2. Who am I?
Spoke at Black Hat,
ACFEAsia Pacific Fraud Conference,
HTCIAAsia Pacific ForensicsConference,and
EconomistCorporate Network.
Risk & SecurityConsultantfor
Banks,Government andCritical Infrastructures.
Digital ForensicAnalyst & Fraud Investigator.
Co-designedHong Kong’s first
Digital Forensics course
for the HK PoliceForce and ICAC by HKUST.
Albert Hui
GREM, GCFA, GCFE, GNFA, GCIA, GCIH, GXPN, GPEN, GAWN, GSNA, GSEV, CISA, CISM, CRISC
albert@securityronin.com
S ec urI ty Ro ni n
7. Asset
Identification:
What do you
want to
Protect?
Data
Process
Identify your important assets
(mission-critical/ business-critical/ crown jewel):
Examples:
• Customer information
• Supplierprocurement records
• Design blueprints
• …
Examples
• e-Commerce / ShoppingCart operations (for online shops)
• Power generation (for power plants)
• …
8. Possible Loss
Identification:
What can you
Possibly Lose?
Primarylosses:
• Money
• Customer data (e.g. credit card data)
• Proprietary information (design blueprints, strategic plans, etc.)
• Goodwill, brand damage and reputation loss
• …
Secondary losses:
• Fines & penalties, loss of license, insurance premium
• Victim compensation (e.g. monetary compensation, credit monitoring)
• Cleanup cost (e.g. investigation and remediation)
• …
25. Examples
Asset at Stake:
Plausible Compromise:
One Possible Mitigation Control:
Shoppingcart operations
Hacker gain access to DB and destroy data
DeployWAF
Example 1:
Asset at Stake:
Plausible Compromise:
One Possible Mitigation Control:
Shoppingcart operations
System / DB goes down and corrupt data
Daily backup
Example 2:
Asset at Stake:
Plausible Compromise:
One Possible Mitigation Control:
Shoppingcart history
Backup lost (due to hackingor accident)
Backup to write-onlymedia
Example 3: