SlideShare uma empresa Scribd logo

IT Security Myths

n|u - The Open Security Community
n|u - The Open Security Community

null Trivandrum Chapter - August 2013 Meet

EducaçãoTecnologiaNotícias e política
1 de 16
Baixar para ler offline
The biggest Information Security myths 9/23/2013 1 Vishnu P, Info. Sec Analyst, EY
Session covers • "misperceptions“ that can shatter the best implemented IT Security plans. • “exaggerations” about the threats that business could face and the security technologies being use. • To sum up, these false assumptions add up to “security myths”. • The ‘Cause’ & ‘Cure’ – busting. 9/23/2013 2
What is a myth? 9/23/2013 3
Myth or Fact? 9/23/2013 4
Myth • An invented or a cooked up story which doesn’t have a valid basis, a proof or a description but people believe in it. 9/23/2013 5
Myth: “It won’t happen to me” • Cause: – Letting employees do whatever they want for cutting down the cost. – We’re so young. So most of our faults and mistakes should be forgiven. • Cure: – Take up the responsibility to address security related requests – Make use of a security classification framework. 9/23/2013 6
Myth: “Security risks can be quantified” • Cause: – The “numbers-oriented culture” – “he who has the biggest numbers wins”. • Cure: – Develop non numeric expressions of risk. – Make sure the BU takes ownerships of its IT-relatd risks. 9/23/2013 7
Myth: “We have physical security (or SSL) so you know your data is safe” • Cause: – Nothing but poor understanding of risk. – Wishful thinking. • Cure: – Ensure security purchases match data requirements. 9/23/2013 8
Myth: “Password expiration and complexity reduces risk” • Causes: – Passwords are not cracked. They are sniffed. • Cure: – ? 9/23/2013 9
Myth: “We can control our people” • Cause: – Misguided belief placed on someone. – BYOD • Cure: – Nothing much to do here. “Regulate” 9/23/2013 10
Myth: “Buy this tool <X> and it will solve all your problems” • Cause: – External search for magic solutions to difficult problems; wishful thinking again! • Cure: – Methodical risk analysis and prioritization. – Multi-year security plan. 9/23/2013 11
Myth: “Encryption is the best way to keep your sensitive files safe” • Cause: – Naïve expectations about a difficult technology. – “magic bullets” to shoot down regulatory concerns. • Cure: – Ensure you have solid experience in cryptography before making decisions and jumping into conclusions. 9/23/2013 12
But, why these myths?? 9/23/2013 13
Why? • Factors that are simply the human propensity (a natural tendency) to over-react in unfamiliar situations. • The common organizational bent to pass the blame to someone else. • Passing the buck, power politics. 9/23/2013 14
Wishful thinking • The illusion that your wishes or desires will become reality just because you desire them so much. • The mistaken belief that what you wish for is actually true. 9/23/2013 15
Thanks to • Matha, Pitha, Google, Dhaivam • Jay Heiser (Analyst, Gartner) • Javvad Malik (Analyst, The 451 Group) 9/23/2013 16

Recomendados

You can't teach an old dog new tricks
You can't teach an old dog new tricksYou can't teach an old dog new tricks
You can't teach an old dog new tricksWatchful Software
 
Risk Management Metrics That Matter
Risk Management Metrics That MatterRisk Management Metrics That Matter
Risk Management Metrics That MatterEd Bellis
 
Cyber strategies stack the odds in your favor
Cyber strategies stack the odds in your favorCyber strategies stack the odds in your favor
Cyber strategies stack the odds in your favorNational Retail Federation
 
Security Myths and Facts in Today's It World (Tudor Damian & Mihai Tataran)
Security Myths and Facts in Today's It World (Tudor Damian & Mihai Tataran)Security Myths and Facts in Today's It World (Tudor Damian & Mihai Tataran)
Security Myths and Facts in Today's It World (Tudor Damian & Mihai Tataran)ITCamp
 
Enterprise security management II
Enterprise security management IIEnterprise security management II
Enterprise security management IIzapp0
 
Ultimate Guide to Choosing an Incident Management System
Ultimate Guide to Choosing an Incident Management SystemUltimate Guide to Choosing an Incident Management System
Ultimate Guide to Choosing an Incident Management System24/7 Software
 
Enterprise security incident management
Enterprise security incident managementEnterprise security incident management
Enterprise security incident managementzapp0
 
Cyber Crime & Big Data Webinar -- 10-16-13
Cyber Crime & Big Data Webinar -- 10-16-13Cyber Crime & Big Data Webinar -- 10-16-13
Cyber Crime & Big Data Webinar -- 10-16-13MedillNSZ
 

Recomendados

You can't teach an old dog new tricks
You can't teach an old dog new tricksYou can't teach an old dog new tricks
You can't teach an old dog new tricksWatchful Software
 
Risk Management Metrics That Matter
Risk Management Metrics That MatterRisk Management Metrics That Matter
Risk Management Metrics That MatterEd Bellis
 
Cyber strategies stack the odds in your favor
Cyber strategies stack the odds in your favorCyber strategies stack the odds in your favor
Cyber strategies stack the odds in your favorNational Retail Federation
 
Security Myths and Facts in Today's It World (Tudor Damian & Mihai Tataran)
Security Myths and Facts in Today's It World (Tudor Damian & Mihai Tataran)Security Myths and Facts in Today's It World (Tudor Damian & Mihai Tataran)
Security Myths and Facts in Today's It World (Tudor Damian & Mihai Tataran)ITCamp
 
Enterprise security management II
Enterprise security management IIEnterprise security management II
Enterprise security management IIzapp0
 
Ultimate Guide to Choosing an Incident Management System
Ultimate Guide to Choosing an Incident Management SystemUltimate Guide to Choosing an Incident Management System
Ultimate Guide to Choosing an Incident Management System24/7 Software
 
Enterprise security incident management
Enterprise security incident managementEnterprise security incident management
Enterprise security incident managementzapp0
 
Cyber Crime & Big Data Webinar -- 10-16-13
Cyber Crime & Big Data Webinar -- 10-16-13Cyber Crime & Big Data Webinar -- 10-16-13
Cyber Crime & Big Data Webinar -- 10-16-13MedillNSZ
 
2016 Canadian CEO Outlook
2016 Canadian CEO Outlook2016 Canadian CEO Outlook
2016 Canadian CEO OutlookStradablog
 
Chapter 11: Information Security Incident Management
Chapter 11: Information Security Incident ManagementChapter 11: Information Security Incident Management
Chapter 11: Information Security Incident ManagementNada G.Youssef
 
Accenture & NextNine – Medium Size Oil & Gas Company Cyber Security Case Study
Accenture & NextNine – Medium Size Oil & Gas Company Cyber Security Case StudyAccenture & NextNine – Medium Size Oil & Gas Company Cyber Security Case Study
Accenture & NextNine – Medium Size Oil & Gas Company Cyber Security Case StudyHoneywell
 
The ever increasing threat of cyber crime
The ever increasing threat of cyber crimeThe ever increasing threat of cyber crime
The ever increasing threat of cyber crimeNathan Desfontaines
 
Cybersecurity in Oil Gas Industry
Cybersecurity in Oil Gas IndustryCybersecurity in Oil Gas Industry
Cybersecurity in Oil Gas IndustryTunde Ogunkoya
 
Cloud with Cyber Security
Cloud with Cyber SecurityCloud with Cyber Security
Cloud with Cyber SecurityNiki Upadhyay
 
PwC Point of View on Cybersecurity Management
PwC Point of View on Cybersecurity ManagementPwC Point of View on Cybersecurity Management
PwC Point of View on Cybersecurity ManagementCA Technologies
 
Big Data in Cyber Security
Big Data in Cyber SecurityBig Data in Cyber Security
Big Data in Cyber SecurityNapier University
 
The Proactive Approach to Cyber Security
The Proactive Approach to Cyber SecurityThe Proactive Approach to Cyber Security
The Proactive Approach to Cyber SecurityNathan Desfontaines
 
Fighting The Top 7 Threats to Cloud Cybersecurity
Fighting The Top 7 Threats to Cloud CybersecurityFighting The Top 7 Threats to Cloud Cybersecurity
Fighting The Top 7 Threats to Cloud CybersecurityDavid Zaizar
 
Cyber Resilience
Cyber ResilienceCyber Resilience
Cyber ResilienceIan-Edward Stafrace
 
Cyber Security Transformation - A New Approach for 2015 & Beyond - Daryl Pereira
Cyber Security Transformation - A New Approach for 2015 & Beyond - Daryl PereiraCyber Security Transformation - A New Approach for 2015 & Beyond - Daryl Pereira
Cyber Security Transformation - A New Approach for 2015 & Beyond - Daryl PereiraKnowledge Group
 
Outlook Briefing 2016: Cyber Security
Outlook Briefing 2016: Cyber SecurityOutlook Briefing 2016: Cyber Security
Outlook Briefing 2016: Cyber SecurityMastel Indonesia
 
Privacy by Design Seminar - Jan 22, 2015
Privacy by Design Seminar - Jan 22, 2015Privacy by Design Seminar - Jan 22, 2015
Privacy by Design Seminar - Jan 22, 2015Dr. Ann Cavoukian
 
Application Security: AI LLMs and ML Threats & Defenses
Application Security: AI LLMs and ML Threats & DefensesApplication Security: AI LLMs and ML Threats & Defenses
Application Security: AI LLMs and ML Threats & DefensesRobert Grupe, CSSLP CISSP PE PMP
 
Slides to the online event "Creating an effective cybersecurity strategy" by ...
Slides to the online event "Creating an effective cybersecurity strategy" by ...Slides to the online event "Creating an effective cybersecurity strategy" by ...
Slides to the online event "Creating an effective cybersecurity strategy" by ...Berezha Security Group
 
Brain Hacking: Using behavioural economics and consumer psychology to improve...
Brain Hacking: Using behavioural economics and consumer psychology to improve...Brain Hacking: Using behavioural economics and consumer psychology to improve...
Brain Hacking: Using behavioural economics and consumer psychology to improve...David Greenwood
 
CLASS 2018 - Palestra de Denis Prado (Security Intelligence Sales Leader Lati...
CLASS 2018 - Palestra de Denis Prado (Security Intelligence Sales Leader Lati...CLASS 2018 - Palestra de Denis Prado (Security Intelligence Sales Leader Lati...
CLASS 2018 - Palestra de Denis Prado (Security Intelligence Sales Leader Lati...TI Safe
 
Slide set 4 safety and risk
Slide set 4 safety and riskSlide set 4 safety and risk
Slide set 4 safety and riskAbdel Salam Sayyad
 
Insider Threat Mitigation
Insider Threat Mitigation Insider Threat Mitigation
Insider Threat MitigationRoger Johnston
 
Banning Whining, Avoiding Cyber Wolves, and Creating Warrior
Banning Whining, Avoiding Cyber Wolves, and Creating WarriorBanning Whining, Avoiding Cyber Wolves, and Creating Warrior
Banning Whining, Avoiding Cyber Wolves, and Creating WarriorSandra (Sandy) Dunn
 
Information Security
Information SecurityInformation Security
Information SecurityChief Optimist
 

Mais conteúdo relacionado

Destaque

2016 Canadian CEO Outlook
2016 Canadian CEO Outlook2016 Canadian CEO Outlook
2016 Canadian CEO OutlookStradablog
 
Chapter 11: Information Security Incident Management
Chapter 11: Information Security Incident ManagementChapter 11: Information Security Incident Management
Chapter 11: Information Security Incident ManagementNada G.Youssef
 
