Forensics Week 11.

Slides:

Advertisements

Similar presentations

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

Advertisements

SECURITY AND SOCIAL ENGINEERING US Department of Commerce Office of Security Updated 09/26/11 Security is Everyone's Responsibility – See Something, Say.

STOP.THINK.CONNECT™ NATIONAL CYBERSECURITY AWARENESS CAMPAIGN SMALL BUSINESS PRESENTATION.

Emerging Trends: Cyber Threats Bryan Sheppard Cyber Security Defense Center.

January 14, 2010 Introduction to Ethical Hacking and Network Defense MIS © Abdou Illia.

Security Awareness Challenges of Security No single simple solution to protecting computers and securing information Different types of attacks Difficulties.

Network security policy: best practices

Citadel Security Software Presents Are you Vulnerable? Bill Diamond Senior Security Engineer

Threats to I.T Internet security By Cameron Mundy.

External Threats to Healthcare Data Joshua Spencer, CPHIMS, C | EH.

1 Title ECI: Anatomy of a Cyber Investigation Who Are the Actors.

Protecting Mainframe and Distributed Corporate Data from FTP Attacks: Introducing FTP/Security Suite Alessandro Braccia, DBA Sistemi.

Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.

IT security By Tilly Gerlack.

Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.

 INADEQUATE SECURITY POLICIES ›Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA.

© 2014 PayPal Inc. All rights reserved. Confidential and proprietary. Leveraging Information to Detect and Prevent Insider Attacks Phoram Mehta Senior.

Security Awareness Challenges of Securing Information No single simple solution to protecting computers and securing information Different types of attacks.

 A viruses is a program that can harm or track your computer. E.g. browser hijacker.  When a viruses accesses the computer it can accesses the HDD and.

PRIVACY, SECURITY & ID THEFT PREVENTION - TIPS FOR THE VIGILANT BUSINESS - SMALL BUSINESS & ECONOMIC DEVELOPMENT FORUM October 21, WITH THANKS TO.

Lecture 19 Page 1 CS 236 Online 16. Account Monitoring and Control Why it’s important: –Inactive accounts are often attacker’s path into your system –Nobody’s.

Introduction to Security Dr. John P. Abraham Professor UTPA.

Computer Security By Duncan Hall.

Chapter 6 Discovering the Scope of the Incident Spring Incident Response & Computer Forensics.

Module 7: Designing Security for Accounts and Services.

Threats To Data 30 Threats To Data 30. Threats To Data 30 We’re now going to look at a range of different threats to people’s data: Opportunity Threats.

Tuesday March 15, 2016 Session 19-D Technology Forum David Finkelstein, CIO RiverSpring Health.

By: Taysha Johnson. What is an insider threat? 1.A current or former employee, contractor, or other business partner who has or had authorized access.

Lecture 19 Page 1 CS 236 Online 6. Application Software Security Why it’s important: –Security flaws in applications are increasingly the attacker’s entry.

INSIDER THREATS BY: DENZEL GAY COSC 356. ROAD MAP What makes the insider threat important Types of Threats Logic bombs Ways to prevent.

Deployment Planning Services

Network Security Presented by: JAISURYA BANERJEA MBA, 2ND Semester.

Six Steps to Secure Access for Privileged Insiders and Vendors

PHISHING Hi, The comms team asked if I could refresh everyone about Phishing after a fairly successful phishing circulated last week that led to.

Cybersecurity - What’s Next? June 2017

Insiders are Today’s Biggest Security Threat

Team 1 – Incident Response

Lesson Objectives Aims You should be able to:

Common Methods Used to Commit Computer Crimes

Lesson 3 Safe Computing.

Compliance with hardening standards

Lesson Objectives Aims You should be able to:

Six Steps to Secure Access for Privileged Insiders and Vendors

Lecture 14: Business Information Systems - ICT Security

Phishing is a form of social engineering that attempts to steal sensitive information.

Year 10 ICT ECDL/ICDL IT Security.

Teaching Computing to GCSE

BOMGAR REMOTE SUPPORT Karl Lankford

Today’s Risk. Today’s Solutions. Cyber security and

Cybersecurity Awareness

Data Security Team 1.

Unfortunately, any small business could face the risk of a data breach or cyber attack. Regardless of how big or small your business is, if your data,

CYB 110 Competitive Success/snaptutorial.com

Risk of the Internet At Home

Threat Landscape for Data Security

Network Security Best Practices

David J. Carter, CISO Commonwealth Office of Technology

Keeping your data, money & reputation safe

Protecting Your Company’s Most Valuable Asset

Anatomy of a Large Scale Attack

Ethical Hacking.

Detecting Insider Threats: Actions Speak Louder than Words

Lorenzo Biasiolo 3°AI INFORMATION SECURITY.

