! Hello! Gavin Dennis Information Security Consultant Symptai - - PowerPoint PPT Presentation

hello gavin dennis information security consultant
SMART_READER_LITE
LIVE PREVIEW

! Hello! Gavin Dennis Information Security Consultant Symptai - - PowerPoint PPT Presentation

Jul 07, 2023 170 likes •407 views

Cyber-Attack and Security: PUTTING THE AUDIT COMMITTEE ON HIGH ALERT ! Hello! Gavin Dennis Information Security Consultant Symptai Consulting Ltd. & OpenWave Information Security Ltd. LETS FOCUS ON 1 EVERYONE IS IMPORTANT IN

slide-1
SLIDE 1

Cyber-Attack and Security:

PUTTING THE AUDIT COMMITTEE ON HIGH ALERT

!

slide-2
SLIDE 2

Hello!

Gavin Dennis Information Security Consultant Symptai Consulting Ltd. & OpenWave Information Security Ltd.

slide-3
SLIDE 3

LET’S FOCUS ON…

EVERYONE IS IMPORTANT IN SECURITY

1 2 3

MAKE OR BUY, WHICH IS MORE FEASIBLE EMPHASIZE BUSINESS IMPACT AND VALUE

slide-4
SLIDE 4

2016 INTERNATIONAL STATISTICS

THREAT ACTORS 62% INVOLVED EXTERNAL PARTIES

DATA COMPROMISED

41% PERSONAL 41% SECRETS 14% CREDENTIALS 9% MEDICAL

Source: Verizon DBIR 2017

21,239

INCIDENTS TARGETED PUBLIC SERVICES

239

WERE CONFIRMED BREACHES

= 58

INCIDENTS PER DAY

= 1%

OF ATTACKS ARE SUCCESSFUL

slide-5
SLIDE 5

SOURCE: JIS (http://jis.gov.jm/everyone-risk- cybercrime) Published: October 12, 2017

Senior Advisor in the Ministry of Science, Energy and Technology, Trevor Forrest “The country lost US$100M (J$12.8B) due to cyber criminal activity” “…more than 230,000 threats were detected in the space of a month.” 230K x 12 months = 2.76M INCIDENTS p/yr

2016 LOCAL INCIDENT STATISTICS

1% of 2.76M = 27.6K BREACHES PER DAY

slide-6
SLIDE 6

EXAMPLE – YAHOO – 1 BILLION USERS

Source: THE HACKER NEWS

slide-7
SLIDE 7

EXAMPLE – EQUIFAX - 143M PII DATA

Source: http://www.fox5dc.com

EQUIFAX IS A CONSUMER CREDIT REPORTING AGENCY

slide-8
SLIDE 8

CORE AREAS ANALYSED IN DBIR 2017

Web Application Attacks Cyber Espionage Miscellaneous Errors Denial

  • f

Service Crimeware Insider and Privilege Misuse Payment Card Skimmers Physical Theft and Loss

PUBLIC ADMINISTRATION WAS A TOP VICTIM IN 7 OF 8 MAIN CATEGORIES

slide-9
SLIDE 9

TRUE STORY

slide-10
SLIDE 10

5 - CLOSE 6 - REPEAT 3 - REPORT 1 - PLAN 2 - EXECUTE 4 - FOLLOW- UP

AUDIT PROCES S

slide-11
SLIDE 11

1

PLAN

slide-12
SLIDE 12

EMPOWER YOUR TEAM!

slide-13
SLIDE 13

2

EXECUTE

slide-14
SLIDE 14

Source: THE HACKER NEWS

IT pressed for resources

2

Security not treated with priority

3

IT being uncooperative

1

slide-15
SLIDE 15

Security Baseline Assessments

e.g. ISO 27K

Configuration Audit

Checks for weak configurations

Patch Audit

Identifies missing patches

Password Audit

Tests for weak passwords.

AUDITS TO CONSIDER

slide-16
SLIDE 16

3

REPORT

slide-17
SLIDE 17

MEASURE AUDITEES’ MATURITY LEVEL

1 - INITIAL

2 - REPEATABLE 3 - DEFINED 4 - MANAGED 5 - OPTIMIZE

slide-18
SLIDE 18

4

FOLLOW- UP

slide-19
SLIDE 19

5

CLOSE

slide-20
SLIDE 20

6

REPEAT

slide-21
SLIDE 21

Q&A! EXPRESS YOURSELF

slide-22
SLIDE 22

Thank You wholeheartedly ! Now go forth and be great!