This document provides biographical and career information about Shritam Bhowmick. It lists his current and previous professional roles, including as an AVP of Labs at Lucideus Tech where he performs application security assessments and R&D, as well as previous roles as an application security trainer and in security roles at other companies. It also notes some of his hobbies include the areas of his professional work.
SANS Ask the Expert: An Incident Response Playbook: From Monitoring to Opera...AlienVault
As cyber attacks grow more sophisticated, many organizations are investing more into incident detection and response capabilities. Event monitoring and correlation technologies and security operations are often tied to incident handling responsibilities, but the number of attack variations is staggering, and many organizations are struggling to develop incident detection and response processes that work for different situations.
In this webcast, we'll outline the most common types of events and indicators of compromise (IOCs) that naturally feed intelligent correlation rules, and walk through a number of different incident types based on these. We'll also outline the differences in response strategies that make the most sense depending on what types of incidents may be occurring. By building a smarter incident response playbook, you'll be better equipped to detect and respond more effectively in a number of scenarios.
The presentation is about information risk management. It covers information threats, risks, vulnerabilities and importance of risk assessment for information security for software companies in India.
http://www.ifour-consultancy.com
SANS Ask the Expert: An Incident Response Playbook: From Monitoring to Opera...AlienVault
As cyber attacks grow more sophisticated, many organizations are investing more into incident detection and response capabilities. Event monitoring and correlation technologies and security operations are often tied to incident handling responsibilities, but the number of attack variations is staggering, and many organizations are struggling to develop incident detection and response processes that work for different situations.
In this webcast, we'll outline the most common types of events and indicators of compromise (IOCs) that naturally feed intelligent correlation rules, and walk through a number of different incident types based on these. We'll also outline the differences in response strategies that make the most sense depending on what types of incidents may be occurring. By building a smarter incident response playbook, you'll be better equipped to detect and respond more effectively in a number of scenarios.
The presentation is about information risk management. It covers information threats, risks, vulnerabilities and importance of risk assessment for information security for software companies in India.
http://www.ifour-consultancy.com
Is your organization ready to respond to an incident? More specifically, do you have the people, process, and technology in place that is required to cope with today's threats?
This webinar will provide practical steps on how to assess your organization's risks, threats, and current capabilities through a methodical and proven approach. From there, it will detail the people, process, and technology considerations when standing up or revitalizing an incident response (IR) program.
Specifically it will cover the four pillars of a modern IR function:
- Identify what must be protected
- Scope potential breach impact to the organization
- Define IR management capabilities
- Determine likely threats and their potential impact
Our featured speakers for this webinar will be:
- Ted Julian, Chief Marketing Officer, Co3 Systems
- Richard White, Solutions Principal, HP
Incident Response in the age of Nation State Cyber AttacksResilient Systems
One of the most important and yet least discussed aspects of any corporate structure is the incident response framework. As recent events have highlighted, the risk of intellectual property and critical infrastructure being the target of a cyber-attack is quite real. More than ever before, corporate preparation and response plans are necessary for any entity operating in the digital age.
This webinar will examine how an organization's incident response framework can help limit the exposure of intellectual property and critical infrastructure to outside, malicious parties. Our presenters will review how to construct corporate response plans that yield best-of-breed preparedness.
Our featured speakers for this timely webinar are:
-Mike Gibbons, Managing Director, Alvarez and Marsal, former FBI Special Agent as Unit Chief, overseeing all cyber crime investigations
-Art Ehuan, Managing Director, Alvarez and Marsal, former FBI Supervisory Special Agent assigned to the Computer Crimes Investigations Program
-Gant Redmon, Esq. CIPP/US General Counsel and Vice President of Business Development at Co3
Vulnerability assessment & Penetration testing Basics Mohammed Adam
In these days of widespread Internet usage, security is of prime importance. The almost universal use of mobile and Web applications makes systems vulnerable to cyber attacks. Vulnerability assessment can help identify the loopholes in a system while penetration testing is a proof-of-concept approach to actually explore and exploit a vulnerability.
You have spent a ton of money on your security infrastructure. But how do you string all those things together so you can achieve your goals of reducing time to response, detecting, preventing threats. And most importantly, having your security team serve your business and mission. Learn how to organize your security resources to get the best benefit. See a live demonstration of operationalizing those resources so your security teams can do more for your organization.
This is a presentation discussing recommendations for a secure connection between a remote data center and a primary data center; taking into account user connectivity and end-user security awareness training.
