SlideShare a Scribd company logo

Top 5 myths of it security in the light of current events tisa pro talk 4 2554

TISA
TISA
TechnologyNews & Politics
1 of 27
Download to read offline
Top 5 Myths of IT Security in the Light of Current Events Advisor for your information security. Version: 1.0 Author: S.Streichsbier Responsible: S.Streichsbier Date: 05.10.2011 Confidentiality: Public
Agenda • Introduction • Top 5 IT Security Myths • Reality Check – Current Events • Conclusion 2 © 2011 SEC Consult Unternehmensberatung GmbH – All rights reserved
SEC Consult – Who we are Since foundation in 2002 SEC Consult delivered more Lithuania Canada Germany Austria Central and Easter Europe than 1000 IT security projects. United States of America Offices in Austria (HQ), Singapore Germany, Lithuania, Canada and Singapore since 2011 25+ Security Professionals Well established in Central and Eastern Europe SEC Consult Headquarter SEC Consult Office SEC Consult Clients 3 © 2011 SEC Consult Unternehmensberatung GmbH – All rights reserved
SEC Consult - Overview • Team of highly skilled, internationally recognized security experts • Regular speakers on international conferences • Publish security advisories, whitepapers • Awards (e.g. “PWNIE” Award 2009) • Internal Vulnerability Lab ○ Responsible Disclosure Policy • Holistic approach to cover all facets of information security • Diverse experience in technical and organizational IT security • Independent from vendors • No off-the-shelf products • Tailor-made solutions • Confidentiality and data security is guaranteed 4 © 2011 SEC Consult Unternehmensberatung GmbH – All rights reserved
Agenda - Workshop Day I: • Introduction • Top 5 IT Security Myths • Reality Check – Current Events • Conclusion 5 © 2011 SEC Consult Unternehmensberatung GmbH – All rights reserved
Top 5 IT Security Myths 5 - Hackers=Geniuses „Only a genius can break into my network“ 6 © 2011 SEC Consult Unternehmensberatung GmbH – All rights reserved
Top 5 IT Security Myths – Hackers=Geniuses (1) • The Myth: Hacking requires secret Ninja skills • True 20 years ago • Today, knowledge and tools are out there • Huge security community • Exploits and hacking tools released every day • Commercial exploit kits • Hacking can be learned (CEH, university,...) 7 © 2011 SEC Consult Unternehmensberatung GmbH – All rights reserved
Top 5 IT Security Myths – Hackers=Geniuses (2) Anybody can launch a tool! 8 © 2011 SEC Consult Unternehmensberatung GmbH – All rights reserved
Top 5 IT Security Myths – Hackers=Geniuses (3) Hackers are: • Hacking for fun / hacktivism • Anonymous / LulzSec • Kids looking for attention • Hacking for profit • Huge underground economy • Exploit Kits, Phishing Kits, etc. • Botnets • Cyber warfare • Stuxnet (admittedly very advanced) • Shady RAT • Operation Aurora 9 © 2011 SEC Consult Unternehmensberatung GmbH – All rights reserved
Top 5 IT Security Myths 4 – Updates and AV „Software Updates and Anti Virus are enough to keep a system safe“ 10 © 2011 SEC Consult Unternehmensberatung GmbH – All rights reserved
Top 5 IT Security Myths – 4. Updates and AV Myth: I am safe my AV will protect me from trojans, viruses and worms. • Facts • Timeliness (delay) • Completeness • Protection against known security issues, vulnerabilities in proprietary applications are not covered • Important part of client security (user still has to be responsible) • AV also have flaws • Detection rate / Effectiveness heavily discussed • False positives: Chrome browser is a virus? 11 © 2011 SEC Consult Unternehmensberatung GmbH – All rights reserved
Excerpt of “disclosed” vulnerabilities on 24.6.2011 • 8.562 new vulnerabilities were disclosed in 2010 (27% more than 2009). • 49 percent of all vulnerabilities affect web applications. • 44 percent of vulnerabilities remained un-patched by the end of 2010. Source: X-Force Trend und Risk Report 2010 Sources: http://www.securityfocus.com/ 12 © 2011 SEC Consult Unternehmensberatung GmbH – All rights reserved
Top 5 IT Security Myths 3. Easy solutions „Product X solves all my security problems“ 13 © 2011 SEC Consult Unternehmensberatung GmbH – All rights reserved
Top 5 IT Security Myths – Easy solutions (1) • The Myth: Product X solves all security problems out of the box • IPS X will block all attacks on my network automatically • If I just install webapp firewall Y it will protect my web application • Fact: Security products are useless without careful configuration and maintenance • Off-the-shelf-solutions do not work! • Vendor marketing sometimes adds to the myth: 14 © 2011 SEC Consult Unternehmensberatung GmbH – All rights reserved
Top 5 IT Security Myths – Easy solutions (2) • Web application firewalls are usually easily bypassed • Bypassing preconfigured signatures • There are unlimited ways to formulate and encode an attack • Web applications have unique vulnerabilities • Bypassing behaviour based analysis • May detect some anomalies, but attacks can look like normal traffic • Application logic attacks • To make a WAF work, configuration has to be tailored to the web application in question 15 © 2011 SEC Consult Unternehmensberatung GmbH – All rights reserved
Top 5 IT Security Myths – Easy solutions (3) • IDS / IPS should be added as part of an defense-in-depth approach • WAF can be used in certain situations • If its impossible or too expensive to fix the web application • For compliance (PCI DSS) • It is always preferable to apply preventive controls at the core! • Secure configuration • Secure development practices 16 © 2011 SEC Consult Unternehmensberatung GmbH – All rights reserved
Top 5 IT Security Myths 2 - Encryption „My server is secure because it uses SSL.“ 17 © 2011 SEC Consult Unternehmensberatung GmbH – All rights reserved
Top 5 IT Security Myths – Encryption • The Myth: Something that is encrypted is automatically secure • Hackers first have to break the encryption to break in • Fact: Encryption ensures confidentiality & integrity in some scenarios • Needed for secure network traffic, file storage, proof of identity • Hackers find ways around the encryption! • Breaking the keys is practically impossible anyway in most cases • Attacks on the public key infrastructure (CAs) • Attacks on the algorithm / implementation (BEAST) • Attacks on users (Man-in-the-Middle w/ spoofed Certificate) • Application vulnerabilities • A webserver that uses HTTPS is NOT automatically secure! 18 © 2011 SEC Consult Unternehmensberatung GmbH – All rights reserved
Top 5 IT Security Myths 1 – The Firewall „A device that protects against hackers“ 19 © 2011 SEC Consult Unternehmensberatung GmbH – All rights reserved
Top 5 IT Security Myths – The Firewall (2) Myth: In order to attack servers behind the firewall hackers need to “break through” the firewall • Facts • Firewall provide a very small attacking surface for hackers • Usually straight forward to configure • Normally a hacker does not have to bypass a firewall • A hacker would target the low hanging fruits, which are in almost all cases vulnerable applications • HTTP = UFBP (universal firewall bypass protocol) 20 © 2011 SEC Consult Unternehmensberatung GmbH – All rights reserved
Web applications – the weakest link AD Attacker Web server with vulnerable applications DB File- Share Internet Public (Extern) DMZ LAN (Intern) 86% of all attacks are carried out over the application layer 21 © 2011 SEC Consult Unternehmensberatung GmbH – All rights reserved
Top 5 IT Security Myths – The Firewall (3) Myth: The firewall will block attacks and make sure that everything that passes through is safe/secure • Facts • Traditionally a firewall is only a packet filter • Packets can be blocked up to a level where the Firewall understands it • A firewall does not have an understanding of the Application layer • A firewall can not verify if communication to an exposed service is malicious 22 © 2011 SEC Consult Unternehmensberatung GmbH – All rights reserved
Application Security • ”In 86% of all attacks, a weakness in a web interface was exploited (vs. 14% infrastructure) and the attackers were predominately external (80%)” Source: UK Security Breach Investigations Report 2010 23 © 2011 SEC Consult Unternehmensberatung GmbH – All rights reserved
Web Security 1998-2010 • Web application related vulnerabilities have increased rapidly in the last years • Reasons: • New technologies • More applications • More information Source: IBM X-Force® 2010 Trend and Risk Report 24 © 2011 SEC Consult Unternehmensberatung GmbH – All rights reserved
Attacks on Web Applications • Organized crime focuses on web applications ”You will see less shotgun types of attacks and more stealthy kinds of attacks going after financial information because there are whole new sets of ways to make money” --- Amrit Williams, Resarch Director at Gartner - Source: Web Hacking Incident Database 2010 Reuters 13.2.2006 Semi Annual Report – 2 (July-December) 25 © 2011 SEC Consult Unternehmensberatung GmbH – All rights reserved
Myths – Summary • Off the shelf solutions: • Security products are useful for specific areas • Level your expectations (strength/weakness) • Security is a continuous process, be doubtful of miracles • Prevention/Detection • Necessary to have good detection mechanisms • Continuous Monitoring of the results • Planning • IT Security can only be achieved by a holistic approach • ISM is essential to implement the right processes • It is always preferable to apply preventive controls at the core! 26 © 2011 SEC Consult Unternehmensberatung GmbH – All rights reserved
Contact Details SEC Consult Singapore Pte. Ltd. Singapore Austria 4 Battery Road Mooslackengasse 17 #25-01 Bank of China Building A-1190 Vienna Singapore (049908) Austria Tel: +65 31080365 Tel: +43-(0)1-890 30 43-0 Fax: +43-(0)1-890 30 43-15 Email: office@sec-consult.sg Email: office@sec-consult.com www.sec-consult.sg www.sec-consult.com 49 © 2011 SEC Consult Unternehmensberatung GmbH – All rights reserved

Recommended

NZISF Talk: Six essential security services
NZISF Talk: Six essential security servicesNZISF Talk: Six essential security services
NZISF Talk: Six essential security servicesHinne Hettema
 
Common WebApp Vulnerabilities and What to Do About Them
Common WebApp Vulnerabilities and What to Do About ThemCommon WebApp Vulnerabilities and What to Do About Them
Common WebApp Vulnerabilities and What to Do About ThemEoin Woods
 
Ch01
Ch01Ch01
Ch01Alitta Aisyawati
 
Out of the Blue: Responding to New Zero-Day Threats
Out of the Blue: Responding to New Zero-Day ThreatsOut of the Blue: Responding to New Zero-Day Threats
Out of the Blue: Responding to New Zero-Day ThreatsPeter Wood
 
Network and Endpoint Security v1.0 (2017)
Network and Endpoint Security v1.0 (2017)Network and Endpoint Security v1.0 (2017)
Network and Endpoint Security v1.0 (2017)Rui Miguel Feio
 
(2019) Hack All the Way Through From Fridge to Mainframe (v0.2)
(2019) Hack All the Way Through From Fridge to Mainframe (v0.2)(2019) Hack All the Way Through From Fridge to Mainframe (v0.2)
(2019) Hack All the Way Through From Fridge to Mainframe (v0.2)Rui Miguel Feio
 
IOT & BYOD – The New Security Risks (v1.1)
IOT & BYOD – The New Security Risks (v1.1)IOT & BYOD – The New Security Risks (v1.1)
IOT & BYOD – The New Security Risks (v1.1)Rui Miguel Feio
 
Info Sec2007 End Point Final
Info Sec2007 End Point FinalInfo Sec2007 End Point Final
Info Sec2007 End Point FinalBen Rothke
 

Recommended

NZISF Talk: Six essential security services
NZISF Talk: Six essential security servicesNZISF Talk: Six essential security services
NZISF Talk: Six essential security servicesHinne Hettema
 
Common WebApp Vulnerabilities and What to Do About Them
Common WebApp Vulnerabilities and What to Do About ThemCommon WebApp Vulnerabilities and What to Do About Them
Common WebApp Vulnerabilities and What to Do About ThemEoin Woods
 
Ch01
Ch01Ch01
Ch01Alitta Aisyawati
 
Out of the Blue: Responding to New Zero-Day Threats
Out of the Blue: Responding to New Zero-Day ThreatsOut of the Blue: Responding to New Zero-Day Threats
Out of the Blue: Responding to New Zero-Day ThreatsPeter Wood
 
Network and Endpoint Security v1.0 (2017)
Network and Endpoint Security v1.0 (2017)Network and Endpoint Security v1.0 (2017)
Network and Endpoint Security v1.0 (2017)Rui Miguel Feio
 
(2019) Hack All the Way Through From Fridge to Mainframe (v0.2)
(2019) Hack All the Way Through From Fridge to Mainframe (v0.2)(2019) Hack All the Way Through From Fridge to Mainframe (v0.2)
(2019) Hack All the Way Through From Fridge to Mainframe (v0.2)Rui Miguel Feio
 
IOT & BYOD – The New Security Risks (v1.1)
IOT & BYOD – The New Security Risks (v1.1)IOT & BYOD – The New Security Risks (v1.1)
IOT & BYOD – The New Security Risks (v1.1)Rui Miguel Feio
 
Info Sec2007 End Point Final
Info Sec2007 End Point FinalInfo Sec2007 End Point Final
Info Sec2007 End Point FinalBen Rothke
 
Five things I learned about information security
Five things I learned about information securityFive things I learned about information security
Five things I learned about information securityMajor Hayden
 
Intro to Security
Intro to SecurityIntro to Security
Intro to Securityprimeteacher32
 
How to Protect Your Mainframe from Hackers (v1.0)
How to Protect Your Mainframe from Hackers (v1.0)How to Protect Your Mainframe from Hackers (v1.0)
How to Protect Your Mainframe from Hackers (v1.0)Rui Miguel Feio
 
Share 2015 - 5 Myths that can put your Mainframe at risk (v1.3)
Share 2015 - 5 Myths that can put your Mainframe at risk (v1.3)Share 2015 - 5 Myths that can put your Mainframe at risk (v1.3)
Share 2015 - 5 Myths that can put your Mainframe at risk (v1.3)Rui Miguel Feio
 
