e. gelbstein a. kamal information insecurity part ii: the solution next slide: pgdn or click...
TRANSCRIPT
![Page 1: E. Gelbstein A. Kamal Information Insecurity Part II: The Solution Next slide: PgDn or Click Previous slide: PgUp To quit the presentation: Esc 1 of 48](https://reader035.vdocuments.us/reader035/viewer/2022062620/551b262f550346dd1a8b481e/html5/thumbnails/1.jpg)
1 of 48E. GelbsteinA. Kamal
Information InsecurityPart II: The Solution
Next slide: PgDn or ClickPrevious slide: PgUpTo quit the presentation: Esc
Information Insecurity
Part II: The Solution
![Page 2: E. Gelbstein A. Kamal Information Insecurity Part II: The Solution Next slide: PgDn or Click Previous slide: PgUp To quit the presentation: Esc 1 of 48](https://reader035.vdocuments.us/reader035/viewer/2022062620/551b262f550346dd1a8b481e/html5/thumbnails/2.jpg)
2 of 48E. GelbsteinA. Kamal
Information InsecurityPart II: The Solution
Next slide: PgDn or ClickPrevious slide: PgUpTo quit the presentation: Esc
Basic rule of systems
Complex problems are never solved,
they are only transformed
corollary
You don’t “fix” security. You manage it
![Page 3: E. Gelbstein A. Kamal Information Insecurity Part II: The Solution Next slide: PgDn or Click Previous slide: PgUp To quit the presentation: Esc 1 of 48](https://reader035.vdocuments.us/reader035/viewer/2022062620/551b262f550346dd1a8b481e/html5/thumbnails/3.jpg)
3 of 48E. GelbsteinA. Kamal
Information InsecurityPart II: The Solution
Next slide: PgDn or ClickPrevious slide: PgUpTo quit the presentation: Esc
Information security principles
Information must be available to those authorized to have it
Information will only be disclosed at the appropriate time only to those authorized to have it
Information will only be modified by those authorized to do so
Source ISO 17799: Code of Practice for the Management of Information Security
1
2
3
![Page 4: E. Gelbstein A. Kamal Information Insecurity Part II: The Solution Next slide: PgDn or Click Previous slide: PgUp To quit the presentation: Esc 1 of 48](https://reader035.vdocuments.us/reader035/viewer/2022062620/551b262f550346dd1a8b481e/html5/thumbnails/4.jpg)
4 of 48E. GelbsteinA. Kamal
Information InsecurityPart II: The Solution
Next slide: PgDn or ClickPrevious slide: PgUpTo quit the presentation: Esc
Information security principles (2)
Protection of intellectual property rights, including software
Protection of privacy in cyberspace
Effectiveness of the provision of digital signatures
Prosecution of cyber-criminals
Existence of a legal framework defining
Covering information processed, stored and transmitted in e-form
4
![Page 5: E. Gelbstein A. Kamal Information Insecurity Part II: The Solution Next slide: PgDn or Click Previous slide: PgUp To quit the presentation: Esc 1 of 48](https://reader035.vdocuments.us/reader035/viewer/2022062620/551b262f550346dd1a8b481e/html5/thumbnails/5.jpg)
5 of 48E. GelbsteinA. Kamal
Information InsecurityPart II: The Solution
Next slide: PgDn or ClickPrevious slide: PgUpTo quit the presentation: Esc
What is your role in Infosec?
Defender: one of the good guys
Chief Information OfficerSecurity manager
Systems administratorNetwork administrator
Enlightened User
![Page 6: E. Gelbstein A. Kamal Information Insecurity Part II: The Solution Next slide: PgDn or Click Previous slide: PgUp To quit the presentation: Esc 1 of 48](https://reader035.vdocuments.us/reader035/viewer/2022062620/551b262f550346dd1a8b481e/html5/thumbnails/6.jpg)
6 of 48E. GelbsteinA. Kamal
Information InsecurityPart II: The Solution
Next slide: PgDn or ClickPrevious slide: PgUpTo quit the presentation: Esc
How good a defender ?