Accenture & NextNine – Medium Size Oil & Gas Company Cyber Security Case Study
Accenture & NextNine – Medium Size Oil & Gas Company Cyber Security Case StudyAccenture & NextNine – Medium Size Oil & Gas Company Cyber Security Case Study
Accenture & NextNine – Medium Size Oil & Gas Company Cyber Security Case StudyHoneywell
 
The ever increasing threat of cyber crime
The ever increasing threat of cyber crimeThe ever increasing threat of cyber crime
The ever increasing threat of cyber crimeNathan Desfontaines
 
Cybersecurity in Oil Gas Industry
Cybersecurity in Oil Gas IndustryCybersecurity in Oil Gas Industry
Cybersecurity in Oil Gas IndustryTunde Ogunkoya
 
Cloud with Cyber Security
Cloud with Cyber SecurityCloud with Cyber Security
Cloud with Cyber SecurityNiki Upadhyay
 
PwC Point of View on Cybersecurity Management
PwC Point of View on Cybersecurity ManagementPwC Point of View on Cybersecurity Management
PwC Point of View on Cybersecurity ManagementCA Technologies
 
The Proactive Approach to Cyber Security
The Proactive Approach to Cyber SecurityThe Proactive Approach to Cyber Security
The Proactive Approach to Cyber SecurityNathan Desfontaines
 
Fighting The Top 7 Threats to Cloud Cybersecurity
Fighting The Top 7 Threats to Cloud CybersecurityFighting The Top 7 Threats to Cloud Cybersecurity
Fighting The Top 7 Threats to Cloud CybersecurityDavid Zaizar
 
Cyber Security Transformation - A New Approach for 2015 & Beyond - Daryl Pereira
Cyber Security Transformation - A New Approach for 2015 & Beyond - Daryl PereiraCyber Security Transformation - A New Approach for 2015 & Beyond - Daryl Pereira
Cyber Security Transformation - A New Approach for 2015 & Beyond - Daryl PereiraKnowledge Group
 
Outlook Briefing 2016: Cyber Security
Outlook Briefing 2016: Cyber SecurityOutlook Briefing 2016: Cyber Security
Outlook Briefing 2016: Cyber SecurityMastel Indonesia
 

Destaque (13)

2016 Canadian CEO Outlook
2016 Canadian CEO Outlook2016 Canadian CEO Outlook
2016 Canadian CEO Outlook
 
Chapter 11: Information Security Incident Management
Chapter 11: Information Security Incident ManagementChapter 11: Information Security Incident Management
Chapter 11: Information Security Incident Management
 
Accenture & NextNine – Medium Size Oil & Gas Company Cyber Security Case Study
Accenture & NextNine – Medium Size Oil & Gas Company Cyber Security Case StudyAccenture & NextNine – Medium Size Oil & Gas Company Cyber Security Case Study
Accenture & NextNine – Medium Size Oil & Gas Company Cyber Security Case Study
 
The ever increasing threat of cyber crime
The ever increasing threat of cyber crimeThe ever increasing threat of cyber crime
The ever increasing threat of cyber crime
 
Cybersecurity in Oil Gas Industry
Cybersecurity in Oil Gas IndustryCybersecurity in Oil Gas Industry
Cybersecurity in Oil Gas Industry
 
Cloud with Cyber Security
Cloud with Cyber SecurityCloud with Cyber Security
Cloud with Cyber Security
 
PwC Point of View on Cybersecurity Management
PwC Point of View on Cybersecurity ManagementPwC Point of View on Cybersecurity Management
PwC Point of View on Cybersecurity Management
 
Big Data in Cyber Security
Big Data in Cyber SecurityBig Data in Cyber Security
Big Data in Cyber Security
 
The Proactive Approach to Cyber Security
The Proactive Approach to Cyber SecurityThe Proactive Approach to Cyber Security
The Proactive Approach to Cyber Security
 
Fighting The Top 7 Threats to Cloud Cybersecurity
Fighting The Top 7 Threats to Cloud CybersecurityFighting The Top 7 Threats to Cloud Cybersecurity
Fighting The Top 7 Threats to Cloud Cybersecurity
 
