Vikram Andem, Senior Manager, United Airlines, Trusted Computing Group, RSA® Conference 2015. A model for effectively managing IT Security Risk Management
The UAE IA Standard is divided into 2 families of security controls: Management and Technical security controls. The control families are further structured into control sub-families and individual controls and sub-controls. There are 188 security controls prescribed as part of the standard.
Ransomware is a creative malware that infects systems and locks down data, preventing users from accessing it until a ransom is paid. The data is more or less lost, unless backups are available. So in these types of threats, it is better to focus on prevention and detection mechanisms before it is too late.
The document discusses the modern zero-day exploit market and economy. It describes how vulnerabilities are found by researchers and sold through brokers to various parties, including governments, criminals, and exploit kit creators. It also outlines trends in the market, such as the impact of new mitigations, regulations, and events like Pwn2Own on the sale of exploits. Finally, it shares some examples of vulnerabilities the Zero Day Initiative has helped patch and the conclusion encourages questions.
This document discusses software supply chain attacks in 2018 and compares predictions to reality. It describes incidents involving compromised updates to the MediaGet torrent application, a PDF editor app, and a remote support solutions provider. These attacks show how supply chains can be exploited at multiple levels, from compromising a software vendor to compromising another vendor that the first vendor relies on. The document also discusses attacks on Linux repositories, WordPress plugins, NPM modules, and Docker images. It concludes that software supply chain attacks remain a trend, have expanded beyond binaries to cloud environments, and are now used by cybercriminals in addition to nation-states. Detection across diverse software supply chains remains a challenge.
Arshan Dabirsiaghi, Contrast Security
Matt Austin, Contrast Security
Nothing in the security industry has moved the needle like Data Execution Prevention and it's sister protections like ASLR.
The availability of secure APIs, the training of developers around the world, and the efforts of security practitioners all produced practically nothing compared to the practical gains produced by DEP, ASLR and other "automatic" protections provided by the tool chain and OS itself.
Where is the equivalent in the Application Layer? Can we use these same techniques and approaches to stop SQL Injection and Deserialization attacks? Can we give developers a "secure stack by default" for any application?
In this talk we'll show you the promising results of our research into this space using binary instrumentation, including the release of free tools that developers can use to protect their applications today from several bug classes, instantly, and without any code changes.
On December 24, 2015, three different distribution oblenergos (energy company) were attacked, resulting in several substation outages that caused approximately 225,000 customers to lose power across various areas in Ivano‐Frankivsk Region of Ukraine.
The document discusses security implications of cloud computing and web application attacks. It notes that web application attacks are now the leading cause of data breaches, but less than 5% of security budgets are spent on application security. There is a wide range of attacks targeting different layers of the application stack. Defending applications and workloads in the cloud is complex due to rapidly changing code, vulnerabilities in third-party tools, and a shortage of cloud security expertise. Perimeter security tools are insufficient for protecting the diverse cloud attack surface. The document also provides an example of a textile company that suffered a data exfiltration attack through vulnerabilities in their PHP login system, costing them $1.8 million.
The UAE IA Standard is divided into 2 families of security controls: Management and Technical security controls. The control families are further structured into control sub-families and individual controls and sub-controls. There are 188 security controls prescribed as part of the standard.
Ransomware is a creative malware that infects systems and locks down data, preventing users from accessing it until a ransom is paid. The data is more or less lost, unless backups are available. So in these types of threats, it is better to focus on prevention and detection mechanisms before it is too late.
The document discusses the modern zero-day exploit market and economy. It describes how vulnerabilities are found by researchers and sold through brokers to various parties, including governments, criminals, and exploit kit creators. It also outlines trends in the market, such as the impact of new mitigations, regulations, and events like Pwn2Own on the sale of exploits. Finally, it shares some examples of vulnerabilities the Zero Day Initiative has helped patch and the conclusion encourages questions.
This document discusses software supply chain attacks in 2018 and compares predictions to reality. It describes incidents involving compromised updates to the MediaGet torrent application, a PDF editor app, and a remote support solutions provider. These attacks show how supply chains can be exploited at multiple levels, from compromising a software vendor to compromising another vendor that the first vendor relies on. The document also discusses attacks on Linux repositories, WordPress plugins, NPM modules, and Docker images. It concludes that software supply chain attacks remain a trend, have expanded beyond binaries to cloud environments, and are now used by cybercriminals in addition to nation-states. Detection across diverse software supply chains remains a challenge.
Arshan Dabirsiaghi, Contrast Security
Matt Austin, Contrast Security
Nothing in the security industry has moved the needle like Data Execution Prevention and it's sister protections like ASLR.
The availability of secure APIs, the training of developers around the world, and the efforts of security practitioners all produced practically nothing compared to the practical gains produced by DEP, ASLR and other "automatic" protections provided by the tool chain and OS itself.
Where is the equivalent in the Application Layer? Can we use these same techniques and approaches to stop SQL Injection and Deserialization attacks? Can we give developers a "secure stack by default" for any application?
In this talk we'll show you the promising results of our research into this space using binary instrumentation, including the release of free tools that developers can use to protect their applications today from several bug classes, instantly, and without any code changes.
On December 24, 2015, three different distribution oblenergos (energy company) were attacked, resulting in several substation outages that caused approximately 225,000 customers to lose power across various areas in Ivano‐Frankivsk Region of Ukraine.
The document discusses security implications of cloud computing and web application attacks. It notes that web application attacks are now the leading cause of data breaches, but less than 5% of security budgets are spent on application security. There is a wide range of attacks targeting different layers of the application stack. Defending applications and workloads in the cloud is complex due to rapidly changing code, vulnerabilities in third-party tools, and a shortage of cloud security expertise. Perimeter security tools are insufficient for protecting the diverse cloud attack surface. The document also provides an example of a textile company that suffered a data exfiltration attack through vulnerabilities in their PHP login system, costing them $1.8 million.
This document discusses challenges facing national cybersecurity and crypto programs, including an overly vast internet, too many layers to defend, and systems that are too complex. It proposes a new "blue sky" approach to national crypto, including developing a new national algorithm, modeling risks and threats, and elements of communications security like transmission security, cryptographic security, and physical security. The document outlines implementing a national crypto program through activities like algorithm development, modeling, maintaining, optimizing, education, testing, validation, benchmarking, deployment, and knowledge transfer and maintenance.
