SlideShare una empresa de Scribd logo

Go Its 25 15

S
sergri

Password management and use.

1 de 14
Sergey Grigorenko CISSP CISA CISM September 2009 PRRESENTATION
[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],AGENDA Sergey Grigorenko CISSP CISA CISM September 2009
[object Object],PURPOSE AND SCOPE Sergey Grigorenko CISSP CISA CISM September 2009 Non-character-based passwords, such as graphic-based passwords, Biometrics, Digital Certificates and Authentication Protocols, are outside the scope of this presentation. Audience: This presentation is for non technical stuff and program managers who can use the information presented to facilitate the decision-making processes associated with password management, such as password policy creation. Duration: 5-7 minutes
Information Security OVERVIEW Sergey Grigorenko CISSP CISA CISM September 2009 ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Security Architecture OVERVIEW Sergey Grigorenko CISSP CISA CISM September 2009 Business requirements Regulatory requirements A N A L Y S I S * POLICIES * ** STANDARDS ** *** PROCEDURES AND GUIDELINES *** Administrative Controls MONITOR, REPORT AND IMPROVE GO-ITS 25.15 Technical Controls Firewalls Intrusion detection prevention Access control System Hardening Physical Controls Guards CCTV Lockers Alarm systems
OVERVIEW Sergey Grigorenko CISSP CISA CISM September 2009 The cost of data loss for 2008: $50.00 - $200.00 per a record – 215 million records lost since January 2008 = $11 to $430 Billion – $6.3 million per company incident. /Gartner/
OVERVIEW Sergey Grigorenko CISSP CISA CISM September 2009 The objective of GO-ITS 25.15 Standard is to ensure that the management and use of passwords to access Government of Ontario information and information technology is effective, and assists in the mitigation of unacceptable risks to those resources. “ Security Requirements for Password Management and Use” Standard number 25.15 has been created by Information Technology Standards Council ( ITSC ) to sets out security requirements for password management and use.
OVERVIEW ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Sergey Grigorenko CISSP CISA CISM September 2009
Threats Against Passwords Sergey Grigorenko CISSP CISA CISM September 2009 In order to protect users and organization from a password attack, we have to understand of the various threats and tactics
Threats Against Passwords Sergey Grigorenko CISSP CISA CISM September 2009 ,[object Object],[object Object],[object Object],[object Object],Password Calculator . http:// lastbit.com/pswcalc.asp
GO-ITS 25.15 Security Controls Sergey Grigorenko CISSP CISA CISM September 2009 ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Threats Against Passwords Sergey Grigorenko CISSP CISA CISM September 2009 Users may also reveal their passwords to attackers because of social engineering . ,[object Object],[object Object],For example, an attacker could pretend to be a help desk agent, call a user, and ask the user to provide a password to assist the agent in troubleshooting a problem. Sniffing may occur as passive eavesdropping or active interception, such as a man-in-the-middle attack with an attacker serving as an intermediary through which messages between two other systems pass. Capturing is an attacker acquiring a password from storage, transmission, or user knowledge and behavior. ,[object Object],[object Object],[object Object]
How to meet this standard? Sergey Grigorenko CISSP CISA CISM September 2009 ,[object Object],[object Object],[object Object]
September 2009 Sergey Grigorenko INFO@SERGRI.NET September 2009 QUESTIONS? References: NIST Special Publication 800-118 Guide to Enterprise Password Management Government of Ontario IT Standard (GO-ITS) 25.15 (V.1.3)

Recomendados

Thinking like a criminal – Cybersecurity 101
Thinking like a criminal – Cybersecurity 101Thinking like a criminal – Cybersecurity 101
Thinking like a criminal – Cybersecurity 101PECB
 
Cybersecurity Myths for Small and Medium-Sized Businesses
Cybersecurity Myths for Small and Medium-Sized BusinessesCybersecurity Myths for Small and Medium-Sized Businesses
Cybersecurity Myths for Small and Medium-Sized BusinessesSeqrite
 
Thinking like a hacker - Introducing Hacker Vision
Thinking like a hacker - Introducing Hacker VisionThinking like a hacker - Introducing Hacker Vision
Thinking like a hacker - Introducing Hacker VisionPECB
 
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Edureka!
 
Simple and-smart-security-tips-for-website -design-orange949
Simple and-smart-security-tips-for-website -design-orange949Simple and-smart-security-tips-for-website -design-orange949
Simple and-smart-security-tips-for-website -design-orange949Orange949
 
Class4 Security
Class4 SecurityClass4 Security
Class4 SecurityRMS
 
Navigating Cybersecurity
Navigating CybersecurityNavigating Cybersecurity
Navigating CybersecuritySegun Ebenezer Olaniyan
 
IT Security
IT SecurityIT Security
IT SecurityRaden Tjokro Partono
 

Recomendados

Thinking like a criminal – Cybersecurity 101
Thinking like a criminal – Cybersecurity 101Thinking like a criminal – Cybersecurity 101
Thinking like a criminal – Cybersecurity 101PECB
 
Cybersecurity Myths for Small and Medium-Sized Businesses
Cybersecurity Myths for Small and Medium-Sized BusinessesCybersecurity Myths for Small and Medium-Sized Businesses
Cybersecurity Myths for Small and Medium-Sized BusinessesSeqrite
 
Thinking like a hacker - Introducing Hacker Vision
Thinking like a hacker - Introducing Hacker VisionThinking like a hacker - Introducing Hacker Vision
Thinking like a hacker - Introducing Hacker VisionPECB
 
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Edureka!
 
Simple and-smart-security-tips-for-website -design-orange949
Simple and-smart-security-tips-for-website -design-orange949Simple and-smart-security-tips-for-website -design-orange949
Simple and-smart-security-tips-for-website -design-orange949Orange949
 
Class4 Security
Class4 SecurityClass4 Security
Class4 SecurityRMS
 
Navigating Cybersecurity
Navigating CybersecurityNavigating Cybersecurity
Navigating CybersecuritySegun Ebenezer Olaniyan
 
IT Security
IT SecurityIT Security
IT SecurityRaden Tjokro Partono
 
IS Decisions Company Overview. Solutions to secure your Windows Network.
IS Decisions Company Overview. Solutions to secure your Windows Network.IS Decisions Company Overview. Solutions to secure your Windows Network.
IS Decisions Company Overview. Solutions to secure your Windows Network.IS Decisions
 
Security VoIP Assessment
Security VoIP AssessmentSecurity VoIP Assessment
Security VoIP AssessmentIron Mountain
 
Psb mobile security
Psb mobile securityPsb mobile security
Psb mobile securityF-Secure Corporation
 
Enhancing your Organization's Security IQ to Meet Emerging Threats & New Real...
Enhancing your Organization's Security IQ to Meet Emerging Threats & New Real...Enhancing your Organization's Security IQ to Meet Emerging Threats & New Real...
Enhancing your Organization's Security IQ to Meet Emerging Threats & New Real...IBM Sverige
 
What is SIEM? A Brilliant Guide to the Basics
What is SIEM? A Brilliant Guide to the BasicsWhat is SIEM? A Brilliant Guide to the Basics
What is SIEM? A Brilliant Guide to the BasicsSagar Joshi
 
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)WAJAHAT IQBAL
 
Cybersecurity Tools | Popular Tools for Cybersecurity Threats | Cybersecurity...
Cybersecurity Tools | Popular Tools for Cybersecurity Threats | Cybersecurity...Cybersecurity Tools | Popular Tools for Cybersecurity Threats | Cybersecurity...
Cybersecurity Tools | Popular Tools for Cybersecurity Threats | Cybersecurity...Edureka!
 
Protect your video meetings
Protect your video meetingsProtect your video meetings
Protect your video meetingsSwiftTech Solutions, Inc.
 
Ethical Hacking vs Penetration Testing vs Cybersecurity: Know the Difference?
Ethical Hacking vs Penetration Testing vs Cybersecurity: Know the Difference?Ethical Hacking vs Penetration Testing vs Cybersecurity: Know the Difference?
Ethical Hacking vs Penetration Testing vs Cybersecurity: Know the Difference?PECB
 
Cyber Security 2017 Challenges
Cyber Security 2017 ChallengesCyber Security 2017 Challenges
Cyber Security 2017 ChallengesLeandro Bennaton
 
The Cyber Security Landscape: An OurCrowd Briefing for Investors
The Cyber Security Landscape: An OurCrowd Briefing for InvestorsThe Cyber Security Landscape: An OurCrowd Briefing for Investors
The Cyber Security Landscape: An OurCrowd Briefing for InvestorsOurCrowd
 
Keeping up with the Revolution in IT Security
Keeping up with the Revolution in IT SecurityKeeping up with the Revolution in IT Security
Keeping up with the Revolution in IT SecurityDistil Networks
 
CERT 210W-10
CERT 210W-10CERT 210W-10
CERT 210W-10VICTOR MAESTRE RAMIREZ
 
Threat Modelling And Threat Response
Threat Modelling And Threat ResponseThreat Modelling And Threat Response
Threat Modelling And Threat ResponseVivek Jindaniya
 
Cybersecurity Insiders Webinar - Zero Trust: Best Practices for Securing the...
Cybersecurity Insiders Webinar - Zero Trust: Best Practices for Securing the...Cybersecurity Insiders Webinar - Zero Trust: Best Practices for Securing the...
Cybersecurity Insiders Webinar - Zero Trust: Best Practices for Securing the...Ivanti
 
Webinar: "How to invest efficiently in cybersecurity (Return on Security Inv...
Webinar: "How to invest efficiently in cybersecurity (Return on Security Inv...Webinar: "How to invest efficiently in cybersecurity (Return on Security Inv...
Webinar: "How to invest efficiently in cybersecurity (Return on Security Inv...Berezha Security Group
 
Cyber Security vs IT Security in 2 mins
Cyber Security vs IT Security in 2 minsCyber Security vs IT Security in 2 mins
Cyber Security vs IT Security in 2 minsINKPPT
 
IT Security - Guidelines
IT Security - GuidelinesIT Security - Guidelines
IT Security - GuidelinesPedro Espinosa
 
Webinar | Cybersecurity vulnerabilities of your business - Berezha Security G...
Webinar | Cybersecurity vulnerabilities of your business - Berezha Security G...Webinar | Cybersecurity vulnerabilities of your business - Berezha Security G...
Webinar | Cybersecurity vulnerabilities of your business - Berezha Security G...Berezha Security Group
 
Information Security
Information SecurityInformation Security
Information Securityvadapav123
 
2010 BPTW
2010 BPTW2010 BPTW
2010 BPTWTonja Abel
 
CFO slide show
CFO slide showCFO slide show
CFO slide showTonja Abel
 

Más contenido relacionado

La actualidad más candente

IS Decisions Company Overview. Solutions to secure your Windows Network.
IS Decisions Company Overview. Solutions to secure your Windows Network.IS Decisions Company Overview. Solutions to secure your Windows Network.
IS Decisions Company Overview. Solutions to secure your Windows Network.IS Decisions
 
Security VoIP Assessment
Security VoIP AssessmentSecurity VoIP Assessment
Security VoIP AssessmentIron Mountain
 
Enhancing your Organization's Security IQ to Meet Emerging Threats & New Real...
Enhancing your Organization's Security IQ to Meet Emerging Threats & New Real...Enhancing your Organization's Security IQ to Meet Emerging Threats & New Real...
Enhancing your Organization's Security IQ to Meet Emerging Threats & New Real...IBM Sverige
 
What is SIEM? A Brilliant Guide to the Basics
What is SIEM? A Brilliant Guide to the BasicsWhat is SIEM? A Brilliant Guide to the Basics
What is SIEM? A Brilliant Guide to the BasicsSagar Joshi
 
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)WAJAHAT IQBAL
 
Cybersecurity Tools | Popular Tools for Cybersecurity Threats | Cybersecurity...
Cybersecurity Tools | Popular Tools for Cybersecurity Threats | Cybersecurity...Cybersecurity Tools | Popular Tools for Cybersecurity Threats | Cybersecurity...
Cybersecurity Tools | Popular Tools for Cybersecurity Threats | Cybersecurity...Edureka!
 