Cyber Resilience
Cyber ResilienceCyber Resilience
Cyber Resilience
 
Cyber Security Transformation - A New Approach for 2015 & Beyond - Daryl Pereira
Cyber Security Transformation - A New Approach for 2015 & Beyond - Daryl PereiraCyber Security Transformation - A New Approach for 2015 & Beyond - Daryl Pereira
Cyber Security Transformation - A New Approach for 2015 & Beyond - Daryl Pereira
 
Outlook Briefing 2016: Cyber Security
Outlook Briefing 2016: Cyber SecurityOutlook Briefing 2016: Cyber Security
Outlook Briefing 2016: Cyber Security
 

Semelhante a IT Security Myths

Privacy by Design Seminar - Jan 22, 2015
Privacy by Design Seminar - Jan 22, 2015Privacy by Design Seminar - Jan 22, 2015
Privacy by Design Seminar - Jan 22, 2015Dr. Ann Cavoukian
 
Slides to the online event "Creating an effective cybersecurity strategy" by ...
Slides to the online event "Creating an effective cybersecurity strategy" by ...Slides to the online event "Creating an effective cybersecurity strategy" by ...
Slides to the online event "Creating an effective cybersecurity strategy" by ...Berezha Security Group
 
Brain Hacking: Using behavioural economics and consumer psychology to improve...
Brain Hacking: Using behavioural economics and consumer psychology to improve...Brain Hacking: Using behavioural economics and consumer psychology to improve...
Brain Hacking: Using behavioural economics and consumer psychology to improve...David Greenwood
 
CLASS 2018 - Palestra de Denis Prado (Security Intelligence Sales Leader Lati...
CLASS 2018 - Palestra de Denis Prado (Security Intelligence Sales Leader Lati...CLASS 2018 - Palestra de Denis Prado (Security Intelligence Sales Leader Lati...
CLASS 2018 - Palestra de Denis Prado (Security Intelligence Sales Leader Lati...TI Safe
 
Insider Threat Mitigation
Insider Threat Mitigation Insider Threat Mitigation
Insider Threat MitigationRoger Johnston
 
Banning Whining, Avoiding Cyber Wolves, and Creating Warrior
Banning Whining, Avoiding Cyber Wolves, and Creating WarriorBanning Whining, Avoiding Cyber Wolves, and Creating Warrior
Banning Whining, Avoiding Cyber Wolves, and Creating WarriorSandra (Sandy) Dunn
 
FINAL presentationMay2016
FINAL presentationMay2016FINAL presentationMay2016
FINAL presentationMay2016Melissa Krasnow
 
IS-Intro.pdf
IS-Intro.pdfIS-Intro.pdf
IS-Intro.pdfwdwd10
 
Anonos Dynamic Data Obscurity - Privacy For The Interconnected World
Anonos Dynamic Data Obscurity - Privacy For The Interconnected WorldAnonos Dynamic Data Obscurity - Privacy For The Interconnected World
Anonos Dynamic Data Obscurity - Privacy For The Interconnected WorldTed Myerson
 
Privacy and Security in the Internet of Things
Privacy and Security in the Internet of ThingsPrivacy and Security in the Internet of Things
Privacy and Security in the Internet of ThingsJeff Katz
 
The death of enterprise security as we know it - Pukhraj Singh - RootConf 2018
The death of enterprise security as we know it - Pukhraj Singh - RootConf 2018The death of enterprise security as we know it - Pukhraj Singh - RootConf 2018
The death of enterprise security as we know it - Pukhraj Singh - RootConf 2018Pukhraj Singh
 
"Security on the Brain" Security & Risk Psychology Workshop Nov 2013
"Security on the Brain" Security & Risk Psychology Workshop Nov 2013"Security on the Brain" Security & Risk Psychology Workshop Nov 2013
"Security on the Brain" Security & Risk Psychology Workshop Nov 2013Adrian Wright
 