Cybersecurity Threat Assessment

16. Account Monitoring and Control

Security in mobile technologies

Dark Web Domain Status Report

6. Application Software Security

“Workplace Behaviour: Activating your greatest security asset”

AIR-T11 What We’ve Learned Building a Cyber Security Operation Center: du Case Study Tamer El Refaey Senior Director, Security Monitoring and Operations.

Presentation transcript:

Forensics Week 11

Agenda Forensic Plan Final Project Insider Threat Assignment Outline Due (4/10) Final Due (4/24) Presentation (5 Minutes) Insider Threat

In Class Assignment Who Am I? Mary in HR receives and email from the “President” asking for information on all employees. Mary sends the “President” the list. Compromised actor * Negligent actor * Malicious insider * Tech savvy actor * The Third Party Contractor

In Class Assignment Who Am I? Steven Receives the following email… As of April 3, 2018, your account with username: boyermusic and all associated surveys and responses is pending deletion due to inactivity. If your account is deleted, you will no longer be able to access this account or any data associated with it. Sign in between now and April 17, 2018 to keep your account active. Note: You may have to reset your password to log in. Read more at our Help Center for more details. Compromised actor * Negligent actor * Malicious insider * Tech savvy actor * The Third Party Contractor

In Class Assignment Who Am I? Ed decides… He is unhappy with how his company is handling the customers’ data. He starts leaking this information on to public sites. Compromised actor * Negligent actor * Malicious insider * Tech savvy actor * The Third Party Contractor

In Class Assignment Who Am I? Juan is the Tech person working for a small company… He has a list of every username and password. Ransonware was “accidently” released to the environment. Compromised actor * Negligent actor * Malicious insider * Tech savvy actor * The Third Party Contractor

In Class Assignment Who Am I? Copy of your companies inside website is found on wordpress.com. The inside site requires sign-on, but there is no confidential information. Compromised actor * Negligent actor * Malicious insider * Tech savvy actor * The Third Party Contractor

In Class Assignment Who Am I? Copy of your companies inside website is found on wordpress.com. The inside site requires sign-on, but there is no confidential information. Compromised actor * Negligent actor * Malicious insider * Tech savvy actor * The Third Party Contractor

In Class Assignment Who Am I? Your company hires another company to remotely manage the building heating and air conditioning system. The other company is hacked and a system administrator’s credentials are stolen. Compromised actor * Negligent actor * Malicious insider * Tech savvy actor * The Third Party Contractor

Actors Compromised actors: Insiders with access credentials or computing devices that have been compromised by an outside threat actor. These insiders are more challenging to address since the real attack is coming from outside, posing a much lower risk of being identified. Negligent actors: Insiders who expose data accidentally — such as an employee who accesses company data through public WiFi without the knowledge that it is unsecured. Malicious insiders: Insiders who steal data or destroy company networks intentionally – such as a former employee who injects malware in corporate computers on his last day at work. Tech savvy actors: Insiders who react to challenges. They use their knowledge of weaknesses and vulnerabilities to breach clearance and access sensitive information. Tech savvy actors can pose some of the most dangerous insider threats, and are likely to sell confidential information to external parties or black market bidders. The Third Party Contractor Similar to the negligent or unknowledgeable employee, third party contractors provide another opportunity for malicious hackers to compromise your network security. Whether it’s as simple as the maintenance company contracted or outsources services. All depend on the strength of cybersecurity protocols employed by these third party contractors.

How do we protect against Insider Threat?

Focus on the right assets Bad people want what you value most, what we call your businesses’ “crown jewels.” Identify the most-valuable systems and data, and then give them the strongest defenses and the most frequent monitoring.

Apply deep analytics Humans are creatures of habits: They come to work at the same time and do familiar tasks. The same can be said for how they use and interact with technology. Deep analytics and AI can uncover deviations in behavior at the level of individual employees, which can make it much easier to spot indications that systems have been compromised. We recently helped a customer collect and analyze terabytes of such data, and within 15 minutes they saw violations of policy that they didn’t know existed.

Know your people Understanding the users who hold the potential for greatest damage is critical. Addressing the security risks that these people represent, and the critical assets they access, should be a priority. In particular, monitor IT admins, top executives, key vendors, and at-risk employees with greater vigilance.

Don’t forget the basics In security, we love the newest tools. But getting the basics done well can make the biggest impact on insiders: Applying software patches automatically closes that open window before a hacker can use it to access your network. Enforcing strong standards for user identities and passwords means stealing credentials is that much harder. Collecting all the data and forensics you can on every device that touches your network makes sure you’re the first to know if you’ve been hacked, not the last. But forget technology altogether — user awareness programs are the key to educating insiders. Train your people, test them, and then try to trick them with fake exercises. These basics make a disproportionate impact but they do require work and perseverance.