people the last line of defence in cybersecurity
play

People the last line of defence in cybersecurity? Cristian-Mihai - PowerPoint PPT Presentation

Jan 28, 2023 •99 likes •295 views

People the last line of defence in cybersecurity? Cristian-Mihai Amarandei, B.Eng. (Hons), PhD cristian.amarandei@tuiasi.ro People the fjrst line of defence in cybersecurity? Cristian-Mihai Amarandei, B.Eng. (Hons), PhD

  1. People – the last line of defence in cybersecurity? Cristian-Mihai Amarandei, B.Eng. (Hons), PhD cristian.amarandei@tuiasi.ro

  2. People – the fjrst line of defence in cybersecurity? Cristian-Mihai Amarandei, B.Eng. (Hons), PhD cristian.amarandei@tuiasi.ro

  3. Motivation to break into systems ● Industrial espionage ● Financial gain ● Revenge ( disgruntled actual/former employees) ● Status ● ...

  4. Threats to Network Security ● Hackers ● Disgruntled employees ● Organizations: suported by some governements as spying technique, organized crime, terorrists ● Virues, trojan program, malware ... ● Social engineering: - the people factor ● ...

  5. Verizon 2016 Data Breach Investigations Report

  6. What can we secure? ● The network ● Block potential attackers and known means of attack ● secure connectivity with trusted users ● Activities that require secure connectivity ● Remote access to the internal network ● Access to applications and services (e-mail, web …)

  7. Social Engineering: the people factor ● Attackers can try to gain access through users ● Employees can be tricked to provide data access to resources ● Protect the end-user ● Organizations need a security policy and rigorous training program

  8. how ? ● Security Policies / Usage guidelines ● Purchase of specialized equipment and software ● Educate the end-user !!

  9. Spam detected in e-mails 40000 35000 30000 25000 20000 Mail Virus Spam 15000 10000 5000 0 01/10/17 02/10/17 03/10/17 04/10/17 05/10/17 06/10/17 07/10/17 08/10/17 09/10/17 10/10/17 11/10/17 12/10/17 13/10/17 14/10/17 15/10/17 16/10/17 17/10/17 18/10/17 19/10/17 20/10/17 21/10/17 22/10/17 23/10/17 24/10/17 25/10/17 26/10/17 27/10/17 28/10/17 29/10/17 30/10/17 31/10/17

  10. Some more details …. 100 90 80 70 60 50 Virus% Spam% 40 30 20 10 0 01/10/17 02/10/17 03/10/17 04/10/17 05/10/17 06/10/17 07/10/17 08/10/17 09/10/17 10/10/17 11/10/17 12/10/17 13/10/17 14/10/17 15/10/17 16/10/17 17/10/17 18/10/17 19/10/17 20/10/17 21/10/17 22/10/17 23/10/17 24/10/17 25/10/17 26/10/17 27/10/17 28/10/17 29/10/17 30/10/17 31/10/17 ● Total number of messages – 624,022 ● Detected spam 452,163 – 72,5%

  11. after spam detection and delivery of messages .. ● How many of the messages detected as spam contained possible attack vectors? ● How many of the messages that passed the detection system had potential attack vectors? − Where and from what devices have messages been read? − What did the user do?

  12. Security policy ● Is necessary if ● employees work with confjdential information ● data loss could result in severe financial loss ● organization has trade secrets ● the internet is used daily ● organization is subject to regulation for information security and privacy ( GDPR !)

  13. Security Policy ● Gives users guidelines on how to handle sensitive information ● Gives IT stafg instructions on what defensive systems to confjgure ● Reduces the risk of legal liability ● A good security policy is comprehensive and also fmexible ● Is a group of documents instead of a single document

  14. Security policy ● too complex – no one will follow ● fails if afgects productivity ● should state clearly what can and cannot be done in the organization network or on equipment and property ● must include generalized clauses ● people need to know why the security policy is importat ● and specifjc consequences for violating the policy !!

