SlideShare a Scribd company logo

Enterprise Security and Cyber Security Cases

Hakan Yüksel
Hakan Yüksel

This document discusses cyber security and enterprise security. It provides an overview of topics like information security frameworks, security threats at different levels (e.g. physical, human, network), examples of malware and ransomware attacks, and security issues related to technologies like Intel ME, WhatsApp, Angry Birds and the darknet. The document also presents security cases, references career and certification opportunities, and discusses bug bounty programs.

Technology
1 of 34
Hizmete Özel / Restricted Enterprise Security & Cyber Security Cases Hakan YUKSEL @yukselistwit
Hizmete Özel / Restricted Agenda • Cyber Security • Enterprise Security • Information Security • Framework, Landscape, Reference Architecture • Security Threat • Cases • Career, Certification
Hizmete Özel / Restricted 3 What is Cyber With an increasing amount of people, things getting connected to Internet, the security threats that cause massive harm are increasing also. The term cyber security is used to refer to the security offered through on-line services to protect your information. cyber relating to or characteristic of the culture of computers, information technology, and virtual reality cybernetics the science of communications and automatic control systems in both machines and living things.
Hizmete Özel / Restricted 4 Information information facts provided or learned about something or someone. information assets data as processed, stored, or transmitted by information presence.
Hizmete Özel / Restricted 5 Information Security Uluslararası Bilgi Güvenliği Standardı – ISO 27001 BDDK - Bankalarda Bilgi Sistemleri Yönetiminde Esas Alınacak İlkelere İlişkin Tebliğ COBIT – Bilgi ve İlgili Teknolojiler İçin Kontrol Hedefleri Uluslararası Payment Card Industry Data Security Standard
Hizmete Özel / Restricted 6 Security Threat • Breach of confidentiality (Gizlilik) • Unauthorized reading of data • Breach of integrity (Bütünlük) • Unauthorized modification of data • Breach of availability (Kullanılabilirlik) • Unauthorized destruction of data
Hizmete Özel / Restricted 7 Security Threat • Internal • Application, Process, Hardware, People, .. • External • Attack, Theft, DDOS, Malware, .. • Natural and Physical • Earthquake, Flood, Terror, .. Internal External % 80 %20 Security is as weak as the weakest link in the chain
Hizmete Özel / Restricted 8 Security Level Security must occur at four levels to be effective: Physical Data centers, servers, connected terminals Human Avoid social engineering, phishing, dumpster diving Operating System Protection mechanisms, debugging Network Intercepted communications, interruption, DOS
Hizmete Özel / Restricted 9 Why do Hackers Hack ?
Hizmete Özel / Restricted 10 Why Hackers Hack Me ! • Same Password Usage • Drop Bank Account • Trust Relationship
Hizmete Özel / Restricted 11 Enterprise Security Framework https://www.nist.gov/sites/default/files/documents////draft-cybersecurity-framework-v1.11.pdf
Hizmete Özel / Restricted 12 Cybersecurity Landscape
Hizmete Özel / Restricted 13 Reference Architecture
Hizmete Özel / Restricted Cyber Security Investment
Hizmete Özel / Restricted 15 Attack Map
Hizmete Özel / Restricted 16 Biometric Authentication
Hizmete Özel / Restricted 17 Malware • The word "malware" comes from the term "MALicious softWARE." • Malware is any software that infects and damages a computer system without the owner's knowledge or permission.
Hizmete Özel / Restricted https://cicbuai.gdn/panel2/ Malware Analysis
Hizmete Özel / Restricted Ransomwares • A software based attack on your network with the goal of extortion. • Ransomware is typically delivered through an exploit kit or phishing attack • Code created to take advantage of an unpatched or unknown system vulnerability. Example: Windows® OS, JavaScript® or Adobe Reader® • Wanna Cry (MS17-00) • Petya
Hizmete Özel / Restricted 20 Software Security
Hizmete Özel / Restricted Software Security Most developers today test after the software is built.
Hizmete Özel / Restricted Enigma • The Enigma machine is invented by a German during World War Two. • British tried to break the German Enigma Machine. • The American, Russians, French and Germans too, think that Enigma is unbreakable.
Hizmete Özel / Restricted Stuxnet • July, 2010: Stuxnet worm was discovered attacking Siemens PCS7 S7 PLC and WIN Siemens PCS7, S7 PLC and WIN-CC systems CC systems around the world • Most sophisticated malware ever seen in public • Uses up to 6 Vulnerabilities (5 in Win and 1 in Siemens) • Its code is 500 KB • Spreads via USB Flash Memory and Network Shares • Infects SCADA Systems
Hizmete Özel / Restricted 24 WhatsApp
Hizmete Özel / Restricted 25 Angry Birds The National Security Agency has targeted popular smartphone-based social games like "Candy Crush" and "Angry Birds" to pilfer personal information, including phone numbers, e-mails and codes that identify the user's device, according to documents leaked by former NSA contractor Edward Snowden.
Hizmete Özel / Restricted 26 Intel ME Concerns over the Intel Management Engine (ME) have been ongoing for years. In May, Intel patched a critical vulnerability that dated back nine years in the company’s Active Management Technology, which is based on Intel ME. That vulnerability could allow an attacker to gain remote access to AMT services such as the keyboard, video and mouse (KVM), IDE Redirection, Serial over LAN, and BIOS setup and editing. Suspicions date back to 2012 over Intel’s implementation of Active Management Technology (AMT) with some labeling it a “backdoor enabled by default.” A reported flaw identified in June 2016
Hizmete Özel / Restricted 27 AirHopper AirHopper — Hacking Into an Isolated Computer Using FM Radio Signals The technology works by using the FM radio receiver included in some mobile phones. AirHopper is able to capture keystrokes by intercepting certain radio emissions from the monitor or display unit of the isolated computer.
Hizmete Özel / Restricted 28 Black Friday
Hizmete Özel / Restricted 29 Cases
Hizmete Özel / Restricted 30 Darknet: The Underground for the “Underground”
Hizmete Özel / Restricted 31 Cybercrime Price List
Hizmete Özel / Restricted 32 Career - Certification • Black Hat, White Hat • Pentest • Forensic • Security Information and Even Management (SIEM) • Security Administration • Audit
Hizmete Özel / Restricted Bug Bounty
Hizmete Özel / Restricted THANKS