In the real world, a water hole is a source of water where many animals gather to quench their thirst. This makes a water hole an ideal spot for a hunter.
1. As developers have become the driving force behind cloud adoption, there is a need to realign security practices with DevOps workflows and priorities.
2. A blueprint approach to cloud security involves enumerating cloud assets, threat modeling for common workloads, and integrating controls across the full technology stack.
3. With a blueprint model and automated security tools integrated into the development pipeline, security can provide coverage throughout the software development lifecycle without slowing innovation or agility.
Christiaan F Beek, McAfee
Jay Rosenberg, Intezer Labs
The Lazarus, Silent Chollima, Group 123, Hidden Cobra, DarkSeoul, Blockbuster, Operation Troy, 10 Days of Rain attacks are all believed to originate from North Korea. But how can they be attributed with certainty? And what connection does a DDoS and disk wiping attack from July 4 2009, have with WannaCry, one of the largest cyber-attacks in the history of the cyber-sphere?
We have conducted a comparative research over more than 10 years of malware and tools being used by North Korean adversaries. The results were intriguing and we will share our discoveries but also hunt tactics during our talk. We discovered new links between campaigns and were able to group malware families towards actor groups and discovere interesting patterns.
The document discusses reducing attack surfaces in cloud environments. It notes that understanding your attack surface is critical for deploying proper security controls as attack surfaces differ between cloud and on-premises environments. It also states that web application attacks are now the leading cause of data breaches but less than 5% of security budgets are spent on application security. Common cloud misconfigurations are also discussed as a major risk factor.
The document contains a series of questions and statements about cybersecurity threats and vulnerabilities. Some key facts presented include:
- 400,000 Facebook accounts are compromised by hackers every day
- The September 2016 Yahoo breach affected 500 million user accounts
- The fastest spreading email worm, MyDoom, caused $480 million in financial damage
- The average annualized cost of crime incurred by US organizations is $28.5 million
- The Pentagon reports receiving 5-10 million cyber attack attempts per day
This document discusses security in the cloud and recommends best practices. It notes that while AWS provides many security tools, customers are still responsible for 95% of security failures due to human error. It then outlines various attack types like SQL injection and remote code execution that target web applications. The document recommends leveraging machine learning and multiple detection techniques to identify multi-stage attacks. It emphasizes the need to secure the entire attack surface, including on-premises environments, and highlights services like Alert Logic that provide 24/7 monitoring, analytics, and security experts to help detect and respond to threats.
This document discusses various cybersecurity topics including the rise of cybersecurity, internet of things, ransomware, denial of service (DDoS) attacks, and web application attacks. It provides examples of popular ransomware like CryptoLocker and CryptoWall. It discusses the size and source of DDoS attacks according to reports from organizations like Arbor Networks and Verisign. Methods of carrying out DDoS and ransomware attacks are demonstrated. Defense strategies against each threat are also outlined. The document concludes by emphasizing the importance of security awareness, thinking like an attacker, and risk management in cybersecurity.
Next Dimension and Veeam | Solutions for PIPEDA ComplianceNext Dimension Inc.
1) Nearly 46% of respondents reported having a ransomware incident in the last two years, and companies that pay the ransom are 9x more likely to be hit again.
2) The document discusses Veeam's ransomware protection and recovery capabilities, including secure restore functionality that scans restored data for infections before completing the restore process.
3) Veeam provides data protection, backup and disaster recovery solutions for physical, virtual, cloud and SaaS environments and has over 307,000 customers, with 36% year-over-year growth in bookings.
Next Dimension and Cisco | Solutions for PIPEDA ComplianceNext Dimension Inc.
Duwayne Watson, a Cisco specialist from Ingram Micro, showcases various Data Security and Protection solutions such as: AMP, Umbrella, and CloudLock. These solutions can help your business remain compliant with PIPEDA legislation.
Ransomware has plagued organizations of all types and sizes for years. Yet, we have still only seen these tools, techniques, and procedures applied to traditional on-premise networks, and cloud-hosted assets themselves. And while we have just begun to see the tip of the iceberg as it relates to global-scale sweeping attacks that leverage enterprise management technologies, we have not yet experienced the cascading impact of such an attack on the very cloud infrastructure we have come to rely upon. This is surprising, given the simplicity, speed, and sheer efficacy of such an event. In this session, we will highlight the overlaps and disparities between traditional and cloud environments, using MITRE ATT&CK as a guide, to get ahead of the adversaries, and proactively protect our organizations, our customers, and ultimately society as a whole.
Mobile users should be aware of risks of some mobile ads may pose. In a study of 100,000 apps in the Google Play market, more than half had ad libraries. 297 of these were using ad libraries that could run code from remote servers
1. As developers drive cloud adoption for innovation, security must align with DevOps practices and integrate into their workflows.
2. A blueprint approach identifies common cloud assets and threats across full stacks to implement targeted controls.
3. Alert Logic provides integrated controls that offer broad pre-compromise and post-compromise coverage for common workloads through a combination of detection, blocking, and investigation capabilities.
Application layer attack trends through the lens of Cloudflare dataCloudflare
The past few months have seen significant changes in how attackers target the application layer—through injection attacks, malicious bots, DDoS, API vulnerability exploits, and more. We can observe these changes by analyzing traffic from Cloudflare’s global network, which blocks an average of 45 billion threats per day for over 27 million Internet properties.
Watch this webinar to explore data on:
Which attack vectors have become more and less common
How those changes vary by region and industry
The business and societal trends behind these attacks
Strategies for addressing these latest attack tactics
Cloudfest 2018 - Secure Cloud Servers in a Nutshell. Quick overview of thre...Sergey Lystsev
The Night is Dark and Full of Terrors.
The year 2018 has started from a discovery that even CPU can be vulnerable. And yet a lot of website owners don't recognize the degree of threat. So let's assess the danger and see how can the one protect their server w/o investing 100s of hours in learning. Quick overview of Internet dangers and easy, practical ways to protect:
- be up2date
- establish network protection
- do malware scan
- properly isolate within
- do proper password protection
- protect your identity with valid SSL
- start caring about security!
