people the last line of defence in cybersecurity
play

People the last line of defence in cybersecurity? Cristian-Mihai - PowerPoint PPT Presentation

Jan 28, 2023 •99 likes •295 views

People the last line of defence in cybersecurity? Cristian-Mihai Amarandei, B.Eng. (Hons), PhD cristian.amarandei@tuiasi.ro People the fjrst line of defence in cybersecurity? Cristian-Mihai Amarandei, B.Eng. (Hons), PhD

  1. People – the last line of defence in cybersecurity? Cristian-Mihai Amarandei, B.Eng. (Hons), PhD cristian.amarandei@tuiasi.ro

  2. People – the fjrst line of defence in cybersecurity? Cristian-Mihai Amarandei, B.Eng. (Hons), PhD cristian.amarandei@tuiasi.ro

  3. Motivation to break into systems ● Industrial espionage ● Financial gain ● Revenge ( disgruntled actual/former employees) ● Status ● ...

  4. Threats to Network Security ● Hackers ● Disgruntled employees ● Organizations: suported by some governements as spying technique, organized crime, terorrists ● Virues, trojan program, malware ... ● Social engineering: - the people factor ● ...

  5. Verizon 2016 Data Breach Investigations Report

  6. What can we secure? ● The network ● Block potential attackers and known means of attack ● secure connectivity with trusted users ● Activities that require secure connectivity ● Remote access to the internal network ● Access to applications and services (e-mail, web …)

  7. Social Engineering: the people factor ● Attackers can try to gain access through users ● Employees can be tricked to provide data access to resources ● Protect the end-user ● Organizations need a security policy and rigorous training program

  8. how ? ● Security Policies / Usage guidelines ● Purchase of specialized equipment and software ● Educate the end-user !!

  9. Spam detected in e-mails 40000 35000 30000 25000 20000 Mail Virus Spam 15000 10000 5000 0 01/10/17 02/10/17 03/10/17 04/10/17 05/10/17 06/10/17 07/10/17 08/10/17 09/10/17 10/10/17 11/10/17 12/10/17 13/10/17 14/10/17 15/10/17 16/10/17 17/10/17 18/10/17 19/10/17 20/10/17 21/10/17 22/10/17 23/10/17 24/10/17 25/10/17 26/10/17 27/10/17 28/10/17 29/10/17 30/10/17 31/10/17

  10. Some more details …. 100 90 80 70 60 50 Virus% Spam% 40 30 20 10 0 01/10/17 02/10/17 03/10/17 04/10/17 05/10/17 06/10/17 07/10/17 08/10/17 09/10/17 10/10/17 11/10/17 12/10/17 13/10/17 14/10/17 15/10/17 16/10/17 17/10/17 18/10/17 19/10/17 20/10/17 21/10/17 22/10/17 23/10/17 24/10/17 25/10/17 26/10/17 27/10/17 28/10/17 29/10/17 30/10/17 31/10/17 ● Total number of messages – 624,022 ● Detected spam 452,163 – 72,5%

  11. after spam detection and delivery of messages .. ● How many of the messages detected as spam contained possible attack vectors? ● How many of the messages that passed the detection system had potential attack vectors? − Where and from what devices have messages been read? − What did the user do?

  12. Security policy ● Is necessary if ● employees work with confjdential information ● data loss could result in severe financial loss ● organization has trade secrets ● the internet is used daily ● organization is subject to regulation for information security and privacy ( GDPR !)

  13. Security Policy ● Gives users guidelines on how to handle sensitive information ● Gives IT stafg instructions on what defensive systems to confjgure ● Reduces the risk of legal liability ● A good security policy is comprehensive and also fmexible ● Is a group of documents instead of a single document

  14. Security policy ● too complex – no one will follow ● fails if afgects productivity ● should state clearly what can and cannot be done in the organization network or on equipment and property ● must include generalized clauses ● people need to know why the security policy is importat ● and specifjc consequences for violating the policy !!

  15. Security policy ● must involve representatives of all departments ● needs support from the highest level of the company management ● employees must sign a document acknowledging the policy and agreement to abide by it ● updated with current technologies and consistent with applicable laws

  16. How do we know if the policies are well done? ● International standards and guidelines are available ● ISO/IEC 27002:2013 ● Payment Card Industry Data Security Standard (PCI DSS) - https://www.pcisecuritystandards.org ● National Institute of Standards and Technology (NIST) Cybersecurity Framework - https://www.nist.gov/cyberframework ● IASME - https://www.iasme.co.uk/

  17. What about the end-user? ● All employees / users must be educated about security dangers and security policies ● rigorous training program !! ● Employees are most likely to detect security breaches ● or then cay cause one ( accidentally !?) ● they can observe suspicious activities ● Enforcing the security policy !!