Recommended

Cyber security
Cyber securityCyber security
Cyber security
Manjushree Mashal
 
Cyber security
Cyber securityCyber security
Cyber security
Shaibal Ahmed
 
A new way to prevent Botnet Attack
A new way to prevent Botnet AttackA new way to prevent Botnet Attack
A new way to prevent Botnet Attack
yennhi2812
 
Securing data flow to and from organizations
Securing data flow to and from organizationsSecuring data flow to and from organizations
Securing data flow to and from organizations
OPSWAT
 
Cyber security
Cyber securityCyber security
Cyber security
Sakib Sami
 
Cyber security
Cyber securityCyber security
Cyber security
colebassett
 
Cyber Security Vulnerabilities
Cyber Security VulnerabilitiesCyber Security Vulnerabilities
Cyber Security Vulnerabilities
Siemplify
 
Toward Continuous Cybersecurity with Network Automation
Toward Continuous Cybersecurity with Network AutomationToward Continuous Cybersecurity with Network Automation
Toward Continuous Cybersecurity with Network Automation
E.S.G. JR. Consulting, Inc.
 

Recommended

Cyber security
Cyber securityCyber security
Cyber security
Manjushree Mashal
 
Cyber security
Cyber securityCyber security
Cyber security
Shaibal Ahmed
 
A new way to prevent Botnet Attack
A new way to prevent Botnet AttackA new way to prevent Botnet Attack
A new way to prevent Botnet Attack
yennhi2812
 
Securing data flow to and from organizations
Securing data flow to and from organizationsSecuring data flow to and from organizations
Securing data flow to and from organizations
OPSWAT
 
Cyber security
Cyber securityCyber security
Cyber security
Sakib Sami
 
Cyber security
Cyber securityCyber security
Cyber security
colebassett
 
Cyber Security Vulnerabilities
Cyber Security VulnerabilitiesCyber Security Vulnerabilities
Cyber Security Vulnerabilities
Siemplify
 
Toward Continuous Cybersecurity with Network Automation
Toward Continuous Cybersecurity with Network AutomationToward Continuous Cybersecurity with Network Automation
Toward Continuous Cybersecurity with Network Automation
E.S.G. JR. Consulting, Inc.
 
