![Page 1: Cybersecurity Threats and Trends for 2015idg.bg/idgevents/idgevents/2015/0928155500-11.20-11.50_JayRanade.pdf• Five Ways To Deal With DDoS 1. Response Plan With ISP 2. Onsite DDoS](https://reader034.vdocuments.mx/reader034/viewer/2022042303/5ecdf87808634901be1f4338/html5/thumbnails/1.jpg)
Cybersecurity Threats and Trends for 2015
SpeakerJay RanadeCISSP, ISSAP, CISM, CISA, CRISC, CGEIT, CBCP, CIA, CRMA, HCISPPNew York [email protected]@[email protected] +1-917-971-9786
![Page 2: Cybersecurity Threats and Trends for 2015idg.bg/idgevents/idgevents/2015/0928155500-11.20-11.50_JayRanade.pdf• Five Ways To Deal With DDoS 1. Response Plan With ISP 2. Onsite DDoS](https://reader034.vdocuments.mx/reader034/viewer/2022042303/5ecdf87808634901be1f4338/html5/thumbnails/2.jpg)
Instructor Introduction
9/14/2015 2
Jay is an internationally renowned expert on computers, communications, disaster recovery, IT Security, and IT controls. He has written and published more than 35 IT-related books on various subjects ranging from networks, security, operating systems, languages, and systems. He also has an imprint with McGraw-Hill with more than 300 books called “Jay Ranade Series” with more than 7 million copies in print. His books have been translated in German, Portuguese, Spanish, Japanese, Korean, and Chinese. The New York Times critically acclaimed his book called the “Best of Byte”. He is currently working on a number of books on various subjects such as Business Continuity, Operational Risk Management, and IT Risk Management.
Jay has consulted and worked for Global and Fortune 500 companies in the US and abroad including American International Group, Time Life, Merrill Lynch, Dreyfus/Mellon Bank, Johnson and Johnson, Unisys, McGraw-Hill, Mobiltel Bulgaria, and Credit Suisse. He was a member of the ISACA International's Publications Committee (2005-2007).
He teaches graduate-level classes on Information Security Management, Ethical Risk Management, and Enterprise Risk Management at New York University. He also teaches accounting information systems, IT auditing, internal auditing, security/forensics, and Operational Risk Management at St. John’s University.
![Page 3: Cybersecurity Threats and Trends for 2015idg.bg/idgevents/idgevents/2015/0928155500-11.20-11.50_JayRanade.pdf• Five Ways To Deal With DDoS 1. Response Plan With ISP 2. Onsite DDoS](https://reader034.vdocuments.mx/reader034/viewer/2022042303/5ecdf87808634901be1f4338/html5/thumbnails/3.jpg)
IT SECURITY THREATS AND RISKS9/14/2015 3
![Page 4: Cybersecurity Threats and Trends for 2015idg.bg/idgevents/idgevents/2015/0928155500-11.20-11.50_JayRanade.pdf• Five Ways To Deal With DDoS 1. Response Plan With ISP 2. Onsite DDoS](https://reader034.vdocuments.mx/reader034/viewer/2022042303/5ecdf87808634901be1f4338/html5/thumbnails/4.jpg)
Security
9/14/2015 4
• Security is about– Confidentiality– Integrity– Availability
• Loss of any one of these affects security• 2015 emergent and emerging threats affect
all three• Predictions are predictions
– It is like weather prediction, high probability, not certainty