Due diligenceNegligenceDereliction of dutyMisconductSabotageCriminal damageAiding and abbetting crime
It really is your choice
![Page 7: E. Gelbstein A. Kamal Information Insecurity Part II: The Solution Next slide: PgDn or Click Previous slide: PgUp To quit the presentation: Esc 1 of 48](https://reader035.vdocuments.us/reader035/viewer/2022062620/551b262f550346dd1a8b481e/html5/thumbnails/7.jpg)
7 of 48E. GelbsteinA. Kamal
Information InsecurityPart II: The Solution
Next slide: PgDn or ClickPrevious slide: PgUpTo quit the presentation: Esc
What is your role in Infosec?A “special guy”: good or bad are relative
Auditor (Security, internal, external)Ethical hackerSecurity consultantVendors of security productsVendors of other ICT projectsInfo Security legislator
![Page 8: E. Gelbstein A. Kamal Information Insecurity Part II: The Solution Next slide: PgDn or Click Previous slide: PgUp To quit the presentation: Esc 1 of 48](https://reader035.vdocuments.us/reader035/viewer/2022062620/551b262f550346dd1a8b481e/html5/thumbnails/8.jpg)
8 of 48E. GelbsteinA. Kamal
Information InsecurityPart II: The Solution
Next slide: PgDn or ClickPrevious slide: PgUpTo quit the presentation: Esc
What is your role in Infosec?Bystander
“Surely, it’s a technical problem”“Nothing to do with me”
“Not in my job description”“What, change password again?”“What’s wrong using my birthday
as a password?”“OK so my son used my employer’s
notebook to download some shareware – what’s the big deal?”
![Page 9: E. Gelbstein A. Kamal Information Insecurity Part II: The Solution Next slide: PgDn or Click Previous slide: PgUp To quit the presentation: Esc 1 of 48](https://reader035.vdocuments.us/reader035/viewer/2022062620/551b262f550346dd1a8b481e/html5/thumbnails/9.jpg)
9 of 48E. GelbsteinA. Kamal
Information InsecurityPart II: The Solution
Next slide: PgDn or ClickPrevious slide: PgUpTo quit the presentation: Esc
What is your role in Infosec?
Obstacle
“No way can I increase your budget”“We have a freeze on recruitment”
“It’s not compatible with ourcorporate culture”
“The trade unions won’t have it”
![Page 10: E. Gelbstein A. Kamal Information Insecurity Part II: The Solution Next slide: PgDn or Click Previous slide: PgUp To quit the presentation: Esc 1 of 48](https://reader035.vdocuments.us/reader035/viewer/2022062620/551b262f550346dd1a8b481e/html5/thumbnails/10.jpg)
10 of 48E. GelbsteinA. Kamal
Information InsecurityPart II: The Solution
Next slide: PgDn or ClickPrevious slide: PgUpTo quit the presentation: Esc
Defender’s 1st step: Culture
Security relies on everyone
Security requires many processes
Security contains many projects which never end
Only the paranoid succeed and survive
![Page 11: E. Gelbstein A. Kamal Information Insecurity Part II: The Solution Next slide: PgDn or Click Previous slide: PgUp To quit the presentation: Esc 1 of 48](https://reader035.vdocuments.us/reader035/viewer/2022062620/551b262f550346dd1a8b481e/html5/thumbnails/11.jpg)
11 of 48E. GelbsteinA. Kamal
Information InsecurityPart II: The Solution
Next slide: PgDn or ClickPrevious slide: PgUpTo quit the presentation: Esc
Defender’s 2nd step: Reality check
100% security can NOT be achieved
Technology is not enough to guarantee security
Legislation is not enough to guarantee security
Security resources must match risk
Good security practices become barriers
![Page 12: E. Gelbstein A. Kamal Information Insecurity Part II: The Solution Next slide: PgDn or Click Previous slide: PgUp To quit the presentation: Esc 1 of 48](https://reader035.vdocuments.us/reader035/viewer/2022062620/551b262f550346dd1a8b481e/html5/thumbnails/12.jpg)
12 of 48E. GelbsteinA. Kamal
Information InsecurityPart II: The Solution
Next slide: PgDn or ClickPrevious slide: PgUpTo quit the presentation: Esc
Building effective defences
Requirements definitionOrganization
Asset valuationPolicies and compliance
Building blocksTechnical defences
AwarenessStandards
Best practices
TestsCertificationAudits
Incident responseDigital forensics
Legislation
1
23 4
needs more than technology
![Page 13: E. Gelbstein A. Kamal Information Insecurity Part II: The Solution Next slide: PgDn or Click Previous slide: PgUp To quit the presentation: Esc 1 of 48](https://reader035.vdocuments.us/reader035/viewer/2022062620/551b262f550346dd1a8b481e/html5/thumbnails/13.jpg)
13 of 48E. GelbsteinA. Kamal
Information InsecurityPart II: The Solution
Next slide: PgDn or ClickPrevious slide: PgUpTo quit the presentation: Esc
Recommendations for Executives
1. Assign responsibility for information security
2. Ask your CIO to certify in writing the security status of your organization’s systems
3. Ask your CIO to document all known vulnerabilities
4. Engage a trusted ethical hacker to regularly attack your facilities and systems
to help contain the headache
![Page 14: E. Gelbstein A. Kamal Information Insecurity Part II: The Solution Next slide: PgDn or Click Previous slide: PgUp To quit the presentation: Esc 1 of 48](https://reader035.vdocuments.us/reader035/viewer/2022062620/551b262f550346dd1a8b481e/html5/thumbnails/14.jpg)
14 of 48E. GelbsteinA. Kamal
Information InsecurityPart II: The Solution
Next slide: PgDn or ClickPrevious slide: PgUpTo quit the presentation: Esc
Security organization
Who is responsible for information security in the organization as a whole and at its various locations ?
