federal information systems security education association
play

Federal Information Systems Security Education Association Spear - PowerPoint PPT Presentation

Oct 22, 2023 •340 likes •434 views

Federal Information Systems Security Education Association Spear Phishing Agenda Definition of spear phishing Why is spear phishing so valuable to attackers Spear phishing defenses / countermeasures Training concepts and delivery

  1. Federal Information Systems Security Education Association Spear Phishing

  2. Agenda  Definition of spear phishing  Why is spear phishing so valuable to attackers  Spear phishing defenses / countermeasures  Training concepts and delivery Secure Solutions from Security Professionals 2 For Official Use Only

  3. Spear Phishing, What is it?  A type of phishing attack  Uses email messages to trick users to clicking a link, downloading a file, entering data, etc.  Malware may be downloaded / executed to hijack the user’s computer  May appear to come from a trusted source (e.g., colleague, supervisor, employer, vendor, etc.)  More targeted than phishing, not random  Attacker is targeting you and your organization’s data Secure Solutions from Security Professionals 3 For Official Use Only

  4. Spear Phishing, Why?  Bypasses many network perimeter security controls – targets the human  Provides access to the user’s computer and thereby the organization’s internal network and data  Often made easier with information about users often available online facilitating attack  E.g., Social Media Secure Solutions from Security Professionals 4 For Official Use Only

  5. Spear Phishing, Defenses  System / network IT security controls  Spam filters  Antivirus  Content filtering  Digital signatures  User / personnel training Secure Solutions from Security Professionals 5 For Official Use Only

  6. Spear Phishing, Training  Training concepts  Social media  Knowing which emails to trust / validate source  Don’t click URL’s, download files from emails  Pay attention to grammar, greeting, look and feel of the email – identify suspicious emails  Confirm via telephone call, reporting  Training delivery methods  Part of user awareness/onboarding and annual security awareness training (e.g., web based)  Exercises online  Commercial services to perform testing. Provides user training (e.g., this was a test), and provide metrics Secure Solutions from Security Professionals 6 For Official Use Only

  7. Conclusion  Spear Phishing is real and has led to numerous compromises  Commonly used vector, bypasses perimeter defenses, access to internal networks and data  Training the user is essential ! Secure Solutions from Security Professionals 7 For Official Use Only

  8. Questions Secure Solutions from Security Professionals 8 For Official Use Only

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Use of Slogans, Images, and Characters in Federal Information Systems Security Education Neil E.

Use of Slogans, Images, and Characters in Federal Information Systems Security Education Neil E.

Use of Slogans, Images, and Characters in Federal Information Systems Security Education Neil E. Grunberg, Ph.D. Professor of Medical & Clinical Psychology and Neuroscience Uniformed Services University of the Health Sciences Bethesda, MD March

305 views • 19 slides
Karen S. Urban, CISSP Federal Information Systems Security Educators Association (FISSEA) 27th

Karen S. Urban, CISSP Federal Information Systems Security Educators Association (FISSEA) 27th

Karen S. Urban, CISSP Federal Information Systems Security Educators Association (FISSEA) 27th Annual Conference | March 18, 2014 Evolving Technology Personnel expect greater mobility, connectivity, and networking capabilities As a

502 views • 23 slides
NIST Special Publication 800-137 Information Security Continuous Monitoring for Federal

NIST Special Publication 800-137 Information Security Continuous Monitoring for Federal

NIST Special Publication 800-137 Information Security Continuous Monitoring for Federal Information Systems and Organizations FISSEA 27 th Annual Conference Partners in Performance: Shaping the Future of Cybersecurity Awareness, Education, and

353 views • 31 slides
information security and cybercrime; To grant awards, scholarships or sponsorships to people

information security and cybercrime; To grant awards, scholarships or sponsorships to people

RAISA Romanian Association for Information Security Assurance is a profes - sional, non-governmental, non-partisan political, nonprofit and public benefit association. PURPOSE The aim of Romanian Association for Information Security Assurance

84 views • 6 slides
Build ing a Cy b er Security Ta lent Pip eline Federal Information System Security Educators

Build ing a Cy b er Security Ta lent Pip eline Federal Information System Security Educators

Build ing a Cy b er Security Ta lent Pip eline Federal Information System Security Educators Association March 16, 2011 The Partnership for Public Service The Partnership for Public Service is a nonprofit, nonpartisan organization that

457 views • 18 slides
INFORMATION SECURITY AWARENESS Information Security Education & Awareness Team C-DAC

