Closing the Gap: Protecting Business Capabilities … · Closing the Gap: Protecting Business...
Transcript of Closing the Gap: Protecting Business Capabilities … · Closing the Gap: Protecting Business...
![Page 1: Closing the Gap: Protecting Business Capabilities … · Closing the Gap: Protecting Business Capabilities Against Security Threats ... The basics of Hacking and Penetration Testing](https://reader031.fdocuments.in/reader031/viewer/2022022608/5b87ed1b7f8b9a28238de0ec/html5/thumbnails/1.jpg)
RTN CTRL
Closing the Gap: Protecting Business Capabilities Against Security Threats
Dr Ryan Ko Head, Cyber Security Researchers of Waikato, University of Waikato
Editor, ISO 21878 2016 NZ Cloud Computing and Hybrid IT Forum www.crow.org.nz
www.stratus.org.nz
![Page 2: Closing the Gap: Protecting Business Capabilities … · Closing the Gap: Protecting Business Capabilities Against Security Threats ... The basics of Hacking and Penetration Testing](https://reader031.fdocuments.in/reader031/viewer/2022022608/5b87ed1b7f8b9a28238de0ec/html5/thumbnails/2.jpg)
RTN CTRL
CROW – 1st Uni Cyber Security Lab in NZ
• FirstCyberSecurityLabinNZ,buildingontradi8onsofNZInternet,DataMining(Weka),networkinggroup• 20+researchstudents(Honours,PGDip,MasterofCyberSecurity,PhD)• 30+Alumni(nowatGallagher,DeloiMe,INTERPOL,CloudSecurityAlliance,LayerX,etc)• 14staff(6academics,8staff)• DrRyanKoisScienceLeaderofNZ$12.2million,6-year,MBIE-fundedSTRATUSproject,NZ’slargestIT
researchgrant• AlsofundedbyFulbrightCommission,InternetNZ,Educa8onNZ,andOfficeofthePrivacyCommissioner• CreatorsoftheNewZealandCyberSecurityChallenge(now3rdyear;267par8cipants)
![Page 3: Closing the Gap: Protecting Business Capabilities … · Closing the Gap: Protecting Business Capabilities Against Security Threats ... The basics of Hacking and Penetration Testing](https://reader031.fdocuments.in/reader031/viewer/2022022608/5b87ed1b7f8b9a28238de0ec/html5/thumbnails/3.jpg)
RTN CTRL
Who we work with:
![Page 4: Closing the Gap: Protecting Business Capabilities … · Closing the Gap: Protecting Business Capabilities Against Security Threats ... The basics of Hacking and Penetration Testing](https://reader031.fdocuments.in/reader031/viewer/2022022608/5b87ed1b7f8b9a28238de0ec/html5/thumbnails/4.jpg)
RTN CTRL
NZ Cyber Security Challenge (since 2014)
![Page 5: Closing the Gap: Protecting Business Capabilities … · Closing the Gap: Protecting Business Capabilities Against Security Threats ... The basics of Hacking and Penetration Testing](https://reader031.fdocuments.in/reader031/viewer/2022022608/5b87ed1b7f8b9a28238de0ec/html5/thumbnails/5.jpg)
RTN CTRL
Craig Scoon and Ryan Ko presenting to the Governor-General of New Zealand, April 2016
Hosting the Governor-General, and Director, NSA Research Directorate
![Page 6: Closing the Gap: Protecting Business Capabilities … · Closing the Gap: Protecting Business Capabilities Against Security Threats ... The basics of Hacking and Penetration Testing](https://reader031.fdocuments.in/reader031/viewer/2022022608/5b87ed1b7f8b9a28238de0ec/html5/thumbnails/6.jpg)
RTN CTRL
Cybercrime Research with INTERPOL
![Page 7: Closing the Gap: Protecting Business Capabilities … · Closing the Gap: Protecting Business Capabilities Against Security Threats ... The basics of Hacking and Penetration Testing](https://reader031.fdocuments.in/reader031/viewer/2022022608/5b87ed1b7f8b9a28238de0ec/html5/thumbnails/7.jpg)
RTN CTRL
Co-developed the (ISC)2 Certified Cloud Security Professional (CCSP)
![Page 8: Closing the Gap: Protecting Business Capabilities … · Closing the Gap: Protecting Business Capabilities Against Security Threats ... The basics of Hacking and Penetration Testing](https://reader031.fdocuments.in/reader031/viewer/2022022608/5b87ed1b7f8b9a28238de0ec/html5/thumbnails/8.jpg)
RTN CTRL
INDUSTRY TRENDS A look at the recent
8
![Page 9: Closing the Gap: Protecting Business Capabilities … · Closing the Gap: Protecting Business Capabilities Against Security Threats ... The basics of Hacking and Penetration Testing](https://reader031.fdocuments.in/reader031/viewer/2022022608/5b87ed1b7f8b9a28238de0ec/html5/thumbnails/9.jpg)
RTN CTRL
![Page 10: Closing the Gap: Protecting Business Capabilities … · Closing the Gap: Protecting Business Capabilities Against Security Threats ... The basics of Hacking and Penetration Testing](https://reader031.fdocuments.in/reader031/viewer/2022022608/5b87ed1b7f8b9a28238de0ec/html5/thumbnails/10.jpg)
RTN CTRL
![Page 11: Closing the Gap: Protecting Business Capabilities … · Closing the Gap: Protecting Business Capabilities Against Security Threats ... The basics of Hacking and Penetration Testing](https://reader031.fdocuments.in/reader031/viewer/2022022608/5b87ed1b7f8b9a28238de0ec/html5/thumbnails/11.jpg)
RTN CTRL 11
![Page 12: Closing the Gap: Protecting Business Capabilities … · Closing the Gap: Protecting Business Capabilities Against Security Threats ... The basics of Hacking and Penetration Testing](https://reader031.fdocuments.in/reader031/viewer/2022022608/5b87ed1b7f8b9a28238de0ec/html5/thumbnails/12.jpg)
RTN CTRL
An Important Trend • Global trend of linking liability of cyber security incidents to directors
– Think Health and Safety
• The rise of awareness of the need for cyber security and cyber insurance
– Better utilising existing capabilities – Future capabilities (in training and research)
![Page 13: Closing the Gap: Protecting Business Capabilities … · Closing the Gap: Protecting Business Capabilities Against Security Threats ... The basics of Hacking and Penetration Testing](https://reader031.fdocuments.in/reader031/viewer/2022022608/5b87ed1b7f8b9a28238de0ec/html5/thumbnails/13.jpg)
RTN CTRL
Institute of Directors in NZ: Cyber-Risk Practice Guide
hMps://www.iod.org.nz/Portals/0/Governance%20resources/Cyber-Risk%20Prac8ce%20Guide.pdf
![Page 14: Closing the Gap: Protecting Business Capabilities … · Closing the Gap: Protecting Business Capabilities Against Security Threats ... The basics of Hacking and Penetration Testing](https://reader031.fdocuments.in/reader031/viewer/2022022608/5b87ed1b7f8b9a28238de0ec/html5/thumbnails/14.jpg)
RTN CTRL
10 August 2016: First NZ-Specific Social Engineering TorrentLocker
ImmediatelyreportedtoITDept.,Government:NCPO(ConnectSmart),
NCSC
![Page 15: Closing the Gap: Protecting Business Capabilities … · Closing the Gap: Protecting Business Capabilities Against Security Threats ... The basics of Hacking and Penetration Testing](https://reader031.fdocuments.in/reader031/viewer/2022022608/5b87ed1b7f8b9a28238de0ec/html5/thumbnails/15.jpg)
RTN CTRL
The Mind of the Attacker: 4-Stages of Penetration Testing (ref: The basics of Hacking and Penetration Testing – patrick engebretson)
• Aim:Gainadminaccessovertargetmachine(s)
• Maintainpermanentbackdoorstothesystem,resistanttoprogramclosuresandevenreboots.
• Aim:Searchingforholesandvulnerabili8esinnetworkportsandsystemsoiware
• Aim:GatheringInforma8onabouttarget.
