completeness of inventory during data security audits create data flows create system & asset inventory hold management accountable for upkeep “entity should confirm the accuracy of their PCI DSS scope by identifying all locations and flows of cardholder data, and identify all systems that are connected to or, if compromised, could impact the CDE.” – PCI DSS 3.1
#NACACS AUDIT & TEST – ALIGN WITH SECURITY FRAMEWORK example security frameworks: COBIT, ISO 2700X, NIST or OCTAVE COBIT 5 ISO 27001/27002 NIST cybersecurity framework OCTAVE allegro - more focus on alignment with business goals, governance roles (2nd & 3rd line of defense) - control set (no risk language) - maps to ISO 27001, NIST CSF - controls have wider coverage than NIST CSF - accepted standard in many countries - supports certification process - Maps to NIST CSF, COBIT - subset of verbose sp 800-53 NIST framework - control set (no risk language) - detailed guidance for technical controls - Maps to ISO 27001, COBIT - many publications - risk-based approach - aligns with NIST risk assessment publication sp 800-39 - Provides steps, worksheets, questionnaires; not a control framework
#NACACS AUDIT & TEST – ASSESS MEASUREMENT CAPABILITY Risk & Control Activity Intellectual Property Cardholder (PCI) Health (ePHI) Employee (PII) Customer (PII) Financial (SOX) System & Asset Inventory Third Party Inventory Identify & Classify Risks Define Control Requirements Identify Existing Controls Control Assessment Measure Residual Risks Identify & Manage Incidents establish method to measure key risks & controls
#NACACS AUDIT & TEST – ACROSS THE ATTACK CHAIN Internet Application Infrastructure Endpoint Third Party Firewall Remote Users Mobile Devices Web Application Applications Network Employees Workstations Servers Printers Cloud Database
#NACACS AUDIT & TEST – SOCIAL ENGINEERING AUDIT malicious email filtering phishing incident management security awareness program - blocking sufficient % of malicious emails - filters updated based on incidents - accurate, complete list of incidents - analysis of nature and severity - remediation effective & complete; includes cleaning user systems, blocking at network-level, identifying any command & control activity - evaluate effectiveness & reach of training & communications - determine how effectiveness of program is evaluated
#NACACS AUDIT & TEST – PHISHING SIMULATIONS 1 email ploy crafted by audit (similar to actual) phishing engine selects appropriate random targets across areas of organization 3 2 measure % that click, open, provide credentials 4 repeat different ploys regularly, collecting stats - % open email (30% avg.¹) - % open link / attachment (12% avg.) - % report suspicious email (3% avg.) - track % over time - track % by area - adjust awareness program ¹ verizon dbir 2016: http://vz.to/1Svr72f
#NACACS INFORMATION SECURITY AUDITS TO CONSIDER cloud & data lake governance it asset management security vulnerabilities & patching assessment phishing & security awareness network segmentation assessment security logging & event detection penetration testing web & mobile application assessment program assessments: PCI & PHI information security overall assessment firewall ruleset assessment
#NACACS SECURITY AS ENTERPRISE RISK MANAGEMENT • identify your threat landscape: assets, threat actors, and threats • assess defense and determine relevancy of attacks • audit and test defenses and technical controls • communicate and collaborate with other lines of defense and audit committee
#NACACS RELEVANT COMMUNICATION TO LEADERS 3rd line of defense what are you communicating to the audit committee, security, IT, and the business about cybersecurity?
#NACACS QUESTIONS?
#NACACS THANK YOU Lucas Morris lucas.morris@crowehorwath.com www.github.com/CroweCybersecurity 214-777-5257 Nate Anderson nate.anderson@searshc.com
#NACACS APPENDIX: REFERENCE MATERIALS
#NACACS A. CYBERSECURITY THREAT REPORTS • key data breach / cybersecurity reports – verizon data breach investigations report • 2014: http://vz.to/1pMX6xZ | 2015: http://vz.to/1ILoZPv • 2016: http://vz.to/1Svr72f – verizon data breach digest: 2016: http://vz.to/21zkult – dell security annual threat report: • 2015: http://bit.ly/1UhOmyF | 2016: http://dell.to/1QeaJ4X – symantec internet security threat report: • 2015: http://symc.ly/1MBxADq | supplement: http://symc.ly/1aVPSSs – mcafee labs threats predictions: 2015: http://intel.ly/1No3xh0 – poneman global megatrends in cybersecurity: http://rtn.co/1KmCqRS
#NACACS B. POPULAR FRAMEWORKS ON ASSET IDENTIFICATION ¹ nist csf: http://1.usa.gov/1dIqXf5 ² octave allegro: http://bit.ly/1LTaH2F methodology system & asset reference nist cybersecurity framework¹ step 2: orient. Once the scope of the cybersecurity program has been determined for the business line or process, the organization identifies related systems and assets, regulatory requirements, and overall risk approach. The organization then identifies threats to, and vulnerabilities of, those systems and assets. octave allegro² step 2: develop an information asset profile The methodology focuses on the information assets of the organization and Step 2 begins the process of creating a profile for those assets… The methodology’s profiling process ensures that an asset is clearly and consistently described, that there is an unambiguous definition of the asset’s boundaries, and that the security requirements for the asset are adequately defined. The profile for each asset is captured on a single worksheet that forms the basis for the identification of threats and risks in subsequent steps. step 3: identify information asset containers Containers describe the places where information assets are stored, transported, and processed. Information assets reside not only in containers within an organization’s boundaries but they also often reside in containers that are not in the direct control of the organization. Any risks to the containers in which the information asset lives are inherited by the information asset.
#NACACS C. THREAT ACTIONS – TOP 9 INCIDENT PATTERNS ¹ verizon data breach digest 2016: http://vz.to/21zkult
#NACACS D. THREAT ACTIONS – 12 MOST COMMON SCENARIOS¹ ¹ verizon data breach digest 2016: http://vz.to/21zkult # scenario freq threat actor(s) sophistication threat source 1 social engineering 16% organized crime, state-affiliated 3-4-5 China, Argentina, North Korea, Russian Federation 2 financial pretexting 7% organized crime 2-3 varies 3 insider threat 12% Cashier/bank teller/waiter, end users, organized crime, finance employees, call center employees 1 varies 4 usb infection 33% State-affiliated, organized crime 4-5 China, North Korea, Russian Federation 5 peripheral tampering <1% organized crime 2 Bulgaria, Romania, Armenia, Brazil, the U.S. 6 rogue connection 4% organized crime 1-2-3 varies 7 logic switch 53% Organized crime, una liated, state-affiliated, activist group 1-2-3-4-5 The U.S., China 8 sql injection 23% Activist, organized crime, state- affiliated 3 varies 9 cms compromise 46% organized crime 3 China, Malaysia, the U.S., Russian Federation 10 backdoor access 51% State-affiliated, organized crime 3-4-5 Romania, China, Russian Federation 11 ram scraping 55% organized crime, state-affiliated 2-3 Romania, Germany, China, Russian Federation 12 credential theft 42% organized crime, state-affiliated 2-3-4-5 Ukraine, China, Romania, Germany, Russian Federation, the U.S.
#NACACS E. THREAT ACTIONS – 6 LETHAL SCENARIOS¹ ¹ verizon data breach digest 2016: http://vz.to/21zkult # scenario freq threat actor(s) sophistication threat source 1 digital extortion 9% organized crime 2 varies 2 partner misuse 4% business-2-business partner 1 varies 3 hacktivist attack 3% activist group 1-2 unknown, syria 4 dns tunneling <1% state-affiliated, organized crime 3 varies 5 data ransomware 4% organized crime 1-2 varies 6 sophisticated malware 32% state-affiliated, organized crime 4-5 varies
#NACACS F. TOP 25 VERIS (VERIZON) THREAT ACTIONS # scenario # threat actor(s) 1 Phishing—Phishing (or any type of *ishing) 13 Downloader—Downloader (pull updates or other malware) 2 Use of stolen creds—Use of stolen credentials 14 Scan network—Scan or footprint network 3 RAM scraper—RAM scraper or memory parser 15 Password dumper—Password dumper 4 Brute force—Brute force attack 16 Privilege abuse—Abuse of system access privileges 5 Export data—Export data to another site or system 17 Skimmer—Payment card skimmers 6 Use of backdoor or C2—Use of backdoor or C2 18 Adminware—System or network utilities (e.g., , PsTools) 7 Unknown—Malware unknown 19 Rootkit—Rootkit (maintain local privileges and stealth) 8 Backdoor—Backdoor (enable remote access) 20 SQL injection—SQL injection attack 9 Spyware/Keylogger—Spyware, keylogger, etc. 21 Exploit vuln—Exploit vulnerability in code 10 Unknown—Hacking unknown 22 Disable controls—Disable or interfere with security controls 11 C2—Command and control (C2) 23 Brute force—Brute force attack 12 Capture stored data—Capture data stored on disk 24 Unapproved hardware—Use of unapproved hardware 25 Packet sniffer—Packet sniffer (capture data from network) ¹ verizon data breach digest 2016: http://vz.to/21zkult
#NACACS ICON CREDITS – 1 OF 2¹ ¹ thenounproject.com icon credit icon credit icon credit invoice 1 alex auda samora invoice 2 alex auda samora cloud server icon 54 credit card redfusion bank anbileru adaleru black database sergio luna money gregor cresnar mystery person yamini ahluwalia building lil squid health joao proenca brain jessie_vp white server mister pixel diamond rflor report aldredo hernandez server w/legs chameleon design thumbprint wilson joseph cash register icon 54 spreadsheet useiconic license olivia stelan elephant ted mitchner circle lifecycle yamini ahluwalia process flow mantisshrimpdesign black hoodie olivier guin black hat spy alex auda samora black mask luis prado white mask icon 54 black mask hat creative stall
#NACACS ICON CREDITS – 2 OF 2¹ ¹ thenounproject.com icon credit icon credit icon credit download creative stall trojan horse luis prado open lock chameleon design phishing juan pablo bravo broken lock james mayor safe luis prado pass crack matt wasser keyring william j salvador

