Il workshop è dedicato all'approfondimento di una serie di attacchi e minacce da tener sotto controllo per ottemperare al pieno rispetto del GDPR.
Si approfondiranno temi legati a crittografia, data loss prevention, sicurezza fisica, social engineering attack e Open Source Intelligence.
Una veloce full immersion utile per sintetizzare e costruire il nuovo modus operandi ICT aziendale.
Target:
Lato domanda ICT: CIO, CISO, tecnici dei sistemi informatici e della loro sicurezza, responsabili delle diverse direzioni utenti dei sistemi informatici, responsabili del personale e dell’organizzazione, responsabili degli acquisti, CEO, COO e decisori sull’ICT
Lato offerta ICT: personale commerciale e marketing, tecnici, responsabili del personale e dell’organizzazione, CEO e COO, oltre a CIO, CSO, CISO e personale delle loro strutture.
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Social Engineering and other Foes in the GDPR Year
1. SMAU MILANO – 23/10/2018 - Social Engineering and other Foes in the GDPR Year – Massimo Chirivì – www.massimochirivi.net – AIPSI – WWW.AIPSI.ORG
2. •AIPSI, ASSOCIAZIONE ITALIANA PROFESSIONISTI SICUREZZA
INFORMATICA, CAPITOLO ITALIANO DI ISSA, INFORMATION SYSTEMS
SECURITY ASSOCIATION, (WWW.ISSA.ORG) CHE CONTA >>10.000 SOCI,
LA PIÙ GRANDE ASSOCIAZIONE NON-PROFIT DI PROFESSIONISTI DELLA
SICUREZZA ICT NEL MONDO
•AIPSI È IL PUNTO DI AGGREGAZIONE SUL TERRITORIO E DI
TRASFERIMENTO DI KNOW-HOW PER I PROFESSIONISTI DELLA SICUREZZA
DIGITALE, SIA DIPENDENTI SIA LIBERI PROFESSIONISTI ED IMPRENDITORI
DEL SETTORE
•SEDE CENTRALE: MILANO
•SEDI TERRITORIALI : ANCONA-MACERATA, LECCE, TORINO, VERONA-
VENEZIA
•CONTATTI: AIPSI@AIPSI.ORG, SEGRETERIA@AIPSI.ORG
Siamo presenti
per tutti i 3 giorni
di SMAU nella
Area
Community ICT
VIENI A
TROVARCI !
2
3. • AIUTARE I PROPRI SOCI NELLA CRESCITA PROFESSIONALE E QUINDI NELLA CRESCITA
DEL LORO BUSINESS
• OFFRIRE AI PROPRI SOCI SERVIZI QUALIFICATI PER TALE CRESCITA, CHE INCLUDONO
• CONVEGNI, WORKSHOP, WEBINAR SIA A LIVELLO NAZIONALE CHE
INTERNAZIONALE VIA ISSA
• RAPPORTI ANNUALI E SPECIFICI OAD, OSSERVATORIO ATTACCHI
DIGITALI IN ITALIA NEL NUOVO SITO HTTPS://WWW.OADWEB.IT
• SUPPORTO NELL’INTERO CICLO DI VITA PROFESSIONALE
• FORMAZIONE SPECIALIZZATA E SUPPORTO ALLE CERTIFICAZIONI, IN
PARTICOLARE ECF PLUS (EN 16234-1:2016, IN ITALIA UNI 11506)
• RAPPORTI CON ALTRI SOCI A LIVELLO NAZIONALE (AIPSI) ED INTERNAZIONALI
(ISSA)
• CONTRIBUIRE ALLA DIFFUSIONE DELLA CULTURA E ALLA SENSIBILIZZAZIONE PER LA
SICUREZZA DIGITALE
• COLLABORAZIONE CON VARIE ASSOCIAZIONI ED ENTI PER EVENTI ED INIZIATIVE
CONGIUNTE
Creazione del
Gruppo di lavoro
CSWI,
Cyber Security
Women’s Italy,
aperto anche alle
Signore non Socie
AIPSI
3
A breve disponibile il
nuovo
Rapporto 2018 OAD
4. UTM SECURITY APPLIANCES
Unified Threat Management
Next Generation Firewall (NGFW)
SMAU MILANO – 23/10/2018 - Social Engineering and other Foes in the GDPR Year – Massimo Chirivì – www.massimochirivi.net – AIPSI – WWW.AIPSI.ORG
5. NGFW / UTM
•
•
•
•
SMAU MILANO – 23/10/2018 - Social Engineering and other Foes in the GDPR Year – Massimo Chirivì – www.massimochirivi.net – AIPSI – WWW.AIPSI.ORG
6. authentication systems or methods are based on one or more of these five factors:
•
•
•
•
•
SMAU MILANO – 23/10/2018 - Social Engineering and other Foes in the GDPR Year – Massimo Chirivì – www.massimochirivi.net – AIPSI – WWW.AIPSI.ORG
7. Another method that is becoming popular is out-of-band authentication.
This is a process whereby the system you are authenticating gets information from public
records and asks you questions to help authenticate you.
For example, the system might retrieve your credit report and then query
you about specific entries in it.
SMAU MILANO – 23/10/2018 - Social Engineering and other Foes in the GDPR Year – Massimo Chirivì – www.massimochirivi.net – AIPSI – WWW.AIPSI.ORG
8. YOU START REDUCING SECURITY
SETTINGS TO INCREASE INTEROPERABILITY
WITH OTHER OPERATING SYSTEMS OR
APPLICATIONS, YOU INTRODUCE
WEAKNESSES THAT MAY BE EXPLOITED
SMAU MILANO – 23/10/2018 - Social Engineering and other Foes in the GDPR Year – Massimo Chirivì – www.massimochirivi.net – AIPSI – WWW.AIPSI.ORG
9. