Transcript: Cybersecurity compliance E- Training What is cybersecurity? What is Cybersecurity? Definition Definition Manages and reduces cyber risk. This can include protecting information from identity theft, protecting softwares, systems, and networks from being hacked into, and even protecting extortion from a digital criminal. Consequences How can it impact your business? Ransomware attack Violations and Fines Financial impact Reputational impact SEC Identity Theft & Safe Guards Rule Colonial Pipeline May 2021 Ransomware NYCRR Part 500 Unun Life Insurance & Paul Revere Life Insurance September 2018 Violations and Fines Financial Impact Reputational Impact How do we assess it? Elements & Structure Elements Elements Structure Structure Components Components How can we avoid it? Deep dive Part 1 Part 1 Part 2 Part 2
Transcript: Thank You! Cybersecurity What is a Data breach? A data breach is the intentional or unintentional release of secure or private/confidential information to an untrusted environment. Data Breach What is MFA is authenticating a user using two or more independent credentials for a single login. Mufti-factor authentication(MFA) Modern examples Examples logging into a computer with a password and then also being required to use your fingerprint to complete the login. Debit cards What is a Password Passwords A password is a secret word or phrase that must be used to gain admission to something. Why you shouldn't reuse passwords You shouldn't reuse passwords because it opens you up to people trying to steal you stuff online. Why you shouldn't reuse passwords What makes a password good What makes a password good A password is good for keeping you stuff personal. A good password is made up of Letters,symbols and numbers. How could we have prevented this Breach How could we have prevented this breach We could have prevented this breach by not reusing the same passwords for everything. If you are an employe and have multiple passwords How you can prevent this form happening You can have a less chance of having to deal with MFA if you change you passwords and are more safe into what information you put in online.
Transcript: Cybersecurity: Stepping towards Change Cybersecurity Today The cybersecurity caucus was created in Sept 2008. Legislation passed to create a cybersecurity division under the DHS According to Symantec, between 2015 and 2017, the U.S. was the country most affected by targeted cyber attacks with 303 known large-scale attacks. Minimal Public Awareness National National Cybersecurity Protection Advancement Act of 2015 Cybersecurity Information Sharing Act (CISA) Computer Fraud and Abuse Act Gramm-Leach-Bliley Act (GLBA) Stored Communications Act CLOUD Act CALEA(Digital Telephony Act) Existing Federal Acts Existing Laws Resources for approved software on Homeland Security webpage Microsoft started offering malware protection after incidents (wannacry) Stepping towards free Anti-virus software Existing Measures Education + free resources + educated Lawmakers Required Changes Consortium of School Networking DFS- Cybersecurity Regulation (NYCRR 500)-requires organizations to maintain a cybersecurity program that protects consumer data New York Statewide California California's Consumer Privacy Act and Infromation Privacy:Connected Devices Act Precedence Division of Cyber Laws Cyberlaws come under 3 main realms: (1) Computer Fraud (2) Threat against government and national security (3) Privacy Act We have chosen to study more into threats against US and government security Created in 1980s when email was still new was meant at the time to apply specifically to email Continues to this day without modifications apt to developing technology allows government access to our personal content under ISP Example: an opened email that is over 60 days old is accessible to the govt. Storage Communications Act Storage Communications Act No standardized methods of communication or education on cybersecurity protocols Homeland security provides lists of accessible resources and software, but no educational info NY state ITS dept provides some information and classes for youth in the state Lawmakers, public, tech users, are not updated on security measures as technology grows Little Education and Resources Lack of Tech Education Case Study Notorious Cases in recent US History Equifax cyber-attack in 2017 Wannacry ransomware cyber-attack in 2017 Malicious hacker stole personal data of consumers including government identification and credit information Equifax kept it quiet with attack took place over few months 150 million users affected... Equifax Demanded bitcoin currency in ransom Self-spread without even need to click Allowed a remote hacker to hijack computers running on unpatched Microsoft Windows operating system https://thehackernews.com/2017/05/how-to-wannacry-ransomware.html