Recommended

Cybersecurity Metrics: Reporting to BoD
Cybersecurity Metrics: Reporting to BoDCybersecurity Metrics: Reporting to BoD
Cybersecurity Metrics: Reporting to BoD
Pranav Shah
 
Cybersecurity Incident Management PowerPoint Presentation Slides
Cybersecurity Incident Management PowerPoint Presentation SlidesCybersecurity Incident Management PowerPoint Presentation Slides
Cybersecurity Incident Management PowerPoint Presentation Slides
SlideTeam
 
Building a Cyber Security Operations Center for SCADA/ICS Environments
Building a Cyber Security Operations Center for SCADA/ICS EnvironmentsBuilding a Cyber Security Operations Center for SCADA/ICS Environments
Building a Cyber Security Operations Center for SCADA/ICS Environments
Shah Sheikh
 
Cybersecurity Incident Management Powerpoint Presentation Slides
Cybersecurity Incident Management Powerpoint Presentation SlidesCybersecurity Incident Management Powerpoint Presentation Slides
Cybersecurity Incident Management Powerpoint Presentation Slides
SlideTeam
 
Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023
PECB
 
10 Steps to Building an Effective Vulnerability Management Program
10 Steps to Building an Effective Vulnerability Management Program10 Steps to Building an Effective Vulnerability Management Program
10 Steps to Building an Effective Vulnerability Management Program
BeyondTrust
 
Critical Capabilities for MDR Services - What to Know Before You Buy
Critical Capabilities for MDR Services - What to Know Before You BuyCritical Capabilities for MDR Services - What to Know Before You Buy
Critical Capabilities for MDR Services - What to Know Before You Buy
Fidelis Cybersecurity
 
Planning and Deploying an Effective Vulnerability Management Program
Planning and Deploying an Effective Vulnerability Management ProgramPlanning and Deploying an Effective Vulnerability Management Program
Planning and Deploying an Effective Vulnerability Management Program
Sasha Nunke
 

Recommended

Cybersecurity Metrics: Reporting to BoD
Cybersecurity Metrics: Reporting to BoDCybersecurity Metrics: Reporting to BoD
Cybersecurity Metrics: Reporting to BoD
Pranav Shah
 
Cybersecurity Incident Management PowerPoint Presentation Slides
Cybersecurity Incident Management PowerPoint Presentation SlidesCybersecurity Incident Management PowerPoint Presentation Slides
Cybersecurity Incident Management PowerPoint Presentation Slides
SlideTeam
 
Building a Cyber Security Operations Center for SCADA/ICS Environments
Building a Cyber Security Operations Center for SCADA/ICS EnvironmentsBuilding a Cyber Security Operations Center for SCADA/ICS Environments
Building a Cyber Security Operations Center for SCADA/ICS Environments
Shah Sheikh
 
Cybersecurity Incident Management Powerpoint Presentation Slides
Cybersecurity Incident Management Powerpoint Presentation SlidesCybersecurity Incident Management Powerpoint Presentation Slides
Cybersecurity Incident Management Powerpoint Presentation Slides
SlideTeam
 
Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023
PECB
 
10 Steps to Building an Effective Vulnerability Management Program
10 Steps to Building an Effective Vulnerability Management Program10 Steps to Building an Effective Vulnerability Management Program
10 Steps to Building an Effective Vulnerability Management Program
BeyondTrust
 
Critical Capabilities for MDR Services - What to Know Before You Buy
Critical Capabilities for MDR Services - What to Know Before You BuyCritical Capabilities for MDR Services - What to Know Before You Buy
Critical Capabilities for MDR Services - What to Know Before You Buy
Fidelis Cybersecurity
 