Rothke Computer Forensics Show 2010 Deployment Strategies For Effective E...
Rothke Computer Forensics Show 2010 Deployment Strategies For Effective E...Rothke Computer Forensics Show 2010 Deployment Strategies For Effective E...
Rothke Computer Forensics Show 2010 Deployment Strategies For Effective E...Ben Rothke
 
Prevent Getting Hacked by Using a Network Vulnerability Scanner
Prevent Getting Hacked by Using a Network Vulnerability ScannerPrevent Getting Hacked by Using a Network Vulnerability Scanner
Prevent Getting Hacked by Using a Network Vulnerability ScannerGFI Software
 
IT Security Management -- People, Procedures and Tools
IT Security Management -- People, Procedures and ToolsIT Security Management -- People, Procedures and Tools
IT Security Management -- People, Procedures and ToolsAndrew S. Baker (ASB)
 
Rothke - A Pragmatic Approach To Purchasing Information Security Products
Rothke - A Pragmatic Approach To Purchasing Information Security ProductsRothke - A Pragmatic Approach To Purchasing Information Security Products
Rothke - A Pragmatic Approach To Purchasing Information Security ProductsBen Rothke
 
Commercial And Government Cyberwarfare
Commercial And Government CyberwarfareCommercial And Government Cyberwarfare
Commercial And Government CyberwarfareNicholas Davis
 
System Security Beyond the Libraries
System Security Beyond the LibrariesSystem Security Beyond the Libraries
System Security Beyond the LibrariesEoin Woods
 
Dell Solutions Tour 2015 - Reduce IT admin work load and reduce complexity an...
Dell Solutions Tour 2015 - Reduce IT admin work load and reduce complexity an...Dell Solutions Tour 2015 - Reduce IT admin work load and reduce complexity an...
Dell Solutions Tour 2015 - Reduce IT admin work load and reduce complexity an...Kenneth de Brucq
 
Chapter 1 Presentation
Chapter 1 PresentationChapter 1 Presentation
Chapter 1 PresentationAmy McMullin
 
Information Assurance And Security - Chapter 1 - Lesson 3
Information Assurance And Security - Chapter 1 - Lesson 3Information Assurance And Security - Chapter 1 - Lesson 3
Information Assurance And Security - Chapter 1 - Lesson 3MLG College of Learning, Inc
 
Best Practices For Information Security Management 2011
Best Practices For Information Security Management 2011Best Practices For Information Security Management 2011
Best Practices For Information Security Management 2011Tony Richardson CISSP
 
Security architecture - Perform a gap analysis
Security architecture - Perform a gap analysisSecurity architecture - Perform a gap analysis
Security architecture - Perform a gap analysisCarlo Dapino
 
What's New In CompTIA Security+ - Course Technology Computing Conference
What's New In CompTIA Security+ - Course Technology Computing ConferenceWhat's New In CompTIA Security+ - Course Technology Computing Conference
What's New In CompTIA Security+ - Course Technology Computing ConferenceCengage Learning
 
Trustwave Cybersecurity Education Catalog
Trustwave Cybersecurity Education CatalogTrustwave Cybersecurity Education Catalog
Trustwave Cybersecurity Education CatalogTrustwave
 
(2017) GDPR – What Does It Mean For The Mainframe v0.2
(2017) GDPR – What Does It Mean For The Mainframe v0.2(2017) GDPR – What Does It Mean For The Mainframe v0.2
(2017) GDPR – What Does It Mean For The Mainframe v0.2Rui Miguel Feio
 
Information Security & Manufacturing
Information Security & ManufacturingInformation Security & Manufacturing
Information Security & ManufacturingEvan Francen
 
Lionbridge: Resumen del seminario de Internacionalización de empresas turísticas
Lionbridge: Resumen del seminario de Internacionalización de empresas turísticasLionbridge: Resumen del seminario de Internacionalización de empresas turísticas
Lionbridge: Resumen del seminario de Internacionalización de empresas turísticasMaite López Divasson
 
Dossier camino 2012x
Dossier camino 2012xDossier camino 2012x
Dossier camino 2012xManel Rodriguez
 
Customer connect general session - day2_part2
Customer connect general session - day2_part2Customer connect general session - day2_part2
Customer connect general session - day2_part2kofaxconnect
 

More Related Content

What's hot

Five things I learned about information security
Five things I learned about information securityFive things I learned about information security
Five things I learned about information securityMajor Hayden
 
How to Protect Your Mainframe from Hackers (v1.0)
How to Protect Your Mainframe from Hackers (v1.0)How to Protect Your Mainframe from Hackers (v1.0)
How to Protect Your Mainframe from Hackers (v1.0)Rui Miguel Feio
 
Share 2015 - 5 Myths that can put your Mainframe at risk (v1.3)
Share 2015 - 5 Myths that can put your Mainframe at risk (v1.3)Share 2015 - 5 Myths that can put your Mainframe at risk (v1.3)
Share 2015 - 5 Myths that can put your Mainframe at risk (v1.3)Rui Miguel Feio
 
Rothke Computer Forensics Show 2010 Deployment Strategies For Effective E...
Rothke Computer Forensics Show 2010 Deployment Strategies For Effective E...Rothke Computer Forensics Show 2010 Deployment Strategies For Effective E...
Rothke Computer Forensics Show 2010 Deployment Strategies For Effective E...Ben Rothke
 
Prevent Getting Hacked by Using a Network Vulnerability Scanner
Prevent Getting Hacked by Using a Network Vulnerability ScannerPrevent Getting Hacked by Using a Network Vulnerability Scanner
Prevent Getting Hacked by Using a Network Vulnerability ScannerGFI Software
 
IT Security Management -- People, Procedures and Tools
IT Security Management -- People, Procedures and ToolsIT Security Management -- People, Procedures and Tools
IT Security Management -- People, Procedures and ToolsAndrew S. Baker (ASB)
 
Rothke - A Pragmatic Approach To Purchasing Information Security Products
Rothke - A Pragmatic Approach To Purchasing Information Security ProductsRothke - A Pragmatic Approach To Purchasing Information Security Products
Rothke - A Pragmatic Approach To Purchasing Information Security ProductsBen Rothke
 
Commercial And Government Cyberwarfare
Commercial And Government CyberwarfareCommercial And Government Cyberwarfare
Commercial And Government CyberwarfareNicholas Davis
 
System Security Beyond the Libraries
System Security Beyond the LibrariesSystem Security Beyond the Libraries
System Security Beyond the LibrariesEoin Woods
 
Dell Solutions Tour 2015 - Reduce IT admin work load and reduce complexity an...
Dell Solutions Tour 2015 - Reduce IT admin work load and reduce complexity an...Dell Solutions Tour 2015 - Reduce IT admin work load and reduce complexity an...
Dell Solutions Tour 2015 - Reduce IT admin work load and reduce complexity an...Kenneth de Brucq
 
