20 Critical Security Controls and QualysGuard

•Télécharger en tant que PPTX, PDF•

0 j'aime•432 vues

Wolfgang Kandek

Implementation of the 20 Critical Security Controls using QualysGuard

Session ID:
Session Classification:

2011 – the Year
of Data Breaches

2012 – proceeded
almost the same

2012 – proceeded
almost the same

2012 – proceeded
almost the same

2013 – started in a
similar Way

2013 – started in a
similar Way

2013 – started in a
similar Way

2013 – started in a
similar Way

•
•
•
•
•
►

•
•
•

•
•

•
•
•
•

•
•
•
•

•
•
•
•

•
•
•
•
•

•
•
•
•

•
•
•
•
•
•

•
•
•
•
•
•

•
•
•
•
•
•
•
•

•
•
•
•
•
•
•
•
•
•
•

•
•
•
•

•
•
•
•

•
•
•
•

•
•
•
•
•
•
•

•
•
•
•
•
•
•
►

•
•
•
•
•
•
•
•
•

•
•
•
•
•
•

•
•
•
•
•

•
•
•
•
•
•
•

•
•
•
•
•
•
•

•
•
•
•
•
•
•
•

•
•
•
•
•
•
•
•

•
•
•
•
•
•
•
•

•
•
•
•
•
•
•
•
•

•
•

•
•

•
•
•
•

•
•
•
•

•
•

• Weekly/Daily Scheduled Vulnerability Scanning
•

•
•

•
•
•

•
•
•

•
•
•
•

•
•
•
•

•
•
•
•

•
•
•
•

•
•
•
•
•
•
•
•

•
•
•
•
•
•
•
•

•
•
•

•
•
•

•
•
•

•
•
• Mitigated by use of EMET

•
•
•
•

• Ability to add tactical controls
• Example: Recent Internet Explorer Vulnerabilities
CVE-2012-4969
• Mitigated by use of EMET
• Audit the Deployment

•
•
•
•
•

•
•
•

20 Critical Security Controls and QualysGuard

Contenu connexe

En vedette

Critical Security Controls v4 1 Mapped to NIST SP 800-53 Rev.4-final r6a

Critical Security Controls v4 1 Mapped to NIST SP 800-53 Rev.4-final r6a

Critical Security Controls v4 1 Mapped to NIST SP 800-53 Rev.4-final r6aJames W. De Rienzo

AWS Security in Plain English – AWS Security Day

AWS Security in Plain English – AWS Security Day

AWS Security in Plain English – AWS Security Day Amazon Web Services

Ebook: Splunk SANS - CIS Top 20 Critical Security Controls

Ebook: Splunk SANS - CIS Top 20 Critical Security Controls

Ebook: Splunk SANS - CIS Top 20 Critical Security ControlsDominique Dessy

More practical insights on the 20 critical controls

More practical insights on the 20 critical controls

More practical insights on the 20 critical controlsEnclaveSecurity

Map Critical Security Controls (CSC) v5.0 to NIST SP 800-53 Revision 4 (Summa...

Map Critical Security Controls (CSC) v5.0 to NIST SP 800-53 Revision 4 (Summa...

Map Critical Security Controls (CSC) v5.0 to NIST SP 800-53 Revision 4 (Summa...James W. De Rienzo

The Critical Security Controls and the StealthWatch System

The Critical Security Controls and the StealthWatch System

The Critical Security Controls and the StealthWatch SystemLancope, Inc.

Phishing attacks, Types Of Phishing Attacks, How To Avoid Phishing Attacks

Phishing attacks, Types Of Phishing Attacks, How To Avoid Phishing Attacks

Phishing attacks, Types Of Phishing Attacks, How To Avoid Phishing Attacks Er. Rahul Jain

Extend Enterprise Application-level Security to Your AWS Environment

Extend Enterprise Application-level Security to Your AWS Environment

Extend Enterprise Application-level Security to Your AWS EnvironmentImperva

How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan

How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan

How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScanControlScan, Inc.