![Page 5: Cybersecurity Threats and Trends for 2015idg.bg/idgevents/idgevents/2015/0928155500-11.20-11.50_JayRanade.pdf• Five Ways To Deal With DDoS 1. Response Plan With ISP 2. Onsite DDoS](https://reader034.vdocuments.mx/reader034/viewer/2022042303/5ecdf87808634901be1f4338/html5/thumbnails/5.jpg)
Cyber Threats- Spear Phishing
• Spear Phishing Attacks– Deceptive communications e.g. email, text, or tweet targeting a specific
individual– To access personal or sensitive data– Not from random hackers but perpetrators seeking financial gains, trade
secrets etc– Link to cyber espionage and APT
• Control: Targeted Awareness Training
![Page 6: Cybersecurity Threats and Trends for 2015idg.bg/idgevents/idgevents/2015/0928155500-11.20-11.50_JayRanade.pdf• Five Ways To Deal With DDoS 1. Response Plan With ISP 2. Onsite DDoS](https://reader034.vdocuments.mx/reader034/viewer/2022042303/5ecdf87808634901be1f4338/html5/thumbnails/6.jpg)
Mobile Threats
• Cause of Mobile Browsers Threats– Web address bar not available due to small screen– SSL certificates not displayed, can not authenticate source
• Mobile Threat Vector– Mobile devices do not get regular patches in general– OS sometimes same as phone manufacturing date version
• Android and iOS Targeting– ZitMo (Zeus in the mobile) for Android mobile malware
9/14/2015 6
![Page 7: Cybersecurity Threats and Trends for 2015idg.bg/idgevents/idgevents/2015/0928155500-11.20-11.50_JayRanade.pdf• Five Ways To Deal With DDoS 1. Response Plan With ISP 2. Onsite DDoS](https://reader034.vdocuments.mx/reader034/viewer/2022042303/5ecdf87808634901be1f4338/html5/thumbnails/7.jpg)
Mobile Threats cntd.
9/14/2015 7
• Attacking Critical Systems through mobile– When you charge phone through USB drive
• Recording keystrokes by smart phone– Malware has no icons– Accuracy is about 95 percent– Phone has to be on the desk
• Smart phones – Can download key loggers– Affects if policy is BYOD
• Control is “all executions origination through mobile device go through virtual desktop”
– NFC (near field communications) for credit cards, can transfer viruses to smart phone or steal information
![Page 8: Cybersecurity Threats and Trends for 2015idg.bg/idgevents/idgevents/2015/0928155500-11.20-11.50_JayRanade.pdf• Five Ways To Deal With DDoS 1. Response Plan With ISP 2. Onsite DDoS](https://reader034.vdocuments.mx/reader034/viewer/2022042303/5ecdf87808634901be1f4338/html5/thumbnails/8.jpg)
Botnets
• Botnets for Lead Generation for Marketing– Not for password stealing anymore– Collect name, address, age, gender, financial worth – Up to $30 for a qualified lead– Auto generation of sophisticated fraud scams
• Botnets to Find Entry Points– Affect availability aspect of CIA– Identify compromised machines for DDOS attack (zombies)– 4th of July, 2009 attacks on US and South Korea installations– Zombies do not know they are zombies
9/14/2015 8
![Page 9: Cybersecurity Threats and Trends for 2015idg.bg/idgevents/idgevents/2015/0928155500-11.20-11.50_JayRanade.pdf• Five Ways To Deal With DDoS 1. Response Plan With ISP 2. Onsite DDoS](https://reader034.vdocuments.mx/reader034/viewer/2022042303/5ecdf87808634901be1f4338/html5/thumbnails/9.jpg)
Botnets cntd.
