![Page 1: APT: The threat is real, well-funded, and coming for your data. Jesse Fernandez](https://reader035.vdocuments.site/reader035/viewer/2022070308/551bf183550346be588b661c/html5/thumbnails/1.jpg)
APT: The threat is real, well-funded, and coming for your data.Jesse Fernandez
![Page 2: APT: The threat is real, well-funded, and coming for your data. Jesse Fernandez](https://reader035.vdocuments.site/reader035/viewer/2022070308/551bf183550346be588b661c/html5/thumbnails/2.jpg)
About Me
Jesse Fernandez currently works as a Senior IS Audit Specialist in the insurance industry. In his role, Fernandez conducts complex information security audits. Recently, Fernandez worked with the PCI DSS Standards Council to develop guidance around conducting a PCI DSS risk assessment in the role of Content-Coordinator to ensure document consistency, technical soundness, and assist in the development of the table of contents. Fernandez holds the GSLC, GSEC, GCIH, CISSP, and CISA certifications and has over ten years of industry experience.
![Page 3: APT: The threat is real, well-funded, and coming for your data. Jesse Fernandez](https://reader035.vdocuments.site/reader035/viewer/2022070308/551bf183550346be588b661c/html5/thumbnails/3.jpg)
Agenda
•APT
•Favored Means of Attack
•Best Practices
![Page 4: APT: The threat is real, well-funded, and coming for your data. Jesse Fernandez](https://reader035.vdocuments.site/reader035/viewer/2022070308/551bf183550346be588b661c/html5/thumbnails/4.jpg)
Advanced Persistent Threat
(APT) • "An adversary that possesses sophisticated levels of expertise and significant resources which allow it to create opportunities to achieve its objectives by using multiple attack vectors (e.g., cyber, physical, and deception). These objectives typically include establishing and extending footholds within the information technology infrastructure of the targeted organizations for purposes of exfiltrating information, undermining or impeding critical aspects of a mission, program, or organization; or positioning itself to carry out these objectives in the future. The advanced persistent threat: (i) pursues its objectives repeatedly over an extended period of time; (ii) adapts to defenders’ efforts to resist it; and (iii) is determined to maintain the level of interaction needed to execute its objectives."
- NIST
![Page 5: APT: The threat is real, well-funded, and coming for your data. Jesse Fernandez](https://reader035.vdocuments.site/reader035/viewer/2022070308/551bf183550346be588b661c/html5/thumbnails/5.jpg)
A Serious Threat (2009)
• “Cyber threat is one of the most serious economic and national security challenges we face as a nation.”
• “America's economic prosperity in the 21st century will depend on cybersecurity.”
- Barack Obama May 29, 2009
http://www.whitehouse.gov/the_press_office/Remarks-by-the-President-on-Securing-Our-Nations-Cyber-Infrastructure
![Page 6: APT: The threat is real, well-funded, and coming for your data. Jesse Fernandez](https://reader035.vdocuments.site/reader035/viewer/2022070308/551bf183550346be588b661c/html5/thumbnails/6.jpg)
A Serious Threat (2012)
•621 confirmed breaches
•44 million records compromised
•“State-affiliated actors tied to China (accounted) for about one-fifth (125) of all breaches.”
Source - Verizon
![Page 7: APT: The threat is real, well-funded, and coming for your data. Jesse Fernandez](https://reader035.vdocuments.site/reader035/viewer/2022070308/551bf183550346be588b661c/html5/thumbnails/7.jpg)
APT1
• Mandiant released report exposing the Comment Crew (APT1) on February 19, 2013
http://intelreport.mandiant.com/
• Alleged that APT1 is a military group belonging to the People's Republic of China
• China denies the allegations
![Page 8: APT: The threat is real, well-funded, and coming for your data. Jesse Fernandez](https://reader035.vdocuments.site/reader035/viewer/2022070308/551bf183550346be588b661c/html5/thumbnails/8.jpg)
APT1
• 141 detected intrusions since 2006 across 20 industries such as Financial Services, IT, Electronics, Health Care, Manufacturing, Construction, Transportation, Food and Agriculture
• 115/141 (81%) detected intrusions were U.S. companies
![Page 9: APT: The threat is real, well-funded, and coming for your data. Jesse Fernandez](https://reader035.vdocuments.site/reader035/viewer/2022070308/551bf183550346be588b661c/html5/thumbnails/9.jpg)
APT1• "Drained terabytes of data from companies like
Coca-Cola"
• “RSA was amongst those attacked"
• "On average the group would stay inside a network, stealing data and passwords, for a year; in one case it had access for four years and 10 months."
Source – New York Times
![Page 10: APT: The threat is real, well-funded, and coming for your data. Jesse Fernandez](https://reader035.vdocuments.site/reader035/viewer/2022070308/551bf183550346be588b661c/html5/thumbnails/10.jpg)
A Serious Expense
•According to the Ponemon Institute, the cost of a malicious or criminal data breach in the United States was $277 per record during 2012 (max = 100K records)
•According to the Washington Post, the APT attack against RSA cost EMC (RSA parent company) $66 million (to investigate attack, harden systems, and work with customers).
What is your organizations’ reputation worth?
•IP?
![Page 11: APT: The threat is real, well-funded, and coming for your data. Jesse Fernandez](https://reader035.vdocuments.site/reader035/viewer/2022070308/551bf183550346be588b661c/html5/thumbnails/11.jpg)
Well-Funded
Source: Mandiant reportSource: Mandiant report
![Page 12: APT: The threat is real, well-funded, and coming for your data. Jesse Fernandez](https://reader035.vdocuments.site/reader035/viewer/2022070308/551bf183550346be588b661c/html5/thumbnails/12.jpg)
U.S. & China Talks •Meeting to discuss “the theft of intellectual property from American companies.”
•“Attacks have resulted in the greatest transfer of wealth in history.”
Source – New York Times
![Page 13: APT: The threat is real, well-funded, and coming for your data. Jesse Fernandez](https://reader035.vdocuments.site/reader035/viewer/2022070308/551bf183550346be588b661c/html5/thumbnails/13.jpg)
Recon
• Attackers perform reconnaissance activities on the targeted organization
• Once desired information is obtained, attackers attempt social engineering attacks (amongst other things)
• Only need to succeed once
![Page 14: APT: The threat is real, well-funded, and coming for your data. Jesse Fernandez](https://reader035.vdocuments.site/reader035/viewer/2022070308/551bf183550346be588b661c/html5/thumbnails/14.jpg)
For example
• We will illustrate the power of obtaining public information
![Page 15: APT: The threat is real, well-funded, and coming for your data. Jesse Fernandez](https://reader035.vdocuments.site/reader035/viewer/2022070308/551bf183550346be588b661c/html5/thumbnails/15.jpg)
What can I find?
![Page 16: APT: The threat is real, well-funded, and coming for your data. Jesse Fernandez](https://reader035.vdocuments.site/reader035/viewer/2022070308/551bf183550346be588b661c/html5/thumbnails/16.jpg)
It gets better
• Social Network Sites – Linked in, Facebook, Twitter, Google+, “insert social engineering (er social networking) site here”
![Page 17: APT: The threat is real, well-funded, and coming for your data. Jesse Fernandez](https://reader035.vdocuments.site/reader035/viewer/2022070308/551bf183550346be588b661c/html5/thumbnails/17.jpg)
Wait, there is more
• No wonder I get so much spam!
![Page 18: APT: The threat is real, well-funded, and coming for your data. Jesse Fernandez](https://reader035.vdocuments.site/reader035/viewer/2022070308/551bf183550346be588b661c/html5/thumbnails/18.jpg)
Social Engineering
“Social engineering is using deception, manipulation and influence to convince a human who has access to a computer system to do something.”