Is your organization ready to respond to an incident? More specifically, do you have the people, process, and technology in place that is required to cope with today's threats?
This webinar will provide practical steps on how to assess your organization's risks, threats, and current capabilities through a methodical and proven approach. From there, it will detail the people, process, and technology considerations when standing up or revitalizing an incident response (IR) program.
Specifically it will cover the four pillars of a modern IR function:
- Identify what must be protected
- Scope potential breach impact to the organization
- Define IR management capabilities
- Determine likely threats and their potential impact
Our featured speakers for this webinar will be:
- Ted Julian, Chief Marketing Officer, Co3 Systems
- Richard White, Solutions Principal, HP
Incident Response in the age of Nation State Cyber AttacksResilient Systems
One of the most important and yet least discussed aspects of any corporate structure is the incident response framework. As recent events have highlighted, the risk of intellectual property and critical infrastructure being the target of a cyber-attack is quite real. More than ever before, corporate preparation and response plans are necessary for any entity operating in the digital age.
This webinar will examine how an organization's incident response framework can help limit the exposure of intellectual property and critical infrastructure to outside, malicious parties. Our presenters will review how to construct corporate response plans that yield best-of-breed preparedness.
Our featured speakers for this timely webinar are:
-Mike Gibbons, Managing Director, Alvarez and Marsal, former FBI Special Agent as Unit Chief, overseeing all cyber crime investigations
-Art Ehuan, Managing Director, Alvarez and Marsal, former FBI Supervisory Special Agent assigned to the Computer Crimes Investigations Program
-Gant Redmon, Esq. CIPP/US General Counsel and Vice President of Business Development at Co3
Vulnerability assessment & Penetration testing Basics Mohammed Adam
In these days of widespread Internet usage, security is of prime importance. The almost universal use of mobile and Web applications makes systems vulnerable to cyber attacks. Vulnerability assessment can help identify the loopholes in a system while penetration testing is a proof-of-concept approach to actually explore and exploit a vulnerability.
You have spent a ton of money on your security infrastructure. But how do you string all those things together so you can achieve your goals of reducing time to response, detecting, preventing threats. And most importantly, having your security team serve your business and mission. Learn how to organize your security resources to get the best benefit. See a live demonstration of operationalizing those resources so your security teams can do more for your organization.
This is a presentation discussing recommendations for a secure connection between a remote data center and a primary data center; taking into account user connectivity and end-user security awareness training.
Session 2 (two) of the course Information Technology Security and Business Continuity . Objective if information security, attacking method, responsibilities, risk management and Security System Development Life Cycle are discussed
Presented at Bangladesh Institute of Management on 21 November 2015.
The Legal Case for Cyber Risk Management Programs and What They Should IncludeShawn Tuma
Cybersecurity & Data Privacy Attorney Shawn Tuma presented this session to The American Institute of Architects' Large Firm Round Table on March 15, 2018. For more of Shawn Tuma's presentations please visit: https://shawnetuma.com/presentations/
Professional Services :
We offer bespoke penetration services to meet the requirements of our clients. We bring years of global experience and stamina to guide our clients through the ever-evolving cyber security threat landscape
We are driven to understand your security concerns and are committed to delivering high quality security solutions, such as :
-Research Powerhouse
-Client-centric Focus
-Affordable
-Certified Security Experts
-Global Consulting Services
https://redfoxsec.com/
Risk management is one of the main concepts that have been used by most of the organisations to protect their assets and data. One such example would be INSURANCE. Most of the insurance like Life, Health, and Auto etc have been formulated to help people protect their assets against losses. Risk management has also extended its roots to physical devices, such as locks and doors to protect homes and automobiles, password protected vaults to protect money and jewels, police, fire, security to protect against other physical risks. Dr. C. Umarani | Shriniketh D "Risk Management" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-5 | Issue-1 , December 2020, URL: https://www.ijtsrd.com/papers/ijtsrd37916.pdf Paper URL : https://www.ijtsrd.com/computer-science/computer-security/37916/risk-management/dr-c-umarani
The Legal Case for Cyber Risk Management - InfoSec World Privacy & Risk SummitShawn Tuma
Cybersecurity & Data Privacy Attorney Shawn Tuma delivered this presentation at Misti's InfoSec World during the Privacy & Risk Summit on March 22, 2018, in Orlando, Florida.
