SlideShare uma empresa Scribd logo

The Jisc vulnerability assessment management service – part 2: how to avoid the headline news

Transferir como PPTX, PDF
Jisc
Jisc

Presentation at Networkshop46, by Dirk Schrader, Khipu.

Tecnologia
1 de 10
www.khipu-networks.com © 2018 Khipu Networks Limited. All Rights Reserved. Networkshop46 The Jisc vulnerability assessment management service – part 2: how to avoid the headline news
www.khipu-networks.com © 2018 Khipu Networks Limited. All Rights Reserved. Step 1: learn from mistakes made by others and make sure you avoid making the same Timeline of two examples 2017-03-07 Vulnerability CVE-2017-5638 published and patch provided by vendor 2017-03-08 target informed about existence of vulnerability in own infrastructure 2017-03-15 target does own scan, can‘t find vulnerability, neglects external warnings +/- 2017-06 breach and data exfiltration started (unconfirmed but likely mid May) 2017-07-29 suspicious activity detected 50 DAYS 2017-09-07 announcement of breach 40 DAYS 2017-09-15 share value down by 35% CIO and CSO resign 2017-09-26 CEO resigns 1st is a ‚targeted‘ attack Add. Findings:  Financial PII data of 145.5m people affected (15.2m from UK)  30 (thirty) additional backdoors installed during breach Mistakes & Lessons to be learned:  No clarity about their data processes (90days to find out about what&who affected)  Get this done (you have to do for GDPR, anyway)  No good breach detection mechanism  Monitoring, inspecting, ask us if you need help  No clue at all about Vulnerability Management in first place  NO COMMENT, JUST A PICTURE
www.khipu-networks.com © 2018 Khipu Networks Limited. All Rights Reserved. Step 1: learn from mistakes made by others and make sure you avoid making the same Timeline of two examples Summer 2016 Vulnerabilities and Exploits leaked +/- 2017-02-05 vendor warned by GOV agency 2017-03-14 vendor publishes vulnerability and patch 2017-04-14 hacker group publishes exploit 2017-05-12 malware outbreak +/- 2017-06 approximately 300,000 systems affected 2017-08-03 cash out from identified Bitcoin wallets of 142K USD or 420USD per transactions on these wallets 2017-07/09 additional variants in the wild using even more vulnerabilities 2nd is a ‚widespread‘ attack Some more facts on ransomware:  54% didn‘t pay but somehow recovered data  8% didn‘t pay and lost data  19% paid and got the data back  19% paid but didn‘t get the key, lost the data Mistakes & Lessons to be learned:  Do not underestimate the motivation for ransomware/malware  If only 20% paid (of those 300K devices affected), that‘s a 25.2m USD gain  Keep in mind that 99.9% of exploited vulnerabilities are known for a year, get a grip on those in your infrastructure  That figure doesn‘t include the other costs and effects  Maersk reported 300m loss, 50000 devices needed re-imaging, shipping service down for 2d  Looking at 3 exemplatory universities in UK, one day down would be 1.3m loss in rev  No connection between Vulnerability Management and Patch Management. Was that avoidable?  YES, SEE A PICTURE
www.khipu-networks.com © 2018 Khipu Networks Limited. All Rights Reserved. Step 2: after step 1 – start simple, don‘t aim too high, then evolve  keep in mind, there is no ZERO vulnerability infrastructure, set an acceptable risk level  look at your data processing records (hope you have one by now)  cut wild growth in OS and applications  if you use an ISMS (or aim for ISO27000)  number of critical vulns at any given point in time, time to remediate them on critical assets  align with patch processes and maintenance windows  art. 30 GDPR, should indicate some of your most critical assets, so tag them this way in your VM solution  doing so routinely helps with art. 32 (staying compliant)  get alerted when scanning and with CPE cross ref  supporting each and everything helps your enemy  it also helps you with Cyber Essentials and CEplus (certification process)  A.12.6. measure & A12.6.1 control
www.khipu-networks.com © 2018 Khipu Networks Limited. All Rights Reserved. Step 3: talk to your peers, our existing customers
www.khipu-networks.com © 2018 Khipu Networks Limited. All Rights Reserved. New security vulnerabilities are being discovered and exploited by cybercriminals daily. For education organisations with large and diverse IT networks, it can be hard enough to simply understand their exposure to known vulnerabilities, let alone try to coordinate patching and testing against them. The Vulnerability Assessment Service is designed to relieve this pressure, and prevent outbreaks like WannaCry before they happen.” Steve Kennet Jisc Using KHIPU’s Vulnerability Assessment Service helped our organisation gain its cyber essentials certification Sean Ashford University of Winchester By having an automated solution that not only identifies vulnerabilities before they can be exploited, it reports on which systems will be affected and what actions need to be undertaken to protect them. This automated approach is vital in the defense against cyber-attacks including the recent ransomware which made headline news. The service, provided by KHIPU Networks via the Jisc VAS framework, has been an immediate success for the University, with a quick return on investment.” Anglia Ruskin University Rob Spalding
www.khipu-networks.com © 2018 Khipu Networks Limited. All Rights Reserved. Step 4: Optional but recommended, if you need to have this message delivered to your management or board.... CALL US
www.khipu-networks.com © 2018 Khipu Networks Limited. All Rights Reserved. Single Supplier Frameworks Single Supplier Framework: www.jisc.ac.uk/vulnerability-assessment-and-information-service Jisc Vulnerability Assessment & Information Service Single Supplier Framework: www.jisc.ac.uk/simulated-phishing-and-associated-training Jisc Simulated Phishing & Associated Awareness
www.khipu-networks.com © 2018 Khipu Networks Limited. All Rights Reserved. Thank you! Any questions? One more thing before you leave:
www.khipu-networks.com © 2018 Khipu Networks Limited. All Rights Reserved. FREE OF CHARGE Vulnerability Scan For a limited time only, KHIPU are offering a FREE OF CHARGE service to “any” size or type of organisation – on a ‘first time, first served’ basis. The service includes:  A vulnerability scan across a select number of mission critical external/internet facing hosts  A Vulnerability Results Dynamic Report which details any vulnerabilities identified, their severity and how to fix them We would like to then present the results to you with an overview of the solution, the different services available and their cost models. Interested? Come and talk to us about at our stand.

Recomendados

Smoothwall and Ampliphae - Networkshop46
Smoothwall and Ampliphae - Networkshop46Smoothwall and Ampliphae - Networkshop46
Smoothwall and Ampliphae - Networkshop46Jisc
 
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.Scalar Decisions
 
Netpluz | Protecting your Business with eSentinel | 360° Cyber Security Simpl...
Netpluz | Protecting your Business with eSentinel | 360° Cyber Security Simpl...Netpluz | Protecting your Business with eSentinel | 360° Cyber Security Simpl...
Netpluz | Protecting your Business with eSentinel | 360° Cyber Security Simpl...Netpluz Asia Pte Ltd
 
Cloud Security Strategy by McAfee
Cloud Security Strategy by McAfeeCloud Security Strategy by McAfee
Cloud Security Strategy by McAfeeCristian Garcia G.
 
Proatively Engaged: Questions Executives Should Ask Their Security Teams
Proatively Engaged: Questions Executives Should Ask Their Security TeamsProatively Engaged: Questions Executives Should Ask Their Security Teams
Proatively Engaged: Questions Executives Should Ask Their Security TeamsFireEye, Inc.
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security GovernancePriyanka Aash
 
Microsoft john weigelt 2016
Microsoft john weigelt 2016Microsoft john weigelt 2016
Microsoft john weigelt 2016ColloqueRISQ
 
Cyber Risk Management in the New Digitalisation Age - eSentinel™
Cyber Risk Management in the New Digitalisation Age - eSentinel™ Cyber Risk Management in the New Digitalisation Age - eSentinel™
Cyber Risk Management in the New Digitalisation Age - eSentinel™ Netpluz Asia Pte Ltd
 

Recomendados

Smoothwall and Ampliphae - Networkshop46
Smoothwall and Ampliphae - Networkshop46Smoothwall and Ampliphae - Networkshop46
Smoothwall and Ampliphae - Networkshop46Jisc
 
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.Scalar Decisions
 
Netpluz | Protecting your Business with eSentinel | 360° Cyber Security Simpl...
Netpluz | Protecting your Business with eSentinel | 360° Cyber Security Simpl...Netpluz | Protecting your Business with eSentinel | 360° Cyber Security Simpl...
Netpluz | Protecting your Business with eSentinel | 360° Cyber Security Simpl...Netpluz Asia Pte Ltd
 
Cloud Security Strategy by McAfee
Cloud Security Strategy by McAfeeCloud Security Strategy by McAfee
Cloud Security Strategy by McAfeeCristian Garcia G.
 
Proatively Engaged: Questions Executives Should Ask Their Security Teams
Proatively Engaged: Questions Executives Should Ask Their Security TeamsProatively Engaged: Questions Executives Should Ask Their Security Teams
Proatively Engaged: Questions Executives Should Ask Their Security TeamsFireEye, Inc.
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security GovernancePriyanka Aash
 
Microsoft john weigelt 2016
Microsoft john weigelt 2016Microsoft john weigelt 2016
Microsoft john weigelt 2016ColloqueRISQ
 
Cyber Risk Management in the New Digitalisation Age - eSentinel™
Cyber Risk Management in the New Digitalisation Age - eSentinel™ Cyber Risk Management in the New Digitalisation Age - eSentinel™
Cyber Risk Management in the New Digitalisation Age - eSentinel™ Netpluz Asia Pte Ltd
 
Cybersecurity 2020 threat landscape and its implications (AMER)
Cybersecurity 2020 threat landscape and its implications (AMER)Cybersecurity 2020 threat landscape and its implications (AMER)
Cybersecurity 2020 threat landscape and its implications (AMER)Cloudflare
 
Top Cyber Threat Predictions for 2019
Top Cyber Threat Predictions for 2019Top Cyber Threat Predictions for 2019
Top Cyber Threat Predictions for 2019PECB
 
FireEye Use Cases — FireEye Solution Deployment Experience
FireEye Use Cases — FireEye Solution Deployment ExperienceFireEye Use Cases — FireEye Solution Deployment Experience
FireEye Use Cases — FireEye Solution Deployment ExperienceValery Yelanin
 
Data Center Security Challenges
Data Center Security ChallengesData Center Security Challenges
Data Center Security ChallengesCisco Security
 
Introduction to Cloud Security
Introduction to Cloud SecurityIntroduction to Cloud Security
Introduction to Cloud SecuritySusanne Tedrick
 
Pervasive Security Across Your Extended Network
Pervasive Security Across Your Extended NetworkPervasive Security Across Your Extended Network
Pervasive Security Across Your Extended NetworkCisco Security
 
Gartner presentation risq dec 2016 jie zhang
Gartner presentation risq dec 2016 jie zhangGartner presentation risq dec 2016 jie zhang
Gartner presentation risq dec 2016 jie zhangColloqueRISQ
 
Anatomy of a Ransomware Event
Anatomy of a Ransomware EventAnatomy of a Ransomware Event
Anatomy of a Ransomware EventArt Ocain
 
LendingTree and Cloudflare: Ensuring zero trade-off between security and cust...
LendingTree and Cloudflare: Ensuring zero trade-off between security and cust...LendingTree and Cloudflare: Ensuring zero trade-off between security and cust...
LendingTree and Cloudflare: Ensuring zero trade-off between security and cust...Cloudflare
 
2016 - Cyber Security for the Public Sector
2016 - Cyber Security for the Public Sector2016 - Cyber Security for the Public Sector
2016 - Cyber Security for the Public SectorScott Geye
 
SEB Forcepoint Corporate Overview
SEB Forcepoint Corporate OverviewSEB Forcepoint Corporate Overview
SEB Forcepoint Corporate OverviewStephen Bates
 
Adam Bulava GCC 2019
Adam Bulava GCC 2019Adam Bulava GCC 2019
Adam Bulava GCC 2019ImekDesign
 
RETOS ACTUALES E INNOVACIÓN SOBRE EL CONTROL DE ACCESOS PRIVILEGIADOS.
RETOS ACTUALES E INNOVACIÓN SOBRE EL CONTROL DE ACCESOS PRIVILEGIADOS.RETOS ACTUALES E INNOVACIÓN SOBRE EL CONTROL DE ACCESOS PRIVILEGIADOS.
RETOS ACTUALES E INNOVACIÓN SOBRE EL CONTROL DE ACCESOS PRIVILEGIADOS.Cristian Garcia G.
 
Top Cybersecurity Trends of 2021
Top Cybersecurity Trends of 2021Top Cybersecurity Trends of 2021
Top Cybersecurity Trends of 2021Shawn Nutley
 
DHS Cybersecurity Services for Building Cyber Resilience
DHS Cybersecurity Services for Building Cyber ResilienceDHS Cybersecurity Services for Building Cyber Resilience
DHS Cybersecurity Services for Building Cyber ResilienceDawn Yankeelov
 
Cyber Security Services & Solutions - Zymr
Cyber Security Services & Solutions - ZymrCyber Security Services & Solutions - Zymr
Cyber Security Services & Solutions - ZymrZYMR, INC.
 
From Cybersecurity to Cyber Resilience
From Cybersecurity to Cyber ResilienceFrom Cybersecurity to Cyber Resilience
From Cybersecurity to Cyber Resilienceaccenture
 
Midsize Business Solutions: Cybersecurity
Midsize Business Solutions: CybersecurityMidsize Business Solutions: Cybersecurity
Midsize Business Solutions: CybersecurityCisco Security
 
Cal Net Tech Talk Webinar Vulnerability Management 101-10 Essential Rules to ...
Cal Net Tech Talk Webinar Vulnerability Management 101-10 Essential Rules to ...Cal Net Tech Talk Webinar Vulnerability Management 101-10 Essential Rules to ...
Cal Net Tech Talk Webinar Vulnerability Management 101-10 Essential Rules to ...Laryssa Mereszczak
 
Secure Access – Anywhere by Prisma, PaloAlto
Secure Access – Anywhere by Prisma, PaloAltoSecure Access – Anywhere by Prisma, PaloAlto
Secure Access – Anywhere by Prisma, PaloAltoPrime Infoserv
 
AWS Chicago May 22 Security event - Redlock CSI report
AWS Chicago May 22 Security event - Redlock CSI reportAWS Chicago May 22 Security event - Redlock CSI report
AWS Chicago May 22 Security event - Redlock CSI reportAWS Chicago
 
Cyber Threat Prediction using ML
Cyber Threat Prediction using MLCyber Threat Prediction using ML
Cyber Threat Prediction using MLIRJET Journal
 

Mais conteúdo relacionado

Mais procurados

Cybersecurity 2020 threat landscape and its implications (AMER)
Cybersecurity 2020 threat landscape and its implications (AMER)Cybersecurity 2020 threat landscape and its implications (AMER)
Cybersecurity 2020 threat landscape and its implications (AMER)Cloudflare
 
Top Cyber Threat Predictions for 2019
Top Cyber Threat Predictions for 2019Top Cyber Threat Predictions for 2019
Top Cyber Threat Predictions for 2019PECB
 
FireEye Use Cases — FireEye Solution Deployment Experience
FireEye Use Cases — FireEye Solution Deployment ExperienceFireEye Use Cases — FireEye Solution Deployment Experience
FireEye Use Cases — FireEye Solution Deployment ExperienceValery Yelanin
 
Data Center Security Challenges
Data Center Security ChallengesData Center Security Challenges
Data Center Security ChallengesCisco Security
 
Introduction to Cloud Security
Introduction to Cloud SecurityIntroduction to Cloud Security
Introduction to Cloud SecuritySusanne Tedrick
 
Pervasive Security Across Your Extended Network
Pervasive Security Across Your Extended NetworkPervasive Security Across Your Extended Network
Pervasive Security Across Your Extended NetworkCisco Security
 
Gartner presentation risq dec 2016 jie zhang
Gartner presentation risq dec 2016 jie zhangGartner presentation risq dec 2016 jie zhang
Gartner presentation risq dec 2016 jie zhangColloqueRISQ
 
Anatomy of a Ransomware Event
Anatomy of a Ransomware EventAnatomy of a Ransomware Event
Anatomy of a Ransomware EventArt Ocain
 
LendingTree and Cloudflare: Ensuring zero trade-off between security and cust...
LendingTree and Cloudflare: Ensuring zero trade-off between security and cust...LendingTree and Cloudflare: Ensuring zero trade-off between security and cust...
LendingTree and Cloudflare: Ensuring zero trade-off between security and cust...Cloudflare
 
2016 - Cyber Security for the Public Sector
2016 - Cyber Security for the Public Sector2016 - Cyber Security for the Public Sector
2016 - Cyber Security for the Public SectorScott Geye
 
SEB Forcepoint Corporate Overview
SEB Forcepoint Corporate OverviewSEB Forcepoint Corporate Overview
SEB Forcepoint Corporate OverviewStephen Bates
 
Adam Bulava GCC 2019
Adam Bulava GCC 2019Adam Bulava GCC 2019
Adam Bulava GCC 2019ImekDesign
 
RETOS ACTUALES E INNOVACIÓN SOBRE EL CONTROL DE ACCESOS PRIVILEGIADOS.
RETOS ACTUALES E INNOVACIÓN SOBRE EL CONTROL DE ACCESOS PRIVILEGIADOS.RETOS ACTUALES E INNOVACIÓN SOBRE EL CONTROL DE ACCESOS PRIVILEGIADOS.
RETOS ACTUALES E INNOVACIÓN SOBRE EL CONTROL DE ACCESOS PRIVILEGIADOS.Cristian Garcia G.
 
Top Cybersecurity Trends of 2021
Top Cybersecurity Trends of 2021Top Cybersecurity Trends of 2021
Top Cybersecurity Trends of 2021Shawn Nutley
 
DHS Cybersecurity Services for Building Cyber Resilience
DHS Cybersecurity Services for Building Cyber ResilienceDHS Cybersecurity Services for Building Cyber Resilience
DHS Cybersecurity Services for Building Cyber ResilienceDawn Yankeelov
 
Cyber Security Services & Solutions - Zymr
Cyber Security Services & Solutions - ZymrCyber Security Services & Solutions - Zymr
Cyber Security Services & Solutions - ZymrZYMR, INC.
 
From Cybersecurity to Cyber Resilience
From Cybersecurity to Cyber ResilienceFrom Cybersecurity to Cyber Resilience
From Cybersecurity to Cyber Resilienceaccenture
 
Midsize Business Solutions: Cybersecurity
Midsize Business Solutions: CybersecurityMidsize Business Solutions: Cybersecurity
Midsize Business Solutions: CybersecurityCisco Security
 
Cal Net Tech Talk Webinar Vulnerability Management 101-10 Essential Rules to ...
Cal Net Tech Talk Webinar Vulnerability Management 101-10 Essential Rules to ...Cal Net Tech Talk Webinar Vulnerability Management 101-10 Essential Rules to ...
Cal Net Tech Talk Webinar Vulnerability Management 101-10 Essential Rules to ...Laryssa Mereszczak
 
Secure Access – Anywhere by Prisma, PaloAlto
Secure Access – Anywhere by Prisma, PaloAltoSecure Access – Anywhere by Prisma, PaloAlto
Secure Access – Anywhere by Prisma, PaloAltoPrime Infoserv
 

Mais procurados (20)

Cybersecurity 2020 threat landscape and its implications (AMER)
Cybersecurity 2020 threat landscape and its implications (AMER)Cybersecurity 2020 threat landscape and its implications (AMER)
Cybersecurity 2020 threat landscape and its implications (AMER)
 
Top Cyber Threat Predictions for 2019
Top Cyber Threat Predictions for 2019Top Cyber Threat Predictions for 2019
Top Cyber Threat Predictions for 2019
 
FireEye Use Cases — FireEye Solution Deployment Experience
FireEye Use Cases — FireEye Solution Deployment ExperienceFireEye Use Cases — FireEye Solution Deployment Experience
FireEye Use Cases — FireEye Solution Deployment Experience
 
Data Center Security Challenges
Data Center Security ChallengesData Center Security Challenges
Data Center Security Challenges
 
Introduction to Cloud Security
Introduction to Cloud SecurityIntroduction to Cloud Security
Introduction to Cloud Security
 
Pervasive Security Across Your Extended Network
Pervasive Security Across Your Extended NetworkPervasive Security Across Your Extended Network
Pervasive Security Across Your Extended Network
 
Gartner presentation risq dec 2016 jie zhang
Gartner presentation risq dec 2016 jie zhangGartner presentation risq dec 2016 jie zhang
Gartner presentation risq dec 2016 jie zhang
 
Anatomy of a Ransomware Event
Anatomy of a Ransomware EventAnatomy of a Ransomware Event
Anatomy of a Ransomware Event
 
LendingTree and Cloudflare: Ensuring zero trade-off between security and cust...
LendingTree and Cloudflare: Ensuring zero trade-off between security and cust...LendingTree and Cloudflare: Ensuring zero trade-off between security and cust...
LendingTree and Cloudflare: Ensuring zero trade-off between security and cust...
 
2016 - Cyber Security for the Public Sector
2016 - Cyber Security for the Public Sector2016 - Cyber Security for the Public Sector
2016 - Cyber Security for the Public Sector
 
SEB Forcepoint Corporate Overview
SEB Forcepoint Corporate OverviewSEB Forcepoint Corporate Overview
SEB Forcepoint Corporate Overview
 
Adam Bulava GCC 2019
Adam Bulava GCC 2019Adam Bulava GCC 2019
Adam Bulava GCC 2019
 
RETOS ACTUALES E INNOVACIÓN SOBRE EL CONTROL DE ACCESOS PRIVILEGIADOS.
RETOS ACTUALES E INNOVACIÓN SOBRE EL CONTROL DE ACCESOS PRIVILEGIADOS.RETOS ACTUALES E INNOVACIÓN SOBRE EL CONTROL DE ACCESOS PRIVILEGIADOS.
RETOS ACTUALES E INNOVACIÓN SOBRE EL CONTROL DE ACCESOS PRIVILEGIADOS.
 
Top Cybersecurity Trends of 2021
Top Cybersecurity Trends of 2021Top Cybersecurity Trends of 2021
Top Cybersecurity Trends of 2021
 
DHS Cybersecurity Services for Building Cyber Resilience
DHS Cybersecurity Services for Building Cyber ResilienceDHS Cybersecurity Services for Building Cyber Resilience
DHS Cybersecurity Services for Building Cyber Resilience
 
Cyber Security Services & Solutions - Zymr
Cyber Security Services & Solutions - ZymrCyber Security Services & Solutions - Zymr
Cyber Security Services & Solutions - Zymr
 
From Cybersecurity to Cyber Resilience
From Cybersecurity to Cyber ResilienceFrom Cybersecurity to Cyber Resilience
From Cybersecurity to Cyber Resilience
 
Midsize Business Solutions: Cybersecurity
Midsize Business Solutions: CybersecurityMidsize Business Solutions: Cybersecurity
Midsize Business Solutions: Cybersecurity
 
Cal Net Tech Talk Webinar Vulnerability Management 101-10 Essential Rules to ...
Cal Net Tech Talk Webinar Vulnerability Management 101-10 Essential Rules to ...Cal Net Tech Talk Webinar Vulnerability Management 101-10 Essential Rules to ...
Cal Net Tech Talk Webinar Vulnerability Management 101-10 Essential Rules to ...
 
