Is Your Company Security Aware? Presented By: Brian Picard GSEC.

Slides:



Advertisements
Similar presentations
Risk Management Case Study. agenda Firm Overview Case Study – Risk Management Q&A.
Advertisements

PRODUCT FOCUS 5/27/14 – 6/6/14 INTRODUCTION Our Product Focus for the next two weeks is CompTIA. CompTIA is most well known for serving as the backbone.
Laura Urquieta March 11, 2012 EDTC Instructional Technology Practicum.
Week 6 Lecture Part 2 Databases in Electronic Commerce Samuel Conn, Asst. Professor.
PRODUCT FOCUS 2/3/14 – 2/14/14 INTRODUCTION Our Product Focus for the next two weeks is VMware. VMware is the current industry leader in server / data.
ICASAS305A Provide Advice to Clients
PRODUCT FOCUS 4/14/14 – 4/25/14 INTRODUCTION Our Product Focus for the next two weeks is Microsoft Office 365. Office 365 is Microsoft’s most successful.
By Brian Vees.  SQL Injection  Username Enumeration  Cross Site Scripting (XSS)  Remote Code Execution  String Formatting Vulnerabilities.
E-business Infrastructure
02/12/00 E-Business Architecture
Social Engineering Jero-Jewo. Case study Social engineering is the act of manipulating people into performing actions or divulging confidential information.
Effort in hours Duration Over Weeks Or Months Inception Launch Web Lifecycle Methodology Maintenance Phases Copyright Wonderlane Studios.
Part Define customer service. 2.Describe factors that have impacted the growth of the service sector in the United States. 3.Identify the socioeconomic.
SMART GRID: Privacy Awareness and Training – for PUCs/PSCs A Starting Point December 2011 SGIP-CSWG Privacy Group 1 DRAFT.
Network security policy: best practices
IT Job Roles Task 20. Software Engineer Job Description Software engineers are responsible for creating and maintaining software of various different.
Diploma of Project Management Course Outline NSW Course Number Qualification Code BSB51407.
Database Auditing Models Dr. Gabriel. 2 Auditing Overview Audit examines: documentation that reflects (from business or individuals); actions, practices,
Penetration Testing University of Sunderland CSEM02 Harry R Erwin, PhD.
Norman SecureSurf Protect your users when surfing the Internet.
Mentis Consulting Inc Company Profile 4/20/2017.
Drilling Data Management System
SharePoint Capabilities
Literature Review and Parts of Proposal
© 2011 PLANET TECHNOLOGIES, INC. Extending User Profiles with Line of Business Data Patrick Curran, MCT FEBRUARY 24, 2013.
 Prototype for Course on Web Security ETEC 550.  Huge topic covering both system/network architecture and programming techniques.  Identified lack.
Commonwealth of Massachusetts Statewide Strategic IT Consolidation (ITC) Initiative ANF IT Consolidation Website Publishing / IA Working Group Kickoff.
Bayu Priyambadha, S.Kom Teknik Informatika Universitas Brawijaya.
Developing a Business Plan Cameron Stevenson. Business plan’s can help with many things in a business ranging from financial progress to how to manage.
1 Bonham, chapter 8 Knowledge Management. 2  8.1 Success Levels  8.2 Externally Focused KM  8.3 Internally Focused KM  8.4 PMO-Supported KM
Objectives Overview Identify the qualities of valuable information Describe various information systems used in an enterprise Identify the components of.
Putting the Pieces Together Developing an Effective Business Plan.
Faulkner provides in-depth technology information services to public and private sector organizations worldwide. We report on the events and trends that.
Certification and Accreditation CS Phase-1: Definition Atif Sultanuddin Raja Chawat Raja Chawat.
What A written document that describes all the steps necessary for opening and operating a successful business. You plan should provide the following:
Government IT Professionals Online Survey Results FINAL REPORT September 2010.
APPLICATION PENETRATION TESTING Author: Herbert H. Thompson Presentation by: Nancy Cohen.
On Demand Business © 2004 IBM Corporation Certification and Accreditation Sandra Jolla, Program Manager June 14, /10/04 IBM Certified for e-business.
Is Your Enterprise Ready For A MetaDirectory??? Presented by Brian Picard CISSP.
Site Security Policy Case 01/19/ : Information Assurance Policy Douglas Hines, Jr.
IT Security Policy: Case Study March 2008 Copyright , All Rights Reserved.
Internet Organization Structure
United Nations Oslo City Group on Energy Statistics OG7, Helsinki, Finland October 2012 ESCM Chapter 8: Data Quality and Meta Data 1.
Engineering and Management of Secure Computer Networks School of Engineering © Steve Woodhead 2009 Corporate Governance and Information Security (InfoSec)
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
Unit Commanders' Course1 Problem Solving Main Points –The problem solving model –The case study.
Chapter 10 Personnel Procedures and Practices. Human Resources Perspectives Lack of attention to the needs of employees can have dire consequences for.
CHANGE READINESS ASSESSMENT Measuring stakeholder engagement and attitude to change.
Program Design Chapter 5 6 th Edition Raymond A. Noe Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved.McGraw-Hill/Irwin.
Employment Workshop - Work Basics Facilitator- C.Piggott Women’s Group.
Change Management A process for process change by Cory R. Peters Exelon PowerLabs.
IS&T Project Reviews September 9, Project Review Overview Facilitative approach that actively engages a number of key project staff and senior IS&T.
Lecture 19 Page 1 CS 236 Online 6. Application Software Security Why it’s important: –Security flaws in applications are increasingly the attacker’s entry.
Program Design Chapter 5
Roles and Responsibilities
Cyber Defence Intelligence
Putting the Pieces Together
Data Security Team 1.
By Jeff Burklo, Director
AppExchange Security Certification
Customer Privacy Metric Program Overview
Metrics Stats n’ Stuff.
Spear Phishing Awareness
Module 4 System and Application Security
PT0-001 Exam Questions 2019
6. Application Software Security
Executive Project Kickoff
Building your Webex adoption dream team
Presentation transcript:

