50 Shadows of Company's

InfoSec - Going Inside

Igor Beliaiev

whoami

Security Engineer

OWASP Lviv memberIgor Beliaiev

Red Teaming

A red team is an independent group that challenges an organization to improve its effectiveness.

Penetration testers assess organization security, often unbeknownst to client staff. This type of Red Team provides a more realistic picture of the security readiness than announced assessments.

(c) Wikipedia

Red Teaming … of the airport security

95% failure rate67 out of 70

%companyname

Compliance vs Security

Attack planning

The weakest part in security?

The security level of the system is

determined by its most insecure element

The most valuable information in company?

PEOPLEMONEY CLIENTS

Choosing targetsFinance

IT(backups, access, data)

AccountingInfrastructure Legal

Risks analysis

Technological risks:

Malware/viruses/intrusions

Cyber attacks

Service provider failure

Physical security (f.e. loss of devices)

Data related vulnerabilities

Phishing

Human risks:

Human error/mistakes

Insider sabotage/theft

Lack of skills

Lack of knowledge

Lack of guidance

What is Social Engineering?

Social Engineering Works

Ask to use your USB flash

Is it a feature?

Acting like IT Support

Accounting

Finance

IT support

Change in mindset needed

going inside…SoftServe

igor@beliaiev.comskype: ghost-bel