CyberSecurity - UH IEEE Presentation 2015-04
CyberSecurity - UH IEEE Presentation 2015-04CyberSecurity - UH IEEE Presentation 2015-04
CyberSecurity - UH IEEE Presentation 2015-04
Kyle Lai
 
Cyber security 22-07-29=013
Cyber security 22-07-29=013Cyber security 22-07-29=013
Cyber security 22-07-29=013
Dr. Amitabha Yadav
 
Cyber security
Cyber securityCyber security
Cyber security
Bhavin Shah
 
cyber security
cyber securitycyber security
cyber security
abithajayavel
 
Icit analysis-identity-access-management
Icit analysis-identity-access-managementIcit analysis-identity-access-management
Icit analysis-identity-access-management
Mark Gibson
 
Cyber security
Cyber securityCyber security
Cyber security
abithajayavel
 
The future of cyber security
The future of cyber securityThe future of cyber security
The future of cyber security
Sandip Juthani
 
cyber security
cyber securitycyber security
cyber security
BasineniUdaykumar
 
SYSTEM SECURITY - Chapter 1 introduction
SYSTEM SECURITY - Chapter 1 introductionSYSTEM SECURITY - Chapter 1 introduction
SYSTEM SECURITY - Chapter 1 introduction
Afna Crcs
 
What is cyber security
What is cyber securityWhat is cyber security
What is cyber security
SAHANAHK
 
What is Cyber Security - Avantika University
What is Cyber Security - Avantika UniversityWhat is Cyber Security - Avantika University
What is Cyber Security - Avantika University
Avantika University
 
Cyber Security
Cyber Security Cyber Security
Cyber Security
Emily Clarke
 
Cyber security ppt
Cyber security pptCyber security ppt
Cyber security ppt
karanramani4
 
Security Attacks in Stand-Alone Computer and Cloud Computing: An Analysis
Security Attacks in Stand-Alone Computer and Cloud Computing: An AnalysisSecurity Attacks in Stand-Alone Computer and Cloud Computing: An Analysis
Security Attacks in Stand-Alone Computer and Cloud Computing: An Analysis
dadkhah077
 
Cyber security and demonstration of security tools
Cyber security and demonstration of security toolsCyber security and demonstration of security tools
Cyber security and demonstration of security tools
Vicky Fernandes
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
Maryam Hidayatallah CPFA,MIPA,MA,CICA
 
Hot Cyber Security Technologies
Hot Cyber Security TechnologiesHot Cyber Security Technologies
Hot Cyber Security Technologies
RuchikaSachdeva4
 
Cyber Security: Threats and Needed Actions
Cyber Security: Threats and Needed ActionsCyber Security: Threats and Needed Actions
Cyber Security: Threats and Needed Actions
John Gilligan
 
Masters in cyber security
Masters in cyber securityMasters in cyber security
Masters in cyber security
VihaanBajaj
 
Cyber Security Research Project Topics
Cyber Security Research Project TopicsCyber Security Research Project Topics
Cyber Security Research Project Topics
Matlab Simulation
 
IT Security Bedrohungen optimal abwehren_Tom Turner und Andreas Wespi
IT Security Bedrohungen optimal abwehren_Tom Turner und Andreas WespiIT Security Bedrohungen optimal abwehren_Tom Turner und Andreas Wespi
IT Security Bedrohungen optimal abwehren_Tom Turner und Andreas Wespi
IBM Switzerland
 
Cyber Security: A Hands on review
Cyber Security: A Hands on reviewCyber Security: A Hands on review
Cyber Security: A Hands on review
MiltonBiswas8
 

More Related Content

What's hot

CyberSecurity - UH IEEE Presentation 2015-04
CyberSecurity - UH IEEE Presentation 2015-04CyberSecurity - UH IEEE Presentation 2015-04
CyberSecurity - UH IEEE Presentation 2015-04
Kyle Lai
 
SYSTEM SECURITY - Chapter 1 introduction
SYSTEM SECURITY - Chapter 1 introductionSYSTEM SECURITY - Chapter 1 introduction
SYSTEM SECURITY - Chapter 1 introduction
Afna Crcs
 

What's hot (20)

CyberSecurity - UH IEEE Presentation 2015-04
CyberSecurity - UH IEEE Presentation 2015-04CyberSecurity - UH IEEE Presentation 2015-04
CyberSecurity - UH IEEE Presentation 2015-04
 
Cyber security 22-07-29=013
Cyber security 22-07-29=013Cyber security 22-07-29=013
Cyber security 22-07-29=013
 
Cyber security
Cyber securityCyber security
Cyber security
 
cyber security
cyber securitycyber security
cyber security
 
Icit analysis-identity-access-management
Icit analysis-identity-access-managementIcit analysis-identity-access-management
Icit analysis-identity-access-management
 
Cyber security
Cyber securityCyber security
Cyber security
 
The future of cyber security
The future of cyber securityThe future of cyber security
The future of cyber security
 
cyber security
cyber securitycyber security
cyber security
 
SYSTEM SECURITY - Chapter 1 introduction
SYSTEM SECURITY - Chapter 1 introductionSYSTEM SECURITY - Chapter 1 introduction
SYSTEM SECURITY - Chapter 1 introduction
 
What is cyber security
What is cyber securityWhat is cyber security
What is cyber security
 
What is Cyber Security - Avantika University
What is Cyber Security - Avantika UniversityWhat is Cyber Security - Avantika University
What is Cyber Security - Avantika University
 
Cyber Security
Cyber Security Cyber Security
Cyber Security
 
Cyber security ppt
Cyber security pptCyber security ppt
Cyber security ppt
 
Security Attacks in Stand-Alone Computer and Cloud Computing: An Analysis
Security Attacks in Stand-Alone Computer and Cloud Computing: An AnalysisSecurity Attacks in Stand-Alone Computer and Cloud Computing: An Analysis
Security Attacks in Stand-Alone Computer and Cloud Computing: An Analysis
 
Cyber security and demonstration of security tools
Cyber security and demonstration of security toolsCyber security and demonstration of security tools
Cyber security and demonstration of security tools
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Hot Cyber Security Technologies
Hot Cyber Security TechnologiesHot Cyber Security Technologies
Hot Cyber Security Technologies
 
Cyber Security: Threats and Needed Actions
Cyber Security: Threats and Needed ActionsCyber Security: Threats and Needed Actions
Cyber Security: Threats and Needed Actions
 
Masters in cyber security
Masters in cyber securityMasters in cyber security
Masters in cyber security
 
Cyber Security Research Project Topics
Cyber Security Research Project TopicsCyber Security Research Project Topics
Cyber Security Research Project Topics
 

Similar to Enterprise Security and Cyber Security Cases

IT Security Bedrohungen optimal abwehren_Tom Turner und Andreas Wespi
IT Security Bedrohungen optimal abwehren_Tom Turner und Andreas WespiIT Security Bedrohungen optimal abwehren_Tom Turner und Andreas Wespi
IT Security Bedrohungen optimal abwehren_Tom Turner und Andreas Wespi
IBM Switzerland
 
Critical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh BelgiCritical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh Belgi
ClubHack
 
Avoiding data breach using security intelligence and big data to stay out of ...
Avoiding data breach using security intelligence and big data to stay out of ...Avoiding data breach using security intelligence and big data to stay out of ...
Avoiding data breach using security intelligence and big data to stay out of ...
IBM Security
 
Grapeboard - Enabling Secure Communication
Grapeboard - Enabling Secure CommunicationGrapeboard - Enabling Secure Communication
Grapeboard - Enabling Secure Communication
Hans Klos
 
Security Solution - IBM Business Connect Qatar Defend your company against cy...
Security Solution - IBM Business Connect Qatar Defend your company against cy...Security Solution - IBM Business Connect Qatar Defend your company against cy...
Security Solution - IBM Business Connect Qatar Defend your company against cy...
Dalia Reda
 

Similar to Enterprise Security and Cyber Security Cases (20)

IT Security Bedrohungen optimal abwehren_Tom Turner und Andreas Wespi
IT Security Bedrohungen optimal abwehren_Tom Turner und Andreas WespiIT Security Bedrohungen optimal abwehren_Tom Turner und Andreas Wespi
IT Security Bedrohungen optimal abwehren_Tom Turner und Andreas Wespi
 
Cyber Security: A Hands on review
Cyber Security: A Hands on reviewCyber Security: A Hands on review
Cyber Security: A Hands on review
 
Tecnologie a supporto dei controlli di sicurezza fondamentali
Tecnologie a supporto dei controlli di sicurezza fondamentaliTecnologie a supporto dei controlli di sicurezza fondamentali
Tecnologie a supporto dei controlli di sicurezza fondamentali
 
8 Top Cybersecurity Tools.pdf
8 Top Cybersecurity Tools.pdf8 Top Cybersecurity Tools.pdf
8 Top Cybersecurity Tools.pdf
 
ASMC 2017 - Martin Vliem - Security < productivity < security: syntax ...
ASMC 2017 - Martin Vliem - Security < productivity < security: syntax ...ASMC 2017 - Martin Vliem - Security < productivity < security: syntax ...
ASMC 2017 - Martin Vliem - Security < productivity < security: syntax ...
 