Chapter 1 Presentation
Chapter 1 PresentationChapter 1 Presentation
Chapter 1 PresentationAmy McMullin
 
Information Assurance And Security - Chapter 1 - Lesson 3
Information Assurance And Security - Chapter 1 - Lesson 3Information Assurance And Security - Chapter 1 - Lesson 3
Information Assurance And Security - Chapter 1 - Lesson 3MLG College of Learning, Inc
 
Best Practices For Information Security Management 2011
Best Practices For Information Security Management 2011Best Practices For Information Security Management 2011
Best Practices For Information Security Management 2011Tony Richardson CISSP
 
Security architecture - Perform a gap analysis
Security architecture - Perform a gap analysisSecurity architecture - Perform a gap analysis
Security architecture - Perform a gap analysisCarlo Dapino
 
What's New In CompTIA Security+ - Course Technology Computing Conference
What's New In CompTIA Security+ - Course Technology Computing ConferenceWhat's New In CompTIA Security+ - Course Technology Computing Conference
What's New In CompTIA Security+ - Course Technology Computing ConferenceCengage Learning
 
Trustwave Cybersecurity Education Catalog
Trustwave Cybersecurity Education CatalogTrustwave Cybersecurity Education Catalog
Trustwave Cybersecurity Education CatalogTrustwave
 
(2017) GDPR – What Does It Mean For The Mainframe v0.2
(2017) GDPR – What Does It Mean For The Mainframe v0.2(2017) GDPR – What Does It Mean For The Mainframe v0.2
(2017) GDPR – What Does It Mean For The Mainframe v0.2Rui Miguel Feio
 
Information Security & Manufacturing
Information Security & ManufacturingInformation Security & Manufacturing
Information Security & ManufacturingEvan Francen
 

What's hot (19)

Five things I learned about information security
Five things I learned about information securityFive things I learned about information security
Five things I learned about information security
 
Intro to Security
Intro to SecurityIntro to Security
Intro to Security
 
How to Protect Your Mainframe from Hackers (v1.0)
How to Protect Your Mainframe from Hackers (v1.0)How to Protect Your Mainframe from Hackers (v1.0)
How to Protect Your Mainframe from Hackers (v1.0)
 
Share 2015 - 5 Myths that can put your Mainframe at risk (v1.3)
Share 2015 - 5 Myths that can put your Mainframe at risk (v1.3)Share 2015 - 5 Myths that can put your Mainframe at risk (v1.3)
Share 2015 - 5 Myths that can put your Mainframe at risk (v1.3)
 
Rothke Computer Forensics Show 2010 Deployment Strategies For Effective E...
Rothke Computer Forensics Show 2010 Deployment Strategies For Effective E...Rothke Computer Forensics Show 2010 Deployment Strategies For Effective E...
Rothke Computer Forensics Show 2010 Deployment Strategies For Effective E...
 
Prevent Getting Hacked by Using a Network Vulnerability Scanner
Prevent Getting Hacked by Using a Network Vulnerability ScannerPrevent Getting Hacked by Using a Network Vulnerability Scanner
Prevent Getting Hacked by Using a Network Vulnerability Scanner
 
IT Security Management -- People, Procedures and Tools
IT Security Management -- People, Procedures and ToolsIT Security Management -- People, Procedures and Tools
IT Security Management -- People, Procedures and Tools
 
Rothke - A Pragmatic Approach To Purchasing Information Security Products
Rothke - A Pragmatic Approach To Purchasing Information Security ProductsRothke - A Pragmatic Approach To Purchasing Information Security Products
Rothke - A Pragmatic Approach To Purchasing Information Security Products
 
Commercial And Government Cyberwarfare
Commercial And Government CyberwarfareCommercial And Government Cyberwarfare
Commercial And Government Cyberwarfare
 
System Security Beyond the Libraries
System Security Beyond the LibrariesSystem Security Beyond the Libraries
System Security Beyond the Libraries
 
Dell Solutions Tour 2015 - Reduce IT admin work load and reduce complexity an...
Dell Solutions Tour 2015 - Reduce IT admin work load and reduce complexity an...Dell Solutions Tour 2015 - Reduce IT admin work load and reduce complexity an...
Dell Solutions Tour 2015 - Reduce IT admin work load and reduce complexity an...
 
Chapter 1 Presentation
Chapter 1 PresentationChapter 1 Presentation
Chapter 1 Presentation
 
Information Assurance And Security - Chapter 1 - Lesson 3
Information Assurance And Security - Chapter 1 - Lesson 3Information Assurance And Security - Chapter 1 - Lesson 3
Information Assurance And Security - Chapter 1 - Lesson 3
 
Best Practices For Information Security Management 2011
Best Practices For Information Security Management 2011Best Practices For Information Security Management 2011
Best Practices For Information Security Management 2011
 
Security architecture - Perform a gap analysis
Security architecture - Perform a gap analysisSecurity architecture - Perform a gap analysis
Security architecture - Perform a gap analysis
 
What's New In CompTIA Security+ - Course Technology Computing Conference
What's New In CompTIA Security+ - Course Technology Computing ConferenceWhat's New In CompTIA Security+ - Course Technology Computing Conference
What's New In CompTIA Security+ - Course Technology Computing Conference
 
Trustwave Cybersecurity Education Catalog
Trustwave Cybersecurity Education CatalogTrustwave Cybersecurity Education Catalog
Trustwave Cybersecurity Education Catalog
 
(2017) GDPR – What Does It Mean For The Mainframe v0.2
(2017) GDPR – What Does It Mean For The Mainframe v0.2(2017) GDPR – What Does It Mean For The Mainframe v0.2
(2017) GDPR – What Does It Mean For The Mainframe v0.2
 
Information Security & Manufacturing
Information Security & ManufacturingInformation Security & Manufacturing
Information Security & Manufacturing
 

Viewers also liked

Lionbridge: Resumen del seminario de Internacionalización de empresas turísticas
Lionbridge: Resumen del seminario de Internacionalización de empresas turísticasLionbridge: Resumen del seminario de Internacionalización de empresas turísticas
Lionbridge: Resumen del seminario de Internacionalización de empresas turísticasMaite López Divasson
 
Customer connect general session - day2_part2
Customer connect general session - day2_part2Customer connect general session - day2_part2
Customer connect general session - day2_part2kofaxconnect
 
"Cómo definir una estrategia de Outsourcing y no morir en el intento"
"Cómo definir una estrategia de Outsourcing y no morir en el intento""Cómo definir una estrategia de Outsourcing y no morir en el intento"
"Cómo definir una estrategia de Outsourcing y no morir en el intento"Quint Wellington Redwood Iberia
 
Music industry research
Music industry researchMusic industry research
Music industry researchMnMProductions
 
20101004 carta magna_espanol
20101004 carta magna_espanol20101004 carta magna_espanol
20101004 carta magna_espanoljorgeesparza1991
 
Fintech Capital Magazine #4
Fintech Capital Magazine #4Fintech Capital Magazine #4
Fintech Capital Magazine #4Lee Harding
 