1.5 Pages are requiredYou have been hired .docx
1.5 Pages are requiredYou have been hired .docx1.5 Pages are requiredYou have been hired .docx
1.5 Pages are requiredYou have been hired .docxchristiandean12115
 
Effective Cybersecurity Communication Skills
Effective Cybersecurity Communication SkillsEffective Cybersecurity Communication Skills
Effective Cybersecurity Communication SkillsJack Whitsitt
 
Security Transformation
Security TransformationSecurity Transformation
Security TransformationFaisal Yahya
 
Information Security & Manufacturing
Information Security & ManufacturingInformation Security & Manufacturing
Information Security & ManufacturingEvan Francen
 

Semelhante a IT Security Myths (20)

Privacy by Design Seminar - Jan 22, 2015
Privacy by Design Seminar - Jan 22, 2015Privacy by Design Seminar - Jan 22, 2015
Privacy by Design Seminar - Jan 22, 2015
 
Application Security: AI LLMs and ML Threats & Defenses
Application Security: AI LLMs and ML Threats & DefensesApplication Security: AI LLMs and ML Threats & Defenses
Application Security: AI LLMs and ML Threats & Defenses
 
Slides to the online event "Creating an effective cybersecurity strategy" by ...
Slides to the online event "Creating an effective cybersecurity strategy" by ...Slides to the online event "Creating an effective cybersecurity strategy" by ...
Slides to the online event "Creating an effective cybersecurity strategy" by ...
 
Brain Hacking: Using behavioural economics and consumer psychology to improve...
Brain Hacking: Using behavioural economics and consumer psychology to improve...Brain Hacking: Using behavioural economics and consumer psychology to improve...
Brain Hacking: Using behavioural economics and consumer psychology to improve...
 
CLASS 2018 - Palestra de Denis Prado (Security Intelligence Sales Leader Lati...
CLASS 2018 - Palestra de Denis Prado (Security Intelligence Sales Leader Lati...CLASS 2018 - Palestra de Denis Prado (Security Intelligence Sales Leader Lati...
CLASS 2018 - Palestra de Denis Prado (Security Intelligence Sales Leader Lati...
 
Slide set 4 safety and risk
Slide set 4 safety and riskSlide set 4 safety and risk
Slide set 4 safety and risk
 
Insider Threat Mitigation
Insider Threat Mitigation Insider Threat Mitigation
Insider Threat Mitigation
 
Banning Whining, Avoiding Cyber Wolves, and Creating Warrior
Banning Whining, Avoiding Cyber Wolves, and Creating WarriorBanning Whining, Avoiding Cyber Wolves, and Creating Warrior
Banning Whining, Avoiding Cyber Wolves, and Creating Warrior
 
Information Security
Information SecurityInformation Security
Information Security
 
FINAL presentationMay2016
FINAL presentationMay2016FINAL presentationMay2016
FINAL presentationMay2016
 
IS-Intro.pdf
IS-Intro.pdfIS-Intro.pdf
IS-Intro.pdf
 
Anonos Dynamic Data Obscurity - Privacy For The Interconnected World
Anonos Dynamic Data Obscurity - Privacy For The Interconnected WorldAnonos Dynamic Data Obscurity - Privacy For The Interconnected World
Anonos Dynamic Data Obscurity - Privacy For The Interconnected World
 
Privacy and Security in the Internet of Things
Privacy and Security in the Internet of ThingsPrivacy and Security in the Internet of Things
Privacy and Security in the Internet of Things
 
The death of enterprise security as we know it - Pukhraj Singh - RootConf 2018
The death of enterprise security as we know it - Pukhraj Singh - RootConf 2018The death of enterprise security as we know it - Pukhraj Singh - RootConf 2018
The death of enterprise security as we know it - Pukhraj Singh - RootConf 2018
 
"Security on the Brain" Security & Risk Psychology Workshop Nov 2013
"Security on the Brain" Security & Risk Psychology Workshop Nov 2013"Security on the Brain" Security & Risk Psychology Workshop Nov 2013
"Security on the Brain" Security & Risk Psychology Workshop Nov 2013
 
1.5 Pages are requiredYou have been hired .docx
1.5 Pages are requiredYou have been hired .docx1.5 Pages are requiredYou have been hired .docx
1.5 Pages are requiredYou have been hired .docx
 
Effective Cybersecurity Communication Skills
Effective Cybersecurity Communication SkillsEffective Cybersecurity Communication Skills
Effective Cybersecurity Communication Skills
 
Security, Audit and Compliance: course overview
Security, Audit and Compliance: course overviewSecurity, Audit and Compliance: course overview
Security, Audit and Compliance: course overview
 
Security Transformation
Security TransformationSecurity Transformation
Security Transformation
 
Information Security & Manufacturing
Information Security & ManufacturingInformation Security & Manufacturing
Information Security & Manufacturing
 

Mais de n|u - The Open Security Community

Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...n|u - The Open Security Community
 

Mais de n|u - The Open Security Community (20)

Hardware security testing 101 (Null - Delhi Chapter)
Hardware security testing 101 (Null - Delhi Chapter)Hardware security testing 101 (Null - Delhi Chapter)
Hardware security testing 101 (Null - Delhi Chapter)
 
Osint primer
Osint primerOsint primer
Osint primer
 
SSRF exploit the trust relationship
SSRF exploit the trust relationshipSSRF exploit the trust relationship
SSRF exploit the trust relationship
 
Nmap basics
Nmap basicsNmap basics
Nmap basics
 
Metasploit primary
Metasploit primaryMetasploit primary
Metasploit primary
 
Api security-testing
Api security-testingApi security-testing
Api security-testing
 
Introduction to TLS 1.3
Introduction to TLS 1.3Introduction to TLS 1.3
Introduction to TLS 1.3
 
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
 
Talking About SSRF,CRLF
Talking About SSRF,CRLFTalking About SSRF,CRLF
Talking About SSRF,CRLF
 
Building active directory lab for red teaming
Building active directory lab for red teamingBuilding active directory lab for red teaming
Building active directory lab for red teaming
 
Owning a company through their logs
Owning a company through their logsOwning a company through their logs
Owning a company through their logs
 
Introduction to shodan
Introduction to shodanIntroduction to shodan
Introduction to shodan
 
Cloud security
Cloud security Cloud security
Cloud security
 
Detecting persistence in windows
Detecting persistence in windowsDetecting persistence in windows
Detecting persistence in windows
 
Frida - Objection Tool Usage
Frida - Objection Tool UsageFrida - Objection Tool Usage
Frida - Objection Tool Usage
 
OSQuery - Monitoring System Process
OSQuery - Monitoring System ProcessOSQuery - Monitoring System Process
OSQuery - Monitoring System Process
 
DevSecOps Jenkins Pipeline -Security
DevSecOps Jenkins Pipeline -SecurityDevSecOps Jenkins Pipeline -Security
DevSecOps Jenkins Pipeline -Security
 
Extensible markup language attacks
Extensible markup language attacksExtensible markup language attacks
Extensible markup language attacks
 
Linux for hackers
Linux for hackersLinux for hackers
Linux for hackers
 
Android Pentesting
Android PentestingAndroid Pentesting
Android Pentesting
 

Último

Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3JemimahLaneBuaron
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfSoniaTolstoy
 
Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Educationpboyjonauth
 
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdfssuser54595a
 
Student login on Anyboli platform.helpin
Student login on Anyboli platform.helpinStudent login on Anyboli platform.helpin
Student login on Anyboli platform.helpinRaunakKeshri1
 
Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Celine George
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104misteraugie
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfsanyamsingh5019
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxNirmalaLoungPoorunde1
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationnomboosow
 
mini mental status format.docx
mini mental status format.docxmini mental status format.docx
mini mental status format.docxPoojaSen20
 
