360 Degrees of Vulnerability; John Verry of Pivot Point Security, Speaks at FBI's International Conference on Cyber Security 2010

John Verry, Pivot Point Security, Hamilton NJ, presents "360 Degrees of Vulnerability: How Hackers See Your People, Applications, Facilities and Systems." Drawing on real-world data breach investigations and successful attacks staged by the Pivot Point Security "Tiger Team", the presentation details how attackers, and their motives, have changed, the technological and economic changes that drive them, and the mechanisms they are likely to leverage to gain access to critical data. Beyond anecdotes, Verry goes on to present leading edge strategies to reduce information security risk.

  • Share on TwitterShare on FacebookShare on Google+Share on LinkedInEmail a friend

ICCS Presentation: 360 Degrees of Vulnerability

Quote start360 Degrees of Vulnerability: How Hackers See Your People, Applications, Facilities and SystemsQuote end

Trenton, NJ (Vocus) August 11, 2010

On August 5, 2010, John Verry, Principal Consultant at Pivot Point Security, (Hamilton NJ), was a featured speaker at the 2010 International Conference on Cyber Security, sponsored by the FBI and held at NY’s Fordham University. “360 Degrees of Vulnerability: How Hackers See Your People, Applications, Facilities and Systems” focused on real world examples of data breach investigations staged by Pivot Point Security teams over the years.

The presentation begins by defining “vulnerability”. “Most simply put,” Verry says, “a vulnerability is a weakness or insecurity.” But don’t be fooled by this simplicity, says Verry, since a single “vulnerability” has often been the root cause of most of the worst data breaches in history (“We didn’t know…”). “Knowing what you don’t know is as important as knowing what you do know,” says Verry, paraphrasing Thoreau.

Addressing the most common areas of vulnerability: Networks, Applications and Systems, Verry emphasizes that because these three areas are often considered “secure”, those in charge of them can tend to view them in a more traditional manner. Verry demonstrates how attacks have changed and how viewing these areas in myopic ways can increase vulnerabilities without increasing awareness. Then, Verry identifies lesser understood breeding grounds for vulnerabilities: People, Processes, Partners, Databases, and Facilities.

In a straightforward, yet entertaining way, Verry enumerates the types of attacks that might be generated against all these targets. Beyond entertainment, though, he concludes each section with a practical “Take-Away” – what to think about and how to change your awareness.

Lest people feel overwhelmed by the enormous challenge 360 degrees of vulnerability brings to an organization, Verry says there’s good news. He espouses leveraging open and trusted resources: most particularly, ISO 27001 and OWASP. He gives an overview of each of these frameworks and encourages participants to review both in depth on the PPS website (Is ISO 27001 Right for Your Company? and Leveraging OWASP To Reduce Web App Data Breach Risk)

View the whole ICCS presentation: “360 Degrees of Vulnerability: How Hackers See Your People, Applications, Facilities and Systems”

As Principal Consultant for Pivot Point Security, John Verry has lead hundreds of high profile security assessments across a diverse cross section of note- worthy systems in the government, telecommunications, critical infrastructure, finance, and transportation sectors over the last nine years. He is a frequent speaker on Information Assurance where he often emphasizes management's role in controlling information security risk. He writes the Risky Business blog on the PPS website and has authored numerous information assurance whitepapers, and articles, including "Hacking the Hacker". Prior to Pivot Point, John was the primary architect for Police Central where he developed highly secure criminal justice solutions for some of the US's largest law enforcement agencies.

About Pivot Point Security:
We are a boutique information assurance firm architected to provide maximum levels of independent and objective information security expertise to our varied client base. Our policy of not selling product and our absolute focus on four core practice areas; Security Assessments, Ethical Hacking, Compliance Assessments, and Security Information Event Management (SIEM) ensures that we have the highest possible levels of competence and independence. Coupling this with our "mutual benefit" centric approach has allowed us to earn the trust of our clients, many of whom we have enjoyed working with since our founding. We count amongst our satisfied client base, small family run organizations and some of the world's largest multi-nationals. Our clients span a diverse cross-section of market sectors including: Non Profits, Pharmaceuticals, Financials, Telecommunications, and Government.

###

Share on TwitterShare on FacebookShare on Google+Share on LinkedInEmail a friend
PDF Version PDF Printer Friendly VersionPrint

Contact

Past News Releases Group Rss Subscribe

Please visit our website