NSTS English Language Institute 2014 courses brochure
NSTS English Language Institute 2014 courses brochureNSTS English Language Institute 2014 courses brochure
NSTS English Language Institute 2014 courses brochurenstsmalta
 
Practica probabilidad
Practica probabilidadPractica probabilidad
Practica probabilidadCesar-Sanchez
 
Boux Avenue SWOT
Boux Avenue SWOTBoux Avenue SWOT
Boux Avenue SWOTZara Clark
 
Toshiba marketing project
Toshiba marketing projectToshiba marketing project
Toshiba marketing projectMohamed Osman
 
Building the Agile Enterprise: A New Model for HR
Building the Agile Enterprise: A New Model for HRBuilding the Agile Enterprise: A New Model for HR
Building the Agile Enterprise: A New Model for HRJosh Bersin
 
Digitalisierung am POS oder wie Online die Innovation im stationären Handel t...
Digitalisierung am POS oder wie Online die Innovation im stationären Handel t...Digitalisierung am POS oder wie Online die Innovation im stationären Handel t...
Digitalisierung am POS oder wie Online die Innovation im stationären Handel t...Carpathia AG
 
Rkm chapter 06 hedging strategies using futures
Rkm chapter 06 hedging strategies using futuresRkm chapter 06 hedging strategies using futures
Rkm chapter 06 hedging strategies using futuresThrinath Mittoor
 

Viewers also liked (20)

Lionbridge: Resumen del seminario de Internacionalización de empresas turísticas
Lionbridge: Resumen del seminario de Internacionalización de empresas turísticasLionbridge: Resumen del seminario de Internacionalización de empresas turísticas
Lionbridge: Resumen del seminario de Internacionalización de empresas turísticas
 
Dossier camino 2012x
Dossier camino 2012xDossier camino 2012x
Dossier camino 2012x
 
Customer connect general session - day2_part2
Customer connect general session - day2_part2Customer connect general session - day2_part2
Customer connect general session - day2_part2
 
Manual internacionalización
Manual internacionalizaciónManual internacionalización
Manual internacionalización
 
"Cómo definir una estrategia de Outsourcing y no morir en el intento"
"Cómo definir una estrategia de Outsourcing y no morir en el intento""Cómo definir una estrategia de Outsourcing y no morir en el intento"
"Cómo definir una estrategia de Outsourcing y no morir en el intento"
 
Music industry research
Music industry researchMusic industry research
Music industry research
 
Conferencia felicidad y productividad
Conferencia felicidad y productividadConferencia felicidad y productividad
Conferencia felicidad y productividad
 
20101004 carta magna_espanol
20101004 carta magna_espanol20101004 carta magna_espanol
20101004 carta magna_espanol
 
Fintech Capital Magazine #4
Fintech Capital Magazine #4Fintech Capital Magazine #4
Fintech Capital Magazine #4
 
NSTS English Language Institute 2014 courses brochure
NSTS English Language Institute 2014 courses brochureNSTS English Language Institute 2014 courses brochure
NSTS English Language Institute 2014 courses brochure
 
Caso práctico - Test de Intrusión
Caso práctico - Test de IntrusiónCaso práctico - Test de Intrusión
Caso práctico - Test de Intrusión
 
Practica probabilidad
Practica probabilidadPractica probabilidad
Practica probabilidad
 
La historia del microscopio en la historia
La historia del microscopio en la historiaLa historia del microscopio en la historia
La historia del microscopio en la historia
 
Boux Avenue SWOT
Boux Avenue SWOTBoux Avenue SWOT
Boux Avenue SWOT
 
Toshiba marketing project
Toshiba marketing projectToshiba marketing project
Toshiba marketing project
 
Huellas en-la-arena
Huellas en-la-arenaHuellas en-la-arena
Huellas en-la-arena
 
Building the Agile Enterprise: A New Model for HR
Building the Agile Enterprise: A New Model for HRBuilding the Agile Enterprise: A New Model for HR
Building the Agile Enterprise: A New Model for HR
 
Digitalisierung am POS oder wie Online die Innovation im stationären Handel t...
Digitalisierung am POS oder wie Online die Innovation im stationären Handel t...Digitalisierung am POS oder wie Online die Innovation im stationären Handel t...
Digitalisierung am POS oder wie Online die Innovation im stationären Handel t...
 
Womm
WommWomm
Womm
 
Rkm chapter 06 hedging strategies using futures
Rkm chapter 06 hedging strategies using futuresRkm chapter 06 hedging strategies using futures
Rkm chapter 06 hedging strategies using futures
 

Similar to Top 5 myths of it security in the light of current events tisa pro talk 4 2554

Alexander Antukh. (In)security of Appliances
Alexander Antukh. (In)security of AppliancesAlexander Antukh. (In)security of Appliances
Alexander Antukh. (In)security of AppliancesPositive Hack Days
 
How to Hack a Cryptographic Key
How to Hack a Cryptographic KeyHow to Hack a Cryptographic Key
How to Hack a Cryptographic KeyIBM Security
 
dataProtection_p3.ppt
dataProtection_p3.pptdataProtection_p3.ppt
dataProtection_p3.pptssusera76ea9
 
IIoT Endpoint Security – The Model in Practice
IIoT Endpoint Security – The Model in PracticeIIoT Endpoint Security – The Model in Practice
IIoT Endpoint Security – The Model in Practiceteam-WIBU
 
Re-defining Endpoint Protection: Preventing Compromise in the Face of Advance...
Re-defining Endpoint Protection: Preventing Compromise in the Face of Advance...Re-defining Endpoint Protection: Preventing Compromise in the Face of Advance...
Re-defining Endpoint Protection: Preventing Compromise in the Face of Advance...IBM Security
 
Protecting endpoints from targeted attacks
Protecting endpoints from targeted attacksProtecting endpoints from targeted attacks
Protecting endpoints from targeted attacksAppSense
 
Keynote Information Security days Luxembourg 2015
Keynote Information Security days Luxembourg 2015Keynote Information Security days Luxembourg 2015
Keynote Information Security days Luxembourg 2015Claus Cramon Houmann
 
DSS ITSEC 2013 Conference 07.11.2013 - HeadTechnology - IT security trends 2014
DSS ITSEC 2013 Conference 07.11.2013 - HeadTechnology - IT security trends 2014DSS ITSEC 2013 Conference 07.11.2013 - HeadTechnology - IT security trends 2014
DSS ITSEC 2013 Conference 07.11.2013 - HeadTechnology - IT security trends 2014Andris Soroka
 
CEBIT 2013 - Workshop Presentation
CEBIT 2013 - Workshop PresentationCEBIT 2013 - Workshop Presentation
CEBIT 2013 - Workshop PresentationTI Safe
 
Cyber security event
Cyber security eventCyber security event
Cyber security eventTryzens
 
Keynote at the Cyber Security Summit Prague 2015
Keynote at the Cyber Security Summit Prague 2015Keynote at the Cyber Security Summit Prague 2015
Keynote at the Cyber Security Summit Prague 2015Claus Cramon Houmann
 