• Decentralized Botnet Command and Control (C2) Architecture– Decentralized C2 architecture, hard to detect
• Botnet Take Downs (Good News)– Taking away criminal human capital– From security professionals mutual collaboration
• Controls: ISP collaboration for DDoS attacks
9/14/2015 9
![Page 10: Cybersecurity Threats and Trends for 2015idg.bg/idgevents/idgevents/2015/0928155500-11.20-11.50_JayRanade.pdf• Five Ways To Deal With DDoS 1. Response Plan With ISP 2. Onsite DDoS](https://reader034.vdocuments.mx/reader034/viewer/2022042303/5ecdf87808634901be1f4338/html5/thumbnails/10.jpg)
DNS Service and Certificate Attacks
• Goal is to compromise certificate authorities (CAs)– DNS provisioning systems compromised – Attackers can create fake banking applications– Difficult to detect– Attackers place man-in-the-middle– E.g. DigiNotar CA breach in 2011, Handle of COMODOhacker seized CA
servers, and create fraudulent certificates
• Flame malware– Skywiper malware (2012), affects Windows only, targeted attacks– Spreads via LAN, USB stick
• Record screen shots, keyboard activity, network traffic, Skype conversations etc
• Turn computers into “bluetooth” beacons
9/14/2015 10
![Page 11: Cybersecurity Threats and Trends for 2015idg.bg/idgevents/idgevents/2015/0928155500-11.20-11.50_JayRanade.pdf• Five Ways To Deal With DDoS 1. Response Plan With ISP 2. Onsite DDoS](https://reader034.vdocuments.mx/reader034/viewer/2022042303/5ecdf87808634901be1f4338/html5/thumbnails/11.jpg)
Advanced Persistent Attacks• What is APT
– Network attack where one stays undetected for long time
• Not what, but who?– Persistence of attacker rather than their sophistication– Goal is to extract information (exfiltration)– Attacker adapts to Incidence response and tools– Attack can last months– Control: DiD and user awareness
• Exploitation can affect organization for years
• End Users Weakest Link in APT– Entry point is end-user or weak perimeter security– You can not patch end-users – One of the top threats of 2015
9/14/2015 11
![Page 12: Cybersecurity Threats and Trends for 2015idg.bg/idgevents/idgevents/2015/0928155500-11.20-11.50_JayRanade.pdf• Five Ways To Deal With DDoS 1. Response Plan With ISP 2. Onsite DDoS](https://reader034.vdocuments.mx/reader034/viewer/2022042303/5ecdf87808634901be1f4338/html5/thumbnails/12.jpg)
Clouds Threat• iCloud users on BYOD devices
– Organization’s data could be in the cloud from smart phone– Threat vector could develop infrastructure in cloud using online
development tools and exploit hidden C2-based attacks
• External Cloud Threats– Data ownership, data transcending national boundaries– Discovery risk– BC risk– Chain of custody risk– Network ownership– Symmetric Cryptography and key management– Out-of-business risk
9/14/2015 12
![Page 13: Cybersecurity Threats and Trends for 2015idg.bg/idgevents/idgevents/2015/0928155500-11.20-11.50_JayRanade.pdf• Five Ways To Deal With DDoS 1. Response Plan With ISP 2. Onsite DDoS](https://reader034.vdocuments.mx/reader034/viewer/2022042303/5ecdf87808634901be1f4338/html5/thumbnails/13.jpg)
National State Conflicts• Cyber Vector New Multiplier in Nation-State Conflicts
• APT Could Attack Infrastructures
• Defense has to be threat based, else it is ineffective– Most of defenses are vulnerability-based
• Controls– DiD and response to evolving threats– Vulnerability lifecycle management– End-point protection– IDS/IPS– Security training
9/14/2015 13
![Page 14: Cybersecurity Threats and Trends for 2015idg.bg/idgevents/idgevents/2015/0928155500-11.20-11.50_JayRanade.pdf• Five Ways To Deal With DDoS 1. Response Plan With ISP 2. Onsite DDoS](https://reader034.vdocuments.mx/reader034/viewer/2022042303/5ecdf87808634901be1f4338/html5/thumbnails/14.jpg)