Secure Access – Anywhere by Prisma, PaloAlto
Secure Access – Anywhere by Prisma, PaloAltoSecure Access – Anywhere by Prisma, PaloAlto
Secure Access – Anywhere by Prisma, PaloAlto
 

Semelhante a The Jisc vulnerability assessment management service – part 2: how to avoid the headline news

AWS Chicago May 22 Security event - Redlock CSI report
AWS Chicago May 22 Security event - Redlock CSI reportAWS Chicago May 22 Security event - Redlock CSI report
AWS Chicago May 22 Security event - Redlock CSI reportAWS Chicago
 
Cyber Threat Prediction using ML
Cyber Threat Prediction using MLCyber Threat Prediction using ML
Cyber Threat Prediction using MLIRJET Journal
 
How to assess your Cybersecurity Vulnerability_.pdf
How to assess your Cybersecurity Vulnerability_.pdfHow to assess your Cybersecurity Vulnerability_.pdf
How to assess your Cybersecurity Vulnerability_.pdfMetaorange
 
How to assess your Cybersecurity Vulnerability_.pptx
How to assess your Cybersecurity Vulnerability_.pptxHow to assess your Cybersecurity Vulnerability_.pptx
How to assess your Cybersecurity Vulnerability_.pptxMetaorange
 
Key note in nyc the next breach target and how oracle can help - nyoug
Key note in nyc the next breach target and how oracle can help - nyougKey note in nyc the next breach target and how oracle can help - nyoug
Key note in nyc the next breach target and how oracle can help - nyougUlf Mattsson
 
Everything You Need to Know About BlueKeep
Everything You Need to Know About BlueKeepEverything You Need to Know About BlueKeep
Everything You Need to Know About BlueKeepIvanti
 
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...PECB
 
Policies to mitigate cyber risk
Policies to mitigate cyber riskPolicies to mitigate cyber risk
Policies to mitigate cyber riskG Prachi
 
How BlueHat Cyber Uses SanerNow to Automate Patch Management and Beyond
How BlueHat Cyber Uses SanerNow to Automate Patch Management and BeyondHow BlueHat Cyber Uses SanerNow to Automate Patch Management and Beyond
How BlueHat Cyber Uses SanerNow to Automate Patch Management and BeyondSecPod Technologies
 
The 1% Who Can Take Down your Organization
The 1% Who Can Take Down your OrganizationThe 1% Who Can Take Down your Organization
The 1% Who Can Take Down your OrganizationCloudLock
 
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...International Federation of Accountants
 
Cyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & RecommendationsCyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & RecommendationsUlf Mattsson
 
Who is the next target proactive approaches to data security
Who is the next target proactive approaches to data securityWho is the next target proactive approaches to data security
Who is the next target proactive approaches to data securityUlf Mattsson
 
Scrapping for Pennies: How to implement security without a budget
Scrapping for Pennies: How to implement security without a budgetScrapping for Pennies: How to implement security without a budget
Scrapping for Pennies: How to implement security without a budgetRyan Wisniewski
 
Credential Stuffing Attack: Countermeasures using Patterns and Machine Learning
Credential Stuffing Attack: Countermeasures using Patterns and Machine LearningCredential Stuffing Attack: Countermeasures using Patterns and Machine Learning
Credential Stuffing Attack: Countermeasures using Patterns and Machine LearningIRJET Journal
 
Webinar-MSP+ Cyber Insurance Fina.pptx
Webinar-MSP+ Cyber Insurance Fina.pptxWebinar-MSP+ Cyber Insurance Fina.pptx
Webinar-MSP+ Cyber Insurance Fina.pptxControlCase
 
Cyber Security – Challenges [Autosaved].pptx
Cyber Security – Challenges [Autosaved].pptxCyber Security – Challenges [Autosaved].pptx
Cyber Security – Challenges [Autosaved].pptxRambilashTudu
 
Cybersecurity In The Cognitive Era: Priming Your Digital Immune System
Cybersecurity In The Cognitive Era: Priming Your Digital Immune SystemCybersecurity In The Cognitive Era: Priming Your Digital Immune System
Cybersecurity In The Cognitive Era: Priming Your Digital Immune SystemIBM Security
 

Semelhante a The Jisc vulnerability assessment management service – part 2: how to avoid the headline news (20)

AWS Chicago May 22 Security event - Redlock CSI report
AWS Chicago May 22 Security event - Redlock CSI reportAWS Chicago May 22 Security event - Redlock CSI report
AWS Chicago May 22 Security event - Redlock CSI report
 
Cyber Threat Prediction using ML
Cyber Threat Prediction using MLCyber Threat Prediction using ML
Cyber Threat Prediction using ML
 
How to assess your Cybersecurity Vulnerability_.pdf
How to assess your Cybersecurity Vulnerability_.pdfHow to assess your Cybersecurity Vulnerability_.pdf
How to assess your Cybersecurity Vulnerability_.pdf
 
How to assess your Cybersecurity Vulnerability_.pptx
How to assess your Cybersecurity Vulnerability_.pptxHow to assess your Cybersecurity Vulnerability_.pptx
How to assess your Cybersecurity Vulnerability_.pptx
 
Key note in nyc the next breach target and how oracle can help - nyoug
Key note in nyc the next breach target and how oracle can help - nyougKey note in nyc the next breach target and how oracle can help - nyoug
Key note in nyc the next breach target and how oracle can help - nyoug
 
Everything You Need to Know About BlueKeep
Everything You Need to Know About BlueKeepEverything You Need to Know About BlueKeep
Everything You Need to Know About BlueKeep
 
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...
 
