Security Congress Abstract
This session will examine common external attack vectors which can lead to an attacker gaining a foothold into the organization. These vectors include phishing, compromised common websites, and interfaces which should not be internet facing. Additionally, we’ll look at what information an attacker is likely to now have from the initial compromise, and how this information can be leveraged to access the internal network and pivot through the network. Common tools used during penetration tests, red team exercises, and malware campaigns will be demonstrated.
From there, we will discuss how utilizing a security framework such as ISO 27001 can reduce the risk and damage caused by these tactics. ISO/IEC 27001, the most comprehensive framework for organizations to effectively manage the security of their information, provides the controls to address various organizational vulnerabilities and exposures. Potential risks and their impact are documented including, whether they are accidental or malicious. While ISO/IEC 27001 offers the controls to reduce or mitigate the risks, understanding the ever-changing threat landscape, coupled with regular and random testing ensure information security compliance and effectiveness.