Uploaded byinaz2
PDF, PPTX3,724 views

Why is Security Management So Hard?

This document discusses why security management is difficult by addressing several challenges: - Incidents will likely occur when malicious emails are sent to many employees due to human errors. For example, there is a 63% probability of an incident if emails are sent to 100 employees. - It is important to have proper processes for responding to incidents, including identifying compromised devices, analyzing logs and root causes, and documenting reports. - Ongoing maintenance is required as new vulnerabilities are discovered and environments change. Legacy systems also require continuous management. - Incident visibility and information sharing can be limited, making coordinated response difficult.

Embed presentation

Download as PDF, PPTX
Why is Security Management So Hard? inaz2 2016/12/09 第1回 セキュリティ共有勉強会
About me • inaz2 • https://twitter.com/inaz2 • Security engineer & Python programmer • Blog: ももいろテクノロジー • http://inaz2.hatenablog.com/ 2
Question • You are an incident responder in the company • There’s nobody who doesn’t make a mistake • Assume each employee makes a mistake with a 1% possibility • One day, the attacker sent malicious mails to 100 employees • What is the probability of one or more incidents occurring? 3
Answer 63% 4
Make it zero? • There’s nobody who doesn’t make a mistake • Even if the mistake rate goes 1% -> 0.1%, it occurs with a 9.5% probability • But if the number of mails was one, it occurs only with a 1% probability • It is important to reduce attack surfaces • Network separation also reduces the risk of severe incidents 5
Who responds to the incident? • Employee will open a malicious mail in the near future • The most important is how we handle it • How to find it? What to do with the suspicious PCs? What kind of logs are there? What is the root cause of infection? How to mitigate it? Who writes a report? • Do you throw all things away to someone? • IPA サイバーセキュリティ経営ガイドライン解説書 • http://www.ipa.go.jp/security/economics/csmgl-kaisetsusho.html 6
More issues 7
Maintenance • OK, the system is completed. Then, who supports it? • New vulnerability will be found • Network environment will be changed • The responsible person will be moved • We need to manage all of our systems continuously • Even if there are legacy systems • Security management is like a fixed cost 8
Incident invisibility • The detail of incidents is often not shared with other groups • It is difficult to let them take care of it • But it is real that someone handles incidents day by day 9
Cloud services are secure? • Yes, if all of us never make a mistake 10
Cloud services are secure? • Yes, if all of us never make a mistake 11
Secrets • We must keep other’s privacy • We shouldn’t publish found issues until it is fixed • Information disclosure is a sensitive matter • Furthermore, you may receive no acknowledgement • Requires a high sense of ethics and high stress tolerance • Like a soldier 12
Recap • It is important to think about how we handle incidents • It is not so easy to manage all of our systems continuously • Have an imagination about incidents just you don’t know 13
Reference • AWS で不正アクセスされて凄い額の請求が来ていた件 - yoyaのメモ • http://d.hatena.ne.jp/yoya/20150404/aws • 初心者がAWSでミスって不正利用されて$6,000請求、泣き そうになったお話。 - Qiita • http://qiita.com/mochizukikotaro/items/a0e98ff0063a77e7b694 • AWSアカウントに関する不正使用を整理してみた • http://www.slideshare.net/naotokatsumi/20150221-aws- accountsabuse-44977667 14
Thank you! inaz2 15

More Related Content

PDF
Can We Prevent Use-after-free Attacks?
byinaz2
 
PDF
kinko.me auf dem Webmontag Frankfurt #63 #wmfra
byEno Thierbach
 
PPT
Discourage hackers using the ecc 521 system
byGlobal Secured - Reclaim Your Privacy - Gsecc
 
PDF
HPBigData2015Predicting Cyber Security Industry-JohnPark
byJohn D. Park
 
PDF
Keeping Code Agile
byDavid Legge
 
PPTX
Why swarmg is important to getting to DONE
byJoseph Flahiff
 
PDF
The Telegraph Responsive Redesign - every roadmap is a story
bysifter3000
 
KEY
Who is Max Gladwell?
byMax Gladwell
 
Can We Prevent Use-after-free Attacks?
byinaz2
 
kinko.me auf dem Webmontag Frankfurt #63 #wmfra
byEno Thierbach
 
Discourage hackers using the ecc 521 system
byGlobal Secured - Reclaim Your Privacy - Gsecc
 
HPBigData2015Predicting Cyber Security Industry-JohnPark
byJohn D. Park
 
Keeping Code Agile
byDavid Legge
 
Why swarmg is important to getting to DONE
byJoseph Flahiff
 
The Telegraph Responsive Redesign - every roadmap is a story
bysifter3000
 
Who is Max Gladwell?
byMax Gladwell
 

Similar to Why is Security Management So Hard?

PDF
Ch5-Incident Response Management.pdfncident Response Management.
bySuhail Qadir Mir
 
PPTX
chapter on Incident Response Management.
bySuhail Qadir Mir
 
PPTX
Security Policies & Incident Risk in cyber security
bytulmuntahasidra082
 
PPT
11-Incident Response, Risk Management Sample Question and Answer-24-06-2023.ppt
byabhichowdary16
 
PDF
Information Security Incident Management.pdf
byGoldenMIT
 
PPTX
Chapter 11: Information Security Incident Management
byNada G.Youssef
 
PPTX
Incident Response Security
byssuser30902e
 
PDF
Irm 5-malicious networkbehaviour
byKasper de Waard
 
DOC
Importance Of Structured Incident Response Process
byAnton Chuvakin
 
PPTX
Information Security Management in an organization
byShahzadaQamarHussain1
 
PPTX
Cyber Incident Response - When it happens, will you be ready?
byDan Michaluk
 
PDF
Hiroshima University Information Security & Compliance 2017
byimc-isec-comp
 
PPTX
111.pptx
byJESUNPK
 
PPTX
You Will Be Breached
byMike Saunders
 
PDF
Hiroshima University Information Security & Compliance 2018
byimc-isec-comp
 
PDF
Hiroshima University Information Security & Compliance 2018
byimc-isec-comp
 
PDF
Hiroshima University Information Security & Compliance 2018
byimc-isec-comp
 
PDF
Irm 12-insiderabuse
byKasper de Waard
 
PPTX
War Stories - From The Front Lines Of InfoSec!
byStu Hirst
 
PDF
AWS re:Inforce 2021 re:Cap 1
byHayato Kiriyama
 
Ch5-Incident Response Management.pdfncident Response Management.
bySuhail Qadir Mir
 
chapter on Incident Response Management.
bySuhail Qadir Mir
 
Security Policies & Incident Risk in cyber security
bytulmuntahasidra082
 
11-Incident Response, Risk Management Sample Question and Answer-24-06-2023.ppt
byabhichowdary16
 
Information Security Incident Management.pdf
byGoldenMIT
 
Chapter 11: Information Security Incident Management
byNada G.Youssef
 
Incident Response Security
byssuser30902e
 
Irm 5-malicious networkbehaviour
byKasper de Waard
 
Importance Of Structured Incident Response Process
byAnton Chuvakin
 
Information Security Management in an organization
byShahzadaQamarHussain1
 
Cyber Incident Response - When it happens, will you be ready?
byDan Michaluk
 
Hiroshima University Information Security & Compliance 2017
byimc-isec-comp
 
111.pptx
byJESUNPK
 
You Will Be Breached
byMike Saunders
 
Hiroshima University Information Security & Compliance 2018
byimc-isec-comp
 
Hiroshima University Information Security & Compliance 2018
byimc-isec-comp
 
Hiroshima University Information Security & Compliance 2018
byimc-isec-comp
 
Irm 12-insiderabuse
byKasper de Waard
 
War Stories - From The Front Lines Of InfoSec!
byStu Hirst
 
AWS re:Inforce 2021 re:Cap 1
byHayato Kiriyama
 

More from inaz2

PDF
WinDbg Primer
byinaz2
 
PDF
Abusing Interrupts for Reliable Windows Kernel Exploitation (en)
byinaz2
 
PDF
Making a Proxy for Fun and Profit
byinaz2
 
PDF
ROP Illmatic: Exploring Universal ROP on glibc x86-64 (ja)
byinaz2
 
PDF
Sniffing BitTorrent DHT ~人はBTで何を落とすのか~
byinaz2
 
PDF
Abusing Interrupts for Reliable Windows Kernel Exploitation (ja)
byinaz2
 
PDF
Protecting Passwords
byinaz2
 
PDF
CRYPT+YOU, UNDERSTAND TODAY!
byinaz2
 
PDF
Self Introduction & The Story that I Tried to Make Sayonara ROP Chain in Linux
byinaz2
 