Ethical Hacking vs Penetration Testing vs Cybersecurity: Know the Difference?
Ethical Hacking vs Penetration Testing vs Cybersecurity: Know the Difference?Ethical Hacking vs Penetration Testing vs Cybersecurity: Know the Difference?
Ethical Hacking vs Penetration Testing vs Cybersecurity: Know the Difference?PECB
 
Cyber Security 2017 Challenges
Cyber Security 2017 ChallengesCyber Security 2017 Challenges
Cyber Security 2017 ChallengesLeandro Bennaton
 
The Cyber Security Landscape: An OurCrowd Briefing for Investors
The Cyber Security Landscape: An OurCrowd Briefing for InvestorsThe Cyber Security Landscape: An OurCrowd Briefing for Investors
The Cyber Security Landscape: An OurCrowd Briefing for InvestorsOurCrowd
 
Keeping up with the Revolution in IT Security
Keeping up with the Revolution in IT SecurityKeeping up with the Revolution in IT Security
Keeping up with the Revolution in IT SecurityDistil Networks
 
Threat Modelling And Threat Response
Threat Modelling And Threat ResponseThreat Modelling And Threat Response
Threat Modelling And Threat ResponseVivek Jindaniya
 
Cybersecurity Insiders Webinar - Zero Trust: Best Practices for Securing the...
Cybersecurity Insiders Webinar - Zero Trust: Best Practices for Securing the...Cybersecurity Insiders Webinar - Zero Trust: Best Practices for Securing the...
Cybersecurity Insiders Webinar - Zero Trust: Best Practices for Securing the...Ivanti
 
Webinar: "How to invest efficiently in cybersecurity (Return on Security Inv...
Webinar: "How to invest efficiently in cybersecurity (Return on Security Inv...Webinar: "How to invest efficiently in cybersecurity (Return on Security Inv...
Webinar: "How to invest efficiently in cybersecurity (Return on Security Inv...Berezha Security Group
 
Cyber Security vs IT Security in 2 mins
Cyber Security vs IT Security in 2 minsCyber Security vs IT Security in 2 mins
Cyber Security vs IT Security in 2 minsINKPPT
 
IT Security - Guidelines
IT Security - GuidelinesIT Security - Guidelines
IT Security - GuidelinesPedro Espinosa
 
Webinar | Cybersecurity vulnerabilities of your business - Berezha Security G...
Webinar | Cybersecurity vulnerabilities of your business - Berezha Security G...Webinar | Cybersecurity vulnerabilities of your business - Berezha Security G...
Webinar | Cybersecurity vulnerabilities of your business - Berezha Security G...Berezha Security Group
 
Information Security
Information SecurityInformation Security
Information Securityvadapav123
 

La actualidad más candente (20)

IS Decisions Company Overview. Solutions to secure your Windows Network.
IS Decisions Company Overview. Solutions to secure your Windows Network.IS Decisions Company Overview. Solutions to secure your Windows Network.
IS Decisions Company Overview. Solutions to secure your Windows Network.
 
Security VoIP Assessment
Security VoIP AssessmentSecurity VoIP Assessment
Security VoIP Assessment
 
Psb mobile security
Psb mobile securityPsb mobile security
Psb mobile security
 
Enhancing your Organization's Security IQ to Meet Emerging Threats & New Real...
Enhancing your Organization's Security IQ to Meet Emerging Threats & New Real...Enhancing your Organization's Security IQ to Meet Emerging Threats & New Real...
Enhancing your Organization's Security IQ to Meet Emerging Threats & New Real...
 
What is SIEM? A Brilliant Guide to the Basics
What is SIEM? A Brilliant Guide to the BasicsWhat is SIEM? A Brilliant Guide to the Basics
What is SIEM? A Brilliant Guide to the Basics
 
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
 
Cybersecurity Tools | Popular Tools for Cybersecurity Threats | Cybersecurity...
Cybersecurity Tools | Popular Tools for Cybersecurity Threats | Cybersecurity...Cybersecurity Tools | Popular Tools for Cybersecurity Threats | Cybersecurity...
Cybersecurity Tools | Popular Tools for Cybersecurity Threats | Cybersecurity...
 
Protect your video meetings
Protect your video meetingsProtect your video meetings
Protect your video meetings
 
Ethical Hacking vs Penetration Testing vs Cybersecurity: Know the Difference?
Ethical Hacking vs Penetration Testing vs Cybersecurity: Know the Difference?Ethical Hacking vs Penetration Testing vs Cybersecurity: Know the Difference?
Ethical Hacking vs Penetration Testing vs Cybersecurity: Know the Difference?
 
