Documente Academic
Documente Profesional
Documente Cultură
Hackers are increasingly relentless, InfoSec is responsible for monitoring, detecting and isolating incidents and
making the response to information, the management of the organization security products, network devices,
security incidents an even more end-user devices and systems
complex challenge
• People – maximize the value of your security team in order to build an
o Impact of Security Incident effective and efficient monitoring and response program
o Financial losses
• Processes – build repeatable, enabled and automated workflows that align
o Intellectual property theft
your security intelligence platform with your organization function and
o Brand/reputation compromised
o Fraud responsibilities
o Legal exposure/lawsuit • Technology – optimally leverage environmental data and threat intelligence,
o Loss of shareholder value detect advance attacks with Realtime machine analytics, and rapidly
o Extortion neutralize threats with the industry leading detection and response platform
Understanding Environment
•SIEM monitoring and correlation
•Antivirus monitoring and logging
•Network and host IDS/IPS monitoring and logging
•Centralized logging platform, Email and spam and filtering
•Creating and maintaining InfoSec
•Web gateway and filtering
•Threat monitoring and intelligence
Process •Firewall monitoring and management
• Monitoring procedure
•Access Identity management
• Notification procedure
•Vulnerability assessment and monitoring
• Notification and escalation
processes
What is the point of InfoSec?
• Shift logging procedures
•Central location to collect information of threats
• Incident logging procedures
•External threats
• Compliance monitoring procedure
•Internal threats
• Report development procedure •User activity
• Incident investigation procedures •Loss of system and personal or sensitive data
•Provide evidence in investigation
•Keep organization running
• health monitoring on network and system
Shift logs, incident logs and turnover
•Detail of the even, impact of the threat to the organization or
asses
•Description of the items found during the investigation which
researching the event
•Recommendation for the next analyst that might be taking
over the incident
SECURITY Organization invest millions of Dollars for business security safeguards per
AWARENESS year and holds IT responsible for online information privacy and security
but that is not sustainable business security model, because cybercriminal
only need one victim to get access into an organization, it only takes one
person to click on a phishing email to expose an entire organization.
HOW WE Without prior written permission from PMAXGLOBAL, the Company's computer network may
not be used to disseminate, view or store commercial or personal advertisements, solicitations,
PROTECT? promotions, destructive code (e.g., viruses, Trojan horse programs, etc.) or any other
unauthorized materials.
• logoff computer when • have an undue effect on the computer or company network's performance; (downloading
and streaming)
away from desk
• Sending or posting discriminatory, harassing, or threatening messages or images on the
• shutdown computer when Internet or via Practicemax/PMAXGlobal email service
not in used • Using computers to perpetrate any form of fraud, and/or software, film or music piracy
• never shared password • Sending or posting chain letters, solicitations, or advertisements not related to business
• change password purposes or activities
regularly as it expires • Or violate any other policies, provisions, guidelines or standards of this agreement or any
• never install unnecessary other of the Company. Further, at all times users are responsible for the professional,
ethical and lawful use of the computer system. Personal use of the computer is a privilege
softwares that may be revoked at any time.
• run antivirus regularly • Installing software not business related and without administrative permission.
• never plug any BYOD • Illegal copying - Users may not illegally copy material protected under copyright law
devices • Communication of Trade Secrets (NDA)- Unless expressly authorized to do so, users are
• never altered any network prohibited from sending, transmitting, or otherwise distributing proprietary information,
settings (Proxy) data, trade secrets or other confidential information belonging to The Company.
Unauthorized dissemination of such material may result in severe disciplinary action as
well as substantial civil and criminal penalties under State and Federal Economic Espionage
laws
Cost of BREACH
90% of Organization
felt vulnerable to
insider attacks
53% confirmed
attack happened in
their organization
56% Regular
employee
55% privileged users
42% contractors pose
the largest insider
threat concerns
https://erpscan.io/research/industry-databreach-report-
2018/#form-industryFocused
https://enterprise.verizon.com/resources/reports/data-
breach-investigation-report_2015.pdf
THREAT ATTACKS
60% risk factors carried
insider threats
72% related to staff
receiving fraudulent emails
37% privileges
35% weak passwords;
65% can be cracked
36% endpoint access
35% information
technology complexity
https://erpscan.io/research/industry-databreach-report-
2018/#form-industryFocused
DATA BREACH RISK
ZONES
Cost of a Security Incident
https://www.pewtrusts.org/en/research-and-
analysis/blogs/stateline/2017/11/10/worried-about-hackers-states-
turn-to-cyber-insurance
SITUATIONAL
UNAWARENESS 191 days for business to
identify a data breach
24% did not know if any
user credentials were stolen Ransomware still a top
cybersecurity threat
24% did not know which 39% of malware-related
threat actors exploited their data breaches
organization
More than 700 incidents
23% did not know whether accounts
organization had experienced
an advanced persistent threat
(APT) attack
20% did not know whether
any corporate assets were
hijacked for botnet use
https://erpscan.io/research/industry-databreach-report-
2018/#form-industryFocused
VIOLATION FINES
https://compliancy-group.com/hipaa-fines-
directory-year/
Human factor continues to be key weakness:
HUMAN FACTOR employee are still falling victim to social attacks,
Many companies today are financial pretexting and phishing, represent 98% of
struggling with security and cyber social incidents and 93% of all breaches.
threats
https://howsecureismypassword.net/
RANSOMWARE
Can spread the same way as most
traditional viruses; through email
spam and attachments, if opened,
the system is susceptible to the
ransomware.
Ransomware can be delivered
through pirated version of software,
games, game modification,
screensavers and adult websites
Malware may come from
advertisement, videos, pop-up
windows, links on social media
network, or browser plug-ins to
exploit out-of-date browsers or
vulnerable software on a user’s
computer
Ransomware searches for other
network or file shares that are
attached on networked to the
infected machine, if it can access
those files, it will attempt to encrypt
them as well
RANSOMWARE
SECURITY
You can protect yourself and organization’s
network and server from ransomware and
avoid paying the ransom demands