  18. People – the first or the last line of defence?

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Cybersecurity Update Its More Than Technology People: Your First Line of Defense Incident

Cybersecurity Update Its More Than Technology People: Your First Line of Defense Incident

Cybersecurity Update Its More Than Technology People: Your First Line of Defense Incident Response Overview Types of data in your environment and why it is important. Trending threats. Minimizing risks through layers of defense:

486 views • 30 slides
New Defence Perspective New Defence Perspective New Defence Perspective New Defence Perspective

New Defence Perspective New Defence Perspective New Defence Perspective New Defence Perspective

New Defence Perspective New Defence Perspective New Defence Perspective New Defence Perspective Innovative technology, knowledge, problem solving are critical for Canada and its allies to mitigate new threats, stay ahead of potential

469 views • 18 slides
Internet and CyberSecurity 101 U.S. National Cybersecurity, 10/5/06 presented by: Martin Casado

Internet and CyberSecurity 101 U.S. National Cybersecurity, 10/5/06 presented by: Martin Casado

Internet and CyberSecurity 101 U.S. National Cybersecurity, 10/5/06 presented by: Martin Casado Network vs. Internet a network is a system of computers that talk over some communication medium: phone line (analogue modem, DSL), cable,

957 views • 47 slides
WELCOME Les Shearn Alliance Facilitator Defence Teaming Centre Defence Industry Liaison

WELCOME Les Shearn Alliance Facilitator Defence Teaming Centre Defence Industry Liaison

WELCOME Les Shearn Alliance Facilitator Defence Teaming Centre Defence Industry Liaison Officer - Defence SA 1 DEFENCE SA A SOUTH AUSTRALIAN GOVERNMENT AGENCY MISSION Facilitate the growth of Defence and sustainable defence industries in

457 views • 13 slides
U.S. National U.S. National Why are we talking about Cybersecurity Cybersecurity

U.S. National U.S. National Why are we talking about Cybersecurity Cybersecurity

U.S. National U.S. National Why are we talking about Cybersecurity Cybersecurity cybersecurity? William J. Perry Martin Casado Keith Coleman Dan Wendlandt MS&E 91SI Spring 2004 Stanford University U.S. National Cybersecurity

79 views • 7 slides
The Third Line of Defense in Cybersecurity Internal Audit and the University of California

The Third Line of Defense in Cybersecurity Internal Audit and the University of California

The Third Line of Defense in Cybersecurity Internal Audit and the University of California Cybersecurity Audit Team Overview 1. University of California and Internal Audit 2. Establishing the Cybersecurity Audit Team (CAT) 3. CAT

650 views • 23 slides
Presented by: Islanders Bank Cybersecurity Awareness Cybersecurity Awareness Objectives:

Presented by: Islanders Bank Cybersecurity Awareness Cybersecurity Awareness Objectives:

Presented by: Islanders Bank Cybersecurity Awareness Cybersecurity Awareness Objectives: Define Cybersecurity & why its important Provide information about Dept. Homeland Security Cybersecurity Campaigns: National

328 views • 22 slides
NHTSA and Automotive Cybersecurity Briefing to the Information Security and Privacy Advisory

NHTSA and Automotive Cybersecurity Briefing to the Information Security and Privacy Advisory

National Highway Traffic Safety Administration NHTSA and Automotive Cybersecurity Briefing to the Information Security and Privacy Advisory Board October 2015 The Need for Cybersecurity Research 32,719 people died due to motor vehicle

556 views • 17 slides
Japan: Defence and Security Strategic Aim: to be the second closest international defence

Japan: Defence and Security Strategic Aim: to be the second closest international defence

Japan: Defence and Security Strategic Aim: to be the second closest international defence equipment partner with Japan after the United States How? create a genuine two-way street of defence equipment cooperation including direct

910 views • 18 slides
ASPI-UNISYS Defence and Security Luncheon 26 May 2011 The 2011-12 Defence Budget Mark

ASPI-UNISYS Defence and Security Luncheon 26 May 2011 The 2011-12 Defence Budget Mark

ASPI-UNISYS Defence and Security Luncheon 26 May 2011 The 2011-12 Defence Budget Mark Thomson This years defence budget caused considerable alarm in some quarters. One commentator said that cuts to the defence budget announced

599 views • 13 slides
ED EDA A Defence ence Pr Procureme curement nt Ga Gate teway ED EDA Defence ence

ED EDA A Defence ence Pr Procureme curement nt Ga Gate teway ED EDA Defence ence

ED EDA A Defence ence Pr Procureme curement nt Ga Gate teway ED EDA Defence ence Procurem rocurement ent Ga Gateway EDA Defence Procurement Gateway Defence Procurement Defence Procurement Information Hub Opportunities Hub EU

325 views • 4 slides
DEFENCE PRODUCTI ON, SALES AND PROCUREMENT: I NTERNATI ONAL BEST PRACTI CES: DEFENCE I NDUSTRI

DEFENCE PRODUCTI ON, SALES AND PROCUREMENT: I NTERNATI ONAL BEST PRACTI CES: DEFENCE I NDUSTRI

DEFENCE PRODUCTI ON, SALES AND PROCUREMENT: I NTERNATI ONAL BEST PRACTI CES: DEFENCE I NDUSTRI AL COOPERATI ON W I TH FOREI GN COUNTRI ES PROFESSOR ADRI AN KENDRY FORMER NATO SENI OR DEFENCE ECONOMI ST AND ADVI SER TO THE 1 2 TH NATO SECRETARY

