hello gavin dennis information security consultant
play

! Hello! Gavin Dennis Information Security Consultant Symptai - PowerPoint PPT Presentation

Jul 07, 2023 •170 likes •406 views

Cyber-Attack and Security: PUTTING THE AUDIT COMMITTEE ON HIGH ALERT ! Hello! Gavin Dennis Information Security Consultant Symptai Consulting Ltd. & OpenWave Information Security Ltd. LETS FOCUS ON 1 EVERYONE IS IMPORTANT IN

  1. Cyber-Attack and Security: PUTTING THE AUDIT COMMITTEE ON HIGH ALERT !

  2. Hello! Gavin Dennis Information Security Consultant Symptai Consulting Ltd. & OpenWave Information Security Ltd.

  3. LET’S FOCUS ON… 1 EVERYONE IS IMPORTANT IN SECURITY 2 MAKE OR BUY, WHICH IS MORE FEASIBLE 3 EMPHASIZE BUSINESS IMPACT AND VALUE

  4. 2016 INTERNATIONAL STATISTICS THREAT DATA COMPROMISED ACTORS 239 21,239 = 58 = 1% WERE INCIDENTS INCIDENTS OF ATTACKS 41% 62% INVOLVED CONFIRMED TARGETED PER DAY ARE EXTERNAL PERSONAL BREACHES PUBLIC SUCCESSFUL PARTIES SERVICES 41% SECRETS 14% CREDENTIALS Source: Verizon DBIR 2017 9% MEDICAL

  5. 2016 LOCAL INCIDENT STATISTICS Senior Advisor in the Ministry of Science, Energy and Technology, Trevor Forrest “The country lost US $100M ( J$12.8B ) due to cyber criminal activity” “…more than 230,000 threats were detected in the space of a month.” SOURCE: JIS (http://jis.gov.jm/everyone-risk- cybercrime) 230K x 12 months = 2.76M INCIDENTS p/yr Published: October 12, 2017 1% of 2.76M = 27.6K BREACHES PER DAY

  6. EXAMPLE – YAHOO – 1 BILLION Source: THE HACKER USERS NEWS

  7. EXAMPLE – EQUIFAX - 143M PII DATA Source: http://www.fox5dc.com EQUIFAX IS A CONSUMER CREDIT REPORTING AGENCY

  8. CORE AREAS ANALYSED IN DBIR 2017 PUBLIC ADMINISTRATION WAS A TOP VICTIM IN 7 OF 8 MAIN CATEGORIES Web Crimeware Cyber Denial Application Espionage of Attacks Service Insider and Miscellaneous Payment Card Physical Privilege Errors Skimmers Theft and Misuse Loss

  9. TRUE STORY

  10. 6 - 1 - PLAN REPEAT AUDIT PROCES 5 - 2 - CLOSE EXECUTE S 4 - FOLLOW- 3 - UP REPORT

  11. 1 PLAN

  12. EMPOWER YOUR TEAM!

  13. 2 EXECUTE

  14. IT being uncooperative 1 Source: THE HACKER NEWS 2 IT pressed for resources Security not treated with 3 priority

  15. AUDITS TO CONSIDER Security Baseline Patch Audit Identifies missing patches Assessments e.g. ISO 27K Password Audit Configuration Audit Tests for weak Checks for weak passwords. configurations

  16. 3 REPORT

  17. MEASURE AUDITEES’ MATURITY LEVEL 5 - OPTIMIZE 1 - INITIAL 3 - DEFINED 2 - 4 - MANAGED REPEATABLE

  18. 4 FOLLOW- UP

  19. 5 CLOSE

  20. 6 REPEAT

  21. Q&A! EXPRESS YOURSELF

  22. Thank You wholeheartedly ! Now go forth and be great!

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Information Security in a Wireless World Dennis D. Steinauer Computer Security Division

Information Security in a Wireless World Dennis D. Steinauer Computer Security Division

Information Security in a Wireless World Dennis D. Steinauer Computer Security Division Information Technology Laboratory National Institute of Standards and Technology Gaithersburg, MD Information Security in a Wireless World Basic

554 views • 30 slides
IOT SECURITY ONGOING CHALLENGES Selvana Naiken Gopalla Information Security Consultant

IOT SECURITY ONGOING CHALLENGES Selvana Naiken Gopalla Information Security Consultant

IOT SECURITY ONGOING CHALLENGES Selvana Naiken Gopalla Information Security Consultant CERT-MU | National Computer Board OUTLINE The Internet of Insecure Things New Devices, New Security Challenges IOT Specific Security Issues

301 views • 27 slides
Export to RCE Adam Greenhill SecurityCompass Who am I? Senior Consultant @ Security

Export to RCE Adam Greenhill SecurityCompass Who am I? Senior Consultant @ Security

Export to RCE Adam Greenhill SecurityCompass Who am I? Senior Consultant @ Security Compass OSCP Graduated Sheridan Colleges Honours Bachelor of Applied Information Sciences (Information Systems Security) Fun fact:

605 views • 42 slides
Who am I? Valentinas Bakaitis Security consultant at Aura Information Security

Who am I? Valentinas Bakaitis Security consultant at Aura Information Security

Who am I? Valentinas Bakaitis Security consultant at Aura Information Security @vbakaitis on twitter What is XSS? User Supplied Text: <script>alert(xss);</ script> Image with user supplied title <img

435 views • 18 slides
Analysis of Security Protocols Gavin Lowe Analysis of Security Protocols 02 Overview Brief

Analysis of Security Protocols Gavin Lowe Analysis of Security Protocols 02 Overview Brief

Analysis of Security Protocols 01 Analysis of Security Protocols Gavin Lowe Analysis of Security Protocols 02 Overview Brief introduction to security protocols; Model checking of security protocols, particularly using the process

1.28k views • 110 slides
Security 101 Definition of Information Security Information security is the protection of

Security 101 Definition of Information Security Information security is the protection of

Computing Services Information Security Office Security 101 Definition of Information Security Information security is the protection of information and systems from unauthorized access, disclosure, modification, destruction or disruption. The

469 views • 22 slides
Food Security Task Force Governance Sunshine Ordinance & Bylaws April 3, 2019 GAVIN

Food Security Task Force Governance Sunshine Ordinance & Bylaws April 3, 2019 GAVIN

Food Security Task Force Governance Sunshine Ordinance & Bylaws April 3, 2019 GAVIN MORROW-HALL, COLLECTIVE IMPACT COORDINATOR PAULA JONES, DIRECTOR OF FOOD SECURITY 1 Overview 1. Policies Governing Food Security Task Force Ralph M.

469 views • 20 slides
Research Methods. By Dennis Ondrejka, PhD, RN, CNS Consultant and Educator White Paper available

Research Methods. By Dennis Ondrejka, PhD, RN, CNS Consultant and Educator White Paper available

A Review of Hierarchy of Research Models Identifies a Distortion of Research Methods. By Dennis Ondrejka, PhD, RN, CNS Consultant and Educator White Paper available on complete study: dondrejka7117@gmail.com Study Methodology This was a

512 views • 16 slides
@ ChrisJohnRiley > whoami IT Security Analyst / Security Consultant Raiffeisen

@ ChrisJohnRiley > whoami IT Security Analyst / Security Consultant Raiffeisen

@ ChrisJohnRiley > whoami IT Security Analyst / Security Consultant Raiffeisen Informatik GmbH R-IT CERT Team Regular conference speaker DEF CON | Bsides | Hashdays | SecZone blog http://blog.c22.cc Abject

2.84k views • 195 slides
Key-Dependent Message Security in the Standard Model Dennis Hofheinz (CWI, Amsterdam) What and

Key-Dependent Message Security in the Standard Model Dennis Hofheinz (CWI, Amsterdam) What and

Key-Dependent Message Security in the Standard Model Dennis Hofheinz (CWI, Amsterdam) What and why? Key-dependent message (KDM) security As IND, but with special encryption oracle Real game: O(F) = ENC SK ( F(SK) ) Random

272 views • 4 slides
One Resilience Noel L.J. Miranda, Bio-security/Bio-threats Preparedness Consultant ARF

One Resilience Noel L.J. Miranda, Bio-security/Bio-threats Preparedness Consultant ARF

Bio-security and -preparedness within One Resilience Noel L.J. Miranda, Bio-security/Bio-threats Preparedness Consultant ARF CROSS-SECTORAL SECURITY COOPERATION ON BIO-PREPAREDNESS AND DISASTER RESPONSE WORKSHOP 26-28 August 2014, Makati City,

446 views • 19 slides
Dell Security Overview Eddie Chan Security Solution Consultant Dell Security Solutions Dell |

Dell Security Overview Eddie Chan Security Solution Consultant Dell Security Solutions Dell |

Dell Security Overview Eddie Chan Security Solution Consultant Dell Security Solutions Dell | Hong Kong & Taiwan Agenda Session One 2016 Threat Report Update Session Two SonicWALL C APT URE Advanced Threat Protection Service

746 views • 63 slides
WiFi Social Engineering BIO Gabriel Mathenge Security enthusiast Security consultant at

WiFi Social Engineering BIO Gabriel Mathenge Security enthusiast Security consultant at

WiFi Social Engineering BIO Gabriel Mathenge Security enthusiast Security consultant at Ernst and Young (EY) Penetration testing and red teaming T: https://twitter.com/_V1VI E: gabriel@thevivi.net QUESTIONS Stop me whenever youre

891 views • 42 slides
Jaki VPN wybra w 2015? Piotr Matusiak Security Consultant, Cisco AS Education CCIE #19860,

Jaki VPN wybra w 2015? Piotr Matusiak Security Consultant, Cisco AS Education CCIE #19860,

