Presentation is loading. Please wait.

Presentation is loading. Please wait.

Objectives Who I Am The Company I Interned With The Projects I Worked On Project Details How The Experience Relates To My Education Conclusions Drawn.

Published byChristina Thompson Modified over 8 years ago

Similar presentations

Presentation on theme: "Objectives Who I Am The Company I Interned With The Projects I Worked On Project Details How The Experience Relates To My Education Conclusions Drawn."— Presentation transcript:

1

2 Objectives Who I Am The Company I Interned With The Projects I Worked On Project Details How The Experience Relates To My Education Conclusions Drawn

3 PNC Financial Service Group Pittsburgh, Pa (Downtown) May 12, 2008 – Jan 9,2009 Corporate Information Security (Security Operations) Previously Interned In 2007 & 2008 In Their MIS Department

4 Projects Many Very Interesting Projects –A–Anti-Virus –P–Penetration Testing –E–Employee Monitoring –C–Cyber Crime Prevention –T–Technology Risk Evaluations –I–IBM RDZ Pilot

5 Penetration Testing Penetration Test – A test method where the security of a computer program or network is subjected to deliberate simulated attack. A common form of White Hat hacking –White Hat –Grey Hat –Black Hat Related to vulnerability scanning or assessments but not the same thing

6 Penetration Testing During my internship I categorized my penetration testing work in two ways –Manual (Traditional) Penetration Testing –Automated Penetration Testing

7 Penetration Testing There are many different types of penetration testing –Black Box –Grey Box –White Box –Authenticated –Partially Authenticated –Non-Authenticated –+ Many More

8 Penetration Testing Who does the penetration tests? –Internal Employees –2 nd or 3 rd Party Vendors –Business Partners –Outsiders? It is important to ensure the proper clearance before testing When a vendor is involved you should have a Mutual Discloser Agreement (MDA) in place before discussing any details. It is also important to thoroughly define the Rules of Engagement

9 Penetration Testing You may need corporate or governmental clearance Make sure your specific test is permitted, documented, and approved by the right people.

10 Penetration Testing What level are you testing –Network level –OS level –Application level You may be vulnerable at any level of the seven layer OSI model. – Physical, Data Link, Network, Transport, Session, Presentation, Application

11 Penetration Testing Since you can be vulnerable at any level it is important to test all levels to mitigate risk and maintain a positive security posture The criticality of the system should determine the depth of the testing

12 Penetration Testing There is a general work flow that typically surrounds penetration testing. –Planning –Approval –Execution –Reporting –Review –Remediation –Retest

13 Technology Risk Evaluations A business in PNC wants to take on a vendor as a business partner This opens up our systems to risks The goal is to ensure that the risk we take on is acceptable

14 Technology Risk Evaluations The level of security we require usually depends on the sensitivity of the data being passed between us and the vendor Sensitive Data –Personally Identifiable Information (PII) –Medical Data –Financial Information –User names –Passwords

15 Technology Risk Evaluations We consider the risk from every angle Examples –Authentication Mechanism –Data Encryption –Protocols Used (SSL) –Host Side Security –Client Side Security –Physical Security –Disaster Recovery (DR) Plan

16 Technology Risk Evaluations How is an organization’s level security Determined? Discussions with their security personal, administrators, technicians, business analysts (BA’s) Statement on Auditing Standards No. 70 (SAS 70) Type I & II Vulnerability Scans Penetration Tests

17 Technology Risk Evaluations Which organization changes when the security level is not satisfactory? Usually the smaller organization will make the change When two organizations are close in size they each have bend a little The idea is not to make unreasonable demands but to work with the organization to find a solution the makes sense for both

18 Classes That Were Helpful Crim 101 – Crime & Justice Systems Crim 102 – Survey of Criminology Crim 323 – Cybersecurity & the Law Cosc 316 – Host Computer Security Cosc 300 – Assembly Language Programming Cosc 319 – Software Engineering Concepts Math 219 – Discrete Math Math 216 – Probability & Stats for Natural Science and Mathematics Majors Cosc 220 – Applied Computer Programming (COBOL)

19 Classes I Wish I Had Taken Cosc 352 – LAN Design & Installation Cosc 356 – Network Security Cosc 427 – Intro to Cryptography Crim 403 – Dilemmas in Crime & Criminal Justice Crim 401 – Contemporary Issues in Criminology Engl 322 – Technical Writing I

20 Conclusions I learned what is involved in corporate information security I learned I would enjoy a career in the information assurance/information security field I learned a lot about project management I learned new areas I need to learn more about and improve in to prepare myself for this field.

21 Questions?

Download ppt "Objectives Who I Am The Company I Interned With The Projects I Worked On Project Details How The Experience Relates To My Education Conclusions Drawn."

Similar presentations

ETHICAL HACKING A LICENCE TO HACK

ETHICAL HACKING A LICENCE TO HACK
Creating HIPAA-Compliant Medical Data Applications with Amazon Web Services Presented by, Tulika Srivastava Purdue University.

Creating HIPAA-Compliant Medical Data Applications with Amazon Web Services Presented by, Tulika Srivastava Purdue University.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)

INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)
Ethical Hacking Introduction.  What is Ethical Hacking?  Types of Ethical Hacking  Responsibilities of a ethical hacker  Customer Expectations  Skills.

Ethical Hacking Introduction.  What is Ethical Hacking?  Types of Ethical Hacking  Responsibilities of a ethical hacker  Customer Expectations  Skills.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.

ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.
“Today over 70% of attacks against a company’s network come at the ‘Application Layer’ not the Network or System layer.” - Gartner Is Your Web Application.

“Today over 70% of attacks against a company’s network come at the ‘Application Layer’ not the Network or System layer.” - Gartner Is Your Web Application.
Static Code Analysis and Governance Effectively Using Source Code Scanners.

Static Code Analysis and Governance Effectively Using Source Code Scanners.
Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.

Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.
Securing and Auditing Cloud Computing Jason Alexander Chief Information Security Officer.

Securing and Auditing Cloud Computing Jason Alexander Chief Information Security Officer.
IT Job Roles Task 20. Software Engineer Job Description Software engineers are responsible for creating and maintaining software of various different.

IT Job Roles Task 20. Software Engineer Job Description Software engineers are responsible for creating and maintaining software of various different.
Firewall Auditing Sean K. Lowder CISSP / MCSE / CCNA

Firewall Auditing Sean K. Lowder CISSP / MCSE / CCNA
Computer Careers Dr. Kip Irvine School of Computing and Information Sciences, Florida International University.

Computer Careers Dr. Kip Irvine School of Computing and Information Sciences, Florida International University.
Introduction to Network Defense

Introduction to Network Defense
Web Application Testing with AppScan Terry Labach.

Web Application Testing with AppScan Terry Labach.
Chapter 3 Ethics, Privacy & Security

Chapter 3 Ethics, Privacy & Security
NUAGA May 22, 2014.  IT Specialist, Utah Department of Technology Services (DTS)  Assigned to Department of Alcoholic Beverage Control  PCI Professional.

NUAGA May 22,  IT Specialist, Utah Department of Technology Services (DTS)  Assigned to Department of Alcoholic Beverage Control  PCI Professional.
SEC835 Database and Web application security Information Security Architecture.

SEC835 Database and Web application security Information Security Architecture.

Similar presentations

Ads by Google