Source - Time.com
![Page 19: APT: The threat is real, well-funded, and coming for your data. Jesse Fernandez](https://reader035.vdocuments.site/reader035/viewer/2022070308/551bf183550346be588b661c/html5/thumbnails/19.jpg)
Social Engineering 2.0 – Spear Phishing
• “The practice of sending fraudulent e-mails to extract financial data from computer users for purposes of identity theft, by mimicking a sender that the recipient knows.” Source – Dictionary.com
• “Spear phishing continues to be a favored means by APT attackers to infiltrate target networks.” Source – Trend Micro
• Targeted & Effective
![Page 20: APT: The threat is real, well-funded, and coming for your data. Jesse Fernandez](https://reader035.vdocuments.site/reader035/viewer/2022070308/551bf183550346be588b661c/html5/thumbnails/20.jpg)
Spear Phishing
Source - New York Times
![Page 21: APT: The threat is real, well-funded, and coming for your data. Jesse Fernandez](https://reader035.vdocuments.site/reader035/viewer/2022070308/551bf183550346be588b661c/html5/thumbnails/21.jpg)
Spear Phishing • New York Times Hack (8/27/13)
• The Syrian Electronic Army took credit for the attack (also attacked Twitter)
• “The attackers sent an email to the New York Time’s domain name registrar, Melbourne IT”
• “Two staff members opened a fake email seeking login details.” – the staff members worked for an Indian Internet service provider that was one of Melbourne IT’s resellers
Source – NBC News
![Page 22: APT: The threat is real, well-funded, and coming for your data. Jesse Fernandez](https://reader035.vdocuments.site/reader035/viewer/2022070308/551bf183550346be588b661c/html5/thumbnails/22.jpg)
Pwn3d• Now that they tricked your user and
have compromised a system, the real fun begins
• The attacker is now inside your environment
• Your company just became a statistic
• Various avenues of attack
![Page 23: APT: The threat is real, well-funded, and coming for your data. Jesse Fernandez](https://reader035.vdocuments.site/reader035/viewer/2022070308/551bf183550346be588b661c/html5/thumbnails/23.jpg)
Don’t become a statistic
Digital weapons are expensive!
According to Forbes, zero day exploits can be sold “(you can sell a zero day exploit to) a government agency, (if you) don’t ask too many questions, and get paid a quarter of a million dollars.”
Source - Forbes
![Page 24: APT: The threat is real, well-funded, and coming for your data. Jesse Fernandez](https://reader035.vdocuments.site/reader035/viewer/2022070308/551bf183550346be588b661c/html5/thumbnails/24.jpg)
So
•Must have robust security policies
•Must identify and classify data
•Must perform a risk assessment
•Must secure your environment
![Page 25: APT: The threat is real, well-funded, and coming for your data. Jesse Fernandez](https://reader035.vdocuments.site/reader035/viewer/2022070308/551bf183550346be588b661c/html5/thumbnails/25.jpg)
Information Security Policies
• SANS has published various security policies and has given organizations the right to modify them to fit their needs
http://www.sans.org/security-resources/policies/
• Work with your legal team
• Revisit your policies periodically (as the business changes)
![Page 26: APT: The threat is real, well-funded, and coming for your data. Jesse Fernandez](https://reader035.vdocuments.site/reader035/viewer/2022070308/551bf183550346be588b661c/html5/thumbnails/26.jpg)
Information Sensitivity Policy
“The Information Sensitivity Policy is intended to help employees determine what information can be disclosed to non-employees, as well as the relative sensitivity of information that should not be disclose outside of < Company Name> without proper authorization.”
Source - SANS
![Page 27: APT: The threat is real, well-funded, and coming for your data. Jesse Fernandez](https://reader035.vdocuments.site/reader035/viewer/2022070308/551bf183550346be588b661c/html5/thumbnails/27.jpg)
Find your data
• Talk to the business, walkthrough their processes
• What/Where are your most valuable assets?
• If you don’t know where your data is, don’t worry the attackers will find it for you
![Page 28: APT: The threat is real, well-funded, and coming for your data. Jesse Fernandez](https://reader035.vdocuments.site/reader035/viewer/2022070308/551bf183550346be588b661c/html5/thumbnails/28.jpg)
Data Classification
• Classify your data
• Define data owner’s responsibility
• Protect your most critical data accordingly
• Attackers will go after your most valuable information, after all they need to make money for their efforts
![Page 29: APT: The threat is real, well-funded, and coming for your data. Jesse Fernandez](https://reader035.vdocuments.site/reader035/viewer/2022070308/551bf183550346be588b661c/html5/thumbnails/29.jpg)
Manage 3rd parties
• Do you provide any valuable information to 3rd parties?
• If so, need to ensure 3rd party protects your data
• Reputation risk
![Page 30: APT: The threat is real, well-funded, and coming for your data. Jesse Fernandez](https://reader035.vdocuments.site/reader035/viewer/2022070308/551bf183550346be588b661c/html5/thumbnails/30.jpg)
Risk Assessment
• What threats do we face?
• What can go wrong?
• Are we running vulnerable or outdated systems?
• Are our systems compliant with internal and/or regulatory requirements?
![Page 31: APT: The threat is real, well-funded, and coming for your data. Jesse Fernandez](https://reader035.vdocuments.site/reader035/viewer/2022070308/551bf183550346be588b661c/html5/thumbnails/31.jpg)
Regulatory Compliance
•Know what applies (PCI DSS, SOX, HIPAA, GLBA, etc)
•Understand the intent
•Privacy Policy (ask the lawyers about this one)
•Due care
![Page 32: APT: The threat is real, well-funded, and coming for your data. Jesse Fernandez](https://reader035.vdocuments.site/reader035/viewer/2022070308/551bf183550346be588b661c/html5/thumbnails/32.jpg)
Audit Plan•What does the audit universe look like?
•Do you currently do business in an industry known to have been a target?
•Are you in talks to acquire another company (or be acquired)?
•Be aware that laws/regulations typically lag behind technology
![Page 33: APT: The threat is real, well-funded, and coming for your data. Jesse Fernandez](https://reader035.vdocuments.site/reader035/viewer/2022070308/551bf183550346be588b661c/html5/thumbnails/33.jpg)
Laws vs. Tech
http://www.whitehouse.gov/assets/documents/Cyberspace_Policy_Review_final.pdf
![Page 34: APT: The threat is real, well-funded, and coming for your data. Jesse Fernandez](https://reader035.vdocuments.site/reader035/viewer/2022070308/551bf183550346be588b661c/html5/thumbnails/34.jpg)
Best PracticesNow that you know what assets you are trying to protect and the residual risk present in your environment, the real fun (err work) begins
Let’s explore some best practices – remember, we can’t cover all of them in one hour
![Page 35: APT: The threat is real, well-funded, and coming for your data. Jesse Fernandez](https://reader035.vdocuments.site/reader035/viewer/2022070308/551bf183550346be588b661c/html5/thumbnails/35.jpg)
Perimeter Protection
•DMZ
•Firewalls
•NIDS
•Secure coding (OWASP)
•WAF (protect vs. SQL Injection, XSS, CSRF)
![Page 36: APT: The threat is real, well-funded, and coming for your data. Jesse Fernandez](https://reader035.vdocuments.site/reader035/viewer/2022070308/551bf183550346be588b661c/html5/thumbnails/36.jpg)
Segment Network
• Understand your environment
• Follow the data
• Limit available paths
![Page 37: APT: The threat is real, well-funded, and coming for your data. Jesse Fernandez](https://reader035.vdocuments.site/reader035/viewer/2022070308/551bf183550346be588b661c/html5/thumbnails/37.jpg)
Protect Users
•Limit admin access
•Malware protection
•DLP (to prevent users from storing/transmitting your most sensitive data everywhere)
![Page 38: APT: The threat is real, well-funded, and coming for your data. Jesse Fernandez](https://reader035.vdocuments.site/reader035/viewer/2022070308/551bf183550346be588b661c/html5/thumbnails/38.jpg)
Application Whitelisting
•Feature in Windows XP, Server 2003 and above (Software Restriction Policies)
•Created with Group Policy
•Microsoft has overview and how-to guide
http://technet.microsoft.com/en-us/library/bb457006.aspx
![Page 39: APT: The threat is real, well-funded, and coming for your data. Jesse Fernandez](https://reader035.vdocuments.site/reader035/viewer/2022070308/551bf183550346be588b661c/html5/thumbnails/39.jpg)
Why Use Application Whitelisting
“Hostile code can take many forms. It can range from native Windows executables (.exe), to macros in word processing documents (.doc), to scripts (.vbs).”
“Viruses and worms often use social engineering to trick users into activating them. With the sheer number and variety of forms that code can take, it can be difficult for users to know what is safe to run and what is not. When activated, hostile code can damage content on a hard disk, flood a network with a denial-of-service attack, send confidential information out to the Internet, or compromise the security of a machine.”
Source - Microsoft
![Page 40: APT: The threat is real, well-funded, and coming for your data. Jesse Fernandez](https://reader035.vdocuments.site/reader035/viewer/2022070308/551bf183550346be588b661c/html5/thumbnails/40.jpg)
BYOD
•For employee-owned devices (BYOD), consider implementing a solution that will allow the organization to centrally manage the devices
•Ensure internal policies cover BYOD
•Educate the users on your policies prior to granting BYOD access to corporate data
![Page 41: APT: The threat is real, well-funded, and coming for your data. Jesse Fernandez](https://reader035.vdocuments.site/reader035/viewer/2022070308/551bf183550346be588b661c/html5/thumbnails/41.jpg)
Protect Data
• Encrypt
• Segment
• Limit authorized access (need-to-know)
![Page 42: APT: The threat is real, well-funded, and coming for your data. Jesse Fernandez](https://reader035.vdocuments.site/reader035/viewer/2022070308/551bf183550346be588b661c/html5/thumbnails/42.jpg)
Access Controls
• Weak passwords can be cracked
• Have more stringent requirements for administrators
• Two-factor authentication
![Page 43: APT: The threat is real, well-funded, and coming for your data. Jesse Fernandez](https://reader035.vdocuments.site/reader035/viewer/2022070308/551bf183550346be588b661c/html5/thumbnails/43.jpg)
Physical Security
•Ensure employees can differentiate employees from non-employees
•Ensure data center has access restrictions
•Ensure internal procedures are followed
![Page 44: APT: The threat is real, well-funded, and coming for your data. Jesse Fernandez](https://reader035.vdocuments.site/reader035/viewer/2022070308/551bf183550346be588b661c/html5/thumbnails/44.jpg)
Harden Systems
• Use industry accepted standards such as those published by the Center for Internet Security (CIS)
• Understand application requirements
• Remove unnecessary components
![Page 45: APT: The threat is real, well-funded, and coming for your data. Jesse Fernandez](https://reader035.vdocuments.site/reader035/viewer/2022070308/551bf183550346be588b661c/html5/thumbnails/45.jpg)
Maintain Systems
• Patch management and/or system upgrades
• Run only supported versions
• EOL
![Page 46: APT: The threat is real, well-funded, and coming for your data. Jesse Fernandez](https://reader035.vdocuments.site/reader035/viewer/2022070308/551bf183550346be588b661c/html5/thumbnails/46.jpg)
Identify Vulnerabilities
• Review the results of vulnerability scans
• Ensure high risk vulnerabilities are resolved in a timely manner
• Monitor remediation efforts, make this part of your audit plan
![Page 47: APT: The threat is real, well-funded, and coming for your data. Jesse Fernandez](https://reader035.vdocuments.site/reader035/viewer/2022070308/551bf183550346be588b661c/html5/thumbnails/47.jpg)
Pen Testing
• Consider having an internal team conduct pen testing to identify the low hanging fruit (then bring in the pros)
• Learn the fundamentals
• Tools are your friend
![Page 48: APT: The threat is real, well-funded, and coming for your data. Jesse Fernandez](https://reader035.vdocuments.site/reader035/viewer/2022070308/551bf183550346be588b661c/html5/thumbnails/48.jpg)
Pen Testing
•Ensure a reputable team conducts pen testing in your environment periodically
•Did your intrusion analyst team detect the pen test?
•Monitor remediation efforts, make this part of your audit plan
![Page 49: APT: The threat is real, well-funded, and coming for your data. Jesse Fernandez](https://reader035.vdocuments.site/reader035/viewer/2022070308/551bf183550346be588b661c/html5/thumbnails/49.jpg)
Change Control •System Baseline
•Ensure all changes made to systems and/or applications are documented, validated, and can be tracked
•Ensure unauthorized changes are detected
![Page 50: APT: The threat is real, well-funded, and coming for your data. Jesse Fernandez](https://reader035.vdocuments.site/reader035/viewer/2022070308/551bf183550346be588b661c/html5/thumbnails/50.jpg)
Intrusion Detection• What would happen in your organization if
executive management learned that the network has been compromised for a year or more?
• Prevention is great, but you must detect
• Incident response
• Make this part of your audit plan
![Page 51: APT: The threat is real, well-funded, and coming for your data. Jesse Fernandez](https://reader035.vdocuments.site/reader035/viewer/2022070308/551bf183550346be588b661c/html5/thumbnails/51.jpg)
Real World Example
Source - Mandiant report
![Page 52: APT: The threat is real, well-funded, and coming for your data. Jesse Fernandez](https://reader035.vdocuments.site/reader035/viewer/2022070308/551bf183550346be588b661c/html5/thumbnails/52.jpg)
What we could do
http://www.filext.com
![Page 53: APT: The threat is real, well-funded, and coming for your data. Jesse Fernandez](https://reader035.vdocuments.site/reader035/viewer/2022070308/551bf183550346be588b661c/html5/thumbnails/53.jpg)
We don’t have/can’t …
•Remember, segmentation is your friend
•Looking for abnormal traffic
•Need correct placement of sensors and plenty of skilled analysts to have a chance
![Page 54: APT: The threat is real, well-funded, and coming for your data. Jesse Fernandez](https://reader035.vdocuments.site/reader035/viewer/2022070308/551bf183550346be588b661c/html5/thumbnails/54.jpg)
User Education
• Help defend against social engineering attacks – making the attacks less effective
• Eliminates confusion - let users know what they are responsible for
• Review materials to ensure they are based on the risk your organization faces, make this part of your audit plan
![Page 55: APT: The threat is real, well-funded, and coming for your data. Jesse Fernandez](https://reader035.vdocuments.site/reader035/viewer/2022070308/551bf183550346be588b661c/html5/thumbnails/55.jpg)
Combat Social Engineering
• Do internal testing
• Be consistent
• Review metrics, make this part of your audit plan
![Page 56: APT: The threat is real, well-funded, and coming for your data. Jesse Fernandez](https://reader035.vdocuments.site/reader035/viewer/2022070308/551bf183550346be588b661c/html5/thumbnails/56.jpg)
Rehearsal
•Practice, Practice, Practice
•Don’t be afraid of playing with technology
•Attackers are getting better – we need to get better too
![Page 57: APT: The threat is real, well-funded, and coming for your data. Jesse Fernandez](https://reader035.vdocuments.site/reader035/viewer/2022070308/551bf183550346be588b661c/html5/thumbnails/57.jpg)
Conclusion
• Practice due care
• Secure your environment so that attackers need to utilize its costly digital weapons to succeed
• In the event of a successful attack, must detect and control the damage (incident response)
![Page 58: APT: The threat is real, well-funded, and coming for your data. Jesse Fernandez](https://reader035.vdocuments.site/reader035/viewer/2022070308/551bf183550346be588b661c/html5/thumbnails/58.jpg)
Resources
•http://www.whitehouse.gov/the_press_office/Remarks-by-the-President-on-Securing-Our-Nations-Cyber-Infrastructure
•http://intelreport.mandiant.com/
•http://www.nytimes.com/2013/02/19/technology/chinas-army-is-seen-as-tied-to-hacking-against-us.html?pagewanted=all&_r=0
•http://www.time.com/time/magazine/article/0,9171,2089344,00.html#ixzz2NFNfIKT6
![Page 59: APT: The threat is real, well-funded, and coming for your data. Jesse Fernandez](https://reader035.vdocuments.site/reader035/viewer/2022070308/551bf183550346be588b661c/html5/thumbnails/59.jpg)
Resources
•http://www.forbes.com/sites/andygreenberg/2012/03/23/shopping-for-zero-days-an-price-list-for-hackers-secret-software-exploits/
•http://dictionary.reference.com/
•http://www.sans.org/security-resources/policies/
•http://www.verizonenterprise.com/DBIR/2013/
![Page 60: APT: The threat is real, well-funded, and coming for your data. Jesse Fernandez](https://reader035.vdocuments.site/reader035/viewer/2022070308/551bf183550346be588b661c/html5/thumbnails/60.jpg)
Resources
•http://www.sans.org/security-resources/policies/Information_Sensitivity_Policy.pdf
•http://www.cisecurity.org/
•https://www.owasp.org/index.php/Main_Page
•http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-spear-phishing-email-most-favored-apt-attack-bait.pdf
![Page 61: APT: The threat is real, well-funded, and coming for your data. Jesse Fernandez](https://reader035.vdocuments.site/reader035/viewer/2022070308/551bf183550346be588b661c/html5/thumbnails/61.jpg)
Resources
•http://www.whitehouse.gov/assets/documents/Cyberspace_Policy_Review_final.pdf
•http://filext.com/file-extension/RAR
•http://www.nytimes.com/2008/04/16/technology/16whale.html
•http://www.theiia.org/guidance/standards-and-guidance/ippf/definition-of-internal-auditing
![Page 62: APT: The threat is real, well-funded, and coming for your data. Jesse Fernandez](https://reader035.vdocuments.site/reader035/viewer/2022070308/551bf183550346be588b661c/html5/thumbnails/62.jpg)
Resources
•https://www4.symantec.com/mktginfo/whitepaper/053013_GL_NA_WP_Ponemon-2013-Cost-of-a-Data-Breach-Report_daiNA_cta72382.pdf
•http://www.washingtonpost.com/blogs/post-tech/post/cyber-attack-on-rsa-cost-emc-66-million/2011/07/26/gIQA1ceKbI_blog.html
•http://www.nytimes.com/2013/06/02/world/asia/us-and-china-to-hold-talks-on-hacking.html?pagewanted=all&_r=1&
•http://technet.microsoft.com/en-us/library/bb457006.aspx
•http://www.nbcnews.com/technology/new-york-times-hacked-syrian-electronic-army-suspected-8C11016739
![Page 63: APT: The threat is real, well-funded, and coming for your data. Jesse Fernandez](https://reader035.vdocuments.site/reader035/viewer/2022070308/551bf183550346be588b661c/html5/thumbnails/63.jpg)
Want More?
• In my opinion SANS offers the best training in the industry
• Audit 307: Foundations of Auditing Security and Controls of IT Systems: IT systems are fundamental to many of the controls that need to be audited for organizations today. It's important for auditors to have a foundational understanding of networks and systems and the controls that should be in place. During this course, we discuss the principles around IT controls, the primary regulatory drivers for IT audit, the audit process, and the primary IT audit controls that auditors should be aware of.
• SANS.org great resource (webcasts, policy templates, training)
![Page 64: APT: The threat is real, well-funded, and coming for your data. Jesse Fernandez](https://reader035.vdocuments.site/reader035/viewer/2022070308/551bf183550346be588b661c/html5/thumbnails/64.jpg)
Thank you
Contact – jessefernandezsec(at)gmail(dot)com