Planning and Deploying an Effective Vulnerability Management Program
Planning and Deploying an Effective Vulnerability Management ProgramPlanning and Deploying an Effective Vulnerability Management Program
Planning and Deploying an Effective Vulnerability Management Program
Sasha Nunke
 
PHISHING PROTECTION
PHISHING PROTECTIONPHISHING PROTECTION
PHISHING PROTECTION
Sylvain Martinez
 
Email Phishing Test Simulation, Educating the Users
Email Phishing Test Simulation, Educating the UsersEmail Phishing Test Simulation, Educating the Users
Email Phishing Test Simulation, Educating the Users
Netpluz Asia Pte Ltd
 
Introduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkIntroduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security Framework
PECB
 
INCIDENT RESPONSE NIST IMPLEMENTATION
INCIDENT RESPONSE NIST IMPLEMENTATIONINCIDENT RESPONSE NIST IMPLEMENTATION
INCIDENT RESPONSE NIST IMPLEMENTATION
Sylvain Martinez
 
Information security for dummies
Information security for dummiesInformation security for dummies
Information security for dummies
Ivo Depoorter
 
IT Security PowerPoint Presentation Slides
IT Security PowerPoint Presentation SlidesIT Security PowerPoint Presentation Slides
IT Security PowerPoint Presentation Slides
SlideTeam
 
How To Present Cyber Security To Senior Management Complete Deck
How To Present Cyber Security To Senior Management Complete DeckHow To Present Cyber Security To Senior Management Complete Deck
How To Present Cyber Security To Senior Management Complete Deck
SlideTeam
 
How To Handle Cybersecurity Risk PowerPoint Presentation Slides
How To Handle Cybersecurity Risk PowerPoint Presentation SlidesHow To Handle Cybersecurity Risk PowerPoint Presentation Slides
How To Handle Cybersecurity Risk PowerPoint Presentation Slides
SlideTeam
 
Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025
Radar Cyber Security
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for Executives
Krist Davood - Principal - CIO
 
Guide to Risk Management Framework (RMF)
Guide to Risk Management Framework (RMF)Guide to Risk Management Framework (RMF)
Guide to Risk Management Framework (RMF)
MetroStar
 
Cyber Security Incident Response Planning
Cyber Security Incident Response PlanningCyber Security Incident Response Planning
Cyber Security Incident Response Planning
PECB
 
NIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewNIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewTandhy Simanjuntak
 
Cyber Security Maturity Assessment
Cyber Security Maturity Assessment Cyber Security Maturity Assessment
Cyber Security Maturity Assessment
Doreen Loeber
 
Rothke secure360 building a security operations center (soc)
Rothke secure360 building a security operations center (soc)Rothke secure360 building a security operations center (soc)
Rothke secure360 building a security operations center (soc)
Ben Rothke
 
63 Requirements for CASB
63 Requirements for CASB63 Requirements for CASB
63 Requirements for CASBKyle Watson
 
Vulnerability Management
Vulnerability ManagementVulnerability Management
Vulnerability Management
asherad
 
Cybersecurity Risk Management for Financial Institutions
Cybersecurity Risk Management for Financial InstitutionsCybersecurity Risk Management for Financial Institutions
Cybersecurity Risk Management for Financial Institutions
Sarah Cirelli
 
Implementing Vulnerability Management
Implementing Vulnerability Management Implementing Vulnerability Management
Implementing Vulnerability Management
Argyle Executive Forum
 
Cybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architectureCybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architecture
Priyanka Aash
 
The Hacker Playbook: How to Think like a Cybercriminal to Reduce Risk
The Hacker Playbook: How to Think like a Cybercriminal to Reduce RiskThe Hacker Playbook: How to Think like a Cybercriminal to Reduce Risk
The Hacker Playbook: How to Think like a Cybercriminal to Reduce Risk
BeyondTrust
 
Advantage Technology - Ransomware and the NIST Cybersecurity Framework
Advantage Technology - Ransomware and the NIST Cybersecurity FrameworkAdvantage Technology - Ransomware and the NIST Cybersecurity Framework
Advantage Technology - Ransomware and the NIST Cybersecurity Framework
Jack Shaffer
 

More Related Content

What's hot

PHISHING PROTECTION
PHISHING PROTECTIONPHISHING PROTECTION
PHISHING PROTECTION
Sylvain Martinez
 
Email Phishing Test Simulation, Educating the Users
Email Phishing Test Simulation, Educating the UsersEmail Phishing Test Simulation, Educating the Users
Email Phishing Test Simulation, Educating the Users
Netpluz Asia Pte Ltd
 
Introduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkIntroduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security Framework
PECB
 
INCIDENT RESPONSE NIST IMPLEMENTATION
INCIDENT RESPONSE NIST IMPLEMENTATIONINCIDENT RESPONSE NIST IMPLEMENTATION
INCIDENT RESPONSE NIST IMPLEMENTATION
Sylvain Martinez
 
Information security for dummies
Information security for dummiesInformation security for dummies
Information security for dummies
Ivo Depoorter
 
IT Security PowerPoint Presentation Slides
IT Security PowerPoint Presentation SlidesIT Security PowerPoint Presentation Slides
IT Security PowerPoint Presentation Slides
SlideTeam
 
How To Present Cyber Security To Senior Management Complete Deck
How To Present Cyber Security To Senior Management Complete DeckHow To Present Cyber Security To Senior Management Complete Deck
How To Present Cyber Security To Senior Management Complete Deck
SlideTeam
 
How To Handle Cybersecurity Risk PowerPoint Presentation Slides
How To Handle Cybersecurity Risk PowerPoint Presentation SlidesHow To Handle Cybersecurity Risk PowerPoint Presentation Slides
How To Handle Cybersecurity Risk PowerPoint Presentation Slides
SlideTeam
 
Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025
Radar Cyber Security
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for Executives
Krist Davood - Principal - CIO
 
Guide to Risk Management Framework (RMF)
Guide to Risk Management Framework (RMF)Guide to Risk Management Framework (RMF)
Guide to Risk Management Framework (RMF)
MetroStar
 
Cyber Security Incident Response Planning
Cyber Security Incident Response PlanningCyber Security Incident Response Planning
Cyber Security Incident Response Planning
PECB
 
NIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewNIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewTandhy Simanjuntak
 
Cyber Security Maturity Assessment
Cyber Security Maturity Assessment Cyber Security Maturity Assessment
Cyber Security Maturity Assessment
Doreen Loeber
 
Rothke secure360 building a security operations center (soc)
Rothke secure360 building a security operations center (soc)Rothke secure360 building a security operations center (soc)
Rothke secure360 building a security operations center (soc)
Ben Rothke
 
63 Requirements for CASB
63 Requirements for CASB63 Requirements for CASB
63 Requirements for CASBKyle Watson
 
Vulnerability Management
Vulnerability ManagementVulnerability Management
Vulnerability Management
asherad
 