Is Your Company Security Aware? Presented By: Brian Picard GSEC

Personal Background Progressive Insurance – Security Architect 10 Long Years ( 6 years in Identity/Security ) GIAC – GSEC Certified Wide range of background experience ( ie Server Administration, Networking, Development, Identity, and Security Architecture ) Private Consulting – Anything Technical 9 Year ( 4 years in Identity/Security ) Network Development Server Implementations Custom Development Security Consultations and Instruction

Overview Security Awareness Program Security Effort Statements Sample Security Awareness Efforts Social Engineering Public Information Gathering Development Challenges Physical Security Awareness Adjacent Risks Other Samples

Security Awareness Program WARNING This should not be done as a group activity WARNING Definition: This describes where your company’s security awareness is focused and a rough outline of the scope. Efforts: This describes what efforts will be made to meet your goals. Timeframe: This will define how long your company will follow this initiative before re-evaluating it’s position.

Security Effort Statement WARNING These need to be done as a group activity WARNING Objective: Goals, Scope (In AND Out), Gaps Target Audience: Intended Targets, Depth Of Technical Knowledge Actions: Mediums of Delivery, Durations, Required/Optional Additional References: Other Sources Of Information Measurements: Verification On Success

Sample Security Efforts (Social Engineering) Objective: To inform employees about Social Engineering and to give them the ability to professionally deal with a suspected Social Engineer. The scope will include social engineering applied to phones, s, and physical entry to the buildings. Target Audience: All Company Employees Actions: Company-wide web cast about Social Engineering. Including a definition, common real-world examples, and ways to deal with suspected social engineers.

Sample Security Efforts (Social Engineering) Additional Resources: Measurements: 1. A company-wide web test administered 6 months after the training is completed. 2. Random Social Engineering attempts done from outside consultants.

Sample Security Efforts (Public Information Gathering) Objective: To inform employees about Public Information Gathering. The scope includes web and verbal content with individuals inside and outside the company. Target Audience: The target for this security effort is Web Content Analysts and Point Of Sale employees. Actions: A web based find the information internal game. This game will include potentially critical company information hidden on a typical looking company web site. An internet scavanger hunt for public information on companies with explanations on how this information could be useful to an outsider.

Sample Security Efforts (Public Information Gathering) Additional Information: hering hering Measurements: 1. Post assessment of Information Gathering game. 2. Internet Scavenger Hunt to gather required pieces of information about companies based off their corporate web site

Sample Security Efforts (Development Challenges) Objective: To inform developers of the potential problems with unsafe coding practices. The scope of this will include Cross- site scripting (XSS), SQL Injections, and Improper Input Validation. Target Audience: Web developers that work on an external facing application. Actions: This effort will be comprised of a progressive set of challenges regarding the above mentioned topics. After each challenge some hints will be given to help solve the next round of problems.

Sample Security Efforts (Development Challenges) Additional Resources : Measurements : 1. The completion of the required challenges within a designated time frame. 2. The completion of a follow-up set of challenges, different then the first, six months after completion of the previous round. 3. Bug tracking for reported SQL Injection, XSS, and Input Validation Issues.

Sample Security Efforts (Physical Security Awareness) Objective: To inform the employees about potential problems with lacking physical security. The scope for this shall include only entering the building. Target Audience: All employees with badges. Actions: An online bulletin explaining the problems and statistics around un-authorized individuals. Movable Plaques mounted around badging stations explaining that every person should swipe their own badge and those attempting to tailgate should be questioned.

Sample Security Efforts (Physical Security Awareness) Rotation of entry staff to encourage the requirement of swiping and diminish the likelihood of known employees being allowed to enter. Colorful Posters or Cutouts moved around the company encouraging employees to swipe for their own entry and question others attempting to enter on their swipe. Measurements: 1. Trending on the number of un-authorized people in the buildings. 2. Trending on the number of card swipes per day.

Sample Security Efforts (Adjacent Risks) Objective: To inform all company employees that work on external data transactions with other companies about Extended Security threats. Target Audience: Any employee that work on external data transactions. Actions: A Web Based Training (WBT) that explains the potential problems and history of known problems around network extensions. Measurements: A post assessment of the content covered in the WBT.

Sample Security Efforts (Other Samples) Security Informational Sessions Security Posters Security Bulletins Data Classification Awareness Phishing Source Code Management

Final Thoughts Publish Your Security Awareness Statement Trust but Verify Completion of Efforts

Recap And Personal Contact Information Recap Contact Info:

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.