Policies to mitigate cyber risk
Policies to mitigate cyber riskPolicies to mitigate cyber risk
Policies to mitigate cyber risk
 
How BlueHat Cyber Uses SanerNow to Automate Patch Management and Beyond
How BlueHat Cyber Uses SanerNow to Automate Patch Management and BeyondHow BlueHat Cyber Uses SanerNow to Automate Patch Management and Beyond
How BlueHat Cyber Uses SanerNow to Automate Patch Management and Beyond
 
Cost effective cyber security
Cost effective cyber securityCost effective cyber security
Cost effective cyber security
 
The 1% Who Can Take Down your Organization
The 1% Who Can Take Down your OrganizationThe 1% Who Can Take Down your Organization
The 1% Who Can Take Down your Organization
 
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
 
Cyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & RecommendationsCyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & Recommendations
 
Who is the next target proactive approaches to data security
Who is the next target proactive approaches to data securityWho is the next target proactive approaches to data security
Who is the next target proactive approaches to data security
 
Scrapping for Pennies: How to implement security without a budget
Scrapping for Pennies: How to implement security without a budgetScrapping for Pennies: How to implement security without a budget
Scrapping for Pennies: How to implement security without a budget
 
Credential Stuffing Attack: Countermeasures using Patterns and Machine Learning
Credential Stuffing Attack: Countermeasures using Patterns and Machine LearningCredential Stuffing Attack: Countermeasures using Patterns and Machine Learning
Credential Stuffing Attack: Countermeasures using Patterns and Machine Learning
 
Presentation gdl
Presentation gdlPresentation gdl
Presentation gdl
 
Webinar-MSP+ Cyber Insurance Fina.pptx
Webinar-MSP+ Cyber Insurance Fina.pptxWebinar-MSP+ Cyber Insurance Fina.pptx
Webinar-MSP+ Cyber Insurance Fina.pptx
 
Cyber Security – Challenges [Autosaved].pptx
Cyber Security – Challenges [Autosaved].pptxCyber Security – Challenges [Autosaved].pptx
Cyber Security – Challenges [Autosaved].pptx
 
Cybersecurity In The Cognitive Era: Priming Your Digital Immune System
Cybersecurity In The Cognitive Era: Priming Your Digital Immune SystemCybersecurity In The Cognitive Era: Priming Your Digital Immune System
Cybersecurity In The Cognitive Era: Priming Your Digital Immune System
 

Mais de Jisc

Towards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptxTowards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptxJisc
 
Jamworks pilot and AI at Jisc (20/03/2024)
Jamworks pilot and AI at Jisc (20/03/2024)Jamworks pilot and AI at Jisc (20/03/2024)
Jamworks pilot and AI at Jisc (20/03/2024)Jisc
 
Wellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptxWellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptxJisc
 
Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)Jisc
 
Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Jisc
 
International students’ digital experience: understanding and mitigating the ...
International students’ digital experience: understanding and mitigating the ...International students’ digital experience: understanding and mitigating the ...
International students’ digital experience: understanding and mitigating the ...Jisc
 
Digital Storytelling Community Launch!.pptx
Digital Storytelling Community Launch!.pptxDigital Storytelling Community Launch!.pptx
Digital Storytelling Community Launch!.pptxJisc
 
Open Access book publishing understanding your options (1).pptx
Open Access book publishing understanding your options (1).pptxOpen Access book publishing understanding your options (1).pptx
Open Access book publishing understanding your options (1).pptxJisc
 
Scottish Universities Press supporting authors with requirements for open acc...
Scottish Universities Press supporting authors with requirements for open acc...Scottish Universities Press supporting authors with requirements for open acc...
Scottish Universities Press supporting authors with requirements for open acc...Jisc
 
How Bloomsbury is supporting authors with UKRI long-form open access requirem...
How Bloomsbury is supporting authors with UKRI long-form open access requirem...How Bloomsbury is supporting authors with UKRI long-form open access requirem...
How Bloomsbury is supporting authors with UKRI long-form open access requirem...Jisc
 
Jisc Northern Ireland Strategy Forum 2023
Jisc Northern Ireland Strategy Forum 2023Jisc Northern Ireland Strategy Forum 2023
Jisc Northern Ireland Strategy Forum 2023Jisc
 
Jisc Scotland Strategy Forum 2023
Jisc Scotland Strategy Forum 2023Jisc Scotland Strategy Forum 2023
Jisc Scotland Strategy Forum 2023Jisc
 
Jisc stakeholder strategic update 2023
Jisc stakeholder strategic update 2023Jisc stakeholder strategic update 2023
Jisc stakeholder strategic update 2023Jisc
 
JISC Presentation.pptx
JISC Presentation.pptxJISC Presentation.pptx
JISC Presentation.pptxJisc
 
Community-led Open Access Publishing webinar.pptx
Community-led Open Access Publishing webinar.pptxCommunity-led Open Access Publishing webinar.pptx
Community-led Open Access Publishing webinar.pptxJisc
 
The Open Access Community Framework (OACF) 2023 (1).pptx
The Open Access Community Framework (OACF) 2023 (1).pptxThe Open Access Community Framework (OACF) 2023 (1).pptx
The Open Access Community Framework (OACF) 2023 (1).pptxJisc
 
Are we onboard yet University of Sussex.pptx
Are we onboard yet University of Sussex.pptxAre we onboard yet University of Sussex.pptx
Are we onboard yet University of Sussex.pptxJisc
 
JiscOAWeek_LAIR_slides_October2023.pptx
JiscOAWeek_LAIR_slides_October2023.pptxJiscOAWeek_LAIR_slides_October2023.pptx
JiscOAWeek_LAIR_slides_October2023.pptxJisc
 
UWP OA Week Presentation (1).pptx
UWP OA Week Presentation (1).pptxUWP OA Week Presentation (1).pptx
UWP OA Week Presentation (1).pptxJisc
 
An introduction to Cyber Essentials
An introduction to Cyber EssentialsAn introduction to Cyber Essentials
An introduction to Cyber EssentialsJisc
 

Mais de Jisc (20)

Towards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptxTowards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptx
 
Jamworks pilot and AI at Jisc (20/03/2024)
Jamworks pilot and AI at Jisc (20/03/2024)Jamworks pilot and AI at Jisc (20/03/2024)
Jamworks pilot and AI at Jisc (20/03/2024)
 
Wellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptxWellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptx
 
Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)
 
Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...
 
