Upload
risk-factory
View
5
Download
0
Embed Size (px)
Citation preview
CHAT UP LINE # 23
As of December 2014, there were over 6 million web pages offering some sort of
free down-loadable hacking softwareWired January 2015
CHAT UP LINE # 34
Over 500 million hacking attempts are made on businesses every month.
Wired January 2015
HACKER’S DICTIONARY
Zen: To figure out something by meditation or by a sudden flash of enlightenment. Originally applied to bugs, but more recently to solving hacking problems. "How'd you figure out the answer to the problem?" "Oh, I zenned it."
MEDITATION
What am I trying to protect?
Why am I trying to protect it?
What happens if I fail to protect it?
CONTEMPLATION
What do I expect? What does the business (board) expect? What do my clients expect? What are other companies doing? What are best practices? What do I have to do by law?
DIVINE THOUGHTS
Where is the data I need to protect?
What are the threats to this data?
What is the probability associated with these threats?
5 STEPS TO ENLIGHTMENT
1. Locate & document your information assets2. Identify threats to these assets3. Quantify probability of the threats occurring 4. Calculate impact of the incidents on your business5. Implement cost-effective controls
INFORMATION ASSETS
Tangible• Strategy data• Financial data• Client data• Personnel data• Intellectual property• IT equipment
Intangible• Reputation• Goodwill
PROBABILITY
Probability Definition Scale
Negligible Unlikely to occur 0
Very Low 2-3 times every 5 years 1
Low < = once per year 2
Medium < = once every 6 months 3
High < = once per month 4
Extreme > = once per month 5
IMPACT
Harm Definition Scale
Insignificant No impact 0
Minor Little effort to recover 1
Significant Tangible harm. Resources required to repair
2
Damaging Significant harm. Significant resources to recover.
3
Serious Extended outage. Loss of business revenue.
4
Grave Permanent shutdown 5
FORMULA
Impact
Like
lihoo
d
1. Least Concern
2. Minimal Concern
3. Moderate Concern
4. Most Concern
Impact
Like
lihoo
d
1. Least Concern
2. Minimal Concern
3. Moderate Concern
4. Most Concern
UNDERSTAND BAD KARMA
Lost time = ? Repair = ? Financial loss = ? Reputation loss = ? Legal costs = ?
DOCTRINE OF EVIL
1. If Dr. Evil can run his programs on your network, it’s not your network anymore.
2. If Dr. Evil can upload programs to your website, it’s not your website anymore.
3. If Dr. Evil can access data on your network, it’s not your data any more.
4. If Dr. Evil can make changes to the applications or devices on your network, its not your network or devices any more.
5. If Dr. Evil uses your network to launch an attack on another network, its your problem.
UNDERSTAND EVIL…
6. If Dr. Evil can use your network to access your partners network, its your problem.
7. If Dr. Evil can access your stored data, it’s not your data anymore.8. More often than not, Dr. Evil works for you.9. Dr. Evil knows where you hide your spare keys. 10. Mini-me is always faster and smarter.