Cybersecurity Risk Management for Financial Institutions
Cybersecurity Risk Management for Financial InstitutionsCybersecurity Risk Management for Financial Institutions
Cybersecurity Risk Management for Financial Institutions
Sarah Cirelli
 
Implementing Vulnerability Management
Implementing Vulnerability Management Implementing Vulnerability Management
Implementing Vulnerability Management
Argyle Executive Forum
 
Cybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architectureCybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architecture
Priyanka Aash
 

What's hot (20)

PHISHING PROTECTION
PHISHING PROTECTIONPHISHING PROTECTION
PHISHING PROTECTION
 
Email Phishing Test Simulation, Educating the Users
Email Phishing Test Simulation, Educating the UsersEmail Phishing Test Simulation, Educating the Users
Email Phishing Test Simulation, Educating the Users
 
Introduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkIntroduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security Framework
 
INCIDENT RESPONSE NIST IMPLEMENTATION
INCIDENT RESPONSE NIST IMPLEMENTATIONINCIDENT RESPONSE NIST IMPLEMENTATION
INCIDENT RESPONSE NIST IMPLEMENTATION
 
Information security for dummies
Information security for dummiesInformation security for dummies
Information security for dummies
 
IT Security PowerPoint Presentation Slides
IT Security PowerPoint Presentation SlidesIT Security PowerPoint Presentation Slides
IT Security PowerPoint Presentation Slides
 
How To Present Cyber Security To Senior Management Complete Deck
How To Present Cyber Security To Senior Management Complete DeckHow To Present Cyber Security To Senior Management Complete Deck
How To Present Cyber Security To Senior Management Complete Deck
 
How To Handle Cybersecurity Risk PowerPoint Presentation Slides
How To Handle Cybersecurity Risk PowerPoint Presentation SlidesHow To Handle Cybersecurity Risk PowerPoint Presentation Slides
How To Handle Cybersecurity Risk PowerPoint Presentation Slides
 
Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for Executives
 
Guide to Risk Management Framework (RMF)
Guide to Risk Management Framework (RMF)Guide to Risk Management Framework (RMF)
Guide to Risk Management Framework (RMF)
 
Cyber Security Incident Response Planning
Cyber Security Incident Response PlanningCyber Security Incident Response Planning
Cyber Security Incident Response Planning
 
NIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewNIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An Overview
 
Cyber Security Maturity Assessment
Cyber Security Maturity Assessment Cyber Security Maturity Assessment
Cyber Security Maturity Assessment
 
Rothke secure360 building a security operations center (soc)
Rothke secure360 building a security operations center (soc)Rothke secure360 building a security operations center (soc)
Rothke secure360 building a security operations center (soc)
 
63 Requirements for CASB
63 Requirements for CASB63 Requirements for CASB
63 Requirements for CASB
 
Vulnerability Management
Vulnerability ManagementVulnerability Management
Vulnerability Management
 
Cybersecurity Risk Management for Financial Institutions
Cybersecurity Risk Management for Financial InstitutionsCybersecurity Risk Management for Financial Institutions
Cybersecurity Risk Management for Financial Institutions
 
Implementing Vulnerability Management
Implementing Vulnerability Management Implementing Vulnerability Management
Implementing Vulnerability Management
 
Cybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architectureCybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architecture
 

Similar to 2016 ISACA NACACS - Audit As An Impact Player For Cybersecurity

The Hacker Playbook: How to Think like a Cybercriminal to Reduce Risk
The Hacker Playbook: How to Think like a Cybercriminal to Reduce RiskThe Hacker Playbook: How to Think like a Cybercriminal to Reduce Risk
The Hacker Playbook: How to Think like a Cybercriminal to Reduce Risk
BeyondTrust
 
Advantage Technology - Ransomware and the NIST Cybersecurity Framework
Advantage Technology - Ransomware and the NIST Cybersecurity FrameworkAdvantage Technology - Ransomware and the NIST Cybersecurity Framework
Advantage Technology - Ransomware and the NIST Cybersecurity Framework
Jack Shaffer
 
Evidence-Based Security: The New Top Five Controls
Evidence-Based Security: The New Top Five ControlsEvidence-Based Security: The New Top Five Controls
Evidence-Based Security: The New Top Five Controls
Priyanka Aash
 
Automating Critical Security Controls for Threat Remediation and Compliance
Automating Critical Security Controls for Threat Remediation and ComplianceAutomating Critical Security Controls for Threat Remediation and Compliance
Automating Critical Security Controls for Threat Remediation and Compliance
Qualys
 
Ethical hacking
Ethical hacking Ethical hacking
Ethical hacking
Јаѓќеѕн Јажѕшаф
 
Applied cognitive security complementing the security analyst
Applied cognitive security complementing the security analyst Applied cognitive security complementing the security analyst
Applied cognitive security complementing the security analyst
Priyanka Aash
 
How to Build and Validate Ransomware Attack Detections (Secure360)
How to Build and Validate Ransomware Attack Detections (Secure360)How to Build and Validate Ransomware Attack Detections (Secure360)
How to Build and Validate Ransomware Attack Detections (Secure360)
Scott Sutherland
 
Penetration Testing Basics
Penetration Testing BasicsPenetration Testing Basics
Penetration Testing Basics
Rick Wanner
 
Ethical Hacking Interview Questions and Answers.pdf
Ethical Hacking Interview Questions and Answers.pdfEthical Hacking Interview Questions and Answers.pdf
Ethical Hacking Interview Questions and Answers.pdf
ShivamSharma909
 
Using SurfWatch Labs' Threat Intelligence to Monitor Your Digital Risk
Using SurfWatch Labs' Threat Intelligence to Monitor Your Digital RiskUsing SurfWatch Labs' Threat Intelligence to Monitor Your Digital Risk
Using SurfWatch Labs' Threat Intelligence to Monitor Your Digital Risk
SurfWatch Labs
 
Appsec2013 assurance tagging-robert martin
Appsec2013 assurance tagging-robert martinAppsec2013 assurance tagging-robert martin
Appsec2013 assurance tagging-robert martindrewz lin
 
5 Steps to an Effective Vulnerability Management Program
5 Steps to an Effective Vulnerability Management Program5 Steps to an Effective Vulnerability Management Program
5 Steps to an Effective Vulnerability Management Program
Tripwire
 
The Cyber Kill Chain. 7 Stages of Cyber Kill Chain Supplementary Reading
The Cyber Kill Chain. 7 Stages of Cyber Kill Chain Supplementary ReadingThe Cyber Kill Chain. 7 Stages of Cyber Kill Chain Supplementary Reading
The Cyber Kill Chain. 7 Stages of Cyber Kill Chain Supplementary Reading
Muhammad FAHAD
 
Reducing Your Attack Surface and Yuor Role in Cloud Workload Protection
Reducing Your Attack Surface and Yuor Role in Cloud Workload ProtectionReducing Your Attack Surface and Yuor Role in Cloud Workload Protection
Reducing Your Attack Surface and Yuor Role in Cloud Workload Protection
Alert Logic
 