  15. Security policy ● must involve representatives of all departments ● needs support from the highest level of the company management ● employees must sign a document acknowledging the policy and agreement to abide by it ● updated with current technologies and consistent with applicable laws

  16. How do we know if the policies are well done? ● International standards and guidelines are available ● ISO/IEC 27002:2013 ● Payment Card Industry Data Security Standard (PCI DSS) - https://www.pcisecuritystandards.org ● National Institute of Standards and Technology (NIST) Cybersecurity Framework - https://www.nist.gov/cyberframework ● IASME - https://www.iasme.co.uk/

  17. What about the end-user? ● All employees / users must be educated about security dangers and security policies ● rigorous training program !! ● Employees are most likely to detect security breaches ● or then cay cause one ( accidentally !?) ● they can observe suspicious activities ● Enforcing the security policy !!

  18. People – the first or the last line of defence?

Recommend

Cybersecurity Update Its More Than Technology People: Your First Line of Defense Incident

Cybersecurity Update Its More Than Technology People: Your First Line of Defense Incident

Cybersecurity Update Its More Than Technology People: Your First Line of Defense Incident Response Overview Types of data in your environment and why it is important. Trending threats. Minimizing risks through layers of defense:

486 views • 30 slides
New Defence Perspective New Defence Perspective New Defence Perspective New Defence Perspective

New Defence Perspective New Defence Perspective New Defence Perspective New Defence Perspective

New Defence Perspective New Defence Perspective New Defence Perspective New Defence Perspective Innovative technology, knowledge, problem solving are critical for Canada and its allies to mitigate new threats, stay ahead of potential

469 views • 18 slides
Internet and CyberSecurity 101 U.S. National Cybersecurity, 10/5/06 presented by: Martin Casado

Internet and CyberSecurity 101 U.S. National Cybersecurity, 10/5/06 presented by: Martin Casado

Internet and CyberSecurity 101 U.S. National Cybersecurity, 10/5/06 presented by: Martin Casado Network vs. Internet a network is a system of computers that talk over some communication medium: phone line (analogue modem, DSL), cable,

957 views • 47 slides
WELCOME Les Shearn Alliance Facilitator Defence Teaming Centre Defence Industry Liaison

WELCOME Les Shearn Alliance Facilitator Defence Teaming Centre Defence Industry Liaison

WELCOME Les Shearn Alliance Facilitator Defence Teaming Centre Defence Industry Liaison Officer - Defence SA 1 DEFENCE SA A SOUTH AUSTRALIAN GOVERNMENT AGENCY MISSION Facilitate the growth of Defence and sustainable defence industries in

457 views • 13 slides
U.S. National U.S. National Why are we talking about Cybersecurity Cybersecurity

U.S. National U.S. National Why are we talking about Cybersecurity Cybersecurity

U.S. National U.S. National Why are we talking about Cybersecurity Cybersecurity cybersecurity? William J. Perry Martin Casado Keith Coleman Dan Wendlandt MS&E 91SI Spring 2004 Stanford University U.S. National Cybersecurity

79 views • 7 slides
The Third Line of Defense in Cybersecurity Internal Audit and the University of California

The Third Line of Defense in Cybersecurity Internal Audit and the University of California

The Third Line of Defense in Cybersecurity Internal Audit and the University of California Cybersecurity Audit Team Overview 1. University of California and Internal Audit 2. Establishing the Cybersecurity Audit Team (CAT) 3. CAT

650 views • 23 slides
Presented by: Islanders Bank Cybersecurity Awareness Cybersecurity Awareness Objectives:

Presented by: Islanders Bank Cybersecurity Awareness Cybersecurity Awareness Objectives:

Presented by: Islanders Bank Cybersecurity Awareness Cybersecurity Awareness Objectives: Define Cybersecurity & why its important Provide information about Dept. Homeland Security Cybersecurity Campaigns: National