8 Top Cybersecurity Tools.pptx
8 Top Cybersecurity Tools.pptx8 Top Cybersecurity Tools.pptx
8 Top Cybersecurity Tools.pptx
 
Introduction to cyber security.pptx
Introduction to cyber security.pptxIntroduction to cyber security.pptx
Introduction to cyber security.pptx
 
Critical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh BelgiCritical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh Belgi
 
ITE v5.0 - Chapter 10
ITE v5.0 - Chapter 10ITE v5.0 - Chapter 10
ITE v5.0 - Chapter 10
 
Pulse 2014.mobile first.security
Pulse 2014.mobile first.securityPulse 2014.mobile first.security
Pulse 2014.mobile first.security
 
Avoiding data breach using security intelligence and big data to stay out of ...
Avoiding data breach using security intelligence and big data to stay out of ...Avoiding data breach using security intelligence and big data to stay out of ...
Avoiding data breach using security intelligence and big data to stay out of ...
 
Best practices to secure Windows10 with already included features
Best practices to secure Windows10 with already included featuresBest practices to secure Windows10 with already included features
Best practices to secure Windows10 with already included features
 
Grapeboard - Enabling Secure Communication
Grapeboard - Enabling Secure CommunicationGrapeboard - Enabling Secure Communication
Grapeboard - Enabling Secure Communication
 
Teknisen tietoturvan minimivaatimukset
Teknisen tietoturvan minimivaatimuksetTeknisen tietoturvan minimivaatimukset
Teknisen tietoturvan minimivaatimukset
 
Cyber Security PPT.pptx
Cyber Security PPT.pptxCyber Security PPT.pptx
Cyber Security PPT.pptx
 
SAE 2014 - Cyber Security: Mission Critical for the Internet of Cars
SAE 2014 - Cyber Security: Mission Critical for the Internet of CarsSAE 2014 - Cyber Security: Mission Critical for the Internet of Cars
SAE 2014 - Cyber Security: Mission Critical for the Internet of Cars
 
Spikes Security Isla Isolation
Spikes Security Isla IsolationSpikes Security Isla Isolation
Spikes Security Isla Isolation
 
Security Solution - IBM Business Connect Qatar Defend your company against cy...
Security Solution - IBM Business Connect Qatar Defend your company against cy...Security Solution - IBM Business Connect Qatar Defend your company against cy...
Security Solution - IBM Business Connect Qatar Defend your company against cy...
 
Presentation defend your company against cyber threats with security solutions
Presentation defend your company against cyber threats with security solutionsPresentation defend your company against cyber threats with security solutions
Presentation defend your company against cyber threats with security solutions
 
AGC Networks Security Solutions - Cyber-i
AGC Networks Security Solutions - Cyber-iAGC Networks Security Solutions - Cyber-i
AGC Networks Security Solutions - Cyber-i
 

More from Hakan Yüksel

TOGAFcertificate_90354
TOGAFcertificate_90354TOGAFcertificate_90354
TOGAFcertificate_90354
Hakan Yüksel
 
ITILCertificate.AXELOS
ITILCertificate.AXELOSITILCertificate.AXELOS
ITILCertificate.AXELOS
Hakan Yüksel
 
Sosyal Medya Marka Yönetimi
Sosyal Medya Marka YönetimiSosyal Medya Marka Yönetimi
Sosyal Medya Marka Yönetimi
Hakan Yüksel
 
Failover Clustering Sql Server
Failover Clustering Sql ServerFailover Clustering Sql Server
Failover Clustering Sql Server
Hakan Yüksel
 
Bulut Bilişim El Kitabı
Bulut Bilişim El KitabıBulut Bilişim El Kitabı
Bulut Bilişim El Kitabı
Hakan Yüksel
 
Dell Tarzı / Dell Way
Dell Tarzı / Dell WayDell Tarzı / Dell Way
Dell Tarzı / Dell Way
Hakan Yüksel
 