Jump Start Your Application Security Knowledge
Jump Start Your Application Security KnowledgeJump Start Your Application Security Knowledge
Jump Start Your Application Security KnowledgeDenim Group
 
Critical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh BelgiCritical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh BelgiClubHack
 
Selling Data Security Technology
Selling Data Security TechnologySelling Data Security Technology
Selling Data Security TechnologyFlaskdata.io
 
Mobile security blunders and what you can do about them
Mobile security blunders and what you can do about themMobile security blunders and what you can do about them
Mobile security blunders and what you can do about themBen Rothke
 
Information Assurance And Security - Chapter 2 - Lesson 4
Information Assurance And Security - Chapter 2 - Lesson 4Information Assurance And Security - Chapter 2 - Lesson 4
Information Assurance And Security - Chapter 2 - Lesson 4MLG College of Learning, Inc
 

Similar to Top 5 myths of it security in the light of current events tisa pro talk 4 2554 (20)

Alexander Antukh. (In)security of Appliances
Alexander Antukh. (In)security of AppliancesAlexander Antukh. (In)security of Appliances
Alexander Antukh. (In)security of Appliances
 
Alexander Antukh
Alexander AntukhAlexander Antukh
Alexander Antukh
 
How to Hack a Cryptographic Key
How to Hack a Cryptographic KeyHow to Hack a Cryptographic Key
How to Hack a Cryptographic Key
 
dataProtection_p3.ppt
dataProtection_p3.pptdataProtection_p3.ppt
dataProtection_p3.ppt
 
IIoT Endpoint Security – The Model in Practice
IIoT Endpoint Security – The Model in PracticeIIoT Endpoint Security – The Model in Practice
IIoT Endpoint Security – The Model in Practice
 
Re-defining Endpoint Protection: Preventing Compromise in the Face of Advance...
Re-defining Endpoint Protection: Preventing Compromise in the Face of Advance...Re-defining Endpoint Protection: Preventing Compromise in the Face of Advance...
Re-defining Endpoint Protection: Preventing Compromise in the Face of Advance...
 
IIoT Endpoint Security
IIoT Endpoint Security IIoT Endpoint Security
IIoT Endpoint Security
 
Protecting endpoints from targeted attacks
Protecting endpoints from targeted attacksProtecting endpoints from targeted attacks
Protecting endpoints from targeted attacks
 
Keynote Information Security days Luxembourg 2015
Keynote Information Security days Luxembourg 2015Keynote Information Security days Luxembourg 2015
Keynote Information Security days Luxembourg 2015
 
DSS ITSEC 2013 Conference 07.11.2013 - HeadTechnology - IT security trends 2014
DSS ITSEC 2013 Conference 07.11.2013 - HeadTechnology - IT security trends 2014DSS ITSEC 2013 Conference 07.11.2013 - HeadTechnology - IT security trends 2014
DSS ITSEC 2013 Conference 07.11.2013 - HeadTechnology - IT security trends 2014
 
CEBIT 2013 - Workshop Presentation
CEBIT 2013 - Workshop PresentationCEBIT 2013 - Workshop Presentation
CEBIT 2013 - Workshop Presentation
 
Cyber security event
Cyber security eventCyber security event
Cyber security event
 
Hugo Fiennes - Security and the IoT - Electric Imp
Hugo Fiennes - Security and the IoT - Electric ImpHugo Fiennes - Security and the IoT - Electric Imp
Hugo Fiennes - Security and the IoT - Electric Imp
 
Keynote at the Cyber Security Summit Prague 2015
Keynote at the Cyber Security Summit Prague 2015Keynote at the Cyber Security Summit Prague 2015
Keynote at the Cyber Security Summit Prague 2015
 
Jump Start Your Application Security Knowledge
Jump Start Your Application Security KnowledgeJump Start Your Application Security Knowledge
Jump Start Your Application Security Knowledge
 
Critical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh BelgiCritical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh Belgi
 
Selling Data Security Technology
Selling Data Security TechnologySelling Data Security Technology
Selling Data Security Technology
 
Mobile security blunders and what you can do about them
Mobile security blunders and what you can do about themMobile security blunders and what you can do about them
Mobile security blunders and what you can do about them
 
Information Assurance And Security - Chapter 2 - Lesson 4
Information Assurance And Security - Chapter 2 - Lesson 4Information Assurance And Security - Chapter 2 - Lesson 4
Information Assurance And Security - Chapter 2 - Lesson 4
 
Lesson 4
Lesson 4Lesson 4
Lesson 4
 

More from TISA

Aec 2015 make thinkdifference_k.suphajee_tisa pro talk 4-2554
Aec 2015 make thinkdifference_k.suphajee_tisa pro talk 4-2554Aec 2015 make thinkdifference_k.suphajee_tisa pro talk 4-2554
Aec 2015 make thinkdifference_k.suphajee_tisa pro talk 4-2554TISA
 
Social and mobile tisa protalk 2 2554
Social and mobile tisa protalk 2 2554Social and mobile tisa protalk 2 2554
Social and mobile tisa protalk 2 2554TISA
 
Prinya acis slide for swpark - it & information security human resource deve...
Prinya acis slide for swpark - it & information security human resource deve...Prinya acis slide for swpark - it & information security human resource deve...
Prinya acis slide for swpark - it & information security human resource deve...TISA
 
Apt sharing tisa protalk 2-2554
Apt sharing tisa protalk 2-2554Apt sharing tisa protalk 2-2554
Apt sharing tisa protalk 2-2554TISA
 
Human capital in it security TISA Pro-Talk_4-2554
Human capital in it security TISA Pro-Talk_4-2554Human capital in it security TISA Pro-Talk_4-2554
Human capital in it security TISA Pro-Talk_4-2554TISA
 
Afta and labour article 14 tisa pro talk 4-2554
Afta and labour article 14 tisa pro talk 4-2554Afta and labour article 14 tisa pro talk 4-2554
Afta and labour article 14 tisa pro talk 4-2554TISA
 
Final Agenda_TISA Pro-Talk_3-2554
Final Agenda_TISA Pro-Talk_3-2554Final Agenda_TISA Pro-Talk_3-2554
Final Agenda_TISA Pro-Talk_3-2554TISA
 
TISA Pro-Talk_1-2554-Dr. rom_personnel standards
TISA Pro-Talk_1-2554-Dr. rom_personnel standardsTISA Pro-Talk_1-2554-Dr. rom_personnel standards
TISA Pro-Talk_1-2554-Dr. rom_personnel standardsTISA
 
TISA Pro-Talk_1-2554-chaiya_korn_หัวข้อ มาตรา 25 and critical infra
TISA Pro-Talk_1-2554-chaiya_korn_หัวข้อ มาตรา 25 and critical infraTISA Pro-Talk_1-2554-chaiya_korn_หัวข้อ มาตรา 25 and critical infra
TISA Pro-Talk_1-2554-chaiya_korn_หัวข้อ มาตรา 25 and critical infraTISA
 