Cloud Security or: How I Learned to Stop Worrying & Love the CloudMarkAnnati
Cloud Security or: How I Learned to Stop Worrying & Love the Cloud
Presented by Marija Strazdas - Sr. Solutions Engineer, Alert Logic
Presented to the Boston Amazon Web Services Meetup Group on Jun 5 & 21
https://www.meetup.com/The-Boston-Amazon-Web-Services-Meetup-Group/
Summary/Themes:
- Understanding your attack surface is critical to deploying the right security controls.
- Attack surface in the cloud environments is significantly different than on-premises
- Dominant cloud exposures are often misunderstood
[Cisco Connect 2018 - Vietnam] Brian cotaz cyber security strategy Nur Shiqim Chok
The document discusses Cisco's cybersecurity strategy of taking an integrated approach to security. It notes that threats have become more sophisticated over time and that a point product approach increases complexity. Cisco's security approach involves utilizing a best of breed portfolio of security products that are integrated through a common architecture. This allows threats to be rapidly contained through detection across the portfolio and coordinated responses.
Security Implications of the Cloud - CSS ATX 2017Alert Logic
The document discusses the security implications of cloud computing. It notes that web application attacks are now the number one source of data breaches, but less than 5% of data center security budgets are spent on application security. It also summarizes that the risks are moving up the application stack as attacks can happen at every layer. Defending applications and workloads in the cloud is complex due to a wide range of attacks, rapidly changing code introducing vulnerabilities, and a shortage of cloud security expertise. Perimeter security tools also fail to protect the larger cloud attack surface that now includes web and mobile applications.
Strengthening security posture for modern-age SaaS providersCloudflare
The document discusses strengthening security for modern SaaS providers. It describes how enterprise architectures have evolved from legacy on-premise models to today's cloud-based apps and data. Legacy security solutions are not agile or scalable enough for modern architectures. The document outlines Cloudflare's security solutions, including a gateway web application firewall (WAF) and distributed denial of service (DDoS) protection to secure connections and protect against attacks. It also discusses trends seen during the COVID-19 pandemic such as internet traffic surges and rising security breaches faced by SaaS providers.
Conozca como tener una completa visibilidad para identificar e investigar los ataques, detecte y analice ataques avanzados, antes que afecten al negocio, gestione los incidentes más importantes, permitiéndole combinar Logs con otros tipos de datos como tráfico en la red, información end point y datos en la nube.
Slideshare.net rh-isac summit 2019 - adam pennington - leveraging mitre at ta...Robert Brandel
The document discusses using the MITRE ATT&CK framework for detection, analysis, and defense against cyber threats. It describes how ATT&CK can be used for threat intelligence, adversary emulation, detection and analytics, and assessments and engineering. The framework provides a knowledge base of adversary behaviors and techniques based on real-world observations that can help organizations test their defenses and identify gaps.
This document discusses challenges facing national cybersecurity and crypto programs, including an overly vast internet, too many layers to defend, and systems that are too complex. It proposes a new "blue sky" approach to national crypto, including developing a new national algorithm, modeling risks and threats, and elements of communications security like transmission security, cryptographic security, and physical security. The document outlines implementing a national crypto program through activities like algorithm development, modeling, maintaining, optimizing, education, testing, validation, benchmarking, deployment, and knowledge transfer and maintenance.
In the real world, a water hole is a source of water where many animals gather to quench their thirst. This makes a water hole an ideal spot for a hunter.
1. As developers have become the driving force behind cloud adoption, there is a need to realign security practices with DevOps workflows and priorities.
2. A blueprint approach to cloud security involves enumerating cloud assets, threat modeling for common workloads, and integrating controls across the full technology stack.
3. With a blueprint model and automated security tools integrated into the development pipeline, security can provide coverage throughout the software development lifecycle without slowing innovation or agility.
Christiaan F Beek, McAfee
Jay Rosenberg, Intezer Labs
The Lazarus, Silent Chollima, Group 123, Hidden Cobra, DarkSeoul, Blockbuster, Operation Troy, 10 Days of Rain attacks are all believed to originate from North Korea. But how can they be attributed with certainty? And what connection does a DDoS and disk wiping attack from July 4 2009, have with WannaCry, one of the largest cyber-attacks in the history of the cyber-sphere?
We have conducted a comparative research over more than 10 years of malware and tools being used by North Korean adversaries. The results were intriguing and we will share our discoveries but also hunt tactics during our talk. We discovered new links between campaigns and were able to group malware families towards actor groups and discovere interesting patterns.
The document discusses reducing attack surfaces in cloud environments. It notes that understanding your attack surface is critical for deploying proper security controls as attack surfaces differ between cloud and on-premises environments. It also states that web application attacks are now the leading cause of data breaches but less than 5% of security budgets are spent on application security. Common cloud misconfigurations are also discussed as a major risk factor.
The document contains a series of questions and statements about cybersecurity threats and vulnerabilities. Some key facts presented include:
- 400,000 Facebook accounts are compromised by hackers every day
- The September 2016 Yahoo breach affected 500 million user accounts
- The fastest spreading email worm, MyDoom, caused $480 million in financial damage
- The average annualized cost of crime incurred by US organizations is $28.5 million
- The Pentagon reports receiving 5-10 million cyber attack attempts per day
This document discusses security in the cloud and recommends best practices. It notes that while AWS provides many security tools, customers are still responsible for 95% of security failures due to human error. It then outlines various attack types like SQL injection and remote code execution that target web applications. The document recommends leveraging machine learning and multiple detection techniques to identify multi-stage attacks. It emphasizes the need to secure the entire attack surface, including on-premises environments, and highlights services like Alert Logic that provide 24/7 monitoring, analytics, and security experts to help detect and respond to threats.
This document discusses various cybersecurity topics including the rise of cybersecurity, internet of things, ransomware, denial of service (DDoS) attacks, and web application attacks. It provides examples of popular ransomware like CryptoLocker and CryptoWall. It discusses the size and source of DDoS attacks according to reports from organizations like Arbor Networks and Verisign. Methods of carrying out DDoS and ransomware attacks are demonstrated. Defense strategies against each threat are also outlined. The document concludes by emphasizing the importance of security awareness, thinking like an attacker, and risk management in cybersecurity.
Next Dimension and Veeam | Solutions for PIPEDA ComplianceNext Dimension Inc.
1) Nearly 46% of respondents reported having a ransomware incident in the last two years, and companies that pay the ransom are 9x more likely to be hit again.