20 Security Controls for the Cloud

20 Security Controls for the Cloud

20 Security Controls for the CloudNetStandard

Networking and communications security – network architecture design

Networking and communications security – network architecture design

Networking and communications security – network architecture designEnterpriseGRC Solutions, Inc.

Webinar: 10 steps you can take to protect your business from phishing attacks

Webinar: 10 steps you can take to protect your business from phishing attacks

Webinar: 10 steps you can take to protect your business from phishing attacksCyren, Inc

Using an Open Source Threat Model for Prioritized Defense

Using an Open Source Threat Model for Prioritized Defense

Using an Open Source Threat Model for Prioritized DefenseEnclaveSecurity

Security Attack Analysis for Finding and Stopping Network Attacks

Security Attack Analysis for Finding and Stopping Network Attacks

Security Attack Analysis for Finding and Stopping Network AttacksSavvius, Inc

Overview of the 20 critical controls

Overview of the 20 critical controls

Overview of the 20 critical controlsEnclaveSecurity

CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)

CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)

CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)WAJAHAT IQBAL

20 Critical Controls for Effective Cyber Defense (A must read for security pr...

20 Critical Controls for Effective Cyber Defense (A must read for security pr...

20 Critical Controls for Effective Cyber Defense (A must read for security pr...Tahir Abbas

RSA Anatomy of an Attack

RSA Anatomy of an Attack

RSA Anatomy of an Attackintegritysolutions

En vedette (18)

Critical Security Controls v4 1 Mapped to NIST SP 800-53 Rev.4-final r6a

Critical Security Controls v4 1 Mapped to NIST SP 800-53 Rev.4-final r6a

Critical Security Controls v4 1 Mapped to NIST SP 800-53 Rev.4-final r6a

AWS Security in Plain English – AWS Security Day

AWS Security in Plain English – AWS Security Day

AWS Security in Plain English – AWS Security Day

Ebook: Splunk SANS - CIS Top 20 Critical Security Controls

Ebook: Splunk SANS - CIS Top 20 Critical Security Controls

Ebook: Splunk SANS - CIS Top 20 Critical Security Controls

More practical insights on the 20 critical controls

More practical insights on the 20 critical controls

More practical insights on the 20 critical controls

Map Critical Security Controls (CSC) v5.0 to NIST SP 800-53 Revision 4 (Summa...

Map Critical Security Controls (CSC) v5.0 to NIST SP 800-53 Revision 4 (Summa...

Map Critical Security Controls (CSC) v5.0 to NIST SP 800-53 Revision 4 (Summa...

The Critical Security Controls and the StealthWatch System

The Critical Security Controls and the StealthWatch System

The Critical Security Controls and the StealthWatch System

Phishing attacks, Types Of Phishing Attacks, How To Avoid Phishing Attacks

Phishing attacks, Types Of Phishing Attacks, How To Avoid Phishing Attacks

Phishing attacks, Types Of Phishing Attacks, How To Avoid Phishing Attacks

Extend Enterprise Application-level Security to Your AWS Environment

Extend Enterprise Application-level Security to Your AWS Environment

Extend Enterprise Application-level Security to Your AWS Environment

How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan

How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan

How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan

20 Security Controls for the Cloud

20 Security Controls for the Cloud

20 Security Controls for the Cloud

Networking and communications security – network architecture design

Networking and communications security – network architecture design

Networking and communications security – network architecture design

Webinar: 10 steps you can take to protect your business from phishing attacks

Webinar: 10 steps you can take to protect your business from phishing attacks

Webinar: 10 steps you can take to protect your business from phishing attacks

Using an Open Source Threat Model for Prioritized Defense

Using an Open Source Threat Model for Prioritized Defense

Using an Open Source Threat Model for Prioritized Defense

Security Attack Analysis for Finding and Stopping Network Attacks

Security Attack Analysis for Finding and Stopping Network Attacks

Security Attack Analysis for Finding and Stopping Network Attacks

Overview of the 20 critical controls

Overview of the 20 critical controls

Overview of the 20 critical controls

CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)

CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)

CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)

