The document discusses information security workshops offered by Pinaka Technology Solutions to help organizations strengthen their security governance and increase user awareness of threats like phishing. The workshops cover topics such as security policies, risk management, and social engineering attacks, and are aimed at executives, IT staff, and other personnel handling sensitive data. Details are provided on workshop content, duration, cost, and customization options.
Report
Share
Report
Share
1 of 17
More Related Content
Its not ITs problem
1. It’s not ITs problem
Shiva Bissessar, BSc (Hons), MBA, MSc
Managing & Technical Director
Pinaka Technology Solutions
+868 678 5078
spbisses@gmail.com
21st Jan 2015
3. • Continue work on examining opportunity and
risks of Digital Currency in Caribbean
• Partnering with vendors to provide:
Software Development / Code QA
(efficiency, security)
Appliances for Network Forensics
What’s Pinaka doing in 2015?
4. Agenda
• Case Study
• Incident
• Analysis
• Solution
• InfoSec Workshops
(i) Governance
(ii) Awareness
7. Breach: Confidentiality &
Availability Compromised
• Guardian of Peace screens
• Data erased (entire servers + computing services)
• Data taken (10s - 100s TB over 1 year* ) including:
o Employee’s Personal Data
SSN, ID, Passport, credit card & bank info,
usernames, passwords, health info
o Intellectual Property
o Screeners, forthcoming films, scripts
o Corporate data including E-mails (100,000s docs)
• Data released to public
• Threats of worse things to come (ransom)
*Purported GOP member
8. As The Story Develops…
• Scrambling to continue daily operations
o Phones, e-mail, computer services down
o Improvise with cellphones, Gmail and notepads
o Cut paychecks manually
o Resort to old BB phones
• Shutdown everything; re –architect; secure
• Reputation loss
o Employees felt vulnerable which leads to lawsuits
• Significant changes to film release strategy
• Threats of lawsuits to media outlets redistributing
data
• Attribution
10. New York Times, 18th Jan’15
• NSA saw “spear phishing” attacks
on Sony in early September.
• In retrospect investigators
determined that the North had
stolen the “credentials” of a Sony
systems administrator
• This allowed the hackers to roam
freely inside Sony’s systems.
11. “Why Sony Didn't Learn From Its
2011 Hack”, 24th Dec’14
• The company has long had a reputation for operating
in silos. SPE was most isolated
• “…their CIO should have implemented corporate-wide
protection measures and beefed up info-sec training
for employees that would be standardized across the
organization,”
13. Information Security Workshops
Strategic Information
Security Governance
End User Information
Security Awareness
ORGANIZATION
Understanding importance
of Organizational Info Sec
Governance Strategy in the
context of proposed
cybercrime bill and global
threat outlook
Sensitization of end
users of Information
Security threats with
emphasis on Social
Engineering
PASTCLIENTS
14. PART I – Information Security Governance
• Importance of Information Security
• Local & Regional Threats
• Types of Attackers & Motivations
• Consequences of Attacks
• Why Info Sec Governance Required
• “Due Diligence”
• Securing People & Process
• Risk Management
• Info Sec Policies
• Audit & Info Sec Mgmt.
• Org Structure & Behaviours
• “Illegal Devices” &“Remote Forensic Tools”
PART II – Global, Regional & Local Picture
• Threats & Vulnerabilities
• Phishing, Spoofing, Vishing, Water Holing,
Ransomware, Skimming
• Reports & Stats
• Local & Regional National Cyber Security Efforts
• TARGET 2013 Breach Analysis
• Controls
Strategic Information Security Governance
Target Audience
• IT Executive/Senior
Management
• IT Management &
Professionals
• Risk Management
• Internal Audit
• HR Professionals
• Legal Officers
15. PART I – Information Security 101
• Importance of Information Security
• Local & Regional Context
• Why Are There Growing Threats
• Types of Attackers & Motivations
• Consequences of Attacks
• Web Security Essentials
• Threat & Vulnerabilities
PART II - Social Engineering
• Users’ Security Appetite
• Attack Scenario Analysis
• Phishing, Spoofing, Vishing, Water
Holing, Ransomware, Skimming
• Resources
End User Information Security Awareness
Target Audience
• Executives
• Executive Secretaries
• Finance & Legal staff
• Asset Management group
• Any personnel who handle:
• Sensitive information
• Large financial transactions
• Customer account
verification
16. • Location: Clients’ facilities
• Duration: 3-4 hours (per workshop)
• Participant: 10-12 persons (per workshop)
• Cost: Please get in contact for details
• ‘Train the Trainer’ certified deliveries with use of
appropriate training aides and method to reinforce
learning during these sessions.
• Flip chart/whiteboard, handouts, videos and
questions are used in both workshops
• Customizable options available upon request e.g
based on client industry, number of participants etc.
Workshop Details
17. Don’t wait for an incident to
occur, get in contact now…
Shiva Bissessar, BSc (Hons), MBA, MSc
Managing & Technical Director
Shiva Bissessar, BSc (Hons), MBA, MSc
Managing & Technical Director
Pinaka Technology Solutions
+868 678 5078
spbisses@gmail.com