Common Types of Cyber Attacks & How to Prevent Them.pptx
Common Types of Cyber Attacks & How to Prevent Them.pptxCommon Types of Cyber Attacks & How to Prevent Them.pptx
Common Types of Cyber Attacks & How to Prevent Them.pptx
KalponikPrem
 
Talos Insight: Threat Innovation Emerging from the Noise
Talos Insight: Threat Innovation Emerging from the NoiseTalos Insight: Threat Innovation Emerging from the Noise
Talos Insight: Threat Innovation Emerging from the Noise
Cisco Canada
 
Reducing Your Attack Surface & Your Role in Cloud Workload Protection
Reducing Your Attack Surface & Your Role in Cloud Workload ProtectionReducing Your Attack Surface & Your Role in Cloud Workload Protection
Reducing Your Attack Surface & Your Role in Cloud Workload Protection
Alert Logic
 
Cyber security series advanced persistent threats
Cyber security series advanced persistent threats Cyber security series advanced persistent threats
Cyber security series advanced persistent threats
Jim Kaplan CIA CFE
 
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdfFor Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
JustinBrown267905
 
Application security testing an integrated approach
Application security testing an integrated approachApplication security testing an integrated approach
Application security testing an integrated approach
Idexcel Technologies
 

Similar to 2016 ISACA NACACS - Audit As An Impact Player For Cybersecurity (20)

The Hacker Playbook: How to Think like a Cybercriminal to Reduce Risk
The Hacker Playbook: How to Think like a Cybercriminal to Reduce RiskThe Hacker Playbook: How to Think like a Cybercriminal to Reduce Risk
The Hacker Playbook: How to Think like a Cybercriminal to Reduce Risk
 
Advantage Technology - Ransomware and the NIST Cybersecurity Framework
Advantage Technology - Ransomware and the NIST Cybersecurity FrameworkAdvantage Technology - Ransomware and the NIST Cybersecurity Framework
Advantage Technology - Ransomware and the NIST Cybersecurity Framework
 
Evidence-Based Security: The New Top Five Controls
Evidence-Based Security: The New Top Five ControlsEvidence-Based Security: The New Top Five Controls
Evidence-Based Security: The New Top Five Controls
 
Automating Critical Security Controls for Threat Remediation and Compliance
Automating Critical Security Controls for Threat Remediation and ComplianceAutomating Critical Security Controls for Threat Remediation and Compliance
Automating Critical Security Controls for Threat Remediation and Compliance
 
Ethical hacking
Ethical hacking Ethical hacking
Ethical hacking
 
Applied cognitive security complementing the security analyst
Applied cognitive security complementing the security analyst Applied cognitive security complementing the security analyst
Applied cognitive security complementing the security analyst
 
How to Build and Validate Ransomware Attack Detections (Secure360)
How to Build and Validate Ransomware Attack Detections (Secure360)How to Build and Validate Ransomware Attack Detections (Secure360)
How to Build and Validate Ransomware Attack Detections (Secure360)
 
Penetration Testing Basics
Penetration Testing BasicsPenetration Testing Basics
Penetration Testing Basics
 
Ethical Hacking Interview Questions and Answers.pdf
Ethical Hacking Interview Questions and Answers.pdfEthical Hacking Interview Questions and Answers.pdf
Ethical Hacking Interview Questions and Answers.pdf
 
Using SurfWatch Labs' Threat Intelligence to Monitor Your Digital Risk
Using SurfWatch Labs' Threat Intelligence to Monitor Your Digital RiskUsing SurfWatch Labs' Threat Intelligence to Monitor Your Digital Risk
Using SurfWatch Labs' Threat Intelligence to Monitor Your Digital Risk
 
Appsec2013 assurance tagging-robert martin
Appsec2013 assurance tagging-robert martinAppsec2013 assurance tagging-robert martin
Appsec2013 assurance tagging-robert martin
 
5 Steps to an Effective Vulnerability Management Program
5 Steps to an Effective Vulnerability Management Program5 Steps to an Effective Vulnerability Management Program
5 Steps to an Effective Vulnerability Management Program
 
The Cyber Kill Chain. 7 Stages of Cyber Kill Chain Supplementary Reading
The Cyber Kill Chain. 7 Stages of Cyber Kill Chain Supplementary ReadingThe Cyber Kill Chain. 7 Stages of Cyber Kill Chain Supplementary Reading
The Cyber Kill Chain. 7 Stages of Cyber Kill Chain Supplementary Reading
 
Reducing Your Attack Surface and Yuor Role in Cloud Workload Protection
Reducing Your Attack Surface and Yuor Role in Cloud Workload ProtectionReducing Your Attack Surface and Yuor Role in Cloud Workload Protection
Reducing Your Attack Surface and Yuor Role in Cloud Workload Protection
 
Common Types of Cyber Attacks & How to Prevent Them.pptx
Common Types of Cyber Attacks & How to Prevent Them.pptxCommon Types of Cyber Attacks & How to Prevent Them.pptx
Common Types of Cyber Attacks & How to Prevent Them.pptx
 
Talos Insight: Threat Innovation Emerging from the Noise
Talos Insight: Threat Innovation Emerging from the NoiseTalos Insight: Threat Innovation Emerging from the Noise
Talos Insight: Threat Innovation Emerging from the Noise
 
Reducing Your Attack Surface & Your Role in Cloud Workload Protection
Reducing Your Attack Surface & Your Role in Cloud Workload ProtectionReducing Your Attack Surface & Your Role in Cloud Workload Protection
Reducing Your Attack Surface & Your Role in Cloud Workload Protection
 
Cyber security series advanced persistent threats
Cyber security series advanced persistent threats Cyber security series advanced persistent threats
Cyber security series advanced persistent threats
 
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdfFor Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
 
Application security testing an integrated approach
Application security testing an integrated approachApplication security testing an integrated approach
Application security testing an integrated approach
 

Recently uploaded

GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
Neo4j
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
mikeeftimakis1
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
sonjaschweigert1
 
Free Complete Python - A step towards Data Science
Free Complete Python - A step towards Data ScienceFree Complete Python - A step towards Data Science
Free Complete Python - A step towards Data Science
RinaMondal9
 
Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
Alpen-Adria-Universität
 
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptxSecstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
nkrafacyberclub
 
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
Neo4j
 
Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1
DianaGray10
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
Quotidiano Piemontese
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
James Anderson
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
Octavian Nadolu
 
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
名前 です男
 
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
Neo4j
 
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AIEnchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Vladimir Iglovikov, Ph.D.
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Paige Cruz
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
Matthew Sinclair
 
By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024
Pierluigi Pugliese
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
DanBrown980551
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Albert Hoitingh
 
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 202420240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
Matthew Sinclair
 

Recently uploaded (20)

GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
 
Free Complete Python - A step towards Data Science
Free Complete Python - A step towards Data ScienceFree Complete Python - A step towards Data Science
Free Complete Python - A step towards Data Science
 
Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
 
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptxSecstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
 
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
 
Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
 
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
 
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
 
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AIEnchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
 
By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
 
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 202420240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
 

2016 ISACA NACACS - Audit As An Impact Player For Cybersecurity

  • 1. Nathan Anderson, Director Internal Audit, Sears Holdings Lucas Morris, Senior Manager, Crowe Horwath
  • 2. #NACACS WHO WE ARE • Nate Anderson – IT Audit Director, Sears Holdings Corporation • Lucas Morris – Senior Manager, Crowe Horwath LLP
  • 3. #NACACS AGENDA “ security is no longer a function of IT, it’s part of enterprise risk management” 1. the case for cybersecurity 2. three lines of defense model and security roles 3. rethinking the role of internal audit
  • 4. #NACACS THE CASE FOR CYBERSECURITY
  • 5. #NACACS HIGH-PROFILE 2014 BREACHES¹ ¹ dell security 2015 threat report (modified): http://bit.ly/1UhOmyF 40m 56m
  • 6. #NACACS HIGH-PROFILE 2015 BREACHES¹ ¹ dell security 2016 threat report: http://dell.to/1QeaJ4X 80m 37m
  • 7. #NACACS BREACHES BY THE NUMBERS 58%24% 15% 2% 2% source of breach malicious outsider accidental loss malicious insider hacktivist state sponsored 43% 19% 17% 12% 6% 3% breaches by industry government healthcare other technology retail education ¹ breach level index: http://breachlevelindex.com
  • 8. #NACACS BREACHES BY THE NUMBERS • Average cost per record lost in 2015 is $217 IBM 2015 Cost of Breach Study: http://ibm.co/1rnnBN3
  • 9. #NACACS THREE LINES OF DEFENSE MODEL AND SECURITY ROLES
  • 10. #NACACS THREE LINES OF DEFENSE MODEL Own & manage risk and control (front line operating management Monitor risk and control in support of management (risk, control, compliance functions put in place by management). Provide independent assurance to board & senior management concerning the effectiveness of management of risk and control. coso: three lines of defense: http://bit.ly/1I4XrQT
  • 11. #NACACS THREE LINES – ROLES & RESPONSIBILITIES • integrate risk management into daily ops • mitigate risks • escalate risks 1 2 3 • set risk baselines, policies, & standards • monitor & call for action • oversight, checks & balances, consultation • review program effectiveness • update senior management & leaders • holistic risk view
  • 12. #NACACS THREE LINES EXAMPLE: EMPLOYEE DATA Internal audit information security / it compliance human resources control requirements – cobit / nist risk assessment control gaps global view system & asset inventory control set
  • 13. #NACACS ROLE OF BOARD OF DIRECTORS & AUDIT COMMITTEE 40% of boards deal with computer & information security issues 48% have board-level risk committee for privacy & security 65% [of directors] want at least “some” additional time and focus on IT risks like cybersecurity¹ 83% of the board or its committees are very or moderately engaged with overseeing/understanding the risk of cyberattacks. 65% of board or its committees are very or moderately engaged with overseeing/understanding the level of spend on cybersecurity. Deloitte: http://bit.ly/1pnZCN5 PwC: http://pwc.to/1RMkXWK
  • 14. #NACACS RETHINKING THE ROLE OF INTERNAL AUDIT
  • 15. #NACACS SECURITY AS ENTERPRISE RISK MANAGEMENT • identify your threat landscape: assets, threat actors, and threats¹ • assess defense and determine relevancy of attacks • audit and test defenses and technical controls • communicate and collaborate with other lines of defense and audit committee ¹ refer to appendix A. for recommended reading list.
  • 16. #NACACS SECURITY AS ENTERPRISE RISK MANAGEMENT • identify your threat landscape: assets, threat actors, and threats • assess defense and determine relevancy of attacks • audit and test defenses and technical controls • communicate and collaborate with other lines of defense and audit committee
  • 17. #NACACS IDENTIFY YOUR THREAT LANDSCAPE: ASSETS¹ what are your crown jewels? ¹ refer to appendix B. for security frameworks supporting an asset-driven approach.
  • 18. #NACACS IDENTIFY YOUR THREAT LANDSCAPE: ASSETS where are your crown jewels? “an organization cannot properly protect [assets] it does not know about.” - nist¹ points of entry servers databases staging warehouse third parties cloud unstructured reports ¹ NIST Protecting PII: http://1.usa.gov/1DgxrRy
  • 19. #NACACS IDENTIFY YOUR THREAT LANDSCAPE: THREAT ACTORS relevant external threat actors are relevant based on: - assets - industry nation states hacktivists criminal organizations terrorists individuals (internal & external) attack origination¹ external internal partner 80%+ 17% 3% relevant internal & third party threat actors ¹ verizon data breach investigations report: http://vz.to/1ILoZPv
  • 20. #NACACS • Highly knowledgeable, highly funded • Looking for targets of value • Example: Lulzsec, Stuxnet, Nation Sponsored • Advanced attacks with specific targets • Worms, Application Vulnerabilities • Example: Conficker, Sasser • Leverage widely available tools • Look for targets of opportunity • Example: Website defacement • Employee, partners, contractors • Typically highest likelihood of monetary impact • Example: WikiLeaks THREAT ACTOR SOPHISTICATION insider threats “script kiddies” targeted attacks advanced persistent threats
  • 21. #NACACS # OF BREACHES BY THREAT ACTIVE MOTIVE ¹ verizon dbir 2016: http://vz.to/1Svr72f
  • 22. #NACACS IDENTIFY YOUR THREAT LANDSCAPE - THREATS phishing data leakage credentials trojan backdoor command & control malware
  • 23. #NACACS THREATS – USER CREDENTIALS • at risk credentials – weak, reused, default credentials – easy method for attackers to gain and expand access • how do they obtain them: – guessing – stealing them encrypted from memory or storage – stealing them while in use (unencrypted) – stealing the users session or token • enable attacker to: – gather significant amounts of low risk information – access files – search and scan for additional access, moving both laterally and vertically credentials
  • 24. #NACACS THREATS – THIRD PARTIES • it’s 10:30 am monday morning and IT gets a call… “Hello, this is Tom from procurement. We have a vendor that will be here at 2:00 and they are requesting that we provide them an internal IP address for the installation.” • recent breaches show compliance is not the goal • right to audit clause • more hands on testing – vendors will hate this – small organizations will struggle credentials
  • 25. #NACACS THREATS – DATA LEAKAGE internet third parties shares email printers intranetapplications backups media database local files data leakage
