Social Engineering, Insider and Cyber Threat

Information about Social Engineering, Insider and Cyber Threat

Published on March 11, 2014

Author: AdventIM

Source: authorstream.com

Content

PowerPoint Presentation: Social Engineering, Insider and Cyber T hreat Mike Gillespie – MD Advent IM Ltd The UKs Leading Independent, Holistic Security Consultancy PowerPoint Presentation: agenda Introductions Summary What we mean by Social Engineering and Insider Threat What this means to Cyber Threat Joining the dots and the holistic approach Summary Questions PowerPoint Presentation: coming up people are our weakest link and cross security disciplines buildings and technology, combined with people, offer cyber terrorists and criminals not only more targets, but more tools serious cyber crime can start before anyone logs onto anything our attitude to security and security awareness training needs to evolve PowerPoint Presentation: preparation is everything – even in cyberspace PowerPoint Presentation: Social Engineering & Insider Threat some images courtesy of freedigitalphotos.net PowerPoint Presentation: Social Engineering & Insider Threat some images courtesy of freedigitalphotos.net PowerPoint Presentation: what does this mean for cyber threat and crime? Intelligence gathering Greater chance of cyber success PowerPoint Presentation: what does this mean for cyber threat and crime? Followed target into building or pose as contractor Watched building to select target ‘Bumped into’ target and engaged in conversation – trust gained ‘Borrowed’ their mobile device Researched target and ‘friends’ via social networks …and/or their pass card Gained access to server The cyber attack technically starts here… PowerPoint Presentation: Joining the dots and the holistic approach Realistic holistic Threat and Risk Assessments that don’t isolate ‘cyber’ Realistic appropriate action and policies C-level commitment and leadership Top down security culture health Holistic Security A wareness T raining for all staff Regular refreshers as part of the virtuous security cycle security evolution PowerPoint Presentation: Joining the dots…27001 in words… Continuous improvement (PDCA) Ensure and Assure Confidentiality, Integrity, Availability Risk based Proportionate Governance Compliance PowerPoint Presentation: the standard… Asset management HR Physical security Communications and Operations Access Control System Development DR, BCM and Incident Management Compliance PowerPoint Presentation: Establish the ISMS Maintain & improve the ISMS Monitor & review the ISMS Implement & operate the ISMS Development, maintenance & improvement cycle plan act check do Information security requirements and expectations Managed Information security ISO27001 in pictures… PowerPoint Presentation: And so… people are our weakest link and cross security disciplines buildings and technology, combined with people, offer cyber terrorists and criminals not only more targets, but more tools serious cyber crime can start before anyone logs onto anything our attitude to security and security awareness training needs to evolve PowerPoint Presentation: thank you Social Engineering, Insider and Cyber Threat

Related presentations