328 views • 22 slides
NHTSA and Automotive Cybersecurity Briefing to the Information Security and Privacy Advisory

NHTSA and Automotive Cybersecurity Briefing to the Information Security and Privacy Advisory

National Highway Traffic Safety Administration NHTSA and Automotive Cybersecurity Briefing to the Information Security and Privacy Advisory Board October 2015 The Need for Cybersecurity Research 32,719 people died due to motor vehicle

556 views • 17 slides
Japan: Defence and Security Strategic Aim: to be the second closest international defence

Japan: Defence and Security Strategic Aim: to be the second closest international defence

Japan: Defence and Security Strategic Aim: to be the second closest international defence equipment partner with Japan after the United States How? create a genuine two-way street of defence equipment cooperation including direct

910 views • 18 slides
ASPI-UNISYS Defence and Security Luncheon 26 May 2011 The 2011-12 Defence Budget Mark

ASPI-UNISYS Defence and Security Luncheon 26 May 2011 The 2011-12 Defence Budget Mark

ASPI-UNISYS Defence and Security Luncheon 26 May 2011 The 2011-12 Defence Budget Mark Thomson This years defence budget caused considerable alarm in some quarters. One commentator said that cuts to the defence budget announced

599 views • 13 slides
ED EDA A Defence ence Pr Procureme curement nt Ga Gate teway ED EDA Defence ence

ED EDA A Defence ence Pr Procureme curement nt Ga Gate teway ED EDA Defence ence

ED EDA A Defence ence Pr Procureme curement nt Ga Gate teway ED EDA Defence ence Procurem rocurement ent Ga Gateway EDA Defence Procurement Gateway Defence Procurement Defence Procurement Information Hub Opportunities Hub EU

325 views • 4 slides
DEFENCE PRODUCTI ON, SALES AND PROCUREMENT: I NTERNATI ONAL BEST PRACTI CES: DEFENCE I NDUSTRI

DEFENCE PRODUCTI ON, SALES AND PROCUREMENT: I NTERNATI ONAL BEST PRACTI CES: DEFENCE I NDUSTRI

DEFENCE PRODUCTI ON, SALES AND PROCUREMENT: I NTERNATI ONAL BEST PRACTI CES: DEFENCE I NDUSTRI AL COOPERATI ON W I TH FOREI GN COUNTRI ES PROFESSOR ADRI AN KENDRY FORMER NATO SENI OR DEFENCE ECONOMI ST AND ADVI SER TO THE 1 2 TH NATO SECRETARY

537 views • 31 slides
Cybersecurity A presentation to the National Association of Black Accountants Cleveland

Cybersecurity A presentation to the National Association of Black Accountants Cleveland

Cybersecurity A presentation to the National Association of Black Accountants Cleveland Chapter Contents Cybersecurity and risk management 1 Cybersecurity and the regulatory 2 environment Cybersecurity and the audit 3 4 Appendix

685 views • 37 slides
implementing solutions on skills in defence Launch of the European Defence Skills Partnership -

implementing solutions on skills in defence Launch of the European Defence Skills Partnership -

The way forward in implementing solutions on skills in defence Launch of the European Defence Skills Partnership - EDSP Brussels 19 June 2018 Elektra Tsigaridas European Commission, DG GROW ENTR F GROW i.4 Structure Defence Skills

223 views • 7 slides
Analytical support to European defence developments - the Swedish experience Tomas Eriksson

Analytical support to European defence developments - the Swedish experience Tomas Eriksson

Analytical support to European defence developments - the Swedish experience Tomas Eriksson Swedish Defence Research Agency (FOI) Division of Defence Analysis Filnamn Background: Defence-related issues within the European Union Creation

421 views • 10 slides
The Norwegian defence sectors property specialist 2016 EXPANDING DEFENCE CAPACITY EVERY DAY

The Norwegian defence sectors property specialist 2016 EXPANDING DEFENCE CAPACITY EVERY DAY

