Presentation is loading. Please wait.

Presentation is loading. Please wait.

Forensics Week 11.

Published byΦθα Βάμβας Modified over 6 years ago

Similar presentations

Presentation on theme: "Forensics Week 11."— Presentation transcript:

1 Forensics Week 11

2 Agenda Forensic Plan Final Project Insider Threat
Assignment Outline Due (4/10) Final Due (4/24) Presentation (5 Minutes) Insider Threat

3 In Class Assignment Who Am I? Mary in HR receives and from the “President” asking for information on all employees. Mary sends the “President” the list. Compromised actor * Negligent actor * Malicious insider * Tech savvy actor * The Third Party Contractor

4 In Class Assignment Who Am I? Steven Receives the following email…
As of April 3, 2018, your account with username: boyermusic and all associated surveys and responses is pending deletion due to inactivity. If your account is deleted, you will no longer be able to access this account or any data associated with it. Sign in between now and April 17, 2018 to keep your account active. Note: You may have to reset your password to log in. Read more at our Help Center for more details. Compromised actor * Negligent actor * Malicious insider * Tech savvy actor * The Third Party Contractor

5 In Class Assignment Who Am I? Ed decides…
He is unhappy with how his company is handling the customers’ data. He starts leaking this information on to public sites. Compromised actor * Negligent actor * Malicious insider * Tech savvy actor * The Third Party Contractor

6 In Class Assignment Who Am I?
Juan is the Tech person working for a small company… He has a list of every username and password. Ransonware was “accidently” released to the environment. Compromised actor * Negligent actor * Malicious insider * Tech savvy actor * The Third Party Contractor

7 In Class Assignment Who Am I?
Copy of your companies inside website is found on wordpress.com. The inside site requires sign-on, but there is no confidential information. Compromised actor * Negligent actor * Malicious insider * Tech savvy actor * The Third Party Contractor

8 In Class Assignment Who Am I?
Copy of your companies inside website is found on wordpress.com. The inside site requires sign-on, but there is no confidential information. Compromised actor * Negligent actor * Malicious insider * Tech savvy actor * The Third Party Contractor

9 In Class Assignment Who Am I?
Your company hires another company to remotely manage the building heating and air conditioning system. The other company is hacked and a system administrator’s credentials are stolen. Compromised actor * Negligent actor * Malicious insider * Tech savvy actor * The Third Party Contractor

10

11 Actors Compromised actors: Insiders with access credentials or computing devices that have been compromised by an outside threat actor. These insiders are more challenging to address since the real attack is coming from outside, posing a much lower risk of being identified. Negligent actors: Insiders who expose data accidentally — such as an employee who accesses company data through public WiFi without the knowledge that it is unsecured. Malicious insiders: Insiders who steal data or destroy company networks intentionally – such as a former employee who injects malware in corporate computers on his last day at work. Tech savvy actors: Insiders who react to challenges. They use their knowledge of weaknesses and vulnerabilities to breach clearance and access sensitive information. Tech savvy actors can pose some of the most dangerous insider threats, and are likely to sell confidential information to external parties or black market bidders. The Third Party Contractor Similar to the negligent or unknowledgeable employee, third party contractors provide another opportunity for malicious hackers to compromise your network security. Whether it’s as simple as the maintenance company contracted or outsources services. All depend on the strength of cybersecurity protocols employed by these third party contractors.

12 How do we protect against Insider Threat?

13 Focus on the right assets
Bad people want what you value most, what we call your businesses’ “crown jewels.” Identify the most-valuable systems and data, and then give them the strongest defenses and the most frequent monitoring.

14 Apply deep analytics Humans are creatures of habits: They come to work at the same time and do familiar tasks. The same can be said for how they use and interact with technology. Deep analytics and AI can uncover deviations in behavior at the level of individual employees, which can make it much easier to spot indications that systems have been compromised. We recently helped a customer collect and analyze terabytes of such data, and within 15 minutes they saw violations of policy that they didn’t know existed.

15 Know your people Understanding the users who hold the potential for greatest damage is critical. Addressing the security risks that these people represent, and the critical assets they access, should be a priority. In particular, monitor IT admins, top executives, key vendors, and at-risk employees with greater vigilance.