Recon-naissance Scanning
Exploita8onMaintainingAccess
Onemorestep:Hiding/Coveringyourtracks.(forBlackHats)
![Page 16: Closing the Gap: Protecting Business Capabilities … · Closing the Gap: Protecting Business Capabilities Against Security Threats ... The basics of Hacking and Penetration Testing](https://reader031.fdocuments.in/reader031/viewer/2022022608/5b87ed1b7f8b9a28238de0ec/html5/thumbnails/16.jpg)
RTN CTRL
Src: http://www.youtube.com/watch?v=F_5CMjgHRKQ
![Page 17: Closing the Gap: Protecting Business Capabilities … · Closing the Gap: Protecting Business Capabilities Against Security Threats ... The basics of Hacking and Penetration Testing](https://reader031.fdocuments.in/reader031/viewer/2022022608/5b87ed1b7f8b9a28238de0ec/html5/thumbnails/17.jpg)
RTN CTRL
Preventing and mitigating Social Engineering 1. Learning to identify social engineering attacks 2. Creating a personal security awareness program 3. Creating awareness of the value of the information that is being
sought by social engineers 4. Keeping software updated 5. Developing scripts 6. Learning from social engineering audits 7. Continuously learning from: http://www.social-engineer.org/
![Page 18: Closing the Gap: Protecting Business Capabilities … · Closing the Gap: Protecting Business Capabilities Against Security Threats ... The basics of Hacking and Penetration Testing](https://reader031.fdocuments.in/reader031/viewer/2022022608/5b87ed1b7f8b9a28238de0ec/html5/thumbnails/18.jpg)
RTN CTRL
Developing Scripts • If someone calls and claims to be from the management office and
demands compliance of either handing over information or internal data, follow these steps:
1. Ask for the person’s employee ID number and name. Do not answer any questions until you have this information.
2. After getting the identifying information, ask for the project ID number related to the project he or she is managing that requires this information.
3. If the information in steps 1 and 2 is successfully obtained, comply. 4. If it’s not, ask the person to have his or her manager send an email to
your manager requesting authorization and terminate the call. • A simple script like this can help employees know what to say and do in
circumstances that can try their security consciousness.
![Page 19: Closing the Gap: Protecting Business Capabilities … · Closing the Gap: Protecting Business Capabilities Against Security Threats ... The basics of Hacking and Penetration Testing](https://reader031.fdocuments.in/reader031/viewer/2022022608/5b87ed1b7f8b9a28238de0ec/html5/thumbnails/19.jpg)
RTN CTRL
AN ORGANISATION’S PERSPECTIVE Script development is just a part of the Big Picture!
![Page 20: Closing the Gap: Protecting Business Capabilities … · Closing the Gap: Protecting Business Capabilities Against Security Threats ... The basics of Hacking and Penetration Testing](https://reader031.fdocuments.in/reader031/viewer/2022022608/5b87ed1b7f8b9a28238de0ec/html5/thumbnails/20.jpg)
RTN CTRL
Planning your organisation if you are an IT Manager/ CISO/ Director • Prevention
– Vulnerability Detection – Vulnerability Remediation – Vulnerability Patching
• Security – Policies (Designing and Implementing an ISMS) – Alignment to standards, e.g. ISO/IEC 27001 – Controls (Scripts, Assets, BYOD, Users, Physical Environment, etc)
• Forensics – How can you find out what went wrong?
• Collaboration across the sector and link to the national level – Does your sector have a trusted network? CSIRT?
RelatedQues+on:Doityourselves,oroutsource?
![Page 21: Closing the Gap: Protecting Business Capabilities … · Closing the Gap: Protecting Business Capabilities Against Security Threats ... The basics of Hacking and Penetration Testing](https://reader031.fdocuments.in/reader031/viewer/2022022608/5b87ed1b7f8b9a28238de0ec/html5/thumbnails/21.jpg)
RTN CTRL
Doing it yourself: Manpower and Resources • Do you have a person/ group of people who will be able to adequately respond to an
incident or emergency? – Technical Response – Communications Response
• Do you have a group of people who are preventing, monitoring and giving you updates on the weekly trends?
– Vulnerability discovery and patching? – CISO – Virtual CISO – Collaboration/ sharing between trusted parties
• Do you have a group which looks into the future for trends and problems – 1 year, 2 years, 5 years? (Covered later in talk)
– If not, you may wish to work with Callaghan Innovation, or groups such as MBIE STRATUS
![Page 22: Closing the Gap: Protecting Business Capabilities … · Closing the Gap: Protecting Business Capabilities Against Security Threats ... The basics of Hacking and Penetration Testing](https://reader031.fdocuments.in/reader031/viewer/2022022608/5b87ed1b7f8b9a28238de0ec/html5/thumbnails/22.jpg)
RTN CTRL
Outsourcing: 5 Key Questions to Ask a Vendor • Do you use the tool to protect yourself? Give specific use cases. • What can’t your tool protect? • What happens when I get attacked? How will you help me? • How well do you know about the International Legislations and
Controls? E.g. ISO 27000 series, NZ data privacy laws and NZISM (which version)?
– How does your tool align our organisation to them?
• If I have a malicious staff who leaks my data, how can your tool contain the situation?
