The Human Element of Cybersecurity · 2018-09-05 · The Human Element of Cybersecurity Chris...

The Human Element of CybersecurityChr i s Wlasch in

Vice President, Systems Security

Election Systems & Software Better Elections, Every day

The Threat

Agenda• Basic cyber-hygiene

• At home and at work

• Passwords

• Phishing

• Social engineering

• Resources

• Q&A

Simple Social Engineering Trick

Basic Cyber-HygieneS imp le T ips & Tr i cks

At Home and at Work

Passwords

123456

Passwords

123456

I can’t be bothered to take even the most basic step to protect my personal information. Seriously, just go ahead and take it.

Passwords

password

Passwords

password

I failed to understand the question.

Passwords

12345678

Passwords

12345678

I tried “123456,” but the computer said I had to use at least eight characters.

Passwords

Cal!m3I$Ma3l

Call me Ishmael

Passwords

Pass phrases, 4 words together

Hu$krT3am!sGr8

$he!0vesMeN0t

I$thi$GuyD0n3?

Passwords

Password Organizer Video

PhishingPhishing is a social engineering technique

where cyber attackers attempt to fool you

into taking an action in response to an

email.

Social EngineeringThe art of manipulating, influencing or

deceiving you to get you to take some

action that isn’t in your own best interest or

in the best interest of your organization.

Spear PhishingSpear phishing describes a type of phishing

attack that targets specific victims, so instead of

sending out an email to millions of email

addresses, cyber attackers send out a very small

number of crafted emails to very specific

individuals, usually all at the same organization.

SQL InjectionA way for attackers to read and/or

alter the contents of a user’s

database by manipulating forms that

are publicly available or exposed.

Denial of

Service Attacks

Prevent legitimate users from accessing

information (e.g. databases, websites) or

services by disrupting access.

Man in the Middle

(MTM) Attacks When attackers insert themselves

between two or more parties and

gain access to any information in

transit between those parties.

Social Engineering

Social Engineering Video

Levels of Security

Physical ControlsRestricted access to equipment, locks and seals

System HardeningLimiting potential attack surfaces by locking systems down

User AuthenticationPassword protection and least privilege access

EncryptionUsing secret keys to prevent data access / manipulation

Data Integrity ValidationDigital signature and hash checks to ensure data integrity

Audit Logs & TrailsSystem logs, chain of custody documents and audits of

results

Levels of Security

$4 BILL IONS

$9 BILL IONS

$900,000

$6 BILL IONS

Physical Controls

System Hardening

User Authentication

EncryptionData Integrity Validation

ES&S Voting System

Security Overview

Hash Validations

Digital Signatures

Encryption Keys

Certified USB Media

User Access Control

Unofficial Results

Results Media

Unofficial (Election Night)

Results

Secure

Connection

Firewall

Electionware (EMS)

Resources

https://www.stopthinkconnect.org/

Center for Internet Security

Q&AMake a Password

Thanks for listening!

chris.wlaschin@essvote.com

The Human Element of Cybersecurity · 2018-09-05 · The Human Element of Cybersecurity Chris...

Documents

Cisco CyberSecurity Institute › c › dam › m › de_ch › cybersecurity... · Cisco CyberSecurity Institute Cisco CyberSecurity Institute Förderung der Cybersicherheitsexperten/-innen

SAFETY, RISK AND COMPLIANCE CYBERSECURITY TRAINING …€¦ · SAFETY, RISK AND COMPLIANCE CYBERSECURITY TRAINING SOLUTIONS Addressing the Human Element in Your Cyber Program Cyber

Assessing Cybersecurity Risk - IIA Assessing... · GTAG / Assessing Cybersecurity Risk Key Risks and Threats Related to Cybersecurity Cybersecurity is relevant to the systems that

Cybersecurity Domains: What Comprises a …02f9c3b.netsolhost.com/blog1/wp-content/uploads/Cybersecurity...Cybersecurity Domains: What Comprises a Cybersecurity Suite? ... Tools, Hardware

CYBERSECURITY · 2020. 8. 31. · insights into the challenges of cybersecurity and considers possible solutions. Cybersecurity, a moving target Today, cybersecurity risks are increasing

The Human Element of Cyber Securityaapa.files.cms-plus.com/SeminarPresentations... · 2016 ISACA, State of Cybersecurity ... IBM 2015 Cyber Security Intelligence Index 55% 28% Of

EstablishiNG thE REsEaRch FRamEwoRk coNduct oF REsEaRch ... · EstablishiNG thE REsEaRch FRamEwoRk coNduct oF ... Ford Motor Company J. b. “butch” wlaschin FHWA for ... for Quality

Butch Wlaschin P.E. Director, Office of Asset Management ... · Asset management is a strategic and systematic process of operating, maintaining, and improving physical assets, with

EstablishiNG thE REsEaRch FRamEwoRk coNduct oF …Ford Motor Company J. b. “butch” wlaschin FHWA for Federal highway administration u.s. department of transportation american association

Cybersecurity Assessment Tool//pdf/cybersecurity/FFIEC_CAT_May_2017.pdf · Technology (NIST) Cybersecurity Framework, 2. as well as industry accepted cybersecurity practices. The

Cybersecurity Industry Development · 1.000 M€ Cybersecurity local demand 2018 Cybersecurity market situation 2 54.082 79.292 2014 2018 CAGR cybersecurity (M€) 80.000 M€ Global

NATIONAL CYBERSECURITY STRATEGY III - gouvernement€¦ · NATIONAL CYBERSECURITY STRATEGY III NATIONAL CYBERSECURITY STRATEGY III MAIN STATE BODIES INVOLVED IN NATIONAL CYBERSECURITY

Cybersecurity Workforce CompetenciesIntroduction: Cybersecurity Industry Snapshot Career Opportunities in the Cybersecurity Industry Defining a Common Set of Cybersecurity Professional

CYBERSECURITY RISK DISCLOSURE AND CYBERSECURITY DISCLOSURE ... · CYBERSECURITY RISK DISCLOSURE AND CYBERSECURITY DISCLOSURE GUIDANCE ABSTRACT Cybersecurity risk disclosure has received

FHWA Update Butch Wlaschin, P.E. Director, Office of Asset Management AASHTO Highway Subcommittee on Construction 2010 Annual Meeting Burlington, Vermont

Cybersecurity as People Powered Perpetual Innovation 2 · cybersecurity and innovation. 2.5 Cybersecurity Cybersecurity is another highly misunderstood topic. People associate it

Cybersecurity Dynamics - University of Texas at San Antonioshxu/socs/hotsos-poster-cybersecurity-dynamics.… · Cybersecurity Dynamics: A Foundation for the Science of Cybersecurity

SIFMA Cybersecurity - SMALL FIRMS CYBERSECURITY GUIDANCE ... · CYBERSECURITY SMALL FIRMS CYBERSECURITY GUIDANCE ... the best practices in this guide in a risk-based, ... VULNERABILITY

Cybersecurity Awareness- Libya' 1st Cybersecurity Days Conference (CDC)

EMERGING TECHNOLOGIES IN CYBERSECURITY · EMERGING TECHNOLOGIES IN CYBERSECURITY | Randall Lewis 1 EMERGING TECHNOLOGIES IN CYBERSECURITY ... Cybersecurity and Cybersecurity Technologies