International students’ digital experience: understanding and mitigating the ...
International students’ digital experience: understanding and mitigating the ...International students’ digital experience: understanding and mitigating the ...
International students’ digital experience: understanding and mitigating the ...
 
Digital Storytelling Community Launch!.pptx
Digital Storytelling Community Launch!.pptxDigital Storytelling Community Launch!.pptx
Digital Storytelling Community Launch!.pptx
 
Open Access book publishing understanding your options (1).pptx
Open Access book publishing understanding your options (1).pptxOpen Access book publishing understanding your options (1).pptx
Open Access book publishing understanding your options (1).pptx
 
Scottish Universities Press supporting authors with requirements for open acc...
Scottish Universities Press supporting authors with requirements for open acc...Scottish Universities Press supporting authors with requirements for open acc...
Scottish Universities Press supporting authors with requirements for open acc...
 
How Bloomsbury is supporting authors with UKRI long-form open access requirem...
How Bloomsbury is supporting authors with UKRI long-form open access requirem...How Bloomsbury is supporting authors with UKRI long-form open access requirem...
How Bloomsbury is supporting authors with UKRI long-form open access requirem...
 
Jisc Northern Ireland Strategy Forum 2023
Jisc Northern Ireland Strategy Forum 2023Jisc Northern Ireland Strategy Forum 2023
Jisc Northern Ireland Strategy Forum 2023
 
Jisc Scotland Strategy Forum 2023
Jisc Scotland Strategy Forum 2023Jisc Scotland Strategy Forum 2023
Jisc Scotland Strategy Forum 2023
 
Jisc stakeholder strategic update 2023
Jisc stakeholder strategic update 2023Jisc stakeholder strategic update 2023
Jisc stakeholder strategic update 2023
 
JISC Presentation.pptx
JISC Presentation.pptxJISC Presentation.pptx
JISC Presentation.pptx
 
Community-led Open Access Publishing webinar.pptx
Community-led Open Access Publishing webinar.pptxCommunity-led Open Access Publishing webinar.pptx
Community-led Open Access Publishing webinar.pptx
 
The Open Access Community Framework (OACF) 2023 (1).pptx
The Open Access Community Framework (OACF) 2023 (1).pptxThe Open Access Community Framework (OACF) 2023 (1).pptx
The Open Access Community Framework (OACF) 2023 (1).pptx
 
Are we onboard yet University of Sussex.pptx
Are we onboard yet University of Sussex.pptxAre we onboard yet University of Sussex.pptx
Are we onboard yet University of Sussex.pptx
 
JiscOAWeek_LAIR_slides_October2023.pptx
JiscOAWeek_LAIR_slides_October2023.pptxJiscOAWeek_LAIR_slides_October2023.pptx
JiscOAWeek_LAIR_slides_October2023.pptx
 
UWP OA Week Presentation (1).pptx
UWP OA Week Presentation (1).pptxUWP OA Week Presentation (1).pptx
UWP OA Week Presentation (1).pptx
 
An introduction to Cyber Essentials
An introduction to Cyber EssentialsAn introduction to Cyber Essentials
An introduction to Cyber Essentials
 

Último

Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesBoston Institute of Analytics
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 

Último (20)

Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 

The Jisc vulnerability assessment management service – part 2: how to avoid the headline news