16 Don’t forget the basics
In security, we love the newest tools. But getting the basics done well can make the biggest impact on insiders: Applying software patches automatically closes that open window before a hacker can use it to access your network. Enforcing strong standards for user identities and passwords means stealing credentials is that much harder. Collecting all the data and forensics you can on every device that touches your network makes sure you’re the first to know if you’ve been hacked, not the last. But forget technology altogether — user awareness programs are the key to educating insiders. Train your people, test them, and then try to trick them with fake exercises. These basics make a disproportionate impact but they do require work and perseverance.

17

Download ppt "Forensics Week 11."

Similar presentations

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
SECURITY AND SOCIAL ENGINEERING US Department of Commerce Office of Security Updated 09/26/11 Security is Everyone's Responsibility – See Something, Say.

SECURITY AND SOCIAL ENGINEERING US Department of Commerce Office of Security Updated 09/26/11 Security is Everyone's Responsibility – See Something, Say.
STOP.THINK.CONNECT™ NATIONAL CYBERSECURITY AWARENESS CAMPAIGN SMALL BUSINESS PRESENTATION.

STOP.THINK.CONNECT™ NATIONAL CYBERSECURITY AWARENESS CAMPAIGN SMALL BUSINESS PRESENTATION.
Emerging Trends: Cyber Threats Bryan Sheppard Cyber Security Defense Center.

Emerging Trends: Cyber Threats Bryan Sheppard Cyber Security Defense Center.
January 14, 2010 Introduction to Ethical Hacking and Network Defense MIS 4600 - © Abdou Illia.

January 14, 2010 Introduction to Ethical Hacking and Network Defense MIS © Abdou Illia.
Security Awareness Challenges of Security No single simple solution to protecting computers and securing information Different types of attacks Difficulties.

Security Awareness Challenges of Security No single simple solution to protecting computers and securing information Different types of attacks Difficulties.
Network security policy: best practices

Network security policy: best practices
Citadel Security Software Presents Are you Vulnerable? Bill Diamond Senior Security Engineer

Citadel Security Software Presents Are you Vulnerable? Bill Diamond Senior Security Engineer
Threats to I.T Internet security By Cameron Mundy.

Threats to I.T Internet security By Cameron Mundy.
External Threats to Healthcare Data Joshua Spencer, CPHIMS, C | EH.

External Threats to Healthcare Data Joshua Spencer, CPHIMS, C | EH.
1 Title ECI: Anatomy of a Cyber Investigation Who Are the Actors.

1 Title ECI: Anatomy of a Cyber Investigation Who Are the Actors.
Www.softwareassist.net Protecting Mainframe and Distributed Corporate Data from FTP Attacks: Introducing FTP/Security Suite Alessandro Braccia, DBA Sistemi.

Protecting Mainframe and Distributed Corporate Data from FTP Attacks: Introducing FTP/Security Suite Alessandro Braccia, DBA Sistemi.
Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.

Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.
IT security By Tilly Gerlack.

IT security By Tilly Gerlack.
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.

Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
 INADEQUATE SECURITY POLICIES ›Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA.

 INADEQUATE SECURITY POLICIES ›Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA.
© 2014 PayPal Inc. All rights reserved. Confidential and proprietary. Leveraging Information to Detect and Prevent Insider Attacks Phoram Mehta Senior.

© 2014 PayPal Inc. All rights reserved. Confidential and proprietary. Leveraging Information to Detect and Prevent Insider Attacks Phoram Mehta Senior.
Security Awareness Challenges of Securing Information No single simple solution to protecting computers and securing information Different types of attacks.

Security Awareness Challenges of Securing Information No single simple solution to protecting computers and securing information Different types of attacks.
 A viruses is a program that can harm or track your computer. E.g. browser hijacker.  When a viruses accesses the computer it can accesses the HDD and.

 A viruses is a program that can harm or track your computer. E.g. browser hijacker.  When a viruses accesses the computer it can accesses the HDD and.
PRIVACY, SECURITY & ID THEFT PREVENTION - TIPS FOR THE VIGILANT BUSINESS - SMALL BUSINESS & ECONOMIC DEVELOPMENT FORUM October 21, 2014 -WITH THANKS TO.

PRIVACY, SECURITY & ID THEFT PREVENTION - TIPS FOR THE VIGILANT BUSINESS - SMALL BUSINESS & ECONOMIC DEVELOPMENT FORUM October 21, WITH THANKS TO.

Similar presentations

Ads by Google