Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
SlideShare a Scribd company logo

Its not ITs problem

Shiva Bissessar
Shiva Bissessar

The document discusses information security workshops offered by Pinaka Technology Solutions to help organizations strengthen their security governance and increase user awareness of threats like phishing. The workshops cover topics such as security policies, risk management, and social engineering attacks, and are aimed at executives, IT staff, and other personnel handling sensitive data. Details are provided on workshop content, duration, cost, and customization options.

1 of 17
It’s not ITs problem Shiva Bissessar, BSc (Hons), MBA, MSc Managing & Technical Director Pinaka Technology Solutions +868 678 5078 spbisses@gmail.com 21st Jan 2015
Assisting Organizations With Their Strategic ICT & Information Security Needs
• Continue work on examining opportunity and risks of Digital Currency in Caribbean • Partnering with vendors to provide:  Software Development / Code QA (efficiency, security)  Appliances for Network Forensics What’s Pinaka doing in 2015?
Agenda • Case Study • Incident • Analysis • Solution • InfoSec Workshops (i) Governance (ii) Awareness
“The Most Devastating Corporate Cyber Attack Ever!”
INCIDENT http://www.wired.com/2014/12/sony-hack-what-we-know/
Breach: Confidentiality & Availability Compromised • Guardian of Peace screens • Data erased (entire servers + computing services) • Data taken (10s - 100s TB over 1 year* ) including: o Employee’s Personal Data SSN, ID, Passport, credit card & bank info, usernames, passwords, health info o Intellectual Property o Screeners, forthcoming films, scripts o Corporate data including E-mails (100,000s docs) • Data released to public • Threats of worse things to come (ransom) *Purported GOP member
As The Story Develops… • Scrambling to continue daily operations o Phones, e-mail, computer services down o Improvise with cellphones, Gmail and notepads o Cut paychecks manually o Resort to old BB phones • Shutdown everything; re –architect; secure • Reputation loss o Employees felt vulnerable which leads to lawsuits • Significant changes to film release strategy • Threats of lawsuits to media outlets redistributing data • Attribution
ANALYSIS http://www.nytimes.com/2015/01/19/world/asia/nsa-tapped-into-north-korean-networks-before-sony-attack-officials-say.html?_r=2 http://fortune.com/2014/12/24/why-sony-didnt-learn-from-its-2011-hack/
New York Times, 18th Jan’15 • NSA saw “spear phishing” attacks on Sony in early September. • In retrospect investigators determined that the North had stolen the “credentials” of a Sony systems administrator • This allowed the hackers to roam freely inside Sony’s systems.
“Why Sony Didn't Learn From Its 2011 Hack”, 24th Dec’14 • The company has long had a reputation for operating in silos. SPE was most isolated • “…their CIO should have implemented corporate-wide protection measures and beefed up info-sec training for employees that would be standardized across the organization,”
SOLUTION
Information Security Workshops Strategic Information Security Governance End User Information Security Awareness ORGANIZATION Understanding importance of Organizational Info Sec Governance Strategy in the context of proposed cybercrime bill and global threat outlook Sensitization of end users of Information Security threats with emphasis on Social Engineering PASTCLIENTS
PART I – Information Security Governance • Importance of Information Security • Local & Regional Threats • Types of Attackers & Motivations • Consequences of Attacks • Why Info Sec Governance Required • “Due Diligence” • Securing People & Process • Risk Management • Info Sec Policies • Audit & Info Sec Mgmt. • Org Structure & Behaviours • “Illegal Devices” &“Remote Forensic Tools” PART II – Global, Regional & Local Picture • Threats & Vulnerabilities • Phishing, Spoofing, Vishing, Water Holing, Ransomware, Skimming • Reports & Stats • Local & Regional National Cyber Security Efforts • TARGET 2013 Breach Analysis • Controls Strategic Information Security Governance Target Audience • IT Executive/Senior Management • IT Management & Professionals • Risk Management • Internal Audit • HR Professionals • Legal Officers
PART I – Information Security 101 • Importance of Information Security • Local & Regional Context • Why Are There Growing Threats • Types of Attackers & Motivations • Consequences of Attacks • Web Security Essentials • Threat & Vulnerabilities PART II - Social Engineering • Users’ Security Appetite • Attack Scenario Analysis • Phishing, Spoofing, Vishing, Water Holing, Ransomware, Skimming • Resources End User Information Security Awareness Target Audience • Executives • Executive Secretaries • Finance & Legal staff • Asset Management group • Any personnel who handle: • Sensitive information • Large financial transactions • Customer account verification
• Location: Clients’ facilities • Duration: 3-4 hours (per workshop) • Participant: 10-12 persons (per workshop) • Cost: Please get in contact for details • ‘Train the Trainer’ certified deliveries with use of appropriate training aides and method to reinforce learning during these sessions. • Flip chart/whiteboard, handouts, videos and questions are used in both workshops • Customizable options available upon request e.g based on client industry, number of participants etc. Workshop Details
Don’t wait for an incident to occur, get in contact now… Shiva Bissessar, BSc (Hons), MBA, MSc Managing & Technical Director Shiva Bissessar, BSc (Hons), MBA, MSc Managing & Technical Director Pinaka Technology Solutions +868 678 5078 spbisses@gmail.com