Who does this person report to ?
Who reviews this person’s performance and monitors her/his effectiveness ?
How is security managed with contractors, temporary personnel and outsourcers ?
Who is responsible for dealing with a security incident ?
Effective Defences 1
![Page 15: E. Gelbstein A. Kamal Information Insecurity Part II: The Solution Next slide: PgDn or Click Previous slide: PgUp To quit the presentation: Esc 1 of 48](https://reader035.vdocuments.us/reader035/viewer/2022062620/551b262f550346dd1a8b481e/html5/thumbnails/15.jpg)
15 of 48E. GelbsteinA. Kamal
Information InsecurityPart II: The Solution
Next slide: PgDn or ClickPrevious slide: PgUpTo quit the presentation: Esc
Strong locksBurglar alarmRemote monitoringReinforced doorsI mpact resisting glass CCTV
I nventoriesI nsurance
Effective defences 1Requirements definition
What threats?What value what to protect?What vulnerabilities?
How much funding can be made available to implement, operate and manage?
Effective Defences 1
![Page 16: E. Gelbstein A. Kamal Information Insecurity Part II: The Solution Next slide: PgDn or Click Previous slide: PgUp To quit the presentation: Esc 1 of 48](https://reader035.vdocuments.us/reader035/viewer/2022062620/551b262f550346dd1a8b481e/html5/thumbnails/16.jpg)
16 of 48E. GelbsteinA. Kamal
Information InsecurityPart II: The Solution
Next slide: PgDn or ClickPrevious slide: PgUpTo quit the presentation: Esc
Information securityValue of information assets
vulnerabilitiesthreats
countermeasures100% security is unachievable
The size of the box representsRESIDUAL RISK
![Page 17: E. Gelbstein A. Kamal Information Insecurity Part II: The Solution Next slide: PgDn or Click Previous slide: PgUp To quit the presentation: Esc 1 of 48](https://reader035.vdocuments.us/reader035/viewer/2022062620/551b262f550346dd1a8b481e/html5/thumbnails/17.jpg)
17 of 48E. GelbsteinA. Kamal
Information InsecurityPart II: The Solution
Next slide: PgDn or ClickPrevious slide: PgUpTo quit the presentation: Esc
How much security is enough?
Complexity and cost of security
Acceptable level of residual risk
0 1 2 3 4 5 6 7 8 9
MilitaryMajor outsourcers
Stock exchangesFund transfers
Major banksTelephone companies
Low tech manufacturing
![Page 18: E. Gelbstein A. Kamal Information Insecurity Part II: The Solution Next slide: PgDn or Click Previous slide: PgUp To quit the presentation: Esc 1 of 48](https://reader035.vdocuments.us/reader035/viewer/2022062620/551b262f550346dd1a8b481e/html5/thumbnails/18.jpg)
18 of 48E. GelbsteinA. Kamal
Information InsecurityPart II: The Solution
Next slide: PgDn or ClickPrevious slide: PgUpTo quit the presentation: Esc
Asset valuation & impact analysis
What is the value* of
o Data
o Intellectual property
o Systems (software, hardware)
o Documents
o The Organisation’s reputation
disclosed modified
unavailabledestroyed
etc
* Financial, commercial, reputation, political, etc
Effective Defences 1
![Page 19: E. Gelbstein A. Kamal Information Insecurity Part II: The Solution Next slide: PgDn or Click Previous slide: PgUp To quit the presentation: Esc 1 of 48](https://reader035.vdocuments.us/reader035/viewer/2022062620/551b262f550346dd1a8b481e/html5/thumbnails/19.jpg)
19 of 48E. GelbsteinA. Kamal
Information InsecurityPart II: The Solution
Next slide: PgDn or ClickPrevious slide: PgUpTo quit the presentation: Esc
When does misuse become abuse?