PDF
proxy2: HTTPS pins and needles
byinaz2
 
PDF
HTTPプロクシライブラリproxy2の設計と実装
byinaz2
 
PDF
How to apt-get from the internal network: remote sshd with kneesocks
byinaz2
 
WinDbg Primer
byinaz2
 
Abusing Interrupts for Reliable Windows Kernel Exploitation (en)
byinaz2
 
Making a Proxy for Fun and Profit
byinaz2
 
ROP Illmatic: Exploring Universal ROP on glibc x86-64 (ja)
byinaz2
 
Sniffing BitTorrent DHT ~人はBTで何を落とすのか~
byinaz2
 
Abusing Interrupts for Reliable Windows Kernel Exploitation (ja)
byinaz2
 
Protecting Passwords
byinaz2
 
CRYPT+YOU, UNDERSTAND TODAY!
byinaz2
 
Self Introduction & The Story that I Tried to Make Sayonara ROP Chain in Linux
byinaz2
 
proxy2: HTTPS pins and needles
byinaz2
 
HTTPプロクシライブラリproxy2の設計と実装
byinaz2
 
How to apt-get from the internal network: remote sshd with kneesocks
byinaz2
 

Recently uploaded

PDF
Goldman Sachs Asset Management Investment Outlook 2026
byshubham490975
 
PDF
EY - Parthenon US Consumer Sentiment Survey 2025
byswastik121049
 
PDF
QuantumBlack AI by McKinsey: The State of AI in 2025
bymedia887923
 
PDF
BCG (Centre for Growth):- The Next Act: A Vision for the UK’s Creative Future...
bymedia887923
 
PDF
Bain Global Healthcare Private Equity Report 2026
bymedia887923
 
PDF
Bain The Visionary CEO’s Guide to Sustainability 2025
bymedia887923
 
PDF
Goldman Sachs Third Quarter 2025 Earnings Results Presentation
byshubham490975
 
PPTX
Ethiopian soil types , degradation and conservation
byMahlet
 
PDF
BCG Executive Perspectives Unlocking Impact from Agentic AI in Customer Servi...
bymedia887923
 
PDF
PPT on base erosion and profit shifting BEPS
byAshishGoel84035
 
PDF
11Easy Ways to Buy Old Gmail Accounts the Smart ....pdf
byBusiness
 
PDF
McKinsey Global Materials Perspective 2025
bymedia887923
 
PDF
Pass Databricks Machine Learning Professional with new exam dumps 2026
byMinniePfeiffer
 
PDF
Buy Verified Cash App Account for 24_7 Reliable Money Transfers.pdf
bypvaisback.com Self-Employed Digital Marketing
 
PDF
Product Research Example Example Process.pdf
byJohnCarloValencia4
 
PPTX
routines-quiz-fun-activities-games-games_82232.pptx
byHankaIzkov
 
PPTX
pedi presentation on testicular torsion.pptx
byJunnunsaikhbinasad
 
PDF
Professional Ethics in the Light of Right Understanding.pdf
byshreyasahu75600
 
DOCX
Top Trusted Marketplaces for Buying Old Facebook Accounts.docx
byBuy old Facebook Accounts
 
DOCX
Why Buy Old Gmail Accounts for Small Business in the USA (2026).docx
byhttps://itshopusa.com/
 
Goldman Sachs Asset Management Investment Outlook 2026
byshubham490975
 
EY - Parthenon US Consumer Sentiment Survey 2025
byswastik121049
 
QuantumBlack AI by McKinsey: The State of AI in 2025
bymedia887923
 
BCG (Centre for Growth):- The Next Act: A Vision for the UK’s Creative Future...
bymedia887923
 
Bain Global Healthcare Private Equity Report 2026
bymedia887923
 
Bain The Visionary CEO’s Guide to Sustainability 2025
bymedia887923
 
Goldman Sachs Third Quarter 2025 Earnings Results Presentation
byshubham490975
 
Ethiopian soil types , degradation and conservation
byMahlet
 
BCG Executive Perspectives Unlocking Impact from Agentic AI in Customer Servi...
bymedia887923
 