INFORMATION SECURITY AWARENESS Information Security Education & Awareness Team C-DAC

Leading a Secured Digital Life. INFORMATION SECURITY AWARENESS Information Security Education & Awareness Team C-DAC Hyderabad keeping yourself and your family safe in a tech driven world Ministry of Electronics & Information

510 views • 11 slides
INFORMATION SECURITY AWARENESS Information Security Education & Awareness Team C-DAC

INFORMATION SECURITY AWARENESS Information Security Education & Awareness Team C-DAC

Leading a Secured Digital Life. INFORMATION SECURITY AWARENESS Information Security Education & Awareness Team C-DAC Hyderabad keeping yourself and your family safe in a tech driven world Toll Free No : 1800 425 6235 Ministry of

460 views • 8 slides
INFORMATION SECURITY AWARENESS Information Security Education & Awareness Team C-DAC

INFORMATION SECURITY AWARENESS Information Security Education & Awareness Team C-DAC

Leading a Secured Digital Life. INFORMATION SECURITY AWARENESS Information Security Education & Awareness Team C-DAC Hyderabad keeping yourself and your family safe in a tech driven world Toll Free No : 1800 425 6235 Ministry of

291 views • 10 slides
Security 101 Definition of Information Security Information security is the protection of

Security 101 Definition of Information Security Information security is the protection of

Computing Services Information Security Office Security 101 Definition of Information Security Information security is the protection of information and systems from unauthorized access, disclosure, modification, destruction or disruption. The

469 views • 22 slides
INFORMATION SECURITY AWARENESS Information Security Education & Awareness Team C-DAC

INFORMATION SECURITY AWARENESS Information Security Education & Awareness Team C-DAC

Leading a Secured Digital Life. INFORMATION SECURITY AWARENESS Information Security Education & Awareness Team C-DAC Hyderabad keeping yourself and your family safe in a tech driven world Free No : 1 1800 0 425 6 6235 Toll F

264 views • 24 slides
INFORMATION SECURITY AWARENESS Information Security Education & Awareness Team C-DAC

INFORMATION SECURITY AWARENESS Information Security Education & Awareness Team C-DAC

Leading a Secured Digital Life. INFORMATION SECURITY AWARENESS Information Security Education & Awareness Team C-DAC Hyderabad keeping yourself and your family safe in a tech driven world Free No : 1 1800 0 425 6 6235 Toll F

357 views • 12 slides
National Association of Federal Education Program Administrators (NAFEPA) March 2016 Washington,

National Association of Federal Education Program Administrators (NAFEPA) March 2016 Washington,

National Association of Federal Education Program Administrators (NAFEPA) March 2016 Washington, DC Title I Equitable Services Overview Isadora Binder, Office of Non-Public Education Michael Anderson, Office of General Counsel Todd

447 views • 40 slides
National Cybersecurity Workforce Framework Benjamin Scribner Department of Homeland Security

National Cybersecurity Workforce Framework Benjamin Scribner Department of Homeland Security

Federal Information Systems Security Educators March 19, 2014 National Cybersecurity Workforce Framework Benjamin Scribner Department of Homeland Security (DHS) National Cybersecurity Education & Awareness Branch (CE&A) T HE CYBER THREAT

315 views • 13 slides
SP 800-16 Rev 1 (3 rd Draft) A Role-Based Model for Federal Information Technology/Cyber Security

SP 800-16 Rev 1 (3 rd Draft) A Role-Based Model for Federal Information Technology/Cyber Security

SP 800-16 Rev 1 (3 rd Draft) A Role-Based Model for Federal Information Technology/Cyber Security Training FISSEA Conference March 19, 2014 Pat Toth Penny Klein Computer Security Division Systegra Information Technology Laboratory NATIONAL

750 views • 40 slides
Information Security Collaboration Tom Dugas, Director of Information Security @ Duquesne

Information Security Collaboration Tom Dugas, Director of Information Security @ Duquesne

Information Security Collaboration Tom Dugas, Director of Information Security @ Duquesne University Maureen Bertocci, Director of Information Security @ Robert Morris University What is C-CUE C-CUE is a Western-PA regional association of

433 views • 11 slides
INFORMATION MANAGEMENT AND SECURITY FOR FEDERAL CONTRACTORS ( CYBER SECURITY SERIES PART 1 OF 5)

INFORMATION MANAGEMENT AND SECURITY FOR FEDERAL CONTRACTORS ( CYBER SECURITY SERIES PART 1 OF 5)