This comprehensive guide delves into the essential types of testing used in cybersecurity to ensure the resilience of digital systems against malicious attacks. From vulnerability assessments and penetration testing to social engineering and security audits, each testing method is examined in detail, providing insights into their purpose, methodology, and significance in safeguarding against cyber threats. Whether you're a cybersecurity professional seeking to deepen your knowledge or a novice looking to understand the fundamentals, this guide offers valuable insights into the world of cybersecurity testing. for more cybersecurity knowledge visit https://bostoninstituteofanalytics.org/data-science-and-artificial-intelligence/#
Similar to New Age Red Teaming - Enterprise Infilteration (20)
2. 2
About
Name: Shritam Bhowmick
Professional Career:
o AVP, Labs @Lucideus Tech
Application Security Assessments
Research and Development @Lucideus Labs
o Application Security Trainer @CTG Security Solutions
Application Security Trainer
Training Scheduler & Advisor
o Red Team Lead, Security Specialist cum R&D @Defencely
Client SPOC
Penetration Tester
Application Security Team Lead
Red Team Coordinator and Engagement Specialist
3. 3
And all of ‘em were my secret Hobbies too!
P.S: I do not use memes into presentations.
12. 12
Abstract
Security Breaches (Reasoning Analysis)
1. Code Maintainers unavailability
2. Developers do not understand vulnerabilities (Awareness factor)
3. Lack of IT Security Budget to cope up with current vulnerabilities
4. Affected codebase or part of code is owned by a third party
5. Applications deployed will be taken off n near future
6. Security solutions conflicts with business use cases
7. Compliance does not require fixing the issues
8. Feature enhancement is prioritized ahead of security fixes
9. Risk of exploitation and compromises are accepted
13. 13
Security Assessment v/s Security Engagement
Security Assessment – It’s a part of risk assessment or more
particularly – IT Security Risk Assessment, and it’s also a
“quantified” value of the risks to which an IT firm could be
exposed. Some necessary ingredients are:
1. Threat Assessment
2. Risk Assessment
3. Security Compliances
14. 14
Security Assessment v/s Security Engagement
Security Engagement– The first phase of accessed risks could be
verified by an ‘engagement’ procedure in place which gives
“qualitative” results if the previously accessed risks were positive or
negative, and this by default is either an ‘offensive’ or a
‘defensive’ engagement. This, again could be broken down to:
1. Code Review
2. Vulnerability Assessment
3. Penetration Testing
4. Red Team Engagement
15. 15
Threat Assessment
Threat Agents
Particulars which can adversely affect business
1. Non Target Specific – Trojan Horses, Worm, Viruses,
Logic Bombs, CnC Driven Botnets, etc.
2. Internal/External Association – Employees, Staff,
Code Maintainers, Operational Personnel's, YOU!
3. Organized Crime – Finance driven, target driven
blackhat entities, credit card information stealers.
Reference:https://www.owasp.org/index.php/Category:Threat_Agent
16. 16
Threat Agents
4. Corporation – Competitive Intelligence and
Offensive Information Warfare.
5. Human – Insider/Outsider with Intentional & Un-
Intentional threat agent behavior involved.
6. Natural – Earthquake, Thunderstorms, Flood, Fire,
Physical calamities driven by nature obstructing
electronic communications.
Reference:https://www.owasp.org/index.php/Category:Threat_Agent
Threat Assessment
17. 17
Threat Modeling
A process of identifying threats and to meet security objectives
1. External Dependencies – List of items which are
external and not internal to the organization.
2. Entry Points – Interfaces through which potential
threat agents can interact or supply data. Each
entry point has a level of trust.
3. Assets – Items of interests to an attacker. Assets
could be physical or abstract.
Reference:https://www.owasp.org/index.php/Application_Threat_Modeling
Threat Assessment
18. 18
Threat Modeling
4. Trust Levels – Cross referenced between entry
points and assets, these are access rights.
5. Data Flow Diagrams (DFD’s) – Logical connection
for the data flow. It ensures the structural overview
to clarify sub-systems and lover-level systems.
6. Threat Analysis – Accounting dependencies, entry
points, assets, trust levels and DFD’s to identify
design, functional or architectural threats.
