No InfoSec Staff? No Problem - Addressing Security Challenges Without Dedicated Personnel

Learn about the evolving threat landscape and challenges in information security without dedicated staff in this BSidesLV 2014 conference talk. Explore various attack vectors, including sophisticated malware, zero-day vulnerabilities, DDoS attacks, APTs, and advanced social engineering techniques. Discover the cybercriminal malware market and different types of threat actors. Gain insights into assessing risk by examining corporate IT assets, vulnerabilities, and potential impacts. Address employee security awareness, segregation of duties, acceptable use policies, mobile device usage, data backup, and compliance issues. Understand the importance of incorporating security considerations in all IT projects to mitigate risks effectively.

Intro
NO INFO SEC STAFF? NO PROBLEM.
Evolving Threat Landscape Numerous attack vectors Sophisticated malware Zero day vulnerabilities [O-dayl Denial of Service DDOS Advanced Persistent Threats APT] Advanced Social Engineering Watering holes Ransomware Cybercriminal malware market Numerous types of threat actors Sell My Soul Drivers Summary of Challenges
What information is required to assess risk? Corporate information technology assets • Information systems vulnerabilities - Probability of vulnerabilities being exploited Impact of loss resulting from exploit
Employee security awareness Segregation of duties and least privilege & Acceptable use Use of removable media Mobile device and wireless usage Data backup and retention Security track on all IT projects Compliance specific