![Page 23: Closing the Gap: Protecting Business Capabilities … · Closing the Gap: Protecting Business Capabilities Against Security Threats ... The basics of Hacking and Penetration Testing](https://reader031.fdocuments.in/reader031/viewer/2022022608/5b87ed1b7f8b9a28238de0ec/html5/thumbnails/23.jpg)
RTN CTRL
5 Simple Questions to ask the Educator/ Trainer • Tell me specifically what skills do you train, and why you focus on
them? • How many alumni trained, and where are they working now? • How many of your staff/trainers are involved in international
standards; are they globally or regionally-recognised experts? • Do they produce technology or publications which is really usable by
users? • Is this demo you showed me your own, or did you use another
organisation’s tool and ‘white-label’ it?
![Page 24: Closing the Gap: Protecting Business Capabilities … · Closing the Gap: Protecting Business Capabilities Against Security Threats ... The basics of Hacking and Penetration Testing](https://reader031.fdocuments.in/reader031/viewer/2022022608/5b87ed1b7f8b9a28238de0ec/html5/thumbnails/24.jpg)
RTN CTRL
ISO 27001 @ ISO Online Browsing Platform (OBP)
![Page 25: Closing the Gap: Protecting Business Capabilities … · Closing the Gap: Protecting Business Capabilities Against Security Threats ... The basics of Hacking and Penetration Testing](https://reader031.fdocuments.in/reader031/viewer/2022022608/5b87ed1b7f8b9a28238de0ec/html5/thumbnails/25.jpg)
RTN CTRL
UPCOMING KEY EVENTS Mark Your Calendars
![Page 26: Closing the Gap: Protecting Business Capabilities … · Closing the Gap: Protecting Business Capabilities Against Security Threats ... The basics of Hacking and Penetration Testing](https://reader031.fdocuments.in/reader031/viewer/2022022608/5b87ed1b7f8b9a28238de0ec/html5/thumbnails/26.jpg)
RTN CTRL
STRATUS Forum 2015 (Last Year)
![Page 27: Closing the Gap: Protecting Business Capabilities … · Closing the Gap: Protecting Business Capabilities Against Security Threats ... The basics of Hacking and Penetration Testing](https://reader031.fdocuments.in/reader031/viewer/2022022608/5b87ed1b7f8b9a28238de0ec/html5/thumbnails/27.jpg)
RTN CTRL
STRATUS Forum 2016 (Open to Public) • Research Team:
– Universities: University of Waikato (lead), University of Auckland – Polytechnic: Unitec – Global Consortium: Cloud Security Alliance – Industry Partners: Gallagher, LayerX, Virscient, Aura (Kordia)
• Date: 5 December 2016 • Location: MBIE Building, Wellington • More Info: https://stratus.org.nz
![Page 28: Closing the Gap: Protecting Business Capabilities … · Closing the Gap: Protecting Business Capabilities Against Security Threats ... The basics of Hacking and Penetration Testing](https://reader031.fdocuments.in/reader031/viewer/2022022608/5b87ed1b7f8b9a28238de0ec/html5/thumbnails/28.jpg)
RTN CTRL
Hosting the ISO/IEC JTC 1/SC 27 Plenary and Workshop Meetings • Hosted by University of Waikato & Cloud Security Alliance next year. • Supported by Standards New Zealand • First time in New Zealand • 400+ national delegates from 60+ countries and 20+ liaison bodies • April 18-25, 2017
![Page 29: Closing the Gap: Protecting Business Capabilities … · Closing the Gap: Protecting Business Capabilities Against Security Threats ... The basics of Hacking and Penetration Testing](https://reader031.fdocuments.in/reader031/viewer/2022022608/5b87ed1b7f8b9a28238de0ec/html5/thumbnails/29.jpg)
RTN CTRL
THANKS Ryan Ko, PhD,CCSP • Head, Cyber Security Lab/ Senior Lecturer, University of Waikato |
https://crow.org.nz • Science Leader, STRATUS | https://stratus.org.nz • International Faculty Member, NIATEC, Idaho State University, USA • Asia Pacific Research Advisor, Cloud Security Alliance • Editor, ISO/IEC 21878 – Security Guidelines for Design and
Implementation of Virtualized Servers • Consultant and Technical Advisor to NZ and International Companies
Announcements: • 3 x STRATUS project PhD study awards (fees
+stipend) available • 1 x STRATUS Masters study award (fees+stipend)
available
soli deo gloria