537 views • 31 slides
Cybersecurity A presentation to the National Association of Black Accountants Cleveland

Cybersecurity A presentation to the National Association of Black Accountants Cleveland

Cybersecurity A presentation to the National Association of Black Accountants Cleveland Chapter Contents Cybersecurity and risk management 1 Cybersecurity and the regulatory 2 environment Cybersecurity and the audit 3 4 Appendix

685 views • 37 slides
implementing solutions on skills in defence Launch of the European Defence Skills Partnership -

implementing solutions on skills in defence Launch of the European Defence Skills Partnership -

The way forward in implementing solutions on skills in defence Launch of the European Defence Skills Partnership - EDSP Brussels 19 June 2018 Elektra Tsigaridas European Commission, DG GROW ENTR F GROW i.4 Structure Defence Skills

223 views • 7 slides
Analytical support to European defence developments - the Swedish experience Tomas Eriksson

Analytical support to European defence developments - the Swedish experience Tomas Eriksson

Analytical support to European defence developments - the Swedish experience Tomas Eriksson Swedish Defence Research Agency (FOI) Division of Defence Analysis Filnamn Background: Defence-related issues within the European Union Creation

421 views • 10 slides
The Norwegian defence sectors property specialist 2016 EXPANDING DEFENCE CAPACITY EVERY DAY

The Norwegian defence sectors property specialist 2016 EXPANDING DEFENCE CAPACITY EVERY DAY

The Norwegian defence sectors property specialist 2016 EXPANDING DEFENCE CAPACITY EVERY DAY On commission from the defence sector The NDEA is a professional, public sector property operator that builds, runs and disposes of property

714 views • 42 slides
The End of Privacy? By: Andy Nguyen S Brief Background Info

The End of Privacy? By: Andy Nguyen S Brief Background Info

The End of Privacy? By: Andy Nguyen S Brief Background Info https://www.youtube.com/watch?v=N7skcSamupg Claim The government has done the US citizens a disservice by spying and collecting data without authorization. Data Monetization S

462 views • 9 slides
Broadening HSTS to secure more of the Web Ben McIlwain, software engineer at Google

Broadening HSTS to secure more of the Web Ben McIlwain, software engineer at Google

Broadening HSTS to secure more of the Web Ben McIlwain, software engineer at Google mcilwain@google.com 9C3D F6D2 3A28 F680 4ECA 927A BC21 184E FFA6 0567 Why HTTPS is important Protects users on open/public access points from

468 views • 12 slides
MENTAL HEALTH DRIVES PERFORMANCE FOR EMPLOYEES PRESENTER Lorene Lacey Lorene serves as the

MENTAL HEALTH DRIVES PERFORMANCE FOR EMPLOYEES PRESENTER Lorene Lacey Lorene serves as the

MENTAL HEALTH DRIVES PERFORMANCE FOR EMPLOYEES PRESENTER Lorene Lacey Lorene serves as the Director of Global Crisis Response for Workplace Options, overseeing global crisis support services. With more than 20 years of experience working

582 views • 33 slides
INVESTOR PRESENTATION Q1 2020 TSX: HDI www.hdidist.com Oak Retro Baltimore Dark Brown

INVESTOR PRESENTATION Q1 2020 TSX: HDI www.hdidist.com Oak Retro Baltimore Dark Brown

INVESTOR PRESENTATION Q1 2020 TSX: HDI www.hdidist.com Oak Retro Baltimore Dark Brown Crystalite Charleston Oak Rain Cloud Antique Oak Icy Mherge FORWARD LOOKING STATEMENT Certain statements contained in this presentation, including all

571 views • 17 slides
Disaster Laws topics proposed for the 31 st International Conference of the Red Cross and Red

Disaster Laws topics proposed for the 31 st International Conference of the Red Cross and Red

Disaster Laws topics proposed for the 31 st International Conference of the Red Cross and Red Crescent, November 2011 IASC weekly 22 June 2011

392 views • 4 slides
Solutions to Urban Slums: Building on Communities Knowledge & Heritage Kampala

Solutions to Urban Slums: Building on Communities Knowledge & Heritage Kampala

Solutions to Urban Slums: Building on Communities Knowledge & Heritage Kampala Informal Settlements 2 Historical Perspective and Factors Colonial plans covered only a small portion of the City. Presence of privately owned

271 views • 16 slides
Local Elected Officials Forum CalPERS Overview for Public Agency and School Elected Leaders

Local Elected Officials Forum CalPERS Overview for Public Agency and School Elected Leaders

Local Elected Officials Forum CalPERS Overview for Public Agency and School Elected Leaders October 28, 2019 | 9:30 a.m. -12:00 p.m. Our Discussion Together Introductions and Overview Plan for Long-Term Sustainability Funding the

647 views • 46 slides
Mediation A difficult conversation Mark Whittell Mediate North Seminar outline The issues

Mediation A difficult conversation Mark Whittell Mediate North Seminar outline The issues

Mediation A difficult conversation Mark Whittell Mediate North Seminar outline The issues in a purchasing dispute Battle of the Forms Mediation - the principles and process How to prepare - before the meeting, and on the day

224 views • 20 slides

More recommend