2) The document discusses Veeam's ransomware protection and recovery capabilities, including secure restore functionality that scans restored data for infections before completing the restore process.
3) Veeam provides data protection, backup and disaster recovery solutions for physical, virtual, cloud and SaaS environments and has over 307,000 customers, with 36% year-over-year growth in bookings.
Next Dimension and Cisco | Solutions for PIPEDA ComplianceNext Dimension Inc.
Duwayne Watson, a Cisco specialist from Ingram Micro, showcases various Data Security and Protection solutions such as: AMP, Umbrella, and CloudLock. These solutions can help your business remain compliant with PIPEDA legislation.
Ransomware has plagued organizations of all types and sizes for years. Yet, we have still only seen these tools, techniques, and procedures applied to traditional on-premise networks, and cloud-hosted assets themselves. And while we have just begun to see the tip of the iceberg as it relates to global-scale sweeping attacks that leverage enterprise management technologies, we have not yet experienced the cascading impact of such an attack on the very cloud infrastructure we have come to rely upon. This is surprising, given the simplicity, speed, and sheer efficacy of such an event. In this session, we will highlight the overlaps and disparities between traditional and cloud environments, using MITRE ATT&CK as a guide, to get ahead of the adversaries, and proactively protect our organizations, our customers, and ultimately society as a whole.
Mobile users should be aware of risks of some mobile ads may pose. In a study of 100,000 apps in the Google Play market, more than half had ad libraries. 297 of these were using ad libraries that could run code from remote servers
1. As developers drive cloud adoption for innovation, security must align with DevOps practices and integrate into their workflows.
2. A blueprint approach identifies common cloud assets and threats across full stacks to implement targeted controls.
3. Alert Logic provides integrated controls that offer broad pre-compromise and post-compromise coverage for common workloads through a combination of detection, blocking, and investigation capabilities.
Application layer attack trends through the lens of Cloudflare dataCloudflare
The past few months have seen significant changes in how attackers target the application layer—through injection attacks, malicious bots, DDoS, API vulnerability exploits, and more. We can observe these changes by analyzing traffic from Cloudflare’s global network, which blocks an average of 45 billion threats per day for over 27 million Internet properties.
Watch this webinar to explore data on:
Which attack vectors have become more and less common
How those changes vary by region and industry
The business and societal trends behind these attacks
Strategies for addressing these latest attack tactics
Cloudfest 2018 - Secure Cloud Servers in a Nutshell. Quick overview of thre...Sergey Lystsev
The Night is Dark and Full of Terrors.
The year 2018 has started from a discovery that even CPU can be vulnerable. And yet a lot of website owners don't recognize the degree of threat. So let's assess the danger and see how can the one protect their server w/o investing 100s of hours in learning. Quick overview of Internet dangers and easy, practical ways to protect:
- be up2date
- establish network protection
- do malware scan
- properly isolate within
- do proper password protection
- protect your identity with valid SSL
- start caring about security!
Cloud Security or: How I Learned to Stop Worrying & Love the CloudMarkAnnati
Cloud Security or: How I Learned to Stop Worrying & Love the Cloud
Presented by Marija Strazdas - Sr. Solutions Engineer, Alert Logic
Presented to the Boston Amazon Web Services Meetup Group on Jun 5 & 21
https://www.meetup.com/The-Boston-Amazon-Web-Services-Meetup-Group/
Summary/Themes:
- Understanding your attack surface is critical to deploying the right security controls.
- Attack surface in the cloud environments is significantly different than on-premises
- Dominant cloud exposures are often misunderstood
[Cisco Connect 2018 - Vietnam] Brian cotaz cyber security strategy Nur Shiqim Chok
The document discusses Cisco's cybersecurity strategy of taking an integrated approach to security. It notes that threats have become more sophisticated over time and that a point product approach increases complexity. Cisco's security approach involves utilizing a best of breed portfolio of security products that are integrated through a common architecture. This allows threats to be rapidly contained through detection across the portfolio and coordinated responses.
Security Implications of the Cloud - CSS ATX 2017Alert Logic
The document discusses the security implications of cloud computing. It notes that web application attacks are now the number one source of data breaches, but less than 5% of data center security budgets are spent on application security. It also summarizes that the risks are moving up the application stack as attacks can happen at every layer. Defending applications and workloads in the cloud is complex due to a wide range of attacks, rapidly changing code introducing vulnerabilities, and a shortage of cloud security expertise. Perimeter security tools also fail to protect the larger cloud attack surface that now includes web and mobile applications.
Strengthening security posture for modern-age SaaS providersCloudflare
The document discusses strengthening security for modern SaaS providers. It describes how enterprise architectures have evolved from legacy on-premise models to today's cloud-based apps and data. Legacy security solutions are not agile or scalable enough for modern architectures. The document outlines Cloudflare's security solutions, including a gateway web application firewall (WAF) and distributed denial of service (DDoS) protection to secure connections and protect against attacks. It also discusses trends seen during the COVID-19 pandemic such as internet traffic surges and rising security breaches faced by SaaS providers.
Conozca como tener una completa visibilidad para identificar e investigar los ataques, detecte y analice ataques avanzados, antes que afecten al negocio, gestione los incidentes más importantes, permitiéndole combinar Logs con otros tipos de datos como tráfico en la red, información end point y datos en la nube.
Slideshare.net rh-isac summit 2019 - adam pennington - leveraging mitre at ta...Robert Brandel
The document discusses using the MITRE ATT&CK framework for detection, analysis, and defense against cyber threats. It describes how ATT&CK can be used for threat intelligence, adversary emulation, detection and analytics, and assessments and engineering. The framework provides a knowledge base of adversary behaviors and techniques based on real-world observations that can help organizations test their defenses and identify gaps.
This document discusses F5 Networks and SecureData's partnership. It notes that SecureData is an F5 Gold Partner and that F5 provides multi-cloud security solutions. It also discusses challenges of multi-cloud environments like operational complexity and security issues. F5 solutions aim to provide consistent security visibility, reduce cloud costs, and offer a unified security dashboard across environments.
Building Cloud Applications Based On Zero TrustMahesh Patil
These days code is driving things we can't even imagine, but there is also an inherent problem with code. A Kubernetes audit recently revealed 34 vulnerabilities, and data from various organisations has been stolen multiple times. This raises the question of whom to trust. This presentation makes a case and provides a framework for zero trust in the cloud.
