Prevent banking frauds through identity managementGARL
What is the difference between private and retail banking in fraud management? Significant use of mobile devices (tablet, smartphone,...) and the growing number of fraud due to human factor are changing private banking management.
GARL presentation at Forum Banca 2013 describes fraud risks for private banking and how to manage them in a prevention plan.
The presentation was made as a collaboration with Banca Esperia (Mediobanca group).
2017 Phishing Trends & Intelligence Report: Hacking the HumanPhishLabs
PhishLabs' Phishing Trends and Intelligence annual report provides insight on significant trends, tools, and techniques used by threat actors to carry out phishing attacks. It provides context and perspective into HOW and WHY these trends are occurring
By understanding the threat, we can better defend against it. The report data is sourced from more than one million confirmed phishing sites residing across more than 170,000 unique domains. We investigated more than 7,800 phishing attacks every month, identifying the underlying infrastructure used in the attacks and shutting them down. The report uses this data to illuminate significant trends, tools, and techniques being used by the threat actors.
Do download the on-demand full webinar, click here: https://info.phishlabs.com/phishing-trends-and-intelligence-pti-report-webinar
Do download the PTI Report, click here: https://info.phishlabs.com/2017-phishing-trends-and-intelligence-report-pti
The Rise of Spear Phishing & How to Avoid being the Next HeadlinePhishLabs
Phishing is not cybercrime, phishing is the exploitation of people. In this presentation, PhishLabs walks through the problem phishing poses to businesses and how you can prepare your employees with effective security awareness training, robust intelligence and tools to fight back against the threat. Download the on-demand version of the full webinar here: https://info.phishlabs.com/the-rise-of-spear-phishinghow-to-avoid-being-the-next-headline
If you're interested in signing up for our webinar series, click here:
https://info.phishlabs.com/the-rise-of-spear-phishinghow-to-avoid-being-the-next-headline
Presented at the 29th Annual FMA Conference
Topics:
> Raise awareness of the emerging trends in cybersecurity, such as the threats and the potential cost that a breach could have on your organization
> Establish an understanding of what your organization and board can do to reduce the likelihood and impact of a breach
> Identify key characteristics and aspects within an incident/breach response plan and how this plan will reduce the impact of the unfortunate event
Prevent banking frauds through identity managementGARL
What is the difference between private and retail banking in fraud management? Significant use of mobile devices (tablet, smartphone,...) and the growing number of fraud due to human factor are changing private banking management.
GARL presentation at Forum Banca 2013 describes fraud risks for private banking and how to manage them in a prevention plan.
The presentation was made as a collaboration with Banca Esperia (Mediobanca group).
2017 Phishing Trends & Intelligence Report: Hacking the HumanPhishLabs
PhishLabs' Phishing Trends and Intelligence annual report provides insight on significant trends, tools, and techniques used by threat actors to carry out phishing attacks. It provides context and perspective into HOW and WHY these trends are occurring
By understanding the threat, we can better defend against it. The report data is sourced from more than one million confirmed phishing sites residing across more than 170,000 unique domains. We investigated more than 7,800 phishing attacks every month, identifying the underlying infrastructure used in the attacks and shutting them down. The report uses this data to illuminate significant trends, tools, and techniques being used by the threat actors.
Do download the on-demand full webinar, click here: https://info.phishlabs.com/phishing-trends-and-intelligence-pti-report-webinar
Do download the PTI Report, click here: https://info.phishlabs.com/2017-phishing-trends-and-intelligence-report-pti
The Rise of Spear Phishing & How to Avoid being the Next HeadlinePhishLabs
Phishing is not cybercrime, phishing is the exploitation of people. In this presentation, PhishLabs walks through the problem phishing poses to businesses and how you can prepare your employees with effective security awareness training, robust intelligence and tools to fight back against the threat. Download the on-demand version of the full webinar here: https://info.phishlabs.com/the-rise-of-spear-phishinghow-to-avoid-being-the-next-headline
If you're interested in signing up for our webinar series, click here:
https://info.phishlabs.com/the-rise-of-spear-phishinghow-to-avoid-being-the-next-headline
Presented at the 29th Annual FMA Conference
Topics:
> Raise awareness of the emerging trends in cybersecurity, such as the threats and the potential cost that a breach could have on your organization
> Establish an understanding of what your organization and board can do to reduce the likelihood and impact of a breach
> Identify key characteristics and aspects within an incident/breach response plan and how this plan will reduce the impact of the unfortunate event
Discussing how to deal with frauds occurred in e-banking channels by implementing end-to-end controls (deterrent, preventive, detective, responsive, corrective and recovery), the line of defences as well as deploying numerous anti-fraud strategies.