INFORMATION MANAGEMENT AND SECURITY FOR FEDERAL CONTRACTORS ( CYBER SECURITY SERIES PART 1 OF 5) ACQUISITION HOUR WEBINAR September 24, 2019 9/24/2019 WEBINAR ETIQUETTE PLEASE Log into the GoToMeeting session with the name that you

862 views • 71 slides
Memory corruption: Why we cant have nice things Mathias Payer (@gannimo)

Memory corruption: Why we cant have nice things Mathias Payer (@gannimo)

Memory corruption: Why we cant have nice things Mathias Payer (@gannimo) http://hexhive.github.io Software is unsafe and insecure Low-level languages (C/C++) trade type safety and memory safety for performance Programmer responsible

602 views • 39 slides
Website Fingerprinting Defenses at the Application Layer Giovanni Cherubin 1 Jamie Hayes 2 Marc

Website Fingerprinting Defenses at the Application Layer Giovanni Cherubin 1 Jamie Hayes 2 Marc

Website Fingerprinting Defenses at the Application Layer Giovanni Cherubin 1 Jamie Hayes 2 Marc Juarez 3 1 Royal Holloway University of London 2 University College London 3 KU Leuven, ESAT/COSIC and imec (to appear in PoPETS 2017) Talk in the

532 views • 20 slides
EPOXY: Shielding Bare-Metal Embedded Systems Mathias Payer (@gannimo), Purdue University Jointly

EPOXY: Shielding Bare-Metal Embedded Systems Mathias Payer (@gannimo), Purdue University Jointly

EPOXY: Shielding Bare-Metal Embedded Systems Mathias Payer (@gannimo), Purdue University Jointly with Abraham Clements and Saurabh Bagchi http://hexhive.github.io 1 Bugs are everywhere? https://en.wikipedia.org/wiki/Pwn2Own 2 Trends in

769 views • 39 slides
The Rising Tide of Terrorism- Related Civil Litigation What the Justice Against Sponsors of

The Rising Tide of Terrorism- Related Civil Litigation What the Justice Against Sponsors of

The Rising Tide of Terrorism- Related Civil Litigation What the Justice Against Sponsors of Terrorism Act (JASTA) may mean for your company. Daniel L. Stein Charles S. Hallab Alex C. Lakatos Partner Partner Partner +1 212 506 2646

453 views • 20 slides
Litigation, Regulation, & Reform Track B: The Defense Perspective George Talarico, Esq.

Litigation, Regulation, & Reform Track B: The Defense Perspective George Talarico, Esq.

Responding to the Opioid Crisis: Litigation, Regulation, & Reform Track B: The Defense Perspective George Talarico, Esq. Partner (973) 643-5566 | gtalarico@sillscummis.com One Riverfront Plaza Newark, NJ 07102 Giovanni Ciavarra, PhD

973 views • 44 slides
DUTY OF DISCLOSURE AND INEQUITABLE CONDUCT RAISED AS AN AFFIRMATIVE DEFENSE Abraham J. Rosner and

DUTY OF DISCLOSURE AND INEQUITABLE CONDUCT RAISED AS AN AFFIRMATIVE DEFENSE Abraham J. Rosner and

DUTY OF DISCLOSURE AND INEQUITABLE CONDUCT RAISED AS AN AFFIRMATIVE DEFENSE Abraham J. Rosner and Grant Shackelford Sughrue Mion, PLLC In addition to the defenses of non-infringement and invalidity, an alleged infringer may also raise

413 views • 40 slides
Defending Critical Assets with Deception Contact Us: https://www.illusivenetworks.com/contact

Defending Critical Assets with Deception Contact Us: https://www.illusivenetworks.com/contact

Defending Critical Assets with Deception Contact Us: https://www.illusivenetworks.com/contact sales@illusivenetworks.com Appearanes can be deceiving Confidential Confidential Who am I A Sr. Solutions Architect for Illusive Networks

392 views • 21 slides
NETWORK MONITORING AND DECEPTIVE DEFENSES Michael Collins, RedJack mpcollins@redjack.com Brian

NETWORK MONITORING AND DECEPTIVE DEFENSES Michael Collins, RedJack mpcollins@redjack.com Brian

NETWORK MONITORING AND DECEPTIVE DEFENSES Michael Collins, RedJack mpcollins@redjack.com Brian Satira, Noblis Brian.satira@noblis.org INTRODUCTION 2 INTRODUCTION Statement of problem Experimental System Model of Attack

379 views • 25 slides

More recommend