TISA Pro-Talk_1-2554-K.Sommai_pci-dss
TISA Pro-Talk_1-2554-K.Sommai_pci-dssTISA Pro-Talk_1-2554-K.Sommai_pci-dss
TISA Pro-Talk_1-2554-K.Sommai_pci-dssTISA
 
TISA MC_TISA_Pro-Talk_1-2554
TISA MC_TISA_Pro-Talk_1-2554TISA MC_TISA_Pro-Talk_1-2554
TISA MC_TISA_Pro-Talk_1-2554TISA
 

More from TISA (11)

Aec 2015 make thinkdifference_k.suphajee_tisa pro talk 4-2554
Aec 2015 make thinkdifference_k.suphajee_tisa pro talk 4-2554Aec 2015 make thinkdifference_k.suphajee_tisa pro talk 4-2554
Aec 2015 make thinkdifference_k.suphajee_tisa pro talk 4-2554
 
Social and mobile tisa protalk 2 2554
Social and mobile tisa protalk 2 2554Social and mobile tisa protalk 2 2554
Social and mobile tisa protalk 2 2554
 
Prinya acis slide for swpark - it & information security human resource deve...
Prinya acis slide for swpark - it & information security human resource deve...Prinya acis slide for swpark - it & information security human resource deve...
Prinya acis slide for swpark - it & information security human resource deve...
 
Apt sharing tisa protalk 2-2554
Apt sharing tisa protalk 2-2554Apt sharing tisa protalk 2-2554
Apt sharing tisa protalk 2-2554
 
Human capital in it security TISA Pro-Talk_4-2554
Human capital in it security TISA Pro-Talk_4-2554Human capital in it security TISA Pro-Talk_4-2554
Human capital in it security TISA Pro-Talk_4-2554
 
Afta and labour article 14 tisa pro talk 4-2554
Afta and labour article 14 tisa pro talk 4-2554Afta and labour article 14 tisa pro talk 4-2554
Afta and labour article 14 tisa pro talk 4-2554
 
Final Agenda_TISA Pro-Talk_3-2554
Final Agenda_TISA Pro-Talk_3-2554Final Agenda_TISA Pro-Talk_3-2554
Final Agenda_TISA Pro-Talk_3-2554
 
TISA Pro-Talk_1-2554-Dr. rom_personnel standards
TISA Pro-Talk_1-2554-Dr. rom_personnel standardsTISA Pro-Talk_1-2554-Dr. rom_personnel standards
TISA Pro-Talk_1-2554-Dr. rom_personnel standards
 
TISA Pro-Talk_1-2554-chaiya_korn_หัวข้อ มาตรา 25 and critical infra
TISA Pro-Talk_1-2554-chaiya_korn_หัวข้อ มาตรา 25 and critical infraTISA Pro-Talk_1-2554-chaiya_korn_หัวข้อ มาตรา 25 and critical infra
TISA Pro-Talk_1-2554-chaiya_korn_หัวข้อ มาตรา 25 and critical infra
 
TISA Pro-Talk_1-2554-K.Sommai_pci-dss
TISA Pro-Talk_1-2554-K.Sommai_pci-dssTISA Pro-Talk_1-2554-K.Sommai_pci-dss
TISA Pro-Talk_1-2554-K.Sommai_pci-dss
 
TISA MC_TISA_Pro-Talk_1-2554
TISA MC_TISA_Pro-Talk_1-2554TISA MC_TISA_Pro-Talk_1-2554
TISA MC_TISA_Pro-Talk_1-2554
 

Recently uploaded

Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsNathaniel Shimoni
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
What is Artificial Intelligence?????????
What is Artificial Intelligence?????????What is Artificial Intelligence?????????
What is Artificial Intelligence?????????blackmambaettijean
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demoHarshalMandlekar2
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 

Recently uploaded (20)

Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
What is Artificial Intelligence?????????
What is Artificial Intelligence?????????What is Artificial Intelligence?????????
What is Artificial Intelligence?????????
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demo
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 