Webcast - Failover Cluster Architecture
Webcast - Failover Cluster Architecture Webcast - Failover Cluster Architecture
Webcast - Failover Cluster Architecture
Hakan Yüksel
 

More from Hakan Yüksel (11)

DevOps
DevOps DevOps
DevOps
 
PSM I
PSM IPSM I
PSM I
 
TOGAFcertificate_90354
TOGAFcertificate_90354TOGAFcertificate_90354
TOGAFcertificate_90354
 
ITILCertificate.AXELOS
ITILCertificate.AXELOSITILCertificate.AXELOS
ITILCertificate.AXELOS
 
Sosyal Medya Marka Yönetimi
Sosyal Medya Marka YönetimiSosyal Medya Marka Yönetimi
Sosyal Medya Marka Yönetimi
 
İş Sürekliliği
İş Sürekliliğiİş Sürekliliği
İş Sürekliliği
 
Failover Clustering Sql Server
Failover Clustering Sql ServerFailover Clustering Sql Server
Failover Clustering Sql Server
 
Bulut Bilişim El Kitabı
Bulut Bilişim El KitabıBulut Bilişim El Kitabı
Bulut Bilişim El Kitabı
 
Dell Tarzı / Dell Way
Dell Tarzı / Dell WayDell Tarzı / Dell Way
Dell Tarzı / Dell Way
 
Webcast - Failover Cluster Architecture
Webcast - Failover Cluster Architecture Webcast - Failover Cluster Architecture
Webcast - Failover Cluster Architecture
 
WebCast - Remote Desktop Services
WebCast - Remote Desktop ServicesWebCast - Remote Desktop Services
WebCast - Remote Desktop Services
 

Recently uploaded

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 

Recently uploaded (20)

Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
A Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source MilvusA Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source Milvus
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 