Application Level Threats
• 78 percent of attacks are due to web facing application weakness, not firewall weakness
• OWASP-10 threats– SQL Injection attacks– XSS– Broken Authentication in session management– Insecure direct object reference– CSRF (cross site request forgery)
9/14/2015 14
![Page 15: Cybersecurity Threats and Trends for 2015idg.bg/idgevents/idgevents/2015/0928155500-11.20-11.50_JayRanade.pdf• Five Ways To Deal With DDoS 1. Response Plan With ISP 2. Onsite DDoS](https://reader034.vdocuments.mx/reader034/viewer/2022042303/5ecdf87808634901be1f4338/html5/thumbnails/15.jpg)
Memory Scraping Threat• Memory scraping or Ram scraping
– Prevalent for credit card records, passwords, PINs, keys in memory
• Focus on client side attacks rather than server side attacks– Data stays clear text when used in RAM
• Does the process sanitize sensitive information?– Browsers leave sensitive information in memory
• Control: Zero-ize memory buffers before process terminated
9/14/2015 15
![Page 16: Cybersecurity Threats and Trends for 2015idg.bg/idgevents/idgevents/2015/0928155500-11.20-11.50_JayRanade.pdf• Five Ways To Deal With DDoS 1. Response Plan With ISP 2. Onsite DDoS](https://reader034.vdocuments.mx/reader034/viewer/2022042303/5ecdf87808634901be1f4338/html5/thumbnails/16.jpg)
RSD Loss
• Sensitive data on RSD• CD, DVD, Flash drive, smart phone• Loss of RSD and its data• Controls
– Policy – need to know and do download– symmetric key encryption– Remote destruction of data
9/14/2015 16
![Page 17: Cybersecurity Threats and Trends for 2015idg.bg/idgevents/idgevents/2015/0928155500-11.20-11.50_JayRanade.pdf• Five Ways To Deal With DDoS 1. Response Plan With ISP 2. Onsite DDoS](https://reader034.vdocuments.mx/reader034/viewer/2022042303/5ecdf87808634901be1f4338/html5/thumbnails/17.jpg)
DDoS Attacks • How It Happens? What It Is?
– Botnets/Zombies Overwhelm A Device Or Network– C2 May Be Elsewhere (July 2009 Attacks)
• Five Ways To Deal With DDoS1. Response Plan With ISP2. Onsite DDoS Defense
• Defense In Front Of Application And DB Servers Needed To Deflect 3. Know Your Customers (KYC)
• To Avert Application Layer Attack, Do Real Time Legitimate Customer Analysis
4. Have Continuous Vigilance• Monitor, Recognize Attack, Respond
9/14/2015 17
![Page 18: Cybersecurity Threats and Trends for 2015idg.bg/idgevents/idgevents/2015/0928155500-11.20-11.50_JayRanade.pdf• Five Ways To Deal With DDoS 1. Response Plan With ISP 2. Onsite DDoS](https://reader034.vdocuments.mx/reader034/viewer/2022042303/5ecdf87808634901be1f4338/html5/thumbnails/18.jpg)
Internal Threats
• 76 percent of attacks are internal• Internal attack bypass network layer and start at OS layer• Controls
– IAA with 2-factor authentication– RBAC (aka N-DAC) will reduce such attacks– H-IDS on each server is the last and ONLY line of defense in internal threats
9/14/2015 18
![Page 19: Cybersecurity Threats and Trends for 2015idg.bg/idgevents/idgevents/2015/0928155500-11.20-11.50_JayRanade.pdf• Five Ways To Deal With DDoS 1. Response Plan With ISP 2. Onsite DDoS](https://reader034.vdocuments.mx/reader034/viewer/2022042303/5ecdf87808634901be1f4338/html5/thumbnails/19.jpg)
Malware
• Duqu (w32.duqu) – RAT for stealing information from infected computers
• Alureon rootkit– Persists even after reinstall on Windows 7– Embedded in a major vendor’s network firmware
9/14/2015 19
![Page 20: Cybersecurity Threats and Trends for 2015idg.bg/idgevents/idgevents/2015/0928155500-11.20-11.50_JayRanade.pdf• Five Ways To Deal With DDoS 1. Response Plan With ISP 2. Onsite DDoS](https://reader034.vdocuments.mx/reader034/viewer/2022042303/5ecdf87808634901be1f4338/html5/thumbnails/20.jpg)