This document discusses MITRE ATT&CK, which is a knowledge base of adversary behavior techniques based on real-world observations. It is free, open, and globally accessible. The document explains how ATT&CK can be used for threat intelligence, detection, adversary emulation, and assessment/engineering. It provides examples of techniques like spearphishing attachments and profiles of adversary groups like APT29. It also describes how ATT&CK can help find gaps in an organization's defenses through red team testing.
This document discusses threat modeling and network security. It provides an overview of Cyberoam network security appliances and their threat modeling process. This involves identifying critical assets, possible attack points, applicable threats, assigning a risk level using the DREAD model, monitoring security controls, and re-evaluating. The goal is to take a proactive approach to security rather than a reactive one by thoroughly understanding potential threats.
Delivered 1 - day Practical Threat Hunting workshop at sacon.io in Bangalore,India balancing on developing the threat hunting program in organization, how and where to start from as well threat hunting demos as it would look on the ground with hands on labs for 100+ participants.
Key Elements of a Security Delivery PlatformJohn Pollack
This document discusses the need for security delivery platforms to provide comprehensive network visibility. It notes that traditional security deployments have significant blind spots and challenges scaling to modern network traffic speeds and volumes. A security delivery platform provides targeted network traffic inspection, metadata extraction and decryption to optimize existing security tools and enable more effective threat detection and response. Continuous visibility into all network traffic is presented as a foundational requirement for effective security monitoring.
This document discusses implementing multi-factor authentication (MFA) mandates in air gap networks. It describes how Secret Double Octopus provides a passwordless MFA solution that can authenticate users for local and remote access in air gapped environments. The solution integrates with directories and services to provide strong authentication across workstations, servers, applications and remote access while improving security and workforce productivity compared to traditional password and MFA methods. It argues that starting with passwordless MFA for air gap networks allows organizations to scale MFA implementation across their entire workforce over time.
The document discusses Cisco's Encrypted Traffic Analytics (ETA) solution. ETA uses machine learning techniques to analyze metadata from encrypted network traffic and detect malware without decrypting traffic. It can identify malware signatures and anomalous behavior in encrypted web, cloud, and internal traffic. ETA extracts features from packet lengths, times, and byte distributions to build detectors that can find known malware in encrypted traffic with high accuracy. The solution provides visibility, compliance monitoring, and threat detection across an organization's entire network, including campus, branch offices, and the cloud.
System Z Mainframe Security For An EnterpriseJim Porell
System z provides technology that makes it one of the most secure platforms available. It also has the capability to secure other platforms. This presentation provides a number of examples of Enterprise Security. Reduce your cost, your risk, improve your security and resilience with System z.
Presentation by Charl van der Walt, Jaco van Graan and Roelof Temmingh at ISEC in 2000.
The presentation begins with a discussion on commercial crime statics and trends. Security fundamentals such as encryption and the four pillars of information security are discussed. The presentation ends with a series of discussions on the seven steps of the security process.
This document contains information about an individual named Shivani S. Shah who is a student in SYBBA(ITM) semester 4 at C.P. Patel & F.H. Shah Commerce College. It also discusses cloud computing and how it provides small businesses the ability to quickly deploy websites and applications while only paying for what they use and leaving management issues to others. Finally, it summarizes that cloud computing users and providers disagree on who is responsible for security in the cloud.
RSAC 2021 Spelunking Through the Steps of a Control System HackDan Gunter
An industrial control system was hacked through a multi-stage attack. An attacker first spearphished a user to gain access to the network. They then used remote desktop and remote access software to access the HMI and manipulate control points, disrupting industrial processes. The attack demonstrated tactics like phishing, credential dumping, lateral movement, and control manipulation. Improving security monitoring, hardening systems, limiting access, and increasing user awareness could help prevent similar attacks.
1. The document discusses the evolution of cyber attacks and protections from generations 1 through 5, and argues that organizations must adopt generation 5 "mega" protections to defend against modern large-scale attacks.
2. It then outlines the many security capabilities needed for a complete generation 5 protection, including things like machine learning, sandboxing, encryption, and mobile/cloud security controls.
3. Finally, it speculates that with the rise of IoT, generation 6 "nano" attacks may emerge targeting interconnected devices, requiring adaptive AI security controls to prevent attacks at such a granular level.
The document discusses the MITRE ATT&CK framework, which provides a knowledge base of adversary tactics and techniques based on real-world observations. It can be used by analysts, cyber defenders, and red teams to improve detection, prevention, and testing of defenses. The framework gives a common language to structure threat intelligence and allows comparison of adversary behavior across reports and organizations.
These slides - based on the webinar featuring David Monahan, research director at leading IT analyst firm Enterprise Management Associates (EMA), and Wade Williamson, director of product marketing at Vectra Networks - explain how threat detection algorithms can replace your Big Data with better data.
Learn how algorithms can improve incident response, reduce risk and improve ROI.
Automation: The Wonderful Wizard of CTI (or is it?) MITRE ATT&CK
The document describes MITRE's Threat Report Automated Mapper (TRAM) tool, which uses machine learning to automatically map cyber threat reports to MITRE ATT&CK techniques. TRAM aims to streamline the process of analyzing reports and adding information to ATT&CK, though challenges remain around prediction accuracy and identifying new techniques. The document outlines TRAM's development process and discusses balancing automation with human analysis to better integrate cyber threat intelligence into ATT&CK.
Presentation talks about introduction to MITRE ATT&CK Framework, different use cases, pitfalls to take care about.. Talk was delivered @Null Bangalore and @OWASP Bangalore chapter on 15th February 2019.
Similar to Vikram Andem RSA conference 2015 - Trusted Computing Group (20)
This document appears to be a slide deck on cybersecurity presented by Splunk. It contains over 30 slides covering topics such as the history of cyber attacks, quotes about the challenges of cybersecurity from as early as 1979, and slides addressing questions about strategy, governance, and acceptable breach levels. The document shows that cybersecurity challenges have existed for decades and that organizations are still working to define effective strategies and governance models to address continually evolving threats.