Theft and fraud
Proprietary informationSoftware and equipmentEmployer’s time
Financial gainModifying personal data (e.g. holiday records)
Misuse of system privileges
Inappropriate access to- data- websites- others’ e-mailDeletion of data
e-mailing of offensive material, jokes, etcInstallation of unauthorized software Downloading large files (music, video)Personal use of employer’s systems and facilitiesDisclosure
Confidential informationEmbarrassing information Internal gossip and politics
Effective Defences 1
![Page 20: E. Gelbstein A. Kamal Information Insecurity Part II: The Solution Next slide: PgDn or Click Previous slide: PgUp To quit the presentation: Esc 1 of 48](https://reader035.vdocuments.us/reader035/viewer/2022062620/551b262f550346dd1a8b481e/html5/thumbnails/20.jpg)
20 of 48E. GelbsteinA. Kamal
Information InsecurityPart II: The Solution
Next slide: PgDn or ClickPrevious slide: PgUpTo quit the presentation: Esc
Policies and compliance
ScopeDocumentationDisseminationMaintenanceCompliance
POLICIES are formal statements of how an organization manages information security
Policies without effective compliance measures are ineffective
Effective Defences 1
![Page 21: E. Gelbstein A. Kamal Information Insecurity Part II: The Solution Next slide: PgDn or Click Previous slide: PgUp To quit the presentation: Esc 1 of 48](https://reader035.vdocuments.us/reader035/viewer/2022062620/551b262f550346dd1a8b481e/html5/thumbnails/21.jpg)
21 of 48E. GelbsteinA. Kamal
Information InsecurityPart II: The Solution
Next slide: PgDn or ClickPrevious slide: PgUpTo quit the presentation: Esc
Scope of policies
Acceptable personal use or corporate resources e-mail policies for corporate and personal use Creation, change and management of passwords System / Resource access Employer’s right to monitor and right to access Use of encryption Physical access and remote access Software installation Mobile communications and computing Database administration Employee background checks (pre- and during employment)
list goes on...
Effective Defences 1
![Page 22: E. Gelbstein A. Kamal Information Insecurity Part II: The Solution Next slide: PgDn or Click Previous slide: PgUp To quit the presentation: Esc 1 of 48](https://reader035.vdocuments.us/reader035/viewer/2022062620/551b262f550346dd1a8b481e/html5/thumbnails/22.jpg)
22 of 48E. GelbsteinA. Kamal
Information InsecurityPart II: The Solution
Next slide: PgDn or ClickPrevious slide: PgUpTo quit the presentation: Esc
An e-mail policy would cover Legal liability (harassment, copyright, libel, etc) Offensive language/material Non-disclosure Corporate practices regarding encryption Personal use of corporate e-mail Employer’s right to monitor Retention and archival Junk and other non-productive e-mail Attachments
Executable code including macros Audio and video files Other large files Virus, worm, other infectious software
Non-complianceetc...
Effective Defences 1
![Page 23: E. Gelbstein A. Kamal Information Insecurity Part II: The Solution Next slide: PgDn or Click Previous slide: PgUp To quit the presentation: Esc 1 of 48](https://reader035.vdocuments.us/reader035/viewer/2022062620/551b262f550346dd1a8b481e/html5/thumbnails/23.jpg)
23 of 48E. GelbsteinA. Kamal
Information InsecurityPart II: The Solution
Next slide: PgDn or ClickPrevious slide: PgUpTo quit the presentation: Esc
Policies: reality test
Policies must make sense to the personnel to be followed (30% of all attacks are internal)
Three options regarding compliance
Don’t bother too much Tight monitoring andzero tolerance
Managed program toaddress internal abuses
Policies haveno credibility
Create martyrsLoss of trust
Effective Defences 1
![Page 24: E. Gelbstein A. Kamal Information Insecurity Part II: The Solution Next slide: PgDn or Click Previous slide: PgUp To quit the presentation: Esc 1 of 48](https://reader035.vdocuments.us/reader035/viewer/2022062620/551b262f550346dd1a8b481e/html5/thumbnails/24.jpg)
24 of 48E. GelbsteinA. Kamal
Information InsecurityPart II: The Solution
Next slide: PgDn or ClickPrevious slide: PgUpTo quit the presentation: Esc
Effective defences 2Building blocks
authentication
authorization
non-repudiation
auditconfidentiality
integrity
![Page 25: E. Gelbstein A. Kamal Information Insecurity Part II: The Solution Next slide: PgDn or Click Previous slide: PgUp To quit the presentation: Esc 1 of 48](https://reader035.vdocuments.us/reader035/viewer/2022062620/551b262f550346dd1a8b481e/html5/thumbnails/25.jpg)
25 of 48E. GelbsteinA. Kamal
Information InsecurityPart II: The Solution
Next slide: PgDn or ClickPrevious slide: PgUpTo quit the presentation: Esc
Building blocks (2)
Authentication
Authorization
Confidentiality
Integrity
Non-repudation
Audit
Prove you are who you say you are
The security system checkswhat you may do with the system
Ability to prove that the information received is the sameas the information sent
System records of who did whatand when
Data can only be modified by someoneauthorized to do so
Data can only be seen by someoneauthorized to do so
Effective Defences 2