The Norwegian defence sectors property specialist 2016 EXPANDING DEFENCE CAPACITY EVERY DAY On commission from the defence sector The NDEA is a professional, public sector property operator that builds, runs and disposes of property

714 views • 42 slides
Centre of Defence Pathology Centre of Defence Pathology Impact of Friction upon the BMS

Centre of Defence Pathology Centre of Defence Pathology Impact of Friction upon the BMS

Centre of Defence Pathology Centre of Defence Pathology Impact of Friction upon the BMS Centre of Defence Pathology Centre of Defence Pathology Centre of Defence Pathology Mitigation Training More personnel Lab Information

402 views • 14 slides
ILO CONSULTING Recent Developments in the Defence Sector Indian Defence Sector India has

ILO CONSULTING Recent Developments in the Defence Sector Indian Defence Sector India has

ILO CONSULTING Recent Developments in the Defence Sector Indian Defence Sector India has the third largest armed forces in the world. India is one of the largest importers of conventional defence equipment and spends about 31.1% of

360 views • 12 slides
KACo Cybersecurity Training KACo Cybersecurity Training Cybersecurity Threats Phishing

KACo Cybersecurity Training KACo Cybersecurity Training Cybersecurity Threats Phishing

7/17/2020 KACo Cybersecurity Training KACo Cybersecurity Training Cybersecurity Threats Phishing Attacks Malware/Ransomware Hacking Imposter Scams 1 7/17/2020 KACo Cybersecurity Training BEWARE OF Phishing Phishing attacks

248 views • 6 slides
Defence Corruption, Tools, and the UN Arms Trade Treaty Alan Waldron and Tobias Bock Defence

Defence Corruption, Tools, and the UN Arms Trade Treaty Alan Waldron and Tobias Bock Defence

Defence Corruption, Tools, and the UN Arms Trade Treaty Alan Waldron and Tobias Bock Defence and Security Programme Transparency International Kuala Lumpur 19 th April 2012 Defence and Security Corruption - Typology POLITICAL PROCUREMENT

582 views • 27 slides
Formal Methods and CyberSecurity James Davenport University of Bath Former Fulbright

Formal Methods and CyberSecurity James Davenport University of Bath Former Fulbright

Formal Methods and CyberSecurity James Davenport University of Bath Former Fulbright CyberSecurity Scholar 4 September 2019 James Davenport Formal Methods and CyberSecurity CyberSecurity CyberSecurity failures abound: tens daily in the

212 views • 19 slides
Formal Methods and CyberSecurity James Davenport University of Bath Former Fulbright

Formal Methods and CyberSecurity James Davenport University of Bath Former Fulbright

Formal Methods and CyberSecurity James Davenport University of Bath Former Fulbright CyberSecurity Scholar 4 September 2018 James Davenport Formal Methods and CyberSecurity CyberSecurity CyberSecurity failures abound: tens daily in the

325 views • 18 slides
ITU Mandate and Activities ITU Mandate and Activities Related to Cybersecurity Cybersecurity

ITU Mandate and Activities ITU Mandate and Activities Related to Cybersecurity Cybersecurity

ITU Mandate and Activities ITU Mandate and Activities Related to Cybersecurity Cybersecurity Related to Subregional Seminar on Cybersecurity for Information and Communication Networks 21 June 2005 Lima, Peru Christine Sund Christine Sund

921 views • 48 slides
Being Strategic about Cybersecurity Regional Cybersecurity Forum, 29-30 Nov 2016, Grand Hotel

Being Strategic about Cybersecurity Regional Cybersecurity Forum, 29-30 Nov 2016, Grand Hotel

Being Strategic about Cybersecurity Regional Cybersecurity Forum, 29-30 Nov 2016, Grand Hotel Sofia, Bulgaria Mr. Joaqun Castelln , Operational Director Spanish National Security Department Ms. Anita TIKOS , Desk Officer for International

197 views • 15 slides

More recommend