Cyber Security 2017 Challenges
Cyber Security 2017 ChallengesCyber Security 2017 Challenges
Cyber Security 2017 Challenges
 
The Cyber Security Landscape: An OurCrowd Briefing for Investors
The Cyber Security Landscape: An OurCrowd Briefing for InvestorsThe Cyber Security Landscape: An OurCrowd Briefing for Investors
The Cyber Security Landscape: An OurCrowd Briefing for Investors
 
Keeping up with the Revolution in IT Security
Keeping up with the Revolution in IT SecurityKeeping up with the Revolution in IT Security
Keeping up with the Revolution in IT Security
 
CERT 210W-10
CERT 210W-10CERT 210W-10
CERT 210W-10
 
Threat Modelling And Threat Response
Threat Modelling And Threat ResponseThreat Modelling And Threat Response
Threat Modelling And Threat Response
 
Cybersecurity Insiders Webinar - Zero Trust: Best Practices for Securing the...
Cybersecurity Insiders Webinar - Zero Trust: Best Practices for Securing the...Cybersecurity Insiders Webinar - Zero Trust: Best Practices for Securing the...
Cybersecurity Insiders Webinar - Zero Trust: Best Practices for Securing the...
 
Webinar: "How to invest efficiently in cybersecurity (Return on Security Inv...
Webinar: "How to invest efficiently in cybersecurity (Return on Security Inv...Webinar: "How to invest efficiently in cybersecurity (Return on Security Inv...
Webinar: "How to invest efficiently in cybersecurity (Return on Security Inv...
 
Cyber Security vs IT Security in 2 mins
Cyber Security vs IT Security in 2 minsCyber Security vs IT Security in 2 mins
Cyber Security vs IT Security in 2 mins
 
IT Security - Guidelines
IT Security - GuidelinesIT Security - Guidelines
IT Security - Guidelines
 
Webinar | Cybersecurity vulnerabilities of your business - Berezha Security G...
Webinar | Cybersecurity vulnerabilities of your business - Berezha Security G...Webinar | Cybersecurity vulnerabilities of your business - Berezha Security G...
Webinar | Cybersecurity vulnerabilities of your business - Berezha Security G...
 
Information Security
Information SecurityInformation Security
Information Security
 

Destacado

CFO slide show
CFO slide showCFO slide show
CFO slide showTonja Abel
 
BCC slide show
BCC slide showBCC slide show
BCC slide showTonja Abel
 
Open Operative Treatment for Anterior Shoulder Instability | Orthopedic Surge...
Open Operative Treatment for Anterior Shoulder Instability | Orthopedic Surge...Open Operative Treatment for Anterior Shoulder Instability | Orthopedic Surge...
Open Operative Treatment for Anterior Shoulder Instability | Orthopedic Surge...Peter Millett MD
 
Steamboat photos
Steamboat photosSteamboat photos
Steamboat photosTonja Abel
 

Destacado (6)

2010 BPTW
2010 BPTW2010 BPTW
2010 BPTW
 
CFO slide show
CFO slide showCFO slide show
CFO slide show
 
BCC slide show
BCC slide showBCC slide show
BCC slide show
 
1º e.s.o. inicio curso
1º e.s.o. inicio curso1º e.s.o. inicio curso
1º e.s.o. inicio curso
 
Open Operative Treatment for Anterior Shoulder Instability | Orthopedic Surge...
Open Operative Treatment for Anterior Shoulder Instability | Orthopedic Surge...Open Operative Treatment for Anterior Shoulder Instability | Orthopedic Surge...
Open Operative Treatment for Anterior Shoulder Instability | Orthopedic Surge...
 
Steamboat photos
Steamboat photosSteamboat photos
Steamboat photos
 

Similar a Go Its 25 15

Security policy case study
Security policy case studySecurity policy case study
Security policy case studyashu6
 
What i learned at issa international summit 2019
What i learned at issa international summit 2019What i learned at issa international summit 2019
What i learned at issa international summit 2019Ulf Mattsson
 
SIEM - Activating Defense through Response by Ankur Vats
SIEM - Activating Defense through Response by Ankur VatsSIEM - Activating Defense through Response by Ankur Vats
SIEM - Activating Defense through Response by Ankur VatsOWASP Delhi
 
Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05
Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05 Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05
Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05 sucesuminas
 
SMB Network Security Checklist
SMB Network Security Checklist SMB Network Security Checklist
SMB Network Security ChecklistMobeen Khan
 
GitHub: Secure Software Development for Financial Services
GitHub: Secure Software Development for Financial ServicesGitHub: Secure Software Development for Financial Services
GitHub: Secure Software Development for Financial ServicesDebbie A. Everson
 
Information security[277]
Information security[277]Information security[277]
Information security[277]Timothy Warren
 
Cyber Security Seminar.pptx
Cyber Security Seminar.pptxCyber Security Seminar.pptx
Cyber Security Seminar.pptxDESTROYER39
 
Solvit identity is the new perimeter
Solvit identity is the new perimeterSolvit identity is the new perimeter
Solvit identity is the new perimeterS.E. CTS CERT-GOV-MD
 
AgendaIntroduction Administrative Controls Physical Contro.docx
AgendaIntroduction Administrative Controls Physical Contro.docxAgendaIntroduction Administrative Controls Physical Contro.docx
AgendaIntroduction Administrative Controls Physical Contro.docxdaniahendric
 
CYBER SECURITY ANALYST - HOW TO BECOME, JOB DEMAND AND TOP CERTIFICATIONS
CYBER SECURITY ANALYST - HOW TO BECOME, JOB DEMAND AND TOP CERTIFICATIONSCYBER SECURITY ANALYST - HOW TO BECOME, JOB DEMAND AND TOP CERTIFICATIONS
CYBER SECURITY ANALYST - HOW TO BECOME, JOB DEMAND AND TOP CERTIFICATIONSSprintzeal
 
How to Become a Cyber Security Analyst in 2021..
How to Become a Cyber Security Analyst in 2021..How to Become a Cyber Security Analyst in 2021..
How to Become a Cyber Security Analyst in 2021..Sprintzeal
 
Data Security Solutions @ISACA LV Chapter Meeting 15.05.2013 SIEM based …
Data Security Solutions @ISACA LV Chapter Meeting 15.05.2013 SIEM based …Data Security Solutions @ISACA LV Chapter Meeting 15.05.2013 SIEM based …
Data Security Solutions @ISACA LV Chapter Meeting 15.05.2013 SIEM based …Andris Soroka
 
CompTIA CySA Domain 3 Security Operations and Monitoring.pptx
CompTIA CySA Domain 3 Security Operations and Monitoring.pptxCompTIA CySA Domain 3 Security Operations and Monitoring.pptx
CompTIA CySA Domain 3 Security Operations and Monitoring.pptxInfosectrain3
 
2008: Web Application Security Tutorial
2008: Web Application Security Tutorial2008: Web Application Security Tutorial
2008: Web Application Security TutorialNeil Matatall
 
Latest Cybersecurity Trends
Latest Cybersecurity TrendsLatest Cybersecurity Trends
Latest Cybersecurity TrendsIRJET Journal
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
API Security: the full story
API Security: the full storyAPI Security: the full story
API Security: the full story42Crunch
 
Security solutions for a smarter planet
Security solutions for a smarter planetSecurity solutions for a smarter planet
Security solutions for a smarter planetVincent Kwon
 
CCI2018 - La "moderna" Sicurezza informatica & Microsoft
CCI2018 - La "moderna" Sicurezza informatica & MicrosoftCCI2018 - La "moderna" Sicurezza informatica & Microsoft
CCI2018 - La "moderna" Sicurezza informatica & Microsoftwalk2talk srl
 

Similar a Go Its 25 15 (20)

Security policy case study
Security policy case studySecurity policy case study
Security policy case study
 
What i learned at issa international summit 2019
What i learned at issa international summit 2019What i learned at issa international summit 2019
What i learned at issa international summit 2019
 
SIEM - Activating Defense through Response by Ankur Vats
SIEM - Activating Defense through Response by Ankur VatsSIEM - Activating Defense through Response by Ankur Vats
SIEM - Activating Defense through Response by Ankur Vats
 
Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05
Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05 Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05
Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05
 
SMB Network Security Checklist
SMB Network Security Checklist SMB Network Security Checklist
SMB Network Security Checklist
 
GitHub: Secure Software Development for Financial Services
GitHub: Secure Software Development for Financial ServicesGitHub: Secure Software Development for Financial Services
GitHub: Secure Software Development for Financial Services
 
Information security[277]
Information security[277]Information security[277]
Information security[277]
 
Cyber Security Seminar.pptx
Cyber Security Seminar.pptxCyber Security Seminar.pptx
Cyber Security Seminar.pptx
 
Solvit identity is the new perimeter
Solvit identity is the new perimeterSolvit identity is the new perimeter
Solvit identity is the new perimeter
 