  • 26. #NACACS THREATS – SOCIAL ENGINEERING From: “Client Content Filter System" <client-web-filter@FAKEBUTLOOKSREAL.org> Subject: Potential Acceptable Use Violation Michael, Our web traffic monitoring service has reported that your account has visited potentially malicious web sites, including sites that are restricted per ABC’s Acceptable Use Policy. We do realize that this type of activity is often caused by viruses and other types of malware. The following link will direct you to the detailed report of the malicious web sites your system has visited as reported by the monitoring service; please review this list for accuracy. https://www.FAKEBUTLOOKSREAL.org/ABC/?sessionid=chris.wilkinson@abc.com The file has been encrypted for privacy and requires Microsoft Word macros to be enabled for viewing. If you believe that any of the sites listed in the report have been reported erroneously or that all sites noted are false positives, please reply to this email and a manual review will be conducted by Information Security. phishing
  • 27. #NACACS THREATS – PHISHING SCENARIO EXAMPLE 1 user receives phishing Email; clicks attachment 2 malicious malware installed that enables backdoor 3 communication between User system & attacker 4 attacker scans network for targets, lateral movement phishing
  • 28. #NACACS SECURITY AS ENTERPRISE RISK MANAGEMENT • identify your threat landscape: assets, threat actors, and threats • assess defense and determine relevancy of attacks • audit and test defenses and technical controls • communicate and collaborate with other lines of defense and audit committee
  • 29. #NACACS ASSESS DEFENSE Initial Point of Entry The Point of Entry represents how the attacker obtains initial access. Examples could include social engineering, unpatched Internet accessible systems, or weak passwords on externally accessible systems. Fortify Access and Access Data As the attacker pivots around the network, they continue to attempt to escalate their authority until they have the necessary access. They will typically fortify their access by installing malware or backdoors to maintain access. Persistent Administrator access is the end goal. Pivot Point The initial access typically does not provide the information the attacker is looking for. They will leverage the access they do have to try to increase authority on the network. This could be occur through shared passwords, unpatched systems, or excessive privileges. Data Exfiltration Once the attacker has data, they need to get it out of the network. This can be completed through a variety of vehicles email or FTP. This has forced the maturity in the approach to Information Security from only focusing on prevention to include detection and response.
  • 30. #NACACS ASSESS RELEVANCY – ATTACK SCENARIOS & PATTERNS¹ ¹ refer to appendices C. through F. for additional threat pattern and scenario details. ² verizon dbir 2015: http://vz.to/1ILoZPv ³ verizon data breach digest 2016: http://vz.to/21zkult social engineering financial pretexting insider threat usb infection peripheral tampering rogue connection logic switch sql injection cms compromise backdoor access ram scraping credential theft over the previous three years, just 12 attack scenarios represent over 60% of our investigations.³ pos intrusions web application attacks cyberespionage crimeware insider/privilege misuse payment card skimmers miscellaneous errors physical theft & loss denial of service “while we saw many changes in the threat landscape the last 12 months, [9] patterns still covered the vast majority of incidents (96%).” ²
  • 31. #NACACS ASSESS THREAT RELEVANCY – TOP PATTERNS frequency of incident patterns across all security incidents¹ frequency of incident patterns with confirmed data breaches¹ ¹ verizon dbir 2015: http://vz.to/1ILoZPv
  • 32. #NACACS # OF BREACHES PER THREAT ACTION TYPE top 5 C2 (malware) use of stolen creds export data (malware) use of backdoor or C2 phishing (social) ¹ verizon dbir 2016: http://vz.to/1Svr72f
  • 33. #NACACS SECURITY AS ENTERPRISE RISK MANAGEMENT • identify your threat landscape: assets, threat actors, and threats • assess defense and determine relevancy of attacks • audit and test defenses and technical controls • communicate and collaborate with other lines of defense and audit committee
  • 34. #NACACS AUDIT & TEST – IDENTIFICATION OF SENSITIVE ASSETS focus on completeness of inventory during data security audits create data flows create system & asset inventory hold management accountable for upkeep “entity should confirm the accuracy of their PCI DSS scope by identifying all locations and flows of cardholder data, and identify all systems that are connected to or, if compromised, could impact the CDE.” – PCI DSS 3.1
  • 35. #NACACS AUDIT & TEST – ALIGN WITH SECURITY FRAMEWORK example security frameworks: COBIT, ISO 2700X, NIST or OCTAVE COBIT 5 ISO 27001/27002 NIST cybersecurity framework OCTAVE allegro - more focus on alignment with business goals, governance roles (2nd & 3rd line of defense) - control set (no risk language) - maps to ISO 27001, NIST CSF - controls have wider coverage than NIST CSF - accepted standard in many countries - supports certification process - Maps to NIST CSF, COBIT - subset of verbose sp 800-53 NIST framework - control set (no risk language) - detailed guidance for technical controls - Maps to ISO 27001, COBIT - many publications - risk-based approach - aligns with NIST risk assessment publication sp 800-39 - Provides steps, worksheets, questionnaires; not a control framework
  • 36. #NACACS AUDIT & TEST – ASSESS MEASUREMENT CAPABILITY Risk & Control Activity Intellectual Property Cardholder (PCI) Health (ePHI) Employee (PII) Customer (PII) Financial (SOX) System & Asset Inventory Third Party Inventory Identify & Classify Risks Define Control Requirements Identify Existing Controls Control Assessment Measure Residual Risks Identify & Manage Incidents establish method to measure key risks & controls
  • 37. #NACACS AUDIT & TEST – ACROSS THE ATTACK CHAIN Internet Application Infrastructure Endpoint Third Party Firewall Remote Users Mobile Devices Web Application Applications Network Employees Workstations Servers Printers Cloud Database
  • 38. #NACACS AUDIT & TEST – SOCIAL ENGINEERING AUDIT malicious email filtering phishing incident management security awareness program - blocking sufficient % of malicious emails - filters updated based on incidents - accurate, complete list of incidents - analysis of nature and severity - remediation effective & complete; includes cleaning user systems, blocking at network-level, identifying any command & control activity - evaluate effectiveness & reach of training & communications - determine how effectiveness of program is evaluated
  • 39. #NACACS AUDIT & TEST – PHISHING SIMULATIONS 1 email ploy crafted by audit (similar to actual) phishing engine selects appropriate random targets across areas of organization 3 2 measure % that click, open, provide credentials 4 repeat different ploys regularly, collecting stats - % open email (30% avg.¹) - % open link / attachment (12% avg.) - % report suspicious email (3% avg.) - track % over time - track % by area - adjust awareness program ¹ verizon dbir 2016: http://vz.to/1Svr72f