URLs and Routing in the Odoo 17 Website App
URLs and Routing in the Odoo 17 Website AppURLs and Routing in the Odoo 17 Website App
URLs and Routing in the Odoo 17 Website AppCeline George
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxGaneshChakor2
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingTechSoup
 
Arihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfArihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfchloefrazer622
 
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...Marc Dusseiller Dusjagr
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityGeoBlogs
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxheathfieldcps1
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxpboyjonauth
 

Último (20)

Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
 
Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Education
 
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
 
Student login on Anyboli platform.helpin
Student login on Anyboli platform.helpinStudent login on Anyboli platform.helpin
Student login on Anyboli platform.helpin
 
Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdf
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptx
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communication
 
mini mental status format.docx
mini mental status format.docxmini mental status format.docx
mini mental status format.docx
 
URLs and Routing in the Odoo 17 Website App
URLs and Routing in the Odoo 17 Website AppURLs and Routing in the Odoo 17 Website App
URLs and Routing in the Odoo 17 Website App
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptx
 
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy Consulting
 
Arihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfArihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdf
 
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activity
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptx
 

IT Security Myths

  • 1. The biggest Information Security myths 9/23/2013 1 Vishnu P, Info. Sec Analyst, EY
  • 2. Session covers • "misperceptions“ that can shatter the best implemented IT Security plans. • “exaggerations” about the threats that business could face and the security technologies being use. • To sum up, these false assumptions add up to “security myths”. • The ‘Cause’ & ‘Cure’ – busting. 9/23/2013 2
  • 3. What is a myth? 9/23/2013 3
  • 5. Myth • An invented or a cooked up story which doesn’t have a valid basis, a proof or a description but people believe in it. 9/23/2013 5
  • 6. Myth: “It won’t happen to me” • Cause: – Letting employees do whatever they want for cutting down the cost. – We’re so young. So most of our faults and mistakes should be forgiven. • Cure: – Take up the responsibility to address security related requests – Make use of a security classification framework. 9/23/2013 6
  • 7. Myth: “Security risks can be quantified” • Cause: – The “numbers-oriented culture” – “he who has the biggest numbers wins”. • Cure: – Develop non numeric expressions of risk. – Make sure the BU takes ownerships of its IT-relatd risks. 9/23/2013 7
  • 8. Myth: “We have physical security (or SSL) so you know your data is safe” • Cause: – Nothing but poor understanding of risk. – Wishful thinking. • Cure: – Ensure security purchases match data requirements. 9/23/2013 8
  • 9. Myth: “Password expiration and complexity reduces risk” • Causes: – Passwords are not cracked. They are sniffed. • Cure: – ? 9/23/2013 9
  • 10. Myth: “We can control our people” • Cause: – Misguided belief placed on someone. – BYOD • Cure: – Nothing much to do here. “Regulate” 9/23/2013 10
  • 11. Myth: “Buy this tool <X> and it will solve all your problems” • Cause: – External search for magic solutions to difficult problems; wishful thinking again! • Cure: – Methodical risk analysis and prioritization. – Multi-year security plan. 9/23/2013 11
  • 12. Myth: “Encryption is the best way to keep your sensitive files safe” • Cause: – Naïve expectations about a difficult technology. – “magic bullets” to shoot down regulatory concerns. • Cure: – Ensure you have solid experience in cryptography before making decisions and jumping into conclusions. 9/23/2013 12
  • 13. But, why these myths?? 9/23/2013 13
  • 14. Why? • Factors that are simply the human propensity (a natural tendency) to over-react in unfamiliar situations. • The common organizational bent to pass the blame to someone else. • Passing the buck, power politics. 9/23/2013 14
  • 15. Wishful thinking • The illusion that your wishes or desires will become reality just because you desire them so much. • The mistaken belief that what you wish for is actually true. 9/23/2013 15
  • 16. Thanks to • Matha, Pitha, Google, Dhaivam • Jay Heiser (Analyst, Gartner) • Javvad Malik (Analyst, The 451 Group) 9/23/2013 16