The internet has revolutionized how we do business, but being constantly connected brings an increased risk of theft, fraud, and abuse. As an individual, cyber-attacks can compromise your finances, identity, and privacy, while companies and even whole countries face threats to critical infrastructure. Since our way of life depends on digital technology, cybersecurity is rapidly becoming a top priority.
‘. 'l, '.‘. r:. '.
by Nathaniel Forbes
Thursday, 21 May 2015
Nathaniel Forbes Handout
”Cyber”: http: //bit. |y/1 EW3g6U The Bizarre Evolution of the Word ”C}/ be/ '
Rootkit: http: //www. webopedia. com/ TERM/ R/rootkit. htmI Stuxnet installed a rootkit ﬁrst to hide the
installation of its components.
Zero day vulnerability: http: //bit. |y/1 | wc3fg Stuxnet exploited multiple zero-day vulnerabilities in
Certiﬁcate Authorities (CA): http: //bit. |y/1bmpD7u Stuxnet used legitimate certiﬁcates stolen from
two Certiﬁcate Authorities in Taiwan.
Advanced Persistent Threat (APT): http: //bit. ly/7lOFI3y Stuxnet was an (eye—popping) APT.
Password entropy: http: //bit. |y/1 IhdYFM A calculated estimate of the difﬁculty of guessing a
password, expressed as ”bits” of entropy. More bits means more difﬁcult. Link includes
recommendations for creating passwords.
Cyber-Risk Oversight Handbook, National Association of Corporate Directors (NACD):
http: //bit. ly/1EQD4XW 30 pages, including sample questions and risk dashboard
Cost of Data Breach 2014 Study (Australia): http: //ibm. co/1F6e|5a AUD $145 per record, AUD $2.8
million per breach
Framework for Improving Critical Infrastructure Cyber Security, National Institute of Standards &
Technology (USA), February 2014 http: //1.usa. gov/1JGswzc
Prioritizing Information Security Risks with Threat Agent Risk Assessment (TA RA), Intel Corp. ,
January 2010 http: //inte| .|y/1E2vE0v
Cybersecurity Initiative sample audit questions, Securities & Exchange Commission (USA) Ofﬁce of
Compliance Inspections & Examinations (OCIE), April 2014, http: //bit. |y/1JGv0gU
Expert tips to address third party security risks: http: //www. net—security. org/ secwor| d.php? id=1 8052
10 suggestions from CxOs of large companies
Guide to Industrial Control Systems (ICS) Security, National Institute of Standards &Technology (USA),
February 2015 http: //1.usa. gov/1HYXujV
Book: Countdown to Zero Day: Stuxnet and the Launch of the Worldt First Digital Weapon, by Kim
Zetter Amazon link http: //amzn. to/1Q80UUi
Article: How Digital Detectives Deciphered Stuxnet, the Most Menacing Malware in History, WIRED
magazine, July 2011 http: //wrd. cm/1E2aeQT
www. ca| amitrevention. com
Contact: chris. tanca| amit. com. s