The document discusses developing an effective cybersecurity strategy. It recommends first analyzing risks, constraints, adversaries and assets. The presentation then provides definitions of strategy and outlines developing a strategic framework that involves analyzing coverage across people, processes, technologies and the cybersecurity pillars of identify, protect, detect, respond and recover. It suggests communicating the final written strategy in one-page, 10-page or full document formats.
The document discusses defensible cybersecurity strategies and practices. It notes recent large data breaches and increasing regulatory focus on data privacy and cybersecurity. It emphasizes the importance of having a comprehensive cybersecurity plan that uses industry standards and best practices, and of demonstrating executive involvement, in order to defend against potential legal liability from cyber incidents. It provides examples of business risks from cybersecurity issues and costs of data breaches. It recommends prioritizing privacy and security using standards like NIST CSF, documenting policies and procedures, and making cybersecurity part of an organization's culture.
Cybersecurity strategy-brief-to-itc final-17_apr2015IT Strategy Group
This document provides a summary of Bob Turner's cybersecurity strategic plan briefing to the Information Technology Committee. The strategic plan aims to improve cybersecurity at UW-Madison through establishing a risk management framework, promoting cyber hygiene, facilitating incident response, and consolidating incident response capabilities. The plan aligns with UW-Madison's strategic priorities of education, research, community engagement, diversity, and resource stewardship. Key elements of the cybersecurity strategy include implementing data governance, establishing a risk management framework, improving user competence through training, consolidating security operations, enhancing threat intelligence, and establishing collaborative partnerships. The roadmap provided outlines the review and socialization process for the strategic plan.
This document proposes establishing a Transit Oriented Development (TOD) Council Work Group to develop a coordinated strategy for TOD implementation in Hawaii. The Work Group would focus on two parallel tracks: examining infrastructure financing tools and options, and facilitating infrastructure development to support affordable housing in TOD areas. Key tasks for the Work Group would include reviewing analysis of TOD project financing needs, developing legislative proposals for financing tools, and creating an approach for prioritizing and funding regional infrastructure investments to accelerate affordable housing delivery. The Work Group would consist of representatives from various state agencies and complete its work within one year.
The document discusses strategic management, which involves formulating, implementing, and evaluating cross-functional decisions to help a company achieve its objectives. It describes the strategic management process as having three stages: strategy formulation, strategy implementation, and strategy evaluation. It also defines key terms in strategic management and discusses the benefits of good strategic management, such as improved financial and non-financial performance.
The document discusses strategic information systems planning (SISP). It describes SISP as a process that supports an organization's strategic direction by identifying value-adding information systems, integrating technologies through information architectures, and developing implementation strategies. The document also discusses dimensions of effective SISP, including comprehensiveness, formalization, focus, flow, participation, and consistency. When these dimensions are properly aligned within an organization, it can lead to more effective strategic planning.
The document discusses the DIY Information Technology Strategic Plan for an organization. It provides an overview of typical strategic planning costs and recommends doing strategic planning internally to save money. It then covers why strategic planning is important, what different strategy models look like, and the strategic planning process. Examples of strategic plans and frameworks are presented. The document emphasizes that the strategic plan should focus on tying projects and investments to the overall vision and goals of the organization.
The County of Gwinnett engaged a consultant to develop an IT Strategic Plan to improve technology and reduce costs. The plan identified 8 strategies including e-Government, content management, governance, and collaboration. It proposed 56 tactical actions over 2 years with estimated costs of $775,000-$2,450,000 initially and $75,000-$240,000 annually. The plan aims to enhance services and internal processes through improved IT.
This document discusses profitable double-spending attacks on blockchains. It introduces the concept of a "cut-time" which is the duration of a double-spending attack. It shows that double-spending attacks can be profitable even when the attacker controls less than 50% of the computing power, as long as the target transaction value is high enough. It derives new mathematical results for calculating the probability distribution and expected time for a double-spending attack to succeed, which allows analyzing the expected profit from such attacks. The results surprisingly indicate that double-spending attacks at any level of computing power can potentially be profitable.
This document analyzes double spending attacks on blockchains like Bitcoin. It finds that such attacks can be profitable even with less than 50% of the total computing power, if the value of the transaction being double spent is high enough. The document presents a new analysis of the probability distribution of how long it takes for an attacker's alternative blockchain to surpass the main one. It also provides an algorithm that takes transaction and network details to evaluate whether a transaction is safe or vulnerable to such attacks. This clarifies guidelines on how many confirmations are needed better than previous work.
This document provides a summary of a thesis paper that analyzes security and vulnerabilities in blockchain systems. The paper conducts threat modeling to identify four security domains of blockchain systems: platform breach, dApps exploit, access point attack, and endpoint hacking. It analyzes 78 recent cyberattacks against blockchain systems and categorizes them by security domain. Two major attacks, the DAO hack and Bitfinex hack, are analyzed in detail using causal analysis methods. The paper also proposes a new top-down security assessment method inspired by STPA-Sec to evaluate sample blockchain systems like a voting application and identify potential vulnerabilities.
Huashan chen, marcus pendleton, laurent njilla, and shouhuai xuIT Strategy Group
This document provides a survey of security issues in Ethereum systems. It summarizes 44 types of vulnerabilities in Ethereum according to the platform's architecture and operating environment. It also systematizes 26 attacks and analyzes how they relate to vulnerabilities. The survey further categorizes and analyzes 47 defense strategies. Key findings include that smart contracts introduce new vulnerabilities, vulnerabilities in the blockchain design are hard to address, and defenses are more developed for attacks on smart contract backends than user interfaces. The survey aims to provide a comprehensive yet systematic overview of Ethereum security to benefit researchers, practitioners and students.
Distributed ledger is a record of consensus with a cryptographic audit trail maintained and validated by several separate nodes. It can be decentralized, granting equal rights to all participants, or centralized, designating certain users particular rights. Blockchain has a shared and replicated ledger comprised of information stored in “blocks” and sits below a distributed ledger. It acts as a way to verify transactions submitted by producing a new “block” to the chain. Proof-of-Work groups transactions into blocks and broadcasts it to unrelated parties. Therefore, blocks are not suitable for use in a trusted distributed ledger network between financial institutions.
Once created, smart contracts on the Ethereum blockchain cannot be modified or updated. The article discusses how smart contracts can be "self-destructed" to remove them from the blockchain. It explains that a selfdestruct function sends the contract's funds to a designated address and clears its data. While this eliminates bugs or stops execution, funds sent to a self-destructed contract will be lost. The article concludes by advising self-destructing contracts when no longer needed to stop execution and potentially lower gas costs.