Reference:https://www.owasp.org/index.php/Application_Threat_Modeling
Threat Assessment
19. 19
Threat Assessment Results
Threat Assessment
Threat Agents + Threat Modeling = Threat Assessment
1. Do Nothing – hope for the best
2. Aware and Inform – warn threats and publicize
3. Accept the Threat – accept threat if cannot be remediated
4. Remediate Potential Threat – place technical countermeasures
5. Transfer the Threat risk factor – insurances against a certain threat
6. Terminate entirely the Threat – Pull off deployment or shutdown affected
Mitigation Outcome
20. 20
Risk Assessment
Risk Assessment in security for an IT firm or any other retail, financial,
health, private, or educational sector is a procedural process to
reduce, control or eliminate business risks by performing an in-depth risk
analysis and risk management.
Risk Assessment and Threat Assessment are different and often confused.
1. Threats cannot be controlled – since they are always there and would
always be external trying to put an organization into risk. STRIDE and
DRIDE are models of accessing threats.
2. Risks can be controlled, reduced or eliminated since they are internal to
the organization and could be accessed via rational reasoning keeping
factors such as productivity, barriers, and costs associated by an
Organization. This depends on size and complexity of the concerned
Organization.
21. 21
Risk Assessment
Risk Assessment could be broken into considerable two parts:
1. Likelihood Assessment – where probability is determined.
2. Impact Assessment – if probability is true, the impact of the risk
22. 22
Risk Assessment
Risk Assessment – The Process
1. Identify Risks
• Financial entities – such as transaction details
• Informational entities – such as POS systems and HR
• Private Confidential entities – such as contractual data
• Technological entities:
o Servers – Availability of services
o Applications – Integrity interfaces for users
o Hardware Devices – Confidentiality of physical security systems
Biometric security systems – elevated physical access systems
Secure Footage systems – CCTV, surveillance systems, etc
SCADA systems – Integrated machinery systems for Industries.
23. 23
Risk Assessment
Risk Assessment – The Process
2. Analyze Risks
• perform security requirements and objectives study
• Access system architecture and network infrastructure
• Access interconnectivity of each previously accessed systems
• Quantify hardware for networking resources used in the organization
• Identify operating systems in use, software in use in both systems and servers
• Quantify assets of the organization and relate them to resources quantified
previously
• Relate functional entities – DBMS and files
• Network services open to external and supported protocols
• Current Security systems in use, any access control mechanisms or firewalls
24. 24
Risk Assessment
Risk Assessment – The Process
3. Evaluate Risks
• Likelihood of compromises
• Impact of compromises based on likelihood
• Business Outcome of the end compromises
• Risk Rating dependent on Risk Scaling Factors:
o Negligible Loss – non-sensitive data
o Slight Loss – low level business loss
o Significant Loss – sensitive business data loss
o Major Loss – financial loss to business
o Operational Loss – Patent loss, Data Loss, Strategy Loss
o Critical Loss to Survival – Tier-A Confidentiality loss, Weapon classification
data, military base locations, troop locations, agent list, life losses
25. 25
Risk Assessment Results
Risk Assessment
Risk Identification + Risk Analysis + Risk Evaluation = Risk Assessment
1. Implement no security at all.
2. Implement basic AV software.
3. AV + Basic Browser security settings and basic filtering.
4. Implement spyware and regulate routine patches for each operational units.
5. Router Hardening, policy changes, IDS implementation, Acceptable Usage Policy
6. More Policy Enforcement, ports closing, data security, DMZ Placement, Packet level filter
7. Strict and regulatory compliance auditing, monthly patching updates, backup copy
destruction, physical and hardware level security, host system level security, routine
penetration testing, intranet controlled subnet security
Mitigation Outcome
26. 26
Security Compliance
Personal identifiable information e.g. email addresses, names, residential addresses,
etc. when transmitted from one system to another and stored should be protected
and this information go through industrial regulations.
Security Compliance is a formal process that helps an organization to demonstrate
that it has a high level of IT security management. They are required as standards for
the industry and in certain cases a continuous check by the government.
Compliance is a complete process of:
1. Carrying out compliance exercise to audit what information the business holds.
2. Vulnerabilities of the IT systems involved to keep the business functionality.
3. Elements of the IT system which is vulnerable and which could be locked down.
27. 27
Security Compliance
Security compliance are for different areas:
1. Health care – HIPAA (Health Insurance Portability and Accountability Act)
2. Ecommerce – PCI-DSS (Payment Card Industry Data Security Standard)
3. Government – FISMA, DIACAP, FedRAMP
4. Financial – BITS Shared Assessment Program, NIST, ISO
Reference:https://cloudsecurityalliance.org/download/cloud-controls-matrix-v3/