More Related Content

Its not ITs problem

  • 1. It’s not ITs problem Shiva Bissessar, BSc (Hons), MBA, MSc Managing & Technical Director Pinaka Technology Solutions +868 678 5078 spbisses@gmail.com 21st Jan 2015
  • 2. Assisting Organizations With Their Strategic ICT & Information Security Needs
  • 3. • Continue work on examining opportunity and risks of Digital Currency in Caribbean • Partnering with vendors to provide:  Software Development / Code QA (efficiency, security)  Appliances for Network Forensics What’s Pinaka doing in 2015?
  • 4. Agenda • Case Study • Incident • Analysis • Solution • InfoSec Workshops (i) Governance (ii) Awareness
  • 5. “The Most Devastating Corporate Cyber Attack Ever!”
  • 7. Breach: Confidentiality & Availability Compromised • Guardian of Peace screens • Data erased (entire servers + computing services) • Data taken (10s - 100s TB over 1 year* ) including: o Employee’s Personal Data SSN, ID, Passport, credit card & bank info, usernames, passwords, health info o Intellectual Property o Screeners, forthcoming films, scripts o Corporate data including E-mails (100,000s docs) • Data released to public • Threats of worse things to come (ransom) *Purported GOP member
  • 8. As The Story Develops… • Scrambling to continue daily operations o Phones, e-mail, computer services down o Improvise with cellphones, Gmail and notepads o Cut paychecks manually o Resort to old BB phones • Shutdown everything; re –architect; secure • Reputation loss o Employees felt vulnerable which leads to lawsuits • Significant changes to film release strategy • Threats of lawsuits to media outlets redistributing data • Attribution
  • 10. New York Times, 18th Jan’15 • NSA saw “spear phishing” attacks on Sony in early September. • In retrospect investigators determined that the North had stolen the “credentials” of a Sony systems administrator • This allowed the hackers to roam freely inside Sony’s systems.
  • 11. “Why Sony Didn't Learn From Its 2011 Hack”, 24th Dec’14 • The company has long had a reputation for operating in silos. SPE was most isolated • “…their CIO should have implemented corporate-wide protection measures and beefed up info-sec training for employees that would be standardized across the organization,”
  • 13. Information Security Workshops Strategic Information Security Governance End User Information Security Awareness ORGANIZATION Understanding importance of Organizational Info Sec Governance Strategy in the context of proposed cybercrime bill and global threat outlook Sensitization of end users of Information Security threats with emphasis on Social Engineering PASTCLIENTS
  • 14. PART I – Information Security Governance • Importance of Information Security • Local & Regional Threats • Types of Attackers & Motivations • Consequences of Attacks • Why Info Sec Governance Required • “Due Diligence” • Securing People & Process • Risk Management • Info Sec Policies • Audit & Info Sec Mgmt. • Org Structure & Behaviours • “Illegal Devices” &“Remote Forensic Tools” PART II – Global, Regional & Local Picture • Threats & Vulnerabilities • Phishing, Spoofing, Vishing, Water Holing, Ransomware, Skimming • Reports & Stats • Local & Regional National Cyber Security Efforts • TARGET 2013 Breach Analysis • Controls Strategic Information Security Governance Target Audience • IT Executive/Senior Management • IT Management & Professionals • Risk Management • Internal Audit • HR Professionals • Legal Officers
  • 15. PART I – Information Security 101 • Importance of Information Security • Local & Regional Context • Why Are There Growing Threats • Types of Attackers & Motivations • Consequences of Attacks • Web Security Essentials • Threat & Vulnerabilities PART II - Social Engineering • Users’ Security Appetite • Attack Scenario Analysis • Phishing, Spoofing, Vishing, Water Holing, Ransomware, Skimming • Resources End User Information Security Awareness Target Audience • Executives • Executive Secretaries • Finance & Legal staff • Asset Management group • Any personnel who handle: • Sensitive information • Large financial transactions • Customer account verification
  • 16. • Location: Clients’ facilities • Duration: 3-4 hours (per workshop) • Participant: 10-12 persons (per workshop) • Cost: Please get in contact for details • ‘Train the Trainer’ certified deliveries with use of appropriate training aides and method to reinforce learning during these sessions. • Flip chart/whiteboard, handouts, videos and questions are used in both workshops • Customizable options available upon request e.g based on client industry, number of participants etc. Workshop Details
  • 17. Don’t wait for an incident to occur, get in contact now… Shiva Bissessar, BSc (Hons), MBA, MSc Managing & Technical Director Shiva Bissessar, BSc (Hons), MBA, MSc Managing & Technical Director Pinaka Technology Solutions +868 678 5078 spbisses@gmail.com