1) The document discusses custody for digital assets, which is seen as critical for the widespread adoption of digital currencies and assets valued at over $239 billion globally.
2) It defines different types of digital assets and explains that digital asset custodians play an important role similar to traditional financial custodians by securely storing customers' private keys and facilitating transactions.
3) There is currently uncertainty around regulations for digital asset custodians as the market is still emerging, with different structures and approaches being used. Common standards and regulatory frameworks need further development to provide clarity.
David shrier, weige wu, alex pentland mit blockchainIT Strategy Group
This document summarizes a paper about using blockchain technology for identity and data security infrastructure. It discusses how blockchain could enable more secure online identity authentication without a centralized authority by allowing identities to be stored encrypted on the blockchain. It also describes how blockchain could improve know-your-customer compliance for financial institutions and enable better cross-business and cross-jurisdiction transaction monitoring. Finally, it outlines a proposed "ChainAnchor" system for privacy-preserving identity on permissioned blockchains.
The document provides a comprehensive overview of security and privacy on blockchain technology. It begins by introducing blockchain concepts and how blockchains work, using Bitcoin as an example. It then discusses basic security attributes like preventing double spending, as well as additional desired security and privacy properties. Finally, it reviews techniques for achieving these properties, such as consensus algorithms, hash chained storage, mixing protocols, and zero-knowledge proofs. The goal is to help readers gain an in-depth understanding of blockchain security and privacy.
Sarwar sayeed , hector marco gisbert, tom caira ieeeIT Strategy Group
The document discusses smart contracts and attacks against them. It classifies blockchain exploitation techniques into 4 categories: attacking consensus protocols, bugs in smart contract code, malware running in operating systems, and fraudulent users. It focuses on analyzing the 7 most important smart contract attack techniques and their real impact. While 10 widely used tools can detect some vulnerabilities, they still contain known vulnerabilities, providing a false sense of security. The paper concludes with recommendations for more secure smart contracts.
This document provides a high-level technical overview of blockchain technology. It describes how blockchains are digital ledgers that record transactions in a distributed manner without a central authority. The first blockchain-based cryptocurrency was Bitcoin, which uses cryptographic functions to securely transfer electronic cash between users recorded on the public blockchain. The document aims to explain the underlying technology behind blockchain in a conceptual manner, as there is significant hype but lack of understanding about how it works. It covers key topics like consensus models, mining, and the challenges of modifying data on an immutable blockchain.
For the full video of this presentation, please visit: https://www.edge-ai-vision.com/2024/06/building-and-scaling-ai-applications-with-the-nx-ai-manager-a-presentation-from-network-optix/
Robin van Emden, Senior Director of Data Science at Network Optix, presents the “Building and Scaling AI Applications with the Nx AI Manager,” tutorial at the May 2024 Embedded Vision Summit.
In this presentation, van Emden covers the basics of scaling edge AI solutions using the Nx tool kit. He emphasizes the process of developing AI models and deploying them globally. He also showcases the conversion of AI models and the creation of effective edge AI pipelines, with a focus on pre-processing, model conversion, selecting the appropriate inference engine for the target hardware and post-processing.
van Emden shows how Nx can simplify the developer’s life and facilitate a rapid transition from concept to production-ready applications.He provides valuable insights into developing scalable and efficient edge AI solutions, with a strong focus on practical implementation.
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc
How does your privacy program stack up against your peers? What challenges are privacy teams tackling and prioritizing in 2024?
In the fifth annual Global Privacy Benchmarks Survey, we asked over 1,800 global privacy professionals and business executives to share their perspectives on the current state of privacy inside and outside of their organizations. This year’s report focused on emerging areas of importance for privacy and compliance professionals, including considerations and implications of Artificial Intelligence (AI) technologies, building brand trust, and different approaches for achieving higher privacy competence scores.
See how organizational priorities and strategic approaches to data security and privacy are evolving around the globe.
This webinar will review:
- The top 10 privacy insights from the fifth annual Global Privacy Benchmarks Survey
- The top challenges for privacy leaders, practitioners, and organizations in 2024
- Key themes to consider in developing and maintaining your privacy program
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...Neo4j
Leonard Jayamohan, Partner & Generative AI Lead, Deloitte
This keynote will reveal how Deloitte leverages Neo4j’s graph power for groundbreaking digital twin solutions, achieving a staggering 100x performance boost. Discover the essential role knowledge graphs play in successful generative AI implementations. Plus, get an exclusive look at an innovative Neo4j + Generative AI solution Deloitte is developing in-house.
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...SOFTTECHHUB
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
How to Get CNIC Information System with Paksim Ga.pptxdanishmna97
Pakdata Cf is a groundbreaking system designed to streamline and facilitate access to CNIC information. This innovative platform leverages advanced technology to provide users with efficient and secure access to their CNIC details.
Building Production Ready Search Pipelines with Spark and MilvusZilliz
Spark is the widely used ETL tool for processing, indexing and ingesting data to serving stack for search. Milvus is the production-ready open-source vector database. In this talk we will show how to use Spark to process unstructured data to extract vector representations, and push the vectors to Milvus vector database for search serving.
Driving Business Innovation: Latest Generative AI Advancements & Success StorySafe Software
Are you ready to revolutionize how you handle data? Join us for a webinar where we’ll bring you up to speed with the latest advancements in Generative AI technology and discover how leveraging FME with tools from giants like Google Gemini, Amazon, and Microsoft OpenAI can supercharge your workflow efficiency.
During the hour, we’ll take you through:
Guest Speaker Segment with Hannah Barrington: Dive into the world of dynamic real estate marketing with Hannah, the Marketing Manager at Workspace Group. Hear firsthand how their team generates engaging descriptions for thousands of office units by integrating diverse data sources—from PDF floorplans to web pages—using FME transformers, like OpenAIVisionConnector and AnthropicVisionConnector. This use case will show you how GenAI can streamline content creation for marketing across the board.
Ollama Use Case: Learn how Scenario Specialist Dmitri Bagh has utilized Ollama within FME to input data, create custom models, and enhance security protocols. This segment will include demos to illustrate the full capabilities of FME in AI-driven processes.