Enterprise Security and Cyber Security Cases

  • 1. Hizmete Özel / Restricted Enterprise Security & Cyber Security Cases Hakan YUKSEL @yukselistwit
  • 2. Hizmete Özel / Restricted Agenda • Cyber Security • Enterprise Security • Information Security • Framework, Landscape, Reference Architecture • Security Threat • Cases • Career, Certification
  • 3. Hizmete Özel / Restricted 3 What is Cyber With an increasing amount of people, things getting connected to Internet, the security threats that cause massive harm are increasing also. The term cyber security is used to refer to the security offered through on-line services to protect your information. cyber relating to or characteristic of the culture of computers, information technology, and virtual reality cybernetics the science of communications and automatic control systems in both machines and living things.
  • 4. Hizmete Özel / Restricted 4 Information information facts provided or learned about something or someone. information assets data as processed, stored, or transmitted by information presence.
  • 5. Hizmete Özel / Restricted 5 Information Security Uluslararası Bilgi Güvenliği Standardı – ISO 27001 BDDK - Bankalarda Bilgi Sistemleri Yönetiminde Esas Alınacak İlkelere İlişkin Tebliğ COBIT – Bilgi ve İlgili Teknolojiler İçin Kontrol Hedefleri Uluslararası Payment Card Industry Data Security Standard
  • 6. Hizmete Özel / Restricted 6 Security Threat • Breach of confidentiality (Gizlilik) • Unauthorized reading of data • Breach of integrity (Bütünlük) • Unauthorized modification of data • Breach of availability (Kullanılabilirlik) • Unauthorized destruction of data
  • 7. Hizmete Özel / Restricted 7 Security Threat • Internal • Application, Process, Hardware, People, .. • External • Attack, Theft, DDOS, Malware, .. • Natural and Physical • Earthquake, Flood, Terror, .. Internal External % 80 %20 Security is as weak as the weakest link in the chain
  • 8. Hizmete Özel / Restricted 8 Security Level Security must occur at four levels to be effective: Physical Data centers, servers, connected terminals Human Avoid social engineering, phishing, dumpster diving Operating System Protection mechanisms, debugging Network Intercepted communications, interruption, DOS
  • 9. Hizmete Özel / Restricted 9 Why do Hackers Hack ?
  • 10. Hizmete Özel / Restricted 10 Why Hackers Hack Me ! • Same Password Usage • Drop Bank Account • Trust Relationship
  • 11. Hizmete Özel / Restricted 11 Enterprise Security Framework https://www.nist.gov/sites/default/files/documents////draft-cybersecurity-framework-v1.11.pdf
  • 12. Hizmete Özel / Restricted 12 Cybersecurity Landscape
  • 13. Hizmete Özel / Restricted 13 Reference Architecture
  • 14. Hizmete Özel / Restricted Cyber Security Investment
  • 15. Hizmete Özel / Restricted 15 Attack Map
  • 16. Hizmete Özel / Restricted 16 Biometric Authentication
  • 17. Hizmete Özel / Restricted 17 Malware • The word "malware" comes from the term "MALicious softWARE." • Malware is any software that infects and damages a computer system without the owner's knowledge or permission.
  • 18. Hizmete Özel / Restricted https://cicbuai.gdn/panel2/ Malware Analysis
  • 19. Hizmete Özel / Restricted Ransomwares • A software based attack on your network with the goal of extortion. • Ransomware is typically delivered through an exploit kit or phishing attack • Code created to take advantage of an unpatched or unknown system vulnerability. Example: Windows® OS, JavaScript® or Adobe Reader® • Wanna Cry (MS17-00) • Petya
  • 20. Hizmete Özel / Restricted 20 Software Security
  • 21. Hizmete Özel / Restricted Software Security Most developers today test after the software is built.
  • 22. Hizmete Özel / Restricted Enigma • The Enigma machine is invented by a German during World War Two. • British tried to break the German Enigma Machine. • The American, Russians, French and Germans too, think that Enigma is unbreakable.
  • 23. Hizmete Özel / Restricted Stuxnet • July, 2010: Stuxnet worm was discovered attacking Siemens PCS7 S7 PLC and WIN Siemens PCS7, S7 PLC and WIN-CC systems CC systems around the world • Most sophisticated malware ever seen in public • Uses up to 6 Vulnerabilities (5 in Win and 1 in Siemens) • Its code is 500 KB • Spreads via USB Flash Memory and Network Shares • Infects SCADA Systems
  • 24. Hizmete Özel / Restricted 24 WhatsApp
  • 25. Hizmete Özel / Restricted 25 Angry Birds The National Security Agency has targeted popular smartphone-based social games like "Candy Crush" and "Angry Birds" to pilfer personal information, including phone numbers, e-mails and codes that identify the user's device, according to documents leaked by former NSA contractor Edward Snowden.
  • 26. Hizmete Özel / Restricted 26 Intel ME Concerns over the Intel Management Engine (ME) have been ongoing for years. In May, Intel patched a critical vulnerability that dated back nine years in the company’s Active Management Technology, which is based on Intel ME. That vulnerability could allow an attacker to gain remote access to AMT services such as the keyboard, video and mouse (KVM), IDE Redirection, Serial over LAN, and BIOS setup and editing. Suspicions date back to 2012 over Intel’s implementation of Active Management Technology (AMT) with some labeling it a “backdoor enabled by default.” A reported flaw identified in June 2016
  • 27. Hizmete Özel / Restricted 27 AirHopper AirHopper — Hacking Into an Isolated Computer Using FM Radio Signals The technology works by using the FM radio receiver included in some mobile phones. AirHopper is able to capture keystrokes by intercepting certain radio emissions from the monitor or display unit of the isolated computer.
  • 28. Hizmete Özel / Restricted 28 Black Friday
  • 29. Hizmete Özel / Restricted 29 Cases
  • 30. Hizmete Özel / Restricted 30 Darknet: The Underground for the “Underground”
  • 31. Hizmete Özel / Restricted 31 Cybercrime Price List
  • 32. Hizmete Özel / Restricted 32 Career - Certification • Black Hat, White Hat • Pentest • Forensic • Security Information and Even Management (SIEM) • Security Administration • Audit
  • 33. Hizmete Özel / Restricted Bug Bounty
  • 34. Hizmete Özel / Restricted THANKS