![Page 26: E. Gelbstein A. Kamal Information Insecurity Part II: The Solution Next slide: PgDn or Click Previous slide: PgUp To quit the presentation: Esc 1 of 48](https://reader035.vdocuments.us/reader035/viewer/2022062620/551b262f550346dd1a8b481e/html5/thumbnails/26.jpg)
26 of 48E. GelbsteinA. Kamal
Information InsecurityPart II: The Solution
Next slide: PgDn or ClickPrevious slide: PgUpTo quit the presentation: Esc
Technical defencesEffective Defences 2
ToolsData access rights
Database security
System security
LAN & server security
Firewall security
Physical access control
Infrastructure - No single point of failure - UPS and standby - Clusters, fail-soft, RAID, alternative routing- proxy servers, firewalls
Logical access control
Diagnostics and monitoringSystem administration
Virus management software Encryption software All properly installed, configured
and tested by trained personnel
![Page 27: E. Gelbstein A. Kamal Information Insecurity Part II: The Solution Next slide: PgDn or Click Previous slide: PgUp To quit the presentation: Esc 1 of 48](https://reader035.vdocuments.us/reader035/viewer/2022062620/551b262f550346dd1a8b481e/html5/thumbnails/27.jpg)
27 of 48E. GelbsteinA. Kamal
Information InsecurityPart II: The Solution
Next slide: PgDn or ClickPrevious slide: PgUpTo quit the presentation: Esc
Technical defences (2)
Effective Defences 2
Processes
Software/product qualityReduce complexityChange ControlSegregation of dutiesBackup /restoreMedia management
Risk assessmentRisk managementAlert monitoring
Disaster recoveryBusiness continuityCrisis managementCluster # 1: operations and
configuration management
Cluster # 2: event intelligence
Cluster # 3: preparedness
![Page 28: E. Gelbstein A. Kamal Information Insecurity Part II: The Solution Next slide: PgDn or Click Previous slide: PgUp To quit the presentation: Esc 1 of 48](https://reader035.vdocuments.us/reader035/viewer/2022062620/551b262f550346dd1a8b481e/html5/thumbnails/28.jpg)
28 of 48E. GelbsteinA. Kamal
Information InsecurityPart II: The Solution
Next slide: PgDn or ClickPrevious slide: PgUpTo quit the presentation: Esc
sections of ISO 17799
1. Develop and implement security policies
2. Put in place a security organization
3. Maintain an information asset classification
4. Address personnel issues of security
5. Implement physical and environmental security
6. Ensure adequate network and computer operations
7. Implement system and network access controls
8. Build security into systems development
9. Have disaster recovery and resumption plans
10. Compliance with legislation and best practices
Effective Defences 2
![Page 29: E. Gelbstein A. Kamal Information Insecurity Part II: The Solution Next slide: PgDn or Click Previous slide: PgUp To quit the presentation: Esc 1 of 48](https://reader035.vdocuments.us/reader035/viewer/2022062620/551b262f550346dd1a8b481e/html5/thumbnails/29.jpg)
29 of 48E. GelbsteinA. Kamal
Information InsecurityPart II: The Solution
Next slide: PgDn or ClickPrevious slide: PgUpTo quit the presentation: Esc
COBIT process maturity levels
COBIT: Control Objects for Information Technology
0 1 3 542
Non-existent Initial Repeatable Defined Managed Optimized
The process isnot managed
The process isad-hoc and
disorganized The process follows a
regular pattern
The process isdocumented andcommunicated
The process ismonitored and
measured Best practices
Current status Strategic target
Effective Defences 2
![Page 30: E. Gelbstein A. Kamal Information Insecurity Part II: The Solution Next slide: PgDn or Click Previous slide: PgUp To quit the presentation: Esc 1 of 48](https://reader035.vdocuments.us/reader035/viewer/2022062620/551b262f550346dd1a8b481e/html5/thumbnails/30.jpg)
30 of 48E. GelbsteinA. Kamal
Information InsecurityPart II: The Solution
Next slide: PgDn or ClickPrevious slide: PgUpTo quit the presentation: Esc
Justifying investments
Demonstrating value has always been the BIG challenge for technical practitioners
Typical ROSI (Return On Security Investment) analysis:
cost “We spent a million dollars”benefit “We think we have not been hacked”
Effective Defences 2
The industry is unable to agree on a better way
![Page 31: E. Gelbstein A. Kamal Information Insecurity Part II: The Solution Next slide: PgDn or Click Previous slide: PgUp To quit the presentation: Esc 1 of 48](https://reader035.vdocuments.us/reader035/viewer/2022062620/551b262f550346dd1a8b481e/html5/thumbnails/31.jpg)
31 of 48E. GelbsteinA. Kamal
Information InsecurityPart II: The Solution
Next slide: PgDn or ClickPrevious slide: PgUpTo quit the presentation: Esc
More about ROSI Effective Defences 2
Some of the intangible factors:
No security metrics standards
No warranties from vendors or outsourcers– only “best efforts”
The same is true for
Financial controls
Fire prevention arrangements
![Page 32: E. Gelbstein A. Kamal Information Insecurity Part II: The Solution Next slide: PgDn or Click Previous slide: PgUp To quit the presentation: Esc 1 of 48](https://reader035.vdocuments.us/reader035/viewer/2022062620/551b262f550346dd1a8b481e/html5/thumbnails/32.jpg)
