Ce diaporama a bien été signalé.
Nous utilisons votre profil LinkedIn et vos données d’activité pour vous proposer des publicités personnalisées et pertinentes. Vous pouvez changer vos préférences de publicités à tout moment.

Cyber Security Awareness

3 161 vues

Publié le

Seminar of Cyber Security Awareness at PT PJB (Pembangkitan Jawa Bali ) Surabaya 2018

Publié dans : Formation
  • Soyez le premier à commenter

Cyber Security Awareness

  1. 1. Cyber Security: Be Paranoid Please Presented by M.Syarifudin, ST, OSCP, OSWP Surabaya, 17 April 2018 Seminar of Cyber Security Awareness PT PJB (Pembangkitan Jawa Bali) !1
  2. 2. Hello From Me • Information Security Trainer & Speaker • OSCP & OSWP Certified • Official Indonesian Kali Linux Translator • Homepage: fl3x.us !2
  3. 3. We are going to Talk About • IT Security Awareness • The Importance of Security Awareness • Cyber Attack Trend • Essential Tips • ISO 27001 Overview • Pentest is needed !3
  4. 4. IT Security Awareness • Vital for an organization • Entire organization’s responsibility • IT system increase in complexity • The technologies and vendors are not the indication of success !4
  5. 5. IT Security Awareness • Should be supported regularly • A requirement for compliance • Weak security culture in the organization • Need a security awareness program !5
  6. 6. Security Awareness Program • A Way to ensure that everyone at the organization has a sense of security. Then it will be their responsibility. !6
  7. 7. Security Awareness Program As A CULTURE ATTITUDES PRACTICES POLICIES PROCESSES SUCCESS !7
  8. 8. Security Awareness Program Components Communication Content Checklists Controls !8
  9. 9. Communication • Regular Conversation • Clear, Relevant, and Fun • Security is very important for business !9
  10. 10. Checklists • Keep organized for developing, delivering, and maintaining security awareness program • Who, What, When, Where, Why, How !10
  11. 11. Content • Some references about security • Security handbook for all employees • Training program • Group chat ( security issue and discussion ) • Role based guidelines !11
  12. 12. Controls • Some rules • Need an approval based on role • Prevention !12
  13. 13. The Importance of Security Awareness • Reduce the biggest risk (employees) • Improve the awareness for protecting sensitive information • Helping employees to handle information securely !13
  14. 14. The Importance of Security Awareness • Reduce the risks of mishandling information • Increase organizational understanding implementation of security best practice • Helping organization to prevent attacks !14
  15. 15. Cyber Attack Trend • Malware • Ransomware • Phishing • Web Application Attack • DoS !15
  16. 16. Bad Habits • Default password • Same password for all accounts • Disclose sensitive information !16
  17. 17. Essential Tips • IT team “sell” the awareness mindset • Remind each other regarding the information security • Keep your privacy and sensitive information • Avoid reuse password • Enable two step verification !17
  18. 18. Essential Tips • Make sure always using secure connection • Make sure to always use the original software • Always update the software and make sure it’s the latest version • Backup the data regularly • Avoid torrent download (pirates && not safe) !18
  19. 19. ISO 27001 • ISO/IEC 27001 is the best-known standard in the family providing requirements for an information security management system (ISMS). • Helps organizations keep information assets secure !19
  20. 20. What is ISMS? • ISMS is a systematic approach to managing sensitive company information so that it remains secure. • By applying a risk management process. People Processes IT System !20
  21. 21. Pentest is needed !21
  22. 22. What is PenTest ? Real Attacks The Target Gain Access Application NetworkSystem 22
  23. 23. About PenTest 23 Compromise IT System Security Find SecurityVulnerabilitiesMust Have a Permission Be Creative Exploit the SecurityVuln. Bypass Security MechanismThink like an Attacker
  24. 24. Penetration Testing Execution Standard 24 Intelligence GatheringPre-engagement Threat ModellingVulnerability Analysis Exploitation Post Exploitation Reporting http://www.pentest-standard.org
  25. 25. Sample XSS Attack Vector Execute the JavaScript code Stealing Cookies Log in without credentials Get a shellG0t root !25
  26. 26. References • https://www.pcisecuritystandards.org/documents/ PCI_DSS_V1.0_Best_Practices_for_Implementing_Security _Awareness_Program.pdf • https://www.tripwire.com/state-of-security/security- awareness/how-to-build-a-successful-it-security- awareness-program/ • https://www.threatstack.com/blog/how-to-implement-a- security-awareness-program-at-your-organization/ • https://www.iso.org/isoiec-27001-information-security.html !26

×