Zero Day Attacks
• Growing market– High demand for vulnerabilities – underground auctions
• IPv6 for zero day attacks (next slide)– Understand IPv6
• Polymorphic, Metamorphic, Multi-platform flashworm– Polymorphic changes signatures continuously– Metamorphic - similar– Flashworm- contained in Java Script used for attack
9/14/2015 20
![Page 21: Cybersecurity Threats and Trends for 2015idg.bg/idgevents/idgevents/2015/0928155500-11.20-11.50_JayRanade.pdf• Five Ways To Deal With DDoS 1. Response Plan With ISP 2. Onsite DDoS](https://reader034.vdocuments.mx/reader034/viewer/2022042303/5ecdf87808634901be1f4338/html5/thumbnails/21.jpg)
IPv6
• VPN leaks on dual stack networks– Organizations moving to IPv6– VPN client and server software lagging behind in updates– Results in “traffic leaks”, attack may result in transmission in cleartext over
local networks– Only if target system is dual stacked
• Control– Do not allow firewall policy to allow IPv6 traffic directly in/out, Allow IPv6
ONLY via VPN
9/14/2015 21
![Page 22: Cybersecurity Threats and Trends for 2015idg.bg/idgevents/idgevents/2015/0928155500-11.20-11.50_JayRanade.pdf• Five Ways To Deal With DDoS 1. Response Plan With ISP 2. Onsite DDoS](https://reader034.vdocuments.mx/reader034/viewer/2022042303/5ecdf87808634901be1f4338/html5/thumbnails/22.jpg)
SSL Malware• SSL/TLS malware transmitted via HTTPS• NSD (network security devices) need to get data in cleartext• Servers authenticate themselves using x.509 certificate to NSD,
clients authenticate to server using username/PW• How exploit happens• Controls
– Exploit controls– SSL 3.0, TLS 1.2
9/14/2015 22
![Page 23: Cybersecurity Threats and Trends for 2015idg.bg/idgevents/idgevents/2015/0928155500-11.20-11.50_JayRanade.pdf• Five Ways To Deal With DDoS 1. Response Plan With ISP 2. Onsite DDoS](https://reader034.vdocuments.mx/reader034/viewer/2022042303/5ecdf87808634901be1f4338/html5/thumbnails/23.jpg)
Mobile Hardware attack
• Keyboard Vibration Attack– Mobile device placed near keyboard can imbibe keyboard vibrations to
identify words being typed with 80 percent accuracy– Good for targeted attack (M&A)
• Control– Don’t place mobile on the desk
![Page 24: Cybersecurity Threats and Trends for 2015idg.bg/idgevents/idgevents/2015/0928155500-11.20-11.50_JayRanade.pdf• Five Ways To Deal With DDoS 1. Response Plan With ISP 2. Onsite DDoS](https://reader034.vdocuments.mx/reader034/viewer/2022042303/5ecdf87808634901be1f4338/html5/thumbnails/24.jpg)
Social Engineering Attacks• Improved social engineering attacks
– Inducing users on clicking questionable links– Installing malicious software– External attackers almost gaining as internal vantage
• Security for humans– Path of least resistance for attackers– 2015 the year of social engineering
• Malware delivery– Zero day attacks through email exploits
• Controls– Awareness training– Thin client (organization wide major adoption)
![Page 25: Cybersecurity Threats and Trends for 2015idg.bg/idgevents/idgevents/2015/0928155500-11.20-11.50_JayRanade.pdf• Five Ways To Deal With DDoS 1. Response Plan With ISP 2. Onsite DDoS](https://reader034.vdocuments.mx/reader034/viewer/2022042303/5ecdf87808634901be1f4338/html5/thumbnails/25.jpg)
Wireless Security
• WiFi proliferation• GAP in the WAP• Control
– Encrypted transmission– Don’t use WEP or WPA, only use WPA2– No broadcast of SSID– WAR driving to detect rogue wireless networks