Top 5 myths of it security in the light of current events tisa pro talk 4 2554

  • 1. Top 5 Myths of IT Security in the Light of Current Events Advisor for your information security. Version: 1.0 Author: S.Streichsbier Responsible: S.Streichsbier Date: 05.10.2011 Confidentiality: Public
  • 2. Agenda • Introduction • Top 5 IT Security Myths • Reality Check – Current Events • Conclusion 2 © 2011 SEC Consult Unternehmensberatung GmbH – All rights reserved
  • 3. SEC Consult – Who we are Since foundation in 2002 SEC Consult delivered more Lithuania Canada Germany Austria Central and Easter Europe than 1000 IT security projects. United States of America Offices in Austria (HQ), Singapore Germany, Lithuania, Canada and Singapore since 2011 25+ Security Professionals Well established in Central and Eastern Europe SEC Consult Headquarter SEC Consult Office SEC Consult Clients 3 © 2011 SEC Consult Unternehmensberatung GmbH – All rights reserved
  • 4. SEC Consult - Overview • Team of highly skilled, internationally recognized security experts • Regular speakers on international conferences • Publish security advisories, whitepapers • Awards (e.g. “PWNIE” Award 2009) • Internal Vulnerability Lab ○ Responsible Disclosure Policy • Holistic approach to cover all facets of information security • Diverse experience in technical and organizational IT security • Independent from vendors • No off-the-shelf products • Tailor-made solutions • Confidentiality and data security is guaranteed 4 © 2011 SEC Consult Unternehmensberatung GmbH – All rights reserved
  • 5. Agenda - Workshop Day I: • Introduction • Top 5 IT Security Myths • Reality Check – Current Events • Conclusion 5 © 2011 SEC Consult Unternehmensberatung GmbH – All rights reserved
  • 6. Top 5 IT Security Myths 5 - Hackers=Geniuses „Only a genius can break into my network“ 6 © 2011 SEC Consult Unternehmensberatung GmbH – All rights reserved
  • 7. Top 5 IT Security Myths – Hackers=Geniuses (1) • The Myth: Hacking requires secret Ninja skills • True 20 years ago • Today, knowledge and tools are out there • Huge security community • Exploits and hacking tools released every day • Commercial exploit kits • Hacking can be learned (CEH, university,...) 7 © 2011 SEC Consult Unternehmensberatung GmbH – All rights reserved
  • 8. Top 5 IT Security Myths – Hackers=Geniuses (2) Anybody can launch a tool! 8 © 2011 SEC Consult Unternehmensberatung GmbH – All rights reserved
  • 9. Top 5 IT Security Myths – Hackers=Geniuses (3) Hackers are: • Hacking for fun / hacktivism • Anonymous / LulzSec • Kids looking for attention • Hacking for profit • Huge underground economy • Exploit Kits, Phishing Kits, etc. • Botnets • Cyber warfare • Stuxnet (admittedly very advanced) • Shady RAT • Operation Aurora 9 © 2011 SEC Consult Unternehmensberatung GmbH – All rights reserved
  • 10. Top 5 IT Security Myths 4 – Updates and AV „Software Updates and Anti Virus are enough to keep a system safe“ 10 © 2011 SEC Consult Unternehmensberatung GmbH – All rights reserved
  • 11. Top 5 IT Security Myths – 4. Updates and AV Myth: I am safe my AV will protect me from trojans, viruses and worms. • Facts • Timeliness (delay) • Completeness • Protection against known security issues, vulnerabilities in proprietary applications are not covered • Important part of client security (user still has to be responsible) • AV also have flaws • Detection rate / Effectiveness heavily discussed • False positives: Chrome browser is a virus? 11 © 2011 SEC Consult Unternehmensberatung GmbH – All rights reserved
  • 12. Excerpt of “disclosed” vulnerabilities on 24.6.2011 • 8.562 new vulnerabilities were disclosed in 2010 (27% more than 2009). • 49 percent of all vulnerabilities affect web applications. • 44 percent of vulnerabilities remained un-patched by the end of 2010. Source: X-Force Trend und Risk Report 2010 Sources: http://www.securityfocus.com/ 12 © 2011 SEC Consult Unternehmensberatung GmbH – All rights reserved
  • 13. Top 5 IT Security Myths 3. Easy solutions „Product X solves all my security problems“ 13 © 2011 SEC Consult Unternehmensberatung GmbH – All rights reserved
  • 14. Top 5 IT Security Myths – Easy solutions (1) • The Myth: Product X solves all security problems out of the box • IPS X will block all attacks on my network automatically • If I just install webapp firewall Y it will protect my web application • Fact: Security products are useless without careful configuration and maintenance • Off-the-shelf-solutions do not work! • Vendor marketing sometimes adds to the myth: 14 © 2011 SEC Consult Unternehmensberatung GmbH – All rights reserved
  • 15. Top 5 IT Security Myths – Easy solutions (2) • Web application firewalls are usually easily bypassed • Bypassing preconfigured signatures • There are unlimited ways to formulate and encode an attack • Web applications have unique vulnerabilities • Bypassing behaviour based analysis • May detect some anomalies, but attacks can look like normal traffic • Application logic attacks • To make a WAF work, configuration has to be tailored to the web application in question 15 © 2011 SEC Consult Unternehmensberatung GmbH – All rights reserved
  • 16. Top 5 IT Security Myths – Easy solutions (3) • IDS / IPS should be added as part of an defense-in-depth approach • WAF can be used in certain situations • If its impossible or too expensive to fix the web application • For compliance (PCI DSS) • It is always preferable to apply preventive controls at the core! • Secure configuration • Secure development practices 16 © 2011 SEC Consult Unternehmensberatung GmbH – All rights reserved
  • 17. Top 5 IT Security Myths 2 - Encryption „My server is secure because it uses SSL.“ 17 © 2011 SEC Consult Unternehmensberatung GmbH – All rights reserved
  • 18. Top 5 IT Security Myths – Encryption • The Myth: Something that is encrypted is automatically secure • Hackers first have to break the encryption to break in • Fact: Encryption ensures confidentiality & integrity in some scenarios • Needed for secure network traffic, file storage, proof of identity • Hackers find ways around the encryption! • Breaking the keys is practically impossible anyway in most cases • Attacks on the public key infrastructure (CAs) • Attacks on the algorithm / implementation (BEAST) • Attacks on users (Man-in-the-Middle w/ spoofed Certificate) • Application vulnerabilities • A webserver that uses HTTPS is NOT automatically secure! 18 © 2011 SEC Consult Unternehmensberatung GmbH – All rights reserved
  • 19. Top 5 IT Security Myths 1 – The Firewall „A device that protects against hackers“ 19 © 2011 SEC Consult Unternehmensberatung GmbH – All rights reserved
  • 20. Top 5 IT Security Myths – The Firewall (2) Myth: In order to attack servers behind the firewall hackers need to “break through” the firewall • Facts • Firewall provide a very small attacking surface for hackers • Usually straight forward to configure • Normally a hacker does not have to bypass a firewall • A hacker would target the low hanging fruits, which are in almost all cases vulnerable applications • HTTP = UFBP (universal firewall bypass protocol) 20 © 2011 SEC Consult Unternehmensberatung GmbH – All rights reserved
  • 21. Web applications – the weakest link AD Attacker Web server with vulnerable applications DB File- Share Internet Public (Extern) DMZ LAN (Intern) 86% of all attacks are carried out over the application layer 21 © 2011 SEC Consult Unternehmensberatung GmbH – All rights reserved
  • 22. Top 5 IT Security Myths – The Firewall (3) Myth: The firewall will block attacks and make sure that everything that passes through is safe/secure • Facts • Traditionally a firewall is only a packet filter • Packets can be blocked up to a level where the Firewall understands it • A firewall does not have an understanding of the Application layer • A firewall can not verify if communication to an exposed service is malicious 22 © 2011 SEC Consult Unternehmensberatung GmbH – All rights reserved
  • 23. Application Security • ”In 86% of all attacks, a weakness in a web interface was exploited (vs. 14% infrastructure) and the attackers were predominately external (80%)” Source: UK Security Breach Investigations Report 2010 23 © 2011 SEC Consult Unternehmensberatung GmbH – All rights reserved
  • 24. Web Security 1998-2010 • Web application related vulnerabilities have increased rapidly in the last years • Reasons: • New technologies • More applications • More information Source: IBM X-Force® 2010 Trend and Risk Report 24 © 2011 SEC Consult Unternehmensberatung GmbH – All rights reserved
  • 25. Attacks on Web Applications • Organized crime focuses on web applications ”You will see less shotgun types of attacks and more stealthy kinds of attacks going after financial information because there are whole new sets of ways to make money” --- Amrit Williams, Resarch Director at Gartner - Source: Web Hacking Incident Database 2010 Reuters 13.2.2006 Semi Annual Report – 2 (July-December) 25 © 2011 SEC Consult Unternehmensberatung GmbH – All rights reserved
  • 26. Myths – Summary • Off the shelf solutions: • Security products are useful for specific areas • Level your expectations (strength/weakness) • Security is a continuous process, be doubtful of miracles • Prevention/Detection • Necessary to have good detection mechanisms • Continuous Monitoring of the results • Planning • IT Security can only be achieved by a holistic approach • ISM is essential to implement the right processes • It is always preferable to apply preventive controls at the core! 26 © 2011 SEC Consult Unternehmensberatung GmbH – All rights reserved
  • 27. Contact Details SEC Consult Singapore Pte. Ltd. Singapore Austria 4 Battery Road Mooslackengasse 17 #25-01 Bank of China Building A-1190 Vienna Singapore (049908) Austria Tel: +65 31080365 Tel: +43-(0)1-890 30 43-0 Fax: +43-(0)1-890 30 43-15 Email: office@sec-consult.sg Email: office@sec-consult.com www.sec-consult.sg www.sec-consult.com 49 © 2011 SEC Consult Unternehmensberatung GmbH – All rights reserved