32 of 48E. GelbsteinA. Kamal
Information InsecurityPart II: The Solution
Next slide: PgDn or ClickPrevious slide: PgUpTo quit the presentation: Esc
ways to tighten security
1. Promote awareness
2. Know the assets you must protect
3. Invest wisely (“more” may not be “better”)
4. Survey the threatscape – who are the enemy?
5. Be vigilant
6. Understand and actively manage risk
7. Ensure security is engineered and designed into the infrastructure
8. Remember it is more than a technical matter
9. Detect and respond
Effective Defences 2
![Page 33: E. Gelbstein A. Kamal Information Insecurity Part II: The Solution Next slide: PgDn or Click Previous slide: PgUp To quit the presentation: Esc 1 of 48](https://reader035.vdocuments.us/reader035/viewer/2022062620/551b262f550346dd1a8b481e/html5/thumbnails/33.jpg)
33 of 48E. GelbsteinA. Kamal
Information InsecurityPart II: The Solution
Next slide: PgDn or ClickPrevious slide: PgUpTo quit the presentation: Esc
AwarenessEffective Defences 2
Management
I.T. personnel
All other personnelPolicies and need for complianceWhat to do when an incident occursBest practices
Vendor bulletins about vulnerabilitiesHacker activitiesCERT and other alertsProcedures and policiesWhat to do when an incident occurs
Disaster recovery, continuity and crisis plansTrusted insider risks – signalsBreaches of security, subsequent “digital autopsy”
![Page 34: E. Gelbstein A. Kamal Information Insecurity Part II: The Solution Next slide: PgDn or Click Previous slide: PgUp To quit the presentation: Esc 1 of 48](https://reader035.vdocuments.us/reader035/viewer/2022062620/551b262f550346dd1a8b481e/html5/thumbnails/34.jpg)
34 of 48E. GelbsteinA. Kamal
Information InsecurityPart II: The Solution
Next slide: PgDn or ClickPrevious slide: PgUpTo quit the presentation: Esc
good personal practices
1. Use hard to guess passwords and ensure non-disclosure
2. Make regular backups of your critical data
3. Use effective protection against malicious code
4. Use a firewall between your computer and the Internet
5. Do not stay on-line unnecessarily or when inactive
6. Look for and install quickly software updates and patches from (trusted) vendors
7. Be careful of e-mail attachments from strangers and from known persons if the subject line is unusual
Effective Defences 2
![Page 35: E. Gelbstein A. Kamal Information Insecurity Part II: The Solution Next slide: PgDn or Click Previous slide: PgUp To quit the presentation: Esc 1 of 48](https://reader035.vdocuments.us/reader035/viewer/2022062620/551b262f550346dd1a8b481e/html5/thumbnails/35.jpg)
35 of 48E. GelbsteinA. Kamal
Information InsecurityPart II: The Solution
Next slide: PgDn or ClickPrevious slide: PgUpTo quit the presentation: Esc
ways to protect your privacy
1. Set up your browser to secure personal information
2. Don’t reveal personal details unless you are sure
3. Actively manage cookies
4. Keep a “clean” e-mail address
5. Remember you may be monitored at work
6. Beware of websites that offer rewards in exchange for your contact or other information
7. Never reply to spam mail
8. Only reveal critical information to a “https” website
9. Use encryption if appropriate
Effective Defences 2
![Page 36: E. Gelbstein A. Kamal Information Insecurity Part II: The Solution Next slide: PgDn or Click Previous slide: PgUp To quit the presentation: Esc 1 of 48](https://reader035.vdocuments.us/reader035/viewer/2022062620/551b262f550346dd1a8b481e/html5/thumbnails/36.jpg)
36 of 48E. GelbsteinA. Kamal
Information InsecurityPart II: The Solution
Next slide: PgDn or ClickPrevious slide: PgUpTo quit the presentation: Esc
A word of caution
Tools and good practices increase security.