20 Critical Controls for Effective Cyber Defense (A must read for security pr...

20 Critical Controls for Effective Cyber Defense (A must read for security pr...

20 Critical Controls for Effective Cyber Defense (A must read for security pr...

RSA Anatomy of an Attack

RSA Anatomy of an Attack

RSA Anatomy of an Attack

Plus de Wolfgang Kandek

Anatomie eines Angriffs

Anatomie eines Angriffs

Anatomie eines AngriffsWolfgang Kandek

RSA USA 2015 - Getting a Jump on Hackers

RSA USA 2015 - Getting a Jump on Hackers

RSA USA 2015 - Getting a Jump on HackersWolfgang Kandek

Unsafe SSL webinar

Unsafe SSL webinar

Unsafe SSL webinarWolfgang Kandek

BSI Lagebericht 2014

BSI Lagebericht 2014

BSI Lagebericht 2014Wolfgang Kandek

Februar Patch Tuesday 2015 Webinar

Februar Patch Tuesday 2015 Webinar

Februar Patch Tuesday 2015 WebinarWolfgang Kandek

RSA ASIA 2014 - Internet of Things

RSA ASIA 2014 - Internet of Things

RSA ASIA 2014 - Internet of Things Wolfgang Kandek

Patch Summary Webinar February 14

Patch Summary Webinar February 14

Patch Summary Webinar February 14Wolfgang Kandek

Patch Summary Webinar April 11

Patch Summary Webinar April 11

Patch Summary Webinar April 11 Wolfgang Kandek

Plus de Wolfgang Kandek (8)

Anatomie eines Angriffs

Anatomie eines Angriffs

Anatomie eines Angriffs

RSA USA 2015 - Getting a Jump on Hackers

RSA USA 2015 - Getting a Jump on Hackers

RSA USA 2015 - Getting a Jump on Hackers

Unsafe SSL webinar

Unsafe SSL webinar

Unsafe SSL webinar

BSI Lagebericht 2014

BSI Lagebericht 2014

BSI Lagebericht 2014

Februar Patch Tuesday 2015 Webinar

Februar Patch Tuesday 2015 Webinar

Februar Patch Tuesday 2015 Webinar

RSA ASIA 2014 - Internet of Things

RSA ASIA 2014 - Internet of Things

RSA ASIA 2014 - Internet of Things

Patch Summary Webinar February 14

Patch Summary Webinar February 14

Patch Summary Webinar February 14

Patch Summary Webinar April 11

Patch Summary Webinar April 11

Patch Summary Webinar April 11

20 Critical Security Controls and QualysGuard

1. Session ID: Session Classification:

2. 2011 – the Year of Data Breaches

3. 2012 – proceeded almost the same

4. 2012 – proceeded almost the same

5. 2012 – proceeded almost the same

6. 2013 – started in a similar Way

7. 2013 – started in a similar Way

8. 2013 – started in a similar Way

9. 2013 – started in a similar Way

10. • • • • • ►

11. • • •

13. • • • •

14. • • • •

15. • • • •

16. • • • • •

17. • • • •

18. • • • • • •

19. • • • • • •

20. • • • • • • • •

21.

22. • • • • • • • • • • •

23. • • • •

24. • • • •

25. • • • •

26. • • • • • • •

27. • • • • • • • ►

28. • • • • • • • • •

29. • • • • • •

30. • • • • •

31. • • • • • • •

32. • • • • • • •

33. • • • • • • • •

34. • • • • • • • •

35. • • • • • • • •

36. • • • • • • • • •

39. • • • •

40. • • • •

46. • Weekly/Daily Scheduled Vulnerability Scanning •

48. • • •

49. • • •

50. • • • •

51. • • • •

52. • • • •

53. • • • •

54. • • • • • • • •

55. • • • • • • • •

56. • • •

57. • • •

58. • • •

59. • • • Mitigated by use of EMET

60. • • • •

61. • Ability to add tactical controls • Example: Recent Internet Explorer Vulnerabilities CVE-2012-4969 • Mitigated by use of EMET • Audit the Deployment

62. • • • • •

63. • • •