Jaki VPN wybra w 2015? Piotr Matusiak Security Consultant, Cisco AS Education CCIE #19860, CCDE 2015::1, C|EH, SFCE Your Presenter Visit us: http://www.cisco.com/go/ase Piotr Matusiak Security Cyber Security (SCYBER) Security Consultant

1.11k views • 92 slides
Serverless security: attack & defense www.securing.pl #whoami Senior Security Consultant in

Serverless security: attack & defense www.securing.pl #whoami Senior Security Consultant in

www.securing.pl Pawel Rzepa Serverless security: attack & defense www.securing.pl #whoami Senior Security Consultant in - Pentesting - Cloud security assessment Blog: https://medium.com/@rzepsky @Rzepsky

1.1k views • 63 slides
Privacy Enhancing Technologies 2003 An Analysis of GNUnet and the Implications for Anonymous,

Privacy Enhancing Technologies 2003 An Analysis of GNUnet and the Implications for Anonymous,

Privacy Enhancing Technologies 2003 An Analysis of GNUnet and the Implications for Anonymous, Censorship-Resistant Networks Dennis Kgler Federal Office for Information Security, Germany Dennis.Kuegler@bsi.bund.de 1 Anonymous,

488 views • 16 slides
Enterprise Security with Expanded Network Boundaries Dr. Zhijun (William) Zhang Lead Security

Enterprise Security with Expanded Network Boundaries Dr. Zhijun (William) Zhang Lead Security

Enterprise Security with Expanded Network Boundaries Dr. Zhijun (William) Zhang Lead Security Architect at The World Bank Group Data Breaches in the News Large-scale breaches are now a regular occurrence across industry and geography

221 views • 18 slides
T ARGET : YOU! Theyre hacking us, the employees. LinkedIn: A reconnaissance map to . .

T ARGET : YOU! Theyre hacking us, the employees. LinkedIn: A reconnaissance map to . .

Y U: T HE T ARGET Kurt Willey Beth Tinsman T ARGET : YOU! Theyre hacking us, the employees. LinkedIn: A reconnaissance map to . . . company hierarchies. Email: a way to inject a virus inside the organizaGon network, bypassing the

588 views • 32 slides
Everyones a Target Criminals are Always Two Steps Ahead 90% of all cybercrime costs are

Everyones a Target Criminals are Always Two Steps Ahead 90% of all cybercrime costs are

Hackers are Equal Opportunity Businessmen: Everyones a Target Criminals are Always Two Steps Ahead 90% of all cybercrime costs are caused by web attacks, malicious code and malicious insiders. Kaspersky 60% of enterprises said

449 views • 13 slides
INCH Extensions for Phishing Pat Cain pcain@coopercain.com Draft-ietf-inch-phishingextns-01

INCH Extensions for Phishing Pat Cain pcain@coopercain.com Draft-ietf-inch-phishingextns-01

INCH Extensions for Phishing Pat Cain pcain@coopercain.com Draft-ietf-inch-phishingextns-01 WG accepted doc in Minnesota Draft -00 came out early June -01 came out early July -02 should come out mid-August Mods from jevans-00

206 views • 7 slides
Global Phishing Survey 2H2009 Greg Aaron Rod Rasmussen Released May 11, 2010

Global Phishing Survey 2H2009 Greg Aaron Rod Rasmussen Released May 11, 2010

Global Phishing Survey 2H2009 Greg Aaron Rod Rasmussen Released May 11, 2010 http://apwg.org/reports/APWG_GlobalPhishingSurvey_2H2009.pdf Goals Study domain names and URLs to: Provide a consistent benchmark for scope of phishing problems

232 views • 22 slides
Analyst Day Follow us on Twitter: @TrygIR 19 June 2017 Agenda Introduction: Morten Hbbe, CEO

Analyst Day Follow us on Twitter: @TrygIR 19 June 2017 Agenda Introduction: Morten Hbbe, CEO

Analyst Day Follow us on Twitter: @TrygIR 19 June 2017 Agenda Introduction: Morten Hbbe, CEO Recent financial development: Christian Baltzer, CFO Cyber insurance: Ulrik Andersson, Special Risk Director Innovation/The Camp: Lars Bonde, COO

742 views • 61 slides
Cybersecurity Update Its More Than Technology People: Your First Line of Defense Incident

Cybersecurity Update Its More Than Technology People: Your First Line of Defense Incident

Cybersecurity Update Its More Than Technology People: Your First Line of Defense Incident Response Overview Types of data in your environment and why it is important. Trending threats. Minimizing risks through layers of defense:

486 views • 30 slides
Napolon Bonaparte Napolon was born in 1769 in Corsica. His family was not rich, but Napolon

Napolon Bonaparte Napolon was born in 1769 in Corsica. His family was not rich, but Napolon

Napolon Bonaparte Napolon was born in 1769 in Corsica. His family was not rich, but Napolon was talented and won a scholarship to a famous military school. Napoleon's father, Carlo Buonaparte, was Corsica's representative to the court of

185 views • 4 slides

More recommend