Custom AI Models: Discover how to leverage FME to build personalized AI models using your data. Whether it’s populating a model with local data for added security or integrating public AI tools, find out how FME facilitates a versatile and secure approach to AI.
We’ll wrap up with a live Q&A session where you can engage with our experts on your specific use cases, and learn more about optimizing your data workflows with AI.
This webinar is ideal for professionals seeking to harness the power of AI within their data management systems while ensuring high levels of customization and security. Whether you're a novice or an expert, gain actionable insights and strategies to elevate your data processes. Join us to see how FME and AI can revolutionize how you work with data!
Communications Mining Series - Zero to Hero - Session 1DianaGray10
This session provides introduction to UiPath Communication Mining, importance and platform overview. You will acquire a good understand of the phases in Communication Mining as we go over the platform with you. Topics covered:
• Communication Mining Overview
• Why is it important?
• How can it help today’s business and the benefits
• Phases in Communication Mining
• Demo on Platform overview
• Q/A
GraphRAG for Life Science to increase LLM accuracyTomaz Bratanic
GraphRAG for life science domain, where you retriever information from biomedical knowledge graphs using LLMs to increase the accuracy and performance of generated answers
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
Infrastructure Challenges in Scaling RAG with Custom AI modelsZilliz
Building Retrieval-Augmented Generation (RAG) systems with open-source and custom AI models is a complex task. This talk explores the challenges in productionizing RAG systems, including retrieval performance, response synthesis, and evaluation. We’ll discuss how to leverage open-source models like text embeddings, language models, and custom fine-tuned models to enhance RAG performance. Additionally, we’ll cover how BentoML can help orchestrate and scale these AI components efficiently, ensuring seamless deployment and management of RAG systems in the cloud.
Climate Impact of Software Testing at Nordic Testing DaysKari Kakkonen
My slides at Nordic Testing Days 6.6.2024
Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?Speck&Tech
ABSTRACT: A prima vista, un mattoncino Lego e la backdoor XZ potrebbero avere in comune il fatto di essere entrambi blocchi di costruzione, o dipendenze di progetti creativi e software. La realtà è che un mattoncino Lego e il caso della backdoor XZ hanno molto di più di tutto ciò in comune.
Partecipate alla presentazione per immergervi in una storia di interoperabilità, standard e formati aperti, per poi discutere del ruolo importante che i contributori hanno in una comunità open source sostenibile.
BIO: Sostenitrice del software libero e dei formati standard e aperti. È stata un membro attivo dei progetti Fedora e openSUSE e ha co-fondato l'Associazione LibreItalia dove è stata coinvolta in diversi eventi, migrazioni e formazione relativi a LibreOffice. In precedenza ha lavorato a migrazioni e corsi di formazione su LibreOffice per diverse amministrazioni pubbliche e privati. Da gennaio 2020 lavora in SUSE come Software Release Engineer per Uyuni e SUSE Manager e quando non segue la sua passione per i computer e per Geeko coltiva la sua curiosità per l'astronomia (da cui deriva il suo nickname deneb_alpha).
Best 20 SEO Techniques To Improve Website Visibility In SERPPixlogix Infotech
Boost your website's visibility with proven SEO techniques! Our latest blog dives into essential strategies to enhance your online presence, increase traffic, and rank higher on search engines. From keyword optimization to quality content creation, learn how to make your site stand out in the crowded digital landscape. Discover actionable tips and expert insights to elevate your SEO game.
Threats to mobile devices are more prevalent and increasing in scope and complexity. Users of mobile devices desire to take full advantage of the features
available on those devices, but many of the features provide convenience and capability but sacrifice security. This best practices guide outlines steps the users can take to better protect personal devices and information.
National Security Agency - NSA mobile device best practices
Vikram Andem RSA conference 2015 - Trusted Computing Group
1. Page 1
Author: Vikram Andem
RSA® Conference 2015 : Trusted Computing Group
Vikram Andem
Senior Manager
United Airlines
An approach for effective Enterprise IT Security Risk Management
Harvard University
Stanford University
MIT
Blockchain
Cryptography
Security
Enterprise Architecture
2. Page 2
Author: Vikram Andem
RSA® Conference 2015 : Trusted Computing Group
Authentication
Access
Control
Authorization
Cryptography
Logging &
Monitoring
Controls
Layers
High-Risk
Confidential
Confidential Internal Public
Confidentiality
Critical Trusted Reliable Untrusted
Integrity
Availability
Gap
Gap
Gap
Gap
Gap
Gap
Gap
TIER 1
TIER 2A
TIER 2B
TIER 3
TIER 4
TIER 2B
TIER 3
TIER 4
Gap
Gap
Gap
Gap
Gap
Gap
Gap
AUTHN AUTHZ LOG AC CRYPTO
TIER 1
TIER 2A
TIER 2B
TIER 3
TIER 4
TIER 2B
TIER 3
TIER 4
+
Data Asset A on Tier 3
Authentication
Authorization
Logging
&
Monito
ring
Access
Control
Cryptography
Network Layer
Application Layer
Data Layer
OS Layer
Gap Profile
Min Max
Control Gap
Optimal
Current
Does not satisfy
Partially satisfies
Satisfies
Tier 1 Tier 2 Tier 3 Tier 4
100%
MUST
Uptime
(24/7)
Mission Critical (2A)
Business Critical (2B)
Desirable Discretionary
3. Page 3
Author: Vikram Andem
RSA® Conference 2015 : Trusted Computing Group
NW
App
Data
OS
T2b T3 T4
T2a
T1
IT Asset B
NW
App
Data
OS
T2b T3 T4
T2a
T1
IT Asset C
NW
App
Data
OS
T2b T3 T4
T2a
T1
IT Asset A
Authentication Logging & Monitor
Cryptography
Authorization
Access Control
NW
App
Data
OS
T2b T3 T4
T2a
T1
IT Asset E
NW
App
Data
OS
T2b T3 T4
T2a
T1
IT Asset D
Visual representation of
IT Security gaps at a time
snap during routine IT
Security Administration
4. Page 4
Author: Vikram Andem
RSA® Conference 2015 : Trusted Computing Group
=
+
Low
Risks
Medium Risks
High Risks
2nd
1st
4th
... nth
...
3rd
5th
6th
Ideal scenario if all gaps and findings are satisfied