Editor's Notes

  1. insanların bilgisayarlar yoluyla haberleştikleri gözle görülüp elle tutulmayan boşluğu anlatan 
  2. Bilgi: Yazılı, basılı ya da dijital ortamda bulunan her türlü anlamlandırılmış veridir. Bilgi Varlığı: Bilginin üretilmesinde, işlenmesinde, paylaşılmasında, saklanmasında, imha edilmesinde kullanılan her türlü varlık bilgi varlığıdır.
  3. Bilgi güvenliğinin temel amacı organizasyonun maruz kalacağı olumsuz etkileri kabul edilebilir bir seviyeye çekmektir.
  4. Bilginin çalınması confidentiality Integrity, tabloların bozulması, dosya içeriğinin değiştirilmesi Availability tarafında sunmuş olduğunuz servislerin availabilitysine engel olan saldırılar var Kaynakların yetkisiz kişiler tarafından erişilmesi, kaynağın çalıması, benim internet hizmetime erişip çalıyor, botnetler benim bilgisayarımım yada modemimi kullanmakta Gizlilik: Bilginin yalnızca yetkili ve bilmesi gereken kişiler tarafından erişilebilir olması Bütünlük: Bilginin doğru ve tam olması Erişilebilirlik: Bilgiye ihtiyaç duyulan her an erişilebilmesi ve kullanıma hazır olması Threat = tehdit
  5. İç Tehditler: firmanın iş süreçlerinden, kullanılan uygulamalar ve donanımlardan, çalışanlardan kaynaklanan tehditlerdir. Örneğin; yetkisiz işlemler, uygulama ve donanım hataları, farkındalık eksiklikleri… Dış Tehditler: firmanın dışından gelen çevresel tehditlerdir. Örneğin; hırsızlıklar, saldırılar, virüs saldırıları… Doğal ve Fiziksel Tehditler: Deprem, sel, yangın, terör amaçlı saldırılar vb tehditlerdir.
  6. . Tum ortamlarda ayni sifre kullanilmasi . bamka hesaplarinin illegal kullanilmasi . sizin uzerinizden ulasilmak istenilen ksilere zararli yaz gomdermek
  7. Download an anti-malware program that also helps prevent infections. Activate Network Threat Protection, Firewall, Antivirus.
  8. İzinler • Harici diske veri yazma • İnternete erişme • Ekran kilidini devre dışı bırakma İlk zararlı Yukarıda belirtilen izinler ile şüpheli uygulamanın cihaz üzerinde elde ettiği yetkilerden bazıları aşağıda listelenmiştir. • SMS gönderme • SMS okuma • Arama yapma • İnternete erişme • Diske yazma yazılım, asıl saldırıyı gerçekleştirecek yazılımın cihaza indirilip kurulmasını sağlamaktadır.
  9. WannaCry : İngiltere’de sağlık hizmetleri sekteye uğradı Renault bazı yerlerde üretimi durdurdu (Bursa dahil) Petya : Çernobil2deki radyasonu izleyen sistemler Merck – Dünyanın en büyük ilaç şirketlerinden Maersk – Dünyanın en büyük taşımacılık şirketlerinden MS17-010 güncellemesi ile önlem alınmalıydı.
  10. 2. Dünya Savaşı’nda Naziler’in kullandığı cihaz Elektro-mekanik şifreleme ve şifre çözme cihazı İngilizler tarafından bir kopyası çalındı Çalışma mantığı çözüldükten sonra Alman mesajları deşifre edildi Naziler’in savaşı kaybetmesinde önemli bir yeri vardır
  11. 2010’da fark edildi SCADA sistemleri üzerinden İran’ın nükleer tesislerini hedef aldı Santrifüjleri parçalayarak çalışmaları sekteye uğrattı İnternete bağlı olmayan bilgisayarların hacklenebileceğine dair en önemli örneklerdendir. SANAL TEHDİT, GERÇEK RİSK örneği. SİBER SAVAŞ
  12. Citibank’ın hacklenmesi 210.000 müşteriyi etkiledi Hacker atağının ardından PlayStation networkü süresiz olarak hizmet dışı kaldı NATO olası bir veri sızması olayını araştırıyor Sony Pictures 37.000 kullanıcısının bilgilerinin Çalındığını kabul etti. Amerikan Ulusal Sağlık Servisi’nin çalınan bir laptopu milyonlarca kayıt veriyi riske attı HSBC = 2014 senesinde Türkiye’de yaşandı 2.7 milyon kredi kartı ve debit kart müşteri bilgisi çalındı Banka açıklama yaparak risk olmadığını belirtse de müşteri bilgilerinin kullanıldığından şüpheleniliyor AKBANK 2016’da Türkiye’de yaşandı Banka’nın SWIFT sistemi hacklendi Açıklanan kayıp : $10-20 Milyon Gerçek kayıp : $100-120 Milyon Yöntem : Klasik Phishing (Macro’lu Excel)