![Page 26: Cybersecurity Threats and Trends for 2015idg.bg/idgevents/idgevents/2015/0928155500-11.20-11.50_JayRanade.pdf• Five Ways To Deal With DDoS 1. Response Plan With ISP 2. Onsite DDoS](https://reader034.vdocuments.mx/reader034/viewer/2022042303/5ecdf87808634901be1f4338/html5/thumbnails/26.jpg)
Virtualization- Server and Desktop
• Server side issues– Rogue VM, control = policy– SoD, Control = Segregation of admn. and production traffic– Root protection, controls = patching and configuration Management– Access to hypervisor, control = Firewall between console and hypervisor– Don’t give developers admn. rights for a VM partition– BC/DR risk
• Desktop issues– Client side sandboxing
![Page 27: Cybersecurity Threats and Trends for 2015idg.bg/idgevents/idgevents/2015/0928155500-11.20-11.50_JayRanade.pdf• Five Ways To Deal With DDoS 1. Response Plan With ISP 2. Onsite DDoS](https://reader034.vdocuments.mx/reader034/viewer/2022042303/5ecdf87808634901be1f4338/html5/thumbnails/27.jpg)
Ransomware
• Malware used for extortion– San Francisco network engineer case– Symmetric encryption of disk drives by the perpetrator
• Attacker locks down systems by encryption – Then asks for compensation– After restoration, data integrity questionable– Such attacks predicted in 2015 by NJ DHS
![Page 28: Cybersecurity Threats and Trends for 2015idg.bg/idgevents/idgevents/2015/0928155500-11.20-11.50_JayRanade.pdf• Five Ways To Deal With DDoS 1. Response Plan With ISP 2. Onsite DDoS](https://reader034.vdocuments.mx/reader034/viewer/2022042303/5ecdf87808634901be1f4338/html5/thumbnails/28.jpg)
Data Leakage- Unstructured Data
• Organizations have data classification policies– Confidential, private, Internal use only, public etc– For structured data– Not for unstructured data embedded in emails
• Data leakage in unstructured storage and transmission
• Control– Data tagging– Sender’s accountability policy
![Page 29: Cybersecurity Threats and Trends for 2015idg.bg/idgevents/idgevents/2015/0928155500-11.20-11.50_JayRanade.pdf• Five Ways To Deal With DDoS 1. Response Plan With ISP 2. Onsite DDoS](https://reader034.vdocuments.mx/reader034/viewer/2022042303/5ecdf87808634901be1f4338/html5/thumbnails/29.jpg)
ICS - SCADA Attacks• SCADA
– Supervisory control and data acquisition– Almost every ICS is SCADA controlled– Gas pipelines, power utilities, water utilities, nuclear
power plants– CIP is at stake
• Control is air gap SCADA systems– Social engineering compromises that
• Example– STUXNET– LNK files, response system compromise,
![Page 30: Cybersecurity Threats and Trends for 2015idg.bg/idgevents/idgevents/2015/0928155500-11.20-11.50_JayRanade.pdf• Five Ways To Deal With DDoS 1. Response Plan With ISP 2. Onsite DDoS](https://reader034.vdocuments.mx/reader034/viewer/2022042303/5ecdf87808634901be1f4338/html5/thumbnails/30.jpg)
Major Causes of Cyberattacks• Two major causes
– Open and outdated vulnerabilities– Wrong configurations
• Modus Operandi of Cyber Attack Path– Compromise first PF Firewall– Compromise bastion host – Compromise second firewall– Compromise N-IDS– Compromise H-IDS– Install root kit on server– Try to clear log traces of compromise– Open one of the less used ports from inside– And leave
![Page 31: Cybersecurity Threats and Trends for 2015idg.bg/idgevents/idgevents/2015/0928155500-11.20-11.50_JayRanade.pdf• Five Ways To Deal With DDoS 1. Response Plan With ISP 2. Onsite DDoS](https://reader034.vdocuments.mx/reader034/viewer/2022042303/5ecdf87808634901be1f4338/html5/thumbnails/31.jpg)
What is on the rise?• Malicious code , worms• Web-based attacks• Web-application attacks/ injection attacks• Botnets attacks for mobile computing and clouds• Phishing• Exploit kits• Data breaches• Physical damage theft and loss• Insider threat• Information leakage• Identity theft and related fraud• Cyber espionage