  • 1. www.khipu-networks.com © 2018 Khipu Networks Limited. All Rights Reserved. Networkshop46 The Jisc vulnerability assessment management service – part 2: how to avoid the headline news
  • 2. www.khipu-networks.com © 2018 Khipu Networks Limited. All Rights Reserved. Step 1: learn from mistakes made by others and make sure you avoid making the same Timeline of two examples 2017-03-07 Vulnerability CVE-2017-5638 published and patch provided by vendor 2017-03-08 target informed about existence of vulnerability in own infrastructure 2017-03-15 target does own scan, can‘t find vulnerability, neglects external warnings +/- 2017-06 breach and data exfiltration started (unconfirmed but likely mid May) 2017-07-29 suspicious activity detected 50 DAYS 2017-09-07 announcement of breach 40 DAYS 2017-09-15 share value down by 35% CIO and CSO resign 2017-09-26 CEO resigns 1st is a ‚targeted‘ attack Add. Findings:  Financial PII data of 145.5m people affected (15.2m from UK)  30 (thirty) additional backdoors installed during breach Mistakes & Lessons to be learned:  No clarity about their data processes (90days to find out about what&who affected)  Get this done (you have to do for GDPR, anyway)  No good breach detection mechanism  Monitoring, inspecting, ask us if you need help  No clue at all about Vulnerability Management in first place  NO COMMENT, JUST A PICTURE
  • 3. www.khipu-networks.com © 2018 Khipu Networks Limited. All Rights Reserved. Step 1: learn from mistakes made by others and make sure you avoid making the same Timeline of two examples Summer 2016 Vulnerabilities and Exploits leaked +/- 2017-02-05 vendor warned by GOV agency 2017-03-14 vendor publishes vulnerability and patch 2017-04-14 hacker group publishes exploit 2017-05-12 malware outbreak +/- 2017-06 approximately 300,000 systems affected 2017-08-03 cash out from identified Bitcoin wallets of 142K USD or 420USD per transactions on these wallets 2017-07/09 additional variants in the wild using even more vulnerabilities 2nd is a ‚widespread‘ attack Some more facts on ransomware:  54% didn‘t pay but somehow recovered data  8% didn‘t pay and lost data  19% paid and got the data back  19% paid but didn‘t get the key, lost the data Mistakes & Lessons to be learned:  Do not underestimate the motivation for ransomware/malware  If only 20% paid (of those 300K devices affected), that‘s a 25.2m USD gain  Keep in mind that 99.9% of exploited vulnerabilities are known for a year, get a grip on those in your infrastructure  That figure doesn‘t include the other costs and effects  Maersk reported 300m loss, 50000 devices needed re-imaging, shipping service down for 2d  Looking at 3 exemplatory universities in UK, one day down would be 1.3m loss in rev  No connection between Vulnerability Management and Patch Management. Was that avoidable?  YES, SEE A PICTURE
  • 4. www.khipu-networks.com © 2018 Khipu Networks Limited. All Rights Reserved. Step 2: after step 1 – start simple, don‘t aim too high, then evolve  keep in mind, there is no ZERO vulnerability infrastructure, set an acceptable risk level  look at your data processing records (hope you have one by now)  cut wild growth in OS and applications  if you use an ISMS (or aim for ISO27000)  number of critical vulns at any given point in time, time to remediate them on critical assets  align with patch processes and maintenance windows  art. 30 GDPR, should indicate some of your most critical assets, so tag them this way in your VM solution  doing so routinely helps with art. 32 (staying compliant)  get alerted when scanning and with CPE cross ref  supporting each and everything helps your enemy  it also helps you with Cyber Essentials and CEplus (certification process)  A.12.6. measure & A12.6.1 control
  • 5. www.khipu-networks.com © 2018 Khipu Networks Limited. All Rights Reserved. Step 3: talk to your peers, our existing customers
  • 6. www.khipu-networks.com © 2018 Khipu Networks Limited. All Rights Reserved. New security vulnerabilities are being discovered and exploited by cybercriminals daily. For education organisations with large and diverse IT networks, it can be hard enough to simply understand their exposure to known vulnerabilities, let alone try to coordinate patching and testing against them. The Vulnerability Assessment Service is designed to relieve this pressure, and prevent outbreaks like WannaCry before they happen.” Steve Kennet Jisc Using KHIPU’s Vulnerability Assessment Service helped our organisation gain its cyber essentials certification Sean Ashford University of Winchester By having an automated solution that not only identifies vulnerabilities before they can be exploited, it reports on which systems will be affected and what actions need to be undertaken to protect them. This automated approach is vital in the defense against cyber-attacks including the recent ransomware which made headline news. The service, provided by KHIPU Networks via the Jisc VAS framework, has been an immediate success for the University, with a quick return on investment.” Anglia Ruskin University Rob Spalding
  • 7. www.khipu-networks.com © 2018 Khipu Networks Limited. All Rights Reserved. Step 4: Optional but recommended, if you need to have this message delivered to your management or board.... CALL US
  • 8. www.khipu-networks.com © 2018 Khipu Networks Limited. All Rights Reserved. Single Supplier Frameworks Single Supplier Framework: www.jisc.ac.uk/vulnerability-assessment-and-information-service Jisc Vulnerability Assessment & Information Service Single Supplier Framework: www.jisc.ac.uk/simulated-phishing-and-associated-training Jisc Simulated Phishing & Associated Awareness
  • 9. www.khipu-networks.com © 2018 Khipu Networks Limited. All Rights Reserved. Thank you! Any questions? One more thing before you leave:
  • 10. www.khipu-networks.com © 2018 Khipu Networks Limited. All Rights Reserved. FREE OF CHARGE Vulnerability Scan For a limited time only, KHIPU are offering a FREE OF CHARGE service to “any” size or type of organisation – on a ‘first time, first served’ basis. The service includes:  A vulnerability scan across a select number of mission critical external/internet facing hosts  A Vulnerability Results Dynamic Report which details any vulnerabilities identified, their severity and how to fix them We would like to then present the results to you with an overview of the solution, the different services available and their cost models. Interested? Come and talk to us about at our stand.

Notas do Editor

  1. 35MINUTES I need to start with a warning: The guys from Khipu told me to put a bit of humor in this presentation.... I‘m German, we don‘t know what humor is!! So this going to be a bone dry presentation of crisp facts and timelines! And......., apologies for my accent! Who and what has made it to the headline news in the last 18months (Wannacry, Equifax, others?) Maersk (Impact?) German Railway (DB, signage), hospital in Ruhr area, others notable, sizeable You might have been bombarded with a lot of marketing talk about ZeroDays, APTs, and something else alike, So let‘s take a look... APT zeroday (how many in 2017) Vulnerabilities (99.9%) (how many in 2017, how many considered ‚high‘, how many at 10.0 Timelines (WannyCry overlay) WannaCry money, ransom payments and chances to not get things back Keep in mind that this only one element of your overall security architecture, still its a very basic, foundational one - security architecture CES, CES plus, how to get certified Style of presentation, rather quick parforce than Swiss mood 35MINUTES
  2. Numbers of Vulns published in 2016, 2017, YTD2018: 2016: 7659 2017: 17427 2018 YTD: 4789 Acceptable risk level for: number of critical vulns at any given point in time, time to remediate them on critical assets, align with patch processes and maintenance windows , provides a short cut
  3. Users – your last form of defence”   “Student and staff education is vital in the defence against ransomware”   “We often look but seldom see”
  4. The message is: „ If you want to get ahead of threats, address your vulnerabilities „ We can deliver this presentation also in a Webex session
  5. I‘m pretty sure there is some british humor in the reports !!