  • 40. #NACACS INFORMATION SECURITY AUDITS TO CONSIDER cloud & data lake governance it asset management security vulnerabilities & patching assessment phishing & security awareness network segmentation assessment security logging & event detection penetration testing web & mobile application assessment program assessments: PCI & PHI information security overall assessment firewall ruleset assessment
  • 41. #NACACS SECURITY AS ENTERPRISE RISK MANAGEMENT • identify your threat landscape: assets, threat actors, and threats • assess defense and determine relevancy of attacks • audit and test defenses and technical controls • communicate and collaborate with other lines of defense and audit committee
  • 42. #NACACS RELEVANT COMMUNICATION TO LEADERS 3rd line of defense what are you communicating to the audit committee, security, IT, and the business about cybersecurity?
  • 44. #NACACS THANK YOU Lucas Morris lucas.morris@crowehorwath.com www.github.com/CroweCybersecurity 214-777-5257 Nate Anderson nate.anderson@searshc.com
  • 46. #NACACS A. CYBERSECURITY THREAT REPORTS • key data breach / cybersecurity reports – verizon data breach investigations report • 2014: http://vz.to/1pMX6xZ | 2015: http://vz.to/1ILoZPv • 2016: http://vz.to/1Svr72f – verizon data breach digest: 2016: http://vz.to/21zkult – dell security annual threat report: • 2015: http://bit.ly/1UhOmyF | 2016: http://dell.to/1QeaJ4X – symantec internet security threat report: • 2015: http://symc.ly/1MBxADq | supplement: http://symc.ly/1aVPSSs – mcafee labs threats predictions: 2015: http://intel.ly/1No3xh0 – poneman global megatrends in cybersecurity: http://rtn.co/1KmCqRS
  • 47. #NACACS B. POPULAR FRAMEWORKS ON ASSET IDENTIFICATION ¹ nist csf: http://1.usa.gov/1dIqXf5 ² octave allegro: http://bit.ly/1LTaH2F methodology system & asset reference nist cybersecurity framework¹ step 2: orient. Once the scope of the cybersecurity program has been determined for the business line or process, the organization identifies related systems and assets, regulatory requirements, and overall risk approach. The organization then identifies threats to, and vulnerabilities of, those systems and assets. octave allegro² step 2: develop an information asset profile The methodology focuses on the information assets of the organization and Step 2 begins the process of creating a profile for those assets… The methodology’s profiling process ensures that an asset is clearly and consistently described, that there is an unambiguous definition of the asset’s boundaries, and that the security requirements for the asset are adequately defined. The profile for each asset is captured on a single worksheet that forms the basis for the identification of threats and risks in subsequent steps. step 3: identify information asset containers Containers describe the places where information assets are stored, transported, and processed. Information assets reside not only in containers within an organization’s boundaries but they also often reside in containers that are not in the direct control of the organization. Any risks to the containers in which the information asset lives are inherited by the information asset.
  • 48. #NACACS C. THREAT ACTIONS – TOP 9 INCIDENT PATTERNS ¹ verizon data breach digest 2016: http://vz.to/21zkult
  • 49. #NACACS D. THREAT ACTIONS – 12 MOST COMMON SCENARIOS¹ ¹ verizon data breach digest 2016: http://vz.to/21zkult # scenario freq threat actor(s) sophistication threat source 1 social engineering 16% organized crime, state-affiliated 3-4-5 China, Argentina, North Korea, Russian Federation 2 financial pretexting 7% organized crime 2-3 varies 3 insider threat 12% Cashier/bank teller/waiter, end users, organized crime, finance employees, call center employees 1 varies 4 usb infection 33% State-affiliated, organized crime 4-5 China, North Korea, Russian Federation 5 peripheral tampering <1% organized crime 2 Bulgaria, Romania, Armenia, Brazil, the U.S. 6 rogue connection 4% organized crime 1-2-3 varies 7 logic switch 53% Organized crime, una liated, state-affiliated, activist group 1-2-3-4-5 The U.S., China 8 sql injection 23% Activist, organized crime, state- affiliated 3 varies 9 cms compromise 46% organized crime 3 China, Malaysia, the U.S., Russian Federation 10 backdoor access 51% State-affiliated, organized crime 3-4-5 Romania, China, Russian Federation 11 ram scraping 55% organized crime, state-affiliated 2-3 Romania, Germany, China, Russian Federation 12 credential theft 42% organized crime, state-affiliated 2-3-4-5 Ukraine, China, Romania, Germany, Russian Federation, the U.S.
  • 50. #NACACS E. THREAT ACTIONS – 6 LETHAL SCENARIOS¹ ¹ verizon data breach digest 2016: http://vz.to/21zkult # scenario freq threat actor(s) sophistication threat source 1 digital extortion 9% organized crime 2 varies 2 partner misuse 4% business-2-business partner 1 varies 3 hacktivist attack 3% activist group 1-2 unknown, syria 4 dns tunneling <1% state-affiliated, organized crime 3 varies 5 data ransomware 4% organized crime 1-2 varies 6 sophisticated malware 32% state-affiliated, organized crime 4-5 varies
  • 51. #NACACS F. TOP 25 VERIS (VERIZON) THREAT ACTIONS # scenario # threat actor(s) 1 Phishing—Phishing (or any type of *ishing) 13 Downloader—Downloader (pull updates or other malware) 2 Use of stolen creds—Use of stolen credentials 14 Scan network—Scan or footprint network 3 RAM scraper—RAM scraper or memory parser 15 Password dumper—Password dumper 4 Brute force—Brute force attack 16 Privilege abuse—Abuse of system access privileges 5 Export data—Export data to another site or system 17 Skimmer—Payment card skimmers 6 Use of backdoor or C2—Use of backdoor or C2 18 Adminware—System or network utilities (e.g., , PsTools) 7 Unknown—Malware unknown 19 Rootkit—Rootkit (maintain local privileges and stealth) 8 Backdoor—Backdoor (enable remote access) 20 SQL injection—SQL injection attack 9 Spyware/Keylogger—Spyware, keylogger, etc. 21 Exploit vuln—Exploit vulnerability in code 10 Unknown—Hacking unknown 22 Disable controls—Disable or interfere with security controls 11 C2—Command and control (C2) 23 Brute force—Brute force attack 12 Capture stored data—Capture data stored on disk 24 Unapproved hardware—Use of unapproved hardware 25 Packet sniffer—Packet sniffer (capture data from network) ¹ verizon data breach digest 2016: http://vz.to/21zkult
  • 52. #NACACS ICON CREDITS – 1 OF 2¹ ¹ thenounproject.com icon credit icon credit icon credit invoice 1 alex auda samora invoice 2 alex auda samora cloud server icon 54 credit card redfusion bank anbileru adaleru black database sergio luna money gregor cresnar mystery person yamini ahluwalia building lil squid health joao proenca brain jessie_vp white server mister pixel diamond rflor report aldredo hernandez server w/legs chameleon design thumbprint wilson joseph cash register icon 54 spreadsheet useiconic license olivia stelan elephant ted mitchner circle lifecycle yamini ahluwalia process flow mantisshrimpdesign black hoodie olivier guin black hat spy alex auda samora black mask luis prado white mask icon 54 black mask hat creative stall
  • 53. #NACACS ICON CREDITS – 2 OF 2¹ ¹ thenounproject.com icon credit icon credit icon credit download creative stall trojan horse luis prado open lock chameleon design phishing juan pablo bravo broken lock james mayor safe luis prado pass crack matt wasser keyring william j salvador