![Page 32: Cybersecurity Threats and Trends for 2015idg.bg/idgevents/idgevents/2015/0928155500-11.20-11.50_JayRanade.pdf• Five Ways To Deal With DDoS 1. Response Plan With ISP 2. Onsite DDoS](https://reader034.vdocuments.mx/reader034/viewer/2022042303/5ecdf87808634901be1f4338/html5/thumbnails/32.jpg)
What is on the decline?• Denial of service• SPAM as a gradual decline• Ransomware and scareware
![Page 33: Cybersecurity Threats and Trends for 2015idg.bg/idgevents/idgevents/2015/0928155500-11.20-11.50_JayRanade.pdf• Five Ways To Deal With DDoS 1. Response Plan With ISP 2. Onsite DDoS](https://reader034.vdocuments.mx/reader034/viewer/2022042303/5ecdf87808634901be1f4338/html5/thumbnails/33.jpg)
Security Controls – SANS 20• 20 Critical Security Controls - Version 4.0• Critical Control 1: Inventory of Authorized and Unauthorized Devices• Critical Control 2: Inventory of Authorized and Unauthorized Software• Critical Control 3: Secure Configurations for Hardware and Software on Mobile Devices, Laptops, Workstations, and
Servers• Critical Control 4: Continuous Vulnerability Assessment and Remediation• Critical Control 5: Malware Defenses• Critical Control 6: Application Software Security• Critical Control 7: Wireless Device Control• Critical Control 8: Data Recovery Capability• Critical Control 9: Security Skills Assessment and Appropriate Training to Fill Gaps• Critical Control 10: Secure Configurations for Network Devices such as Firewalls, Routers, and Switches• Critical Control 11: Limitation and Control of Network Ports, Protocols, and Services• Critical Control 12: Controlled Use of Administrative Privileges• Critical Control 13: Boundary Defense• Critical Control 14: Maintenance, Monitoring, and Analysis of Audit Logs• Critical Control 15: Controlled Access Based on the Need to Know• Critical Control 16: Account Monitoring and Control• Critical Control 17: Data Loss Prevention• Critical Control 18: Incident Response and Management• Critical Control 19: Secure Network Engineering• Critical Control 20: Penetration Tests and Red Team Exercises
9/14/2015 33
![Page 34: Cybersecurity Threats and Trends for 2015idg.bg/idgevents/idgevents/2015/0928155500-11.20-11.50_JayRanade.pdf• Five Ways To Deal With DDoS 1. Response Plan With ISP 2. Onsite DDoS](https://reader034.vdocuments.mx/reader034/viewer/2022042303/5ecdf87808634901be1f4338/html5/thumbnails/34.jpg)
General Controls• Defense in Depth
– Prevention is the rule
• Awareness and Training– End users are the biggest risk
• Strong Access Controls– IAA
• OWASP-10 Considerations• Incidence Response Management• Encryption• Protect Data at Rest, Movement, Processing, and Disposal
9/14/2015 34
![Page 35: Cybersecurity Threats and Trends for 2015idg.bg/idgevents/idgevents/2015/0928155500-11.20-11.50_JayRanade.pdf• Five Ways To Deal With DDoS 1. Response Plan With ISP 2. Onsite DDoS](https://reader034.vdocuments.mx/reader034/viewer/2022042303/5ecdf87808634901be1f4338/html5/thumbnails/35.jpg)
Questions
• Can write short questions to Jay Ranade at– [email protected]– [email protected]– [email protected]
• Recommendation: IT Security and cyber risk are moving targets. Keep up-to-date with new threats and vulnerabilities
9/14/2015 35
![Page 36: Cybersecurity Threats and Trends for 2015idg.bg/idgevents/idgevents/2015/0928155500-11.20-11.50_JayRanade.pdf• Five Ways To Deal With DDoS 1. Response Plan With ISP 2. Onsite DDoS](https://reader034.vdocuments.mx/reader034/viewer/2022042303/5ecdf87808634901be1f4338/html5/thumbnails/36.jpg)