[wroclaw #3] 50 shadows of company's infosec
TRANSCRIPT
50 Shadows of Company's
InfoSec - Going Inside
Igor Beliaiev
whoami
Security Engineer
OWASP Lviv memberIgor Beliaiev
Red Teaming
A red team is an independent group that challenges an organization to improve its effectiveness.
Penetration testers assess organization security, often unbeknownst to client staff. This type of Red Team provides a more realistic picture of the security readiness than announced assessments.
(c) Wikipedia
Red Teaming … of the airport security
95% failure rate67 out of 70
%companyname
Compliance vs Security
Attack planning
The weakest part in security?
The security level of the system is
determined by its most insecure element
The most valuable information in company?
PEOPLEMONEY CLIENTS
Choosing targetsFinance
IT(backups, access, data)
AccountingInfrastructure Legal
Risks analysis
Technological risks:
Malware/viruses/intrusions
Cyber attacks
Service provider failure
Physical security (f.e. loss of devices)
Data related vulnerabilities
Phishing
Human risks:
Human error/mistakes
Insider sabotage/theft
Lack of skills
Lack of knowledge
Lack of guidance
What is Social Engineering?
Social Engineering Works
Ask to use your USB flash
Is it a feature?
Acting like IT Support
Accounting
Finance
IT support
Change in mindset needed
going inside…SoftServe
[email protected]: ghost-bel