AgendaIntroduction Administrative Controls Physical Contro.docx
AgendaIntroduction Administrative Controls Physical Contro.docxAgendaIntroduction Administrative Controls Physical Contro.docx
AgendaIntroduction Administrative Controls Physical Contro.docx
 
CYBER SECURITY ANALYST - HOW TO BECOME, JOB DEMAND AND TOP CERTIFICATIONS
CYBER SECURITY ANALYST - HOW TO BECOME, JOB DEMAND AND TOP CERTIFICATIONSCYBER SECURITY ANALYST - HOW TO BECOME, JOB DEMAND AND TOP CERTIFICATIONS
CYBER SECURITY ANALYST - HOW TO BECOME, JOB DEMAND AND TOP CERTIFICATIONS
 
How to Become a Cyber Security Analyst in 2021..
How to Become a Cyber Security Analyst in 2021..How to Become a Cyber Security Analyst in 2021..
How to Become a Cyber Security Analyst in 2021..
 
Data Security Solutions @ISACA LV Chapter Meeting 15.05.2013 SIEM based …
Data Security Solutions @ISACA LV Chapter Meeting 15.05.2013 SIEM based …Data Security Solutions @ISACA LV Chapter Meeting 15.05.2013 SIEM based …
Data Security Solutions @ISACA LV Chapter Meeting 15.05.2013 SIEM based …
 
CompTIA CySA Domain 3 Security Operations and Monitoring.pptx
CompTIA CySA Domain 3 Security Operations and Monitoring.pptxCompTIA CySA Domain 3 Security Operations and Monitoring.pptx
CompTIA CySA Domain 3 Security Operations and Monitoring.pptx
 
2008: Web Application Security Tutorial
2008: Web Application Security Tutorial2008: Web Application Security Tutorial
2008: Web Application Security Tutorial
 
Latest Cybersecurity Trends
Latest Cybersecurity TrendsLatest Cybersecurity Trends
Latest Cybersecurity Trends
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
API Security: the full story
API Security: the full storyAPI Security: the full story
API Security: the full story
 
Security solutions for a smarter planet
Security solutions for a smarter planetSecurity solutions for a smarter planet
Security solutions for a smarter planet
 
CCI2018 - La "moderna" Sicurezza informatica & Microsoft
CCI2018 - La "moderna" Sicurezza informatica & MicrosoftCCI2018 - La "moderna" Sicurezza informatica & Microsoft
CCI2018 - La "moderna" Sicurezza informatica & Microsoft
 

Go Its 25 15

  • 1. Sergey Grigorenko CISSP CISA CISM September 2009 PRRESENTATION
  • 2.
  • 3.
  • 4.
  • 5. Security Architecture OVERVIEW Sergey Grigorenko CISSP CISA CISM September 2009 Business requirements Regulatory requirements A N A L Y S I S * POLICIES * ** STANDARDS ** *** PROCEDURES AND GUIDELINES *** Administrative Controls MONITOR, REPORT AND IMPROVE GO-ITS 25.15 Technical Controls Firewalls Intrusion detection prevention Access control System Hardening Physical Controls Guards CCTV Lockers Alarm systems
  • 6. OVERVIEW Sergey Grigorenko CISSP CISA CISM September 2009 The cost of data loss for 2008: $50.00 - $200.00 per a record – 215 million records lost since January 2008 = $11 to $430 Billion – $6.3 million per company incident. /Gartner/
  • 7. OVERVIEW Sergey Grigorenko CISSP CISA CISM September 2009 The objective of GO-ITS 25.15 Standard is to ensure that the management and use of passwords to access Government of Ontario information and information technology is effective, and assists in the mitigation of unacceptable risks to those resources. “ Security Requirements for Password Management and Use” Standard number 25.15 has been created by Information Technology Standards Council ( ITSC ) to sets out security requirements for password management and use.
  • 8.
  • 9. Threats Against Passwords Sergey Grigorenko CISSP CISA CISM September 2009 In order to protect users and organization from a password attack, we have to understand of the various threats and tactics
  • 10.
  • 11.
  • 12.
  • 13.
  • 14. September 2009 Sergey Grigorenko INFO@SERGRI.NET September 2009 QUESTIONS? References: NIST Special Publication 800-118 Guide to Enterprise Password Management Government of Ontario IT Standard (GO-ITS) 25.15 (V.1.3)