An overview of identity theft, the tactics criminals use and how to protect yourself and prevent identity theft in Canada. Created by an IT industry expert.
Identity theft occurs when an unauthorized person uses your name, date of birth, social security number or other forms of identity to obtain credit in your name without your consent. Some identity theft methods include phishing, vishing, pretexting, shoulder surfing, dumpster diving, atm skimming and more. Stay alert and informed and protect yourself and your identity.
Detecting Frauds and Identifying Security Challenge | by Money2ConfMoney 2Conf
The Money 2.0 Conference dives into the latest market trends, enterprise risk management strategies, regulatory changes, and FinTech developments in the rapidly-evolving finance and insurance landscape. A three-day conference, it will delve into crucial topics such as the role of blockchain in banking, cybersecurity, digital forensics, spam identification; it will also review investments in emerging markets, money scam and fraud detection, retirement savings, and much more.
Listen to top-notch speakers from well-known organizations who will share their valuable insights and break down the latest developments so that you learn how to manage and grow your wealth in a secure manner! Join us on 18th-20th March 2022 in Dubai, UAE and on April 11th-13th 2022 in Las Vegas, USA.
Regulations, compliance and overall risk management place a significant operational burden on financial services.
Online lenders are no different. You have to comply with multiple regulatory requirements, and you are- like any other financial service- very susceptible to fraud.
If you want to prevent and reduce loan application fraud, your strategy and fraud detection system should include a combination of identity verification, account onboarding protection, and account monitoring.
In this post, we’ll explain how identity verification and Know Your Customer processes are related, and how you can expand them for better fraud coverage.
We’ve also provided specific recommendations for identity verification security tests, and account origination protection strategies that can help you prevent fraud during the loan application process.
Cyber threats and trends that you cannot afford to overlook in 2018. revised presentation from Clear and Present Danger - an Enterprsie Security event hosted by Netplus
Devnexus 2017 Cybercrime and the Developer: How do you make a difference?Steve Poole
Cybercrime how bad can it be? Organised attacks around the world in 2016 have shown how unprepared we are to deal with the growth of Cybercrime. In this talk learn a little about the scale of the challenge developers face from assaults on our systems. Be prepared to be appalled and scared. Fainting is not allowed. Discover how to fight back and see how you can change your behaviour and your code to defend against these attacks.
Your destiny is clear - it’s time to be come a Cyber Defender
Discussing how to deal with frauds occurred in e-banking channels by implementing end-to-end controls (deterrent, preventive, detective, responsive, corrective and recovery), the line of defences as well as deploying numerous anti-fraud strategies.
An overview of identity theft, the tactics criminals use and how to protect yourself and prevent identity theft in Canada. Created by an IT industry expert.
Identity theft occurs when an unauthorized person uses your name, date of birth, social security number or other forms of identity to obtain credit in your name without your consent. Some identity theft methods include phishing, vishing, pretexting, shoulder surfing, dumpster diving, atm skimming and more. Stay alert and informed and protect yourself and your identity.
Detecting Frauds and Identifying Security Challenge | by Money2ConfMoney 2Conf
The Money 2.0 Conference dives into the latest market trends, enterprise risk management strategies, regulatory changes, and FinTech developments in the rapidly-evolving finance and insurance landscape. A three-day conference, it will delve into crucial topics such as the role of blockchain in banking, cybersecurity, digital forensics, spam identification; it will also review investments in emerging markets, money scam and fraud detection, retirement savings, and much more.
Listen to top-notch speakers from well-known organizations who will share their valuable insights and break down the latest developments so that you learn how to manage and grow your wealth in a secure manner! Join us on 18th-20th March 2022 in Dubai, UAE and on April 11th-13th 2022 in Las Vegas, USA.
Regulations, compliance and overall risk management place a significant operational burden on financial services.
Online lenders are no different. You have to comply with multiple regulatory requirements, and you are- like any other financial service- very susceptible to fraud.
If you want to prevent and reduce loan application fraud, your strategy and fraud detection system should include a combination of identity verification, account onboarding protection, and account monitoring.
In this post, we’ll explain how identity verification and Know Your Customer processes are related, and how you can expand them for better fraud coverage.
We’ve also provided specific recommendations for identity verification security tests, and account origination protection strategies that can help you prevent fraud during the loan application process.