For the end-user, they become a kind of obstacle race
Effective Defences 2
Mwf1U4zX
Hard to remember passwords prominently displayed
on Post-it™ Notes
![Page 37: E. Gelbstein A. Kamal Information Insecurity Part II: The Solution Next slide: PgDn or Click Previous slide: PgUp To quit the presentation: Esc 1 of 48](https://reader035.vdocuments.us/reader035/viewer/2022062620/551b262f550346dd1a8b481e/html5/thumbnails/37.jpg)
37 of 48E. GelbsteinA. Kamal
Information InsecurityPart II: The Solution
Next slide: PgDn or ClickPrevious slide: PgUpTo quit the presentation: Esc
Effective defences 3
Incident response
Digital forensics
Effective Defences 3
Intrusion detectionEmergency Response TeamProblem containmentProblem resolutionRestoring normal operations
(also called digital autopsy)
Determine attack mechanismReview adequacy of arrangementsSearch for evidenceAction plan for internal causesAction plan for external causes
![Page 38: E. Gelbstein A. Kamal Information Insecurity Part II: The Solution Next slide: PgDn or Click Previous slide: PgUp To quit the presentation: Esc 1 of 48](https://reader035.vdocuments.us/reader035/viewer/2022062620/551b262f550346dd1a8b481e/html5/thumbnails/38.jpg)
38 of 48E. GelbsteinA. Kamal
Information InsecurityPart II: The Solution
Next slide: PgDn or ClickPrevious slide: PgUpTo quit the presentation: Esc
How do you respond ?
Hackers please noteThis facility is secured
Monday and Friday, 09:00 to 17:00 CET
Please do not visit at any other timeWe thank you for your understanding
Option 1
Option 2
Emergency response plan + team
Effective Defences 3
![Page 39: E. Gelbstein A. Kamal Information Insecurity Part II: The Solution Next slide: PgDn or Click Previous slide: PgUp To quit the presentation: Esc 1 of 48](https://reader035.vdocuments.us/reader035/viewer/2022062620/551b262f550346dd1a8b481e/html5/thumbnails/39.jpg)
39 of 48E. GelbsteinA. Kamal
Information InsecurityPart II: The Solution
Next slide: PgDn or ClickPrevious slide: PgUpTo quit the presentation: Esc
things to do if (when) attacked
1. Don’t panic !
2. Call in your incident response team
3. Contain the problem and avoid the “quick fix”
4. Take good notes in case you need to take legal action
5. Have your backup facilities ready
6. Get rid of the problem
7. Use trusted, uncompromised, communications
8. Know what to say, to whom and when
9. Know when to involve crime investigators
10. Conduct an autopsy of the event and your response
Effective Defences 3
![Page 40: E. Gelbstein A. Kamal Information Insecurity Part II: The Solution Next slide: PgDn or Click Previous slide: PgUp To quit the presentation: Esc 1 of 48](https://reader035.vdocuments.us/reader035/viewer/2022062620/551b262f550346dd1a8b481e/html5/thumbnails/40.jpg)
40 of 48E. GelbsteinA. Kamal
Information InsecurityPart II: The Solution
Next slide: PgDn or ClickPrevious slide: PgUpTo quit the presentation: Esc
Effective defences 4
tests audits digital autopsy certification
Like your annual medicalit’s no guarantee of good healthbut it might diagnose a problem
Who tests the testers?
How do you know you have not been attacked ?How do you know that your arrangements will work ?
![Page 41: E. Gelbstein A. Kamal Information Insecurity Part II: The Solution Next slide: PgDn or Click Previous slide: PgUp To quit the presentation: Esc 1 of 48](https://reader035.vdocuments.us/reader035/viewer/2022062620/551b262f550346dd1a8b481e/html5/thumbnails/41.jpg)
41 of 48E. GelbsteinA. Kamal
Information InsecurityPart II: The Solution
Next slide: PgDn or ClickPrevious slide: PgUpTo quit the presentation: Esc
e-evidence
Volume and manageabilityWho else has copies ?Indexing, classificationRetention, archivalMedia and software Right to accessRight to removeRight to destroy
Effective Defences 4
![Page 42: E. Gelbstein A. Kamal Information Insecurity Part II: The Solution Next slide: PgDn or Click Previous slide: PgUp To quit the presentation: Esc 1 of 48](https://reader035.vdocuments.us/reader035/viewer/2022062620/551b262f550346dd1a8b481e/html5/thumbnails/42.jpg)
42 of 48E. GelbsteinA. Kamal
Information InsecurityPart II: The Solution
Next slide: PgDn or ClickPrevious slide: PgUpTo quit the presentation: Esc
HeadachesHard to trace, particularly cross-borderHard to quantify lossesLack of clarity what is court-admissible
Civil litigation
Criminal litigation
Contractual issuesHarassment, bullying, improprietyContainable fraud
SabotageIndustrial espionageMajor fraud
Out of court settlements are common
Effective Defences 4
e-evidence (2)
![Page 43: E. Gelbstein A. Kamal Information Insecurity Part II: The Solution Next slide: PgDn or Click Previous slide: PgUp To quit the presentation: Esc 1 of 48](https://reader035.vdocuments.us/reader035/viewer/2022062620/551b262f550346dd1a8b481e/html5/thumbnails/43.jpg)
43 of 48E. GelbsteinA. Kamal
Information InsecurityPart II: The Solution
Next slide: PgDn or ClickPrevious slide: PgUpTo quit the presentation: Esc
Follow proper procedures for seizure
Seize computer, media and paperwork
Assess risk of logical bomb
Protect the suspect computer from tampering
Discover, recover and report
Effective Defences 4
e-evidence (3)
![Page 44: E. Gelbstein A. Kamal Information Insecurity Part II: The Solution Next slide: PgDn or Click Previous slide: PgUp To quit the presentation: Esc 1 of 48](https://reader035.vdocuments.us/reader035/viewer/2022062620/551b262f550346dd1a8b481e/html5/thumbnails/44.jpg)