PPT on base erosion and profit shifting BEPS
byAshishGoel84035
 
11Easy Ways to Buy Old Gmail Accounts the Smart ....pdf
byBusiness
 
McKinsey Global Materials Perspective 2025
bymedia887923
 
Pass Databricks Machine Learning Professional with new exam dumps 2026
byMinniePfeiffer
 
Buy Verified Cash App Account for 24_7 Reliable Money Transfers.pdf
bypvaisback.com Self-Employed Digital Marketing
 
Product Research Example Example Process.pdf
byJohnCarloValencia4
 
routines-quiz-fun-activities-games-games_82232.pptx
byHankaIzkov
 
pedi presentation on testicular torsion.pptx
byJunnunsaikhbinasad
 
Professional Ethics in the Light of Right Understanding.pdf
byshreyasahu75600
 
Top Trusted Marketplaces for Buying Old Facebook Accounts.docx
byBuy old Facebook Accounts
 
Why Buy Old Gmail Accounts for Small Business in the USA (2026).docx
byhttps://itshopusa.com/
 

Why is Security Management So Hard?

  • 1.
    Why is Security ManagementSo Hard? inaz2 2016/12/09 第1回 セキュリティ共有勉強会
  • 2.
    About me • inaz2 •https://twitter.com/inaz2 • Security engineer & Python programmer • Blog: ももいろテクノロジー • http://inaz2.hatenablog.com/ 2
  • 3.
    Question • You arean incident responder in the company • There’s nobody who doesn’t make a mistake • Assume each employee makes a mistake with a 1% possibility • One day, the attacker sent malicious mails to 100 employees • What is the probability of one or more incidents occurring? 3
  • 4.
  • 5.
    Make it zero? •There’s nobody who doesn’t make a mistake • Even if the mistake rate goes 1% -> 0.1%, it occurs with a 9.5% probability • But if the number of mails was one, it occurs only with a 1% probability • It is important to reduce attack surfaces • Network separation also reduces the risk of severe incidents 5
  • 6.
    Who responds tothe incident? • Employee will open a malicious mail in the near future • The most important is how we handle it • How to find it? What to do with the suspicious PCs? What kind of logs are there? What is the root cause of infection? How to mitigate it? Who writes a report? • Do you throw all things away to someone? • IPA サイバーセキュリティ経営ガイドライン解説書 • http://www.ipa.go.jp/security/economics/csmgl-kaisetsusho.html 6
  • 7.
  • 8.
    Maintenance • OK, thesystem is completed. Then, who supports it? • New vulnerability will be found • Network environment will be changed • The responsible person will be moved • We need to manage all of our systems continuously • Even if there are legacy systems • Security management is like a fixed cost 8
  • 9.
    Incident invisibility • Thedetail of incidents is often not shared with other groups • It is difficult to let them take care of it • But it is real that someone handles incidents day by day 9
  • 10.
    Cloud services aresecure? • Yes, if all of us never make a mistake 10
  • 11.
    Cloud services aresecure? • Yes, if all of us never make a mistake 11
  • 12.
    Secrets • We mustkeep other’s privacy • We shouldn’t publish found issues until it is fixed • Information disclosure is a sensitive matter • Furthermore, you may receive no acknowledgement • Requires a high sense of ethics and high stress tolerance • Like a soldier 12
  • 13.
    Recap • It isimportant to think about how we handle incidents • It is not so easy to manage all of our systems continuously • Have an imagination about incidents just you don’t know 13
  • 14.
    Reference • AWS で不正アクセスされて凄い額の請求が来ていた件- yoyaのメモ • http://d.hatena.ne.jp/yoya/20150404/aws • 初心者がAWSでミスって不正利用されて$6,000請求、泣き そうになったお話。 - Qiita • http://qiita.com/mochizukikotaro/items/a0e98ff0063a77e7b694 • AWSアカウントに関する不正使用を整理してみた • http://www.slideshare.net/naotokatsumi/20150221-aws- accountsabuse-44977667 14
  • 15.