Affected about 200,000 Windows PCs across 150 countries Wannacry Interviews Professional Opinions Two Critical Parts to enabling a solution and change: Legal: Why such laws exist against personal security? How can cyberlaws change? Users/ Educators: what kind of protocols are in place? What resources we have access to? Found that it is possible to change such laws if Congress wanted could happen in the matter of days Contention behind change has to do with different understandings of the Constitution -- Fourth Amendment Systems have been built off the Storage Communications Act change can cause unemployment can cause loss of ISP protection court cases could lose critical evidence Lawyers are not required to have a tech understanding or education Lawyer and Professor from Columbia Law Lawmakers Annual educational trainings about computer safety tested this learning via fake email Applications/software is auto-updated by the Cybersecurity team List of applications/webpages that are prohibited from access Prohibited port access to any computer/laptop Preventative antivirus and security software is systemized Sr Cybersecurity Analyst in ConEdison Tech Users/ Educators Campaign Promises Cybersecurity and Politics The 2020 campaign officers are being trained by DHS (two factor authentication and encrypted messaging Rep.Sheila Jackson Lee from TX has been pushing for several new legislations recently this bill introduced to create a standard for IoT devices CISPA( Cyber Intelligence Sharing and Protection Act CISPA Act a proposed law, which would allow for the sharing of Internet traffic information between the U.S. government and technology and manufacturing companies. Talking point for candidates Future Work ! Improvements and Suggestions Better basic cybersecurity education National Campaigns regarding cyber safety Introduce thorough legislation to meet current technological standards Education Awareness Legislation
Transcript: INTRODUCTION FIRST TOPIC Introduce your project here Types of Cyber Threats Types of Cyber Threats Insert your content anywhere ADD SUBTOPICS to present all the details data 1 data 2 It's been a good year! data 3 MEET THE NEW TEAM MEET THE TEAM Who is the Boss? PROJECT ANALYSIS Insert Your Content Text Images Symbols Videos Change the Layout and Colors Change the Layout and Colors Change the Layout and Colors CONTACT INFORMATION CONTACT DETAILS How do people find you?
Transcript: University of Florida - Audit Report 11/30/2017 Abstract Although current procedural and reporting requirements may potentially change for University of Florida Health Science Center, the current audit performed was designed to evaluate and test compliance with established policies in the organization currently. Abstract General Provisions FOCUS AREA 1 THE PROBLEM THE PROBLEM 100 300 500 700 900 1100 1300 1500 1700 2007 2017 2012 2004 THE PLAN THE PLAN THE TIMELINE THE TIMELINE 2007 2011 2014 2017 CONTINGENCY CONTINGENCY THE PROBLEM THE PROBLEM 100 300 500 700 900 1100 1300 1500 1700 2007 2017 2012 2004 THE PLAN THE PLAN THE TIMELINE THE TIMELINE 2007 2011 2014 2017 FOCUS AREA 1 FOCUS AREA 1 THE PROBLEM THE PROBLEM 100 300 500 700 900 1100 1300 1500 1700 2007 2017 2012 2004 THE PLAN THE PLAN THE TIMELINE THE TIMELINE 2007 2011 2014 2017 FOCUS AREA 1 FOCUS AREA 1 THE PROBLEM THE PROBLEM 100 300 500 700 900 1100 1300 1500 1700 2007 2017 2012 2004 THE PLAN THE PLAN THE TIMELINE THE TIMELINE 2007 2011 2014 2017 FOCUS AREA 1 FOCUS AREA 1 THE PROBLEM THE PROBLEM 100 300 500 700 900 1100 1300 1500 1700 2007 2017 2012 2004 THE PLAN THE PLAN THE TIMELINE THE TIMELINE 2007 2011 2014 2017
Transcript: Task 2 7. 4. Titles: Strong Password Tips Introducation of Password management Password manager Types of Password manager Features of Password manager Helpfull Techniques on password management Common Password managers Password Breaking Future authentication methods What is Burp Suite? Burp Suite is a web application testing tool used to test for vulnerabilities in web applications. What are some tools that Burp Suite has? Some tools that Burp Suite has include the Proxy, Repeater, Intruder, Scanner, and Extender. How can Burp Suite be used for penetration testing? Burp Suite can be used for penetration testing by identifying vulnerabilities in web applications and exploiting them to gain access to sensitive information. 7. 1. Intruder: This is used to run a set of values through an input point. The values are run and the output is observed for success/failure. What is BurpSuite? 6. Burp Suite is a software security application used for penetration testing of web applications. Both a free and a paid version of the software are available. The software is developed by the company PortSwigger. 3. What is the difference between Burp Proxy and Burp Repeater? The main difference between Burp Proxy and Burp Repeater is that Proxy is used to intercept requests and responses, while Repeater is used to resend individual requests. What is the difference between Burp Scanner and Burp Intruder? The main difference between Burp Scanner and Burp Intruder is that Scanner is used to automatically scan web applications for vulnerabilities, while Intruder is used for manual testing of web applications. Proxy: This tools lets the user see and modify the contents of requests and responses while they are in transit. 5. BurpSuite SKILLS Learning resource: The Web Security Academy (https://portswigger.net/web-security) PortSwigger Youtube channel https://www.youtube.com/c/PortSwiggerTV/videos 7. Abdulrahman Albaadi The tools offered by BurpSuite are: There are many usefull tools in BurpSuite, They are indispensable among professional web app security researchers and bug bounty hunters. Some of these tools: Proxy Intruder Repeater Decoder Scanner Is Burp Suite available on Windows? Yes, Burp Suite is available on Windows. What is the difference between Burp Suite Community and Professional Editions? The main difference between Burp Suite Community and Professional Editions is that the Professional Edition has additional features such as advanced scanning capabilities and support for collaboration. INTERESTS Thanks 7. 2. 8. How can you use Burp Suite to test for SQL injection vulnerabilities? You can use Burp Suite to test for SQL injection vulnerabilities by sending specially crafted SQL queries to the web application and observing the response. What is the difference between passive and active scanning in Burp Suite? Passive scanning in Burp Suite involves observing traffic without modifying it while active scanning involves modifying traffic to identify vulnerabilities.
Transcript: Japanese Cybersecurity Policy What is the government's role? Introduction Basic Cybersecurity Act Japanese Government's Role in Cybersecurity Article 15: Requires the state to promote awareness of the importance of cybersecurity Government needs to provide necessary information, advice and other necessary measures to private business operators and educational and research institutions to protect the intellectual property information held by them Article 14: Requires the state to take necessary measures such as developing basic standards to be followed, providing drills, training and promoting information sharing and other voluntary efforts What is the private sector's view? Japan: 55% US: 80% Japan: 27% US: 78% Cost: 63% Investment: 18% How much do they invest in cybersecurity? 1. Not a requirement to ensure cybersecurity Government don't have the power to impose any mandatory obligations on private business operators to ensure cybersecurity. Why isn't it working ? 2. Not a requirement to report any cyberattacks There is no law or regulation that requires a private business to report any cyberattacks. No penalty is imposed on it in the event of a failure to make such report. Challenges Challenge 1. The government cannot make the regulation legally binding 2. Not all businesses are aware of the importance of cybersecurity Areas for growth • Promote importance of cybersecurity to the senior executives • Create a culture that investment in cybersecurity is a norm • Increase amount of information-sharing platforms that are government entities • Both government and private sectors can benefit • Increase amount of money invested in R&D for cybersecurity Recommendation Raise awareness of cybersecurity in Japan, explain the cyberthreat landscape and best practices 1. Make business executives aware Describe potential risks from business strategy and risk management perspectives by using simple, easy-to-digest terms. Example: Government conducting programs for businesses executives NYSE analyzes companies cybersecurity during the M&A process Low cybersecurity = lower price 1. Need more Information Sharing and Analysis Centers (ISACs) Japan has 6 ISACs (Auto ISAC, NCC/ Communication ISAC, Financial Services ISAC, Information Technology ISAC, Electricity ISAC, and ICT ISAC) US has 23 ISACs 2. Information Sharing To strengthen cybersecurity, sharing information between public and private sectors and across different sectors in various forms of communication is necessary 2. Create more cross-sector industry forums Japan: 48 companies are working to increase cybersecurity capacity Japanese government should invest more into R&D for cybersecurity 3. Investment in R&D The U.S. government has traditionally been effective in using R&D funding to stimulate innovation and has established effective ways of technology expansion. The Japanese government needs to be more committed to its domestic cybersecurity industry and can learn how to do so by studying the U.S. experience. Become part of government official or lawyer to change the Basic Cyber Act What can YOU do? Work for a company and inform the importance of investing in cybersecurity Vote for government officials who are aware of the importance of cybersecurity Questions? Thank you! Reference
Transcript: CyberSecurity With TotalAV Simpsons did it Hook, Introductions and Agenda Introduction Did you know that Cofense’s Phishing Threat and Malware Review of 2019 found that almost 74% of phishing attacks between October 2018 and March 2019 involved credential phishing, which is the stealing of usernames and passwords. These attacks can be difficult to stop as the emails typically show no signs of being malicious. And many actually originate from hijacked business email accounts. We are team Simpsons did it, we are comprised of: Eric Mangual Antonio Libertino Kenny Cowley Faith Paddon Ryan Rice Today we will be discussing: Our Clients business The current issues with the business Our recommended technology and why The cost, training, and implementation Closing and Re-cap Leslie's Lucky Leprechauns The reason we choose Leslie's was because her business was compromised due to lack of cybersecurity She then had to salvage her customer’s relationships and retain her business. Clients Name So she hired us and our purpose is to bring a relevant technology to Leslie and her business, at a reasonable price It will be feasible for a SME in order to prevent future hackers! And we wanted to earn that Pot of Gold! Clients Business and Current Issue Clients Business and Current Issue Leslie’s Lucky Leprechauns is a gardening tent that sells living four leaf clovers nestled in planting pots shortly before St. Patrick’s Day she also serves the most amazing clover tea (which happens to be illegal in 15 states) Her current issue is her business was recently a victim of a phishing scam and her customer data was compromised! The technology we choose is....... Tech: TotalAV Our Technology: TotalAV We recommend TotalAV because it was the #1 Ranked Anti-virus March 2020. Fast, Award Winning Anti-virus, Removes All Viruses, Malware, Ad-ware & Spy-ware. Includes Internet Security, Ransom-ware, & Phishing Protection. TotalAV is feasible for SME because blocks the latest phishing URLs to protect you against the scams, which Leslie's has had a major problem with Deals in protection against Ad-ware & Spy-ware as well which defends you from software, designed to steal personal information such as card info, login info, etc. Cost/Training/Implementation Cost Currently $29, for 3 devices regularly it is $99, you're saving $70! if you buy now! Currently $39,devices regularly it is $119, you're saving $80! if you buy now! Currently $59, for 6 devices regularly it is $149, you're saving $90! if you buy now! BEST DEAL! Packages per Plan! Training/Implementing Simple Interface that you just have to download on all devices and review their easy to follow interactive website, essentially, no training required and you get great results We will implement the simple to use application, on all available devices, iPhone,iPad, Android, Mac and Windows that our client may have For small to medium businesses add on for 15 additional devices for just $30 Closing Closing Today we discussed: Our Clients business, Leslie's Lucky Leprechauns The current issues with the business, being the lack of cybersecurity and phishing Our recommended technology and why, TotalAV because it was the #1 ranked anti-virus in March of 2020 and provides a system that blocks the latest phishing URLs to protect you against the scams, which is the reason Leslie hired us for our services. The cost, which the best deal is currently $59 for 6 devices and there is an added plan for SME businesses that provides an additional 15 devices for $30 currently The training and implementation, which is an easy to easy application that just has to be downloaded on all devices Closing Statement • “if there are any points that require further clarification, we’ll address those now, if not, thank you for your time!”
Description: If you work in education, make your next report visually interesting and easy to navigate. The line-drawn illustrations in this edu report presentation template encourage curiosity and discovery.
Description: When you need to clearly spell out your message, this creative Prezi template is the way to go. As with all Prezi education templates and Prezi nonprofit templates, this one is easy to customize to let you zoom in on your ideas or pull back to show the big picture.
Description: How do you stand out from the stacks of resumes on your prospective employer’s desk? With a Prezi resume template, of course! Create your own “Prezume” and and impress them with your cutting-edge dynamism and cool. All Prezi presentation templates are easy to customize.
Now you can make any subject more engaging and memorable