44 of 48E. GelbsteinA. Kamal
Information InsecurityPart II: The Solution
Next slide: PgDn or ClickPrevious slide: PgUpTo quit the presentation: Esc
ways to support e-forensics
1. Follow authorized seizure process (ask the lawyers!)
2. Seize and secure equipment, media and papers
3. Shutdown the computer – record it with a video camera
4. Document the hardware configuration
5. Transport to secure location and protect chain of evidence
6. Ensure the computer remains uncompromised
7. Make bitstream backups of hard disk and all media
8. Authenticate data with 128 bit checksum
9. Only use backups for subsequent analysis
10. Document the system’s time and date
Effective Defences 4
![Page 45: E. Gelbstein A. Kamal Information Insecurity Part II: The Solution Next slide: PgDn or Click Previous slide: PgUp To quit the presentation: Esc 1 of 48](https://reader035.vdocuments.us/reader035/viewer/2022062620/551b262f550346dd1a8b481e/html5/thumbnails/45.jpg)
45 of 48E. GelbsteinA. Kamal
Information InsecurityPart II: The Solution
Next slide: PgDn or ClickPrevious slide: PgUpTo quit the presentation: Esc
ways to support e-forensics (2)
11. Identify all anomalies
12. Examine e-mail, Internet, Temporary files
13. Fully document all the findings
14. Retain copies of all software used for analysis
15. Only use fully licensed forensic software
Hidden disk partitions, hidden files, encrypted files evidence of erased files, file slack, presence of steganographic software
Effective Defences 4
![Page 46: E. Gelbstein A. Kamal Information Insecurity Part II: The Solution Next slide: PgDn or Click Previous slide: PgUp To quit the presentation: Esc 1 of 48](https://reader035.vdocuments.us/reader035/viewer/2022062620/551b262f550346dd1a8b481e/html5/thumbnails/46.jpg)
46 of 48E. GelbsteinA. Kamal
Information InsecurityPart II: The Solution
Next slide: PgDn or ClickPrevious slide: PgUpTo quit the presentation: Esc
things to worry about
1. Time elapsed between an attack and it being discovery
2. The size of incident logs (may inhibit discovery)
3. Examining incident logs is boring (easy to miss things)
4. The trusted insider
5. Hard to know what’s what in a multi-vendor environment
6. Good security staff are hard to find and harder to keep
7. Hard to define a return on security investment
8. Management detachment (denial of having a role to play)
Effective Defences 4
![Page 47: E. Gelbstein A. Kamal Information Insecurity Part II: The Solution Next slide: PgDn or Click Previous slide: PgUp To quit the presentation: Esc 1 of 48](https://reader035.vdocuments.us/reader035/viewer/2022062620/551b262f550346dd1a8b481e/html5/thumbnails/47.jpg)
47 of 48E. GelbsteinA. Kamal
Information InsecurityPart II: The Solution
Next slide: PgDn or ClickPrevious slide: PgUpTo quit the presentation: Esc
things to worry about (2)
9. Limited international cyber-crime legislation
10. Certificate Authorities: the new trust issue
11. Vendors not liable for product vulnerabilities
12. Executives who believe security is not a real issue
13. Liabilities arising from lack of due diligence
14. Need to take cyber-crime insurance
Effective Defences 4
![Page 48: E. Gelbstein A. Kamal Information Insecurity Part II: The Solution Next slide: PgDn or Click Previous slide: PgUp To quit the presentation: Esc 1 of 48](https://reader035.vdocuments.us/reader035/viewer/2022062620/551b262f550346dd1a8b481e/html5/thumbnails/48.jpg)
48 of 48E. GelbsteinA. Kamal
Information InsecurityPart II: The Solution
Next slide: PgDn or ClickPrevious slide: PgUpTo quit the presentation: Esc
Conclusion
Sounds daunting? It is.
You have two options:
a. Be prepared (Act now) or
b. Improvise when it happens (React then)