Cyber threats and trends that you cannot afford to overlook in 2018. revised presentation from Clear and Present Danger - an Enterprsie Security event hosted by Netplus
Devnexus 2017 Cybercrime and the Developer: How do you make a difference?Steve Poole
Cybercrime how bad can it be? Organised attacks around the world in 2016 have shown how unprepared we are to deal with the growth of Cybercrime. In this talk learn a little about the scale of the challenge developers face from assaults on our systems. Be prepared to be appalled and scared. Fainting is not allowed. Discover how to fight back and see how you can change your behaviour and your code to defend against these attacks.
Your destiny is clear - it’s time to be come a Cyber Defender
Threat hunting - Every day is hunting seasonBen Boyd
Breakout Presentation by Ben Boyd during the 2018 Nebraska Cybersecurity Conference.
Introduction to Threat Hunting and helpful steps for building a Threat Hunting Program of any size, from small to massive.
RSA 2015 Bitcoin's Future Threats: Expert's Roundtable based on 150 Case StudiesWayne Huang
Bitcoin's future threats: what’s real and what’s not? Audience votes after panelists release a whitepaper and overview key case studies on: remote exploitation(31), mining resources theft(17), wallet theft(10), fraud or scam(10), crime or terrorism(10), insider threat(8), DDoS(7), phishing(6), coin loss(4), software bug or human error(3), social engineering(1), 51% attack(1), government bans(1). - See more at: https://www.rsaconference.com/events/us15/agenda/sessions/1710/bitcoins-future-threats-experts-roundtable-based-on#sthash.MtLRNA1w.dpuf
According to Google, almost 80 percent of websites loaded in Chrome are over HTTPS, and Zscaler ThreatLabZ research shows that more than 50 percent of malware now hides in SSL/TLS-encrypted traffic. The problem is that many organizations don’t have the budget to fully inspect encrypted traffic, so SSL becomes a blindspot and IT is faced with a major compromise. Meanwhile, hackers are getting more and more creative in how they deliver malware in SSL/TLS, which creates new inspection challenges.
This exclusive webinar with Ryan McInerny will teach you all about cryptocurrency and NFTs! Register to learn more about identifying crypto transactions, crypto asset market trends, managing risk and compliance, and supporting customers and partners using crypto-based payments.
A look at the methodology and techniques or hackers, cyber criminals and state sponsored attackers. Explores the kill chain, Geo political instability and the dark web.
n the world of DevOps and the cloud, most developers have to learn new technologies and methodologies. The focus tends to be on adding capabilities such as resilience and scaling to an application. One critical aspect consistently overlooked is security.
In this session, learn about a few of the simple actions you can take (and some behaviors you must change) to create a more secure Java application for the cloud. The world of the cyber criminal is closer than you realize. Hear how at risk your application may be, see practical examples of how you can inadvertently leave the doors open, and understand what you can do to make your Java solution more secure.
Webinar: Hunting maturity through cyber deception Cymmetria
This webinar includes a live demo of Cymmetria's MazeRunner, as well as training on how your organization can use cyber deception to gain visibility and control in your network in the face of attackers. Original broadcast date: December 12, 2017.
Ransomware webinar may 2016 final version externalZscaler
In the last few years, ransomware has taken the cybercrime world by storm. CryptoWall 3.0, one of the most lucrative and broad-reaching ransomware campaigns, was alone responsible for 406,887 infection attempts and accounted for about $325 million in damages in 2015.1 And, according to the Institute for Critical Infrastructure Technology, ransomware promises to wreak more havoc in 2016.
While individual users were once the preferred target of ransomware, perpetrators have increasingly set their sights on businesses and organizations. And you can bet that with larger targets, the ransom demands will increase accordingly.
Are you prepared for such an attack?
In this presentaiton we will highlight how ransomware can impact your business and why legacy security solutions don’t stand a chance against such threats.
Presentation by Luc de Graeve at the Gordon institute of business science in 2001.
This presentation is about security in e-commerce and is aimed at making people aware of what hackers do, how they do it and the financial implications of their actions. The presentation begins with a few examples of defaced websites and ends with a discussion on risk and assessment.
Cyber Security Extortion: Defending Against Digital Shakedowns CrowdStrike
Real world lessons from CrowdStrike Services experts investigating complex cyber extortion attacks
The criminal act of theft is as old as civilization itself, but in the cyber realm new ways to steal your organization's data or profit by holding it hostage, continue to evolve. With each advancement in security technology, adversaries work tirelessly on new techniques to bypass your defenses. This webcast, "Cyber Extortion: Digital Shakedowns and How to Stop Them" examines the evolution of cyber extortion techniques, including the latest "datanapping" exploits. Whether it's an attack on a major movie studio, a massive healthcare system, or a global entertainment platform, recent extortion attempts demonstrate how critical it is to understand today's threat landscape so you can ensure that your organization mounts the best defense possible.
Download this presentation to learn what security experts from the cyber defense frontlines are discussing. Learn about:
•The range of extortion techniques being used today, including commonalities and differences in approaches
•Commodity type ransomware/datanapping vs. hands-on attacks — how are they alike and what are their differences?
•Potential outcomes of paying vs. not paying when attempting to recover data after an attack
•Real world examples of successful attacks and those that were thwarted or mitigated
•Strategies for keeping your organization from being targeted and what to do if you become the victim of a cyber shakedown
Cyber Threat Intelligence: What do we Want? The Incident Response and Technol...Albert Hui
Introduces "Hui's Hierarchy of CTIs", a reference model upon which cyber threat intelligence (CTI) can be classified, a 5W1H model for CTI contexts, and illustrates through examples what CTIs IR and TRM will find useful.
Practical Defences Against A New Type of Professional Bank FraudstersAlbert Hui
A high-level overview of the growing problem of BEC (business email compromise) fraud and the money laundering mechanism behind it, followed by practical prevention advices that FIs and firms alike can implement right away.
We demonstrated how commercial DDoS mitigation solutions can be bypassed and why the approaches adopted are heading in the wrong direction. An economics-based countermeasure is then proposed as the next-gen solution.
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024Neo4j
Neha Bajwa, Vice President of Product Marketing, Neo4j
Join us as we explore breakthrough innovations enabled by interconnected data and AI. Discover firsthand how organizations use relationships in data to uncover contextual insights and solve our most pressing challenges – from optimizing supply chains, detecting fraud, and improving customer experiences to accelerating drug discoveries.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...SOFTTECHHUB
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
Communications Mining Series - Zero to Hero - Session 1DianaGray10
This session provides introduction to UiPath Communication Mining, importance and platform overview. You will acquire a good understand of the phases in Communication Mining as we go over the platform with you. Topics covered:
• Communication Mining Overview
• Why is it important?
• How can it help today’s business and the benefits
• Phases in Communication Mining
• Demo on Platform overview
• Q/A
UiPath Test Automation using UiPath Test Suite series, part 5DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 5. In this session, we will cover CI/CD with devops.
Topics covered:
CI/CD with in UiPath
End-to-end overview of CI/CD pipeline with Azure devops
Speaker:
Lyndsey Byblow, Test Suite Sales Engineer @ UiPath, Inc.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Securing your Kubernetes cluster_ a step-by-step guide to success !
Cyber Fraud - The New Frontiers
1. 2014 Asia-Pacific Fraud Conference
November 17th 2014 @ Hong Kong
CYBER FRAUD
THE NEW FRONTIERS
Albert Hui GREM, GCFA, GCFE, GNFA, GCIA, GCIH, GXPN, GPEN, GAWN, GSNA, CISA, CISM, CRISC
Principal Consultant
2. WHO AM I?
Albert Hui GREM, GCFA, GCFE, GNFA, GCIA, GCIH, GXPN, GPEN, GAWN, GSNA, CISA, CISM, CRISC
Principal Consultant
albert@securityronin.com
• Spoken at Black Hat, High Tech Crime Investigation Association
(Asia Pacific Conference), and Economist Corporate Network.
• Risk Consultant for Banks, Government and Critical Infrastructures.
• SANS GIAC Advisory Board Member.
• Co-designed the first Computer Forensics curriculum for
Hong Kong Police Force.
• Former HKUST Computer Science lecturer.
20. HACKER SUPPLY CHAIN
Anon
Payment
Hacker
Tools /
Bulletproof
Hosting
Monetization
Implications
• Sophisticated attacks now available to
non-experts
• Lower breakeven point for attacks
• More “worthwhile” targets
25. PHILOSOPHY
Defender’s Dilemma
• Must secure all possible vulnerabilities
Intruder’s Dilemma
• Must evade all detections
Reason’s Swiss Cheese Model
Picture from NICPLD
26. ESSENTIALS FOR DETECTING CYBER ATTACKS
• Layered defense-in-depth
• Redundant security (e.g. two different brands of FWs)
• Security event correlation (e.g. SIEM)
• Trustworthy logging
• Up-to-date threat intelligence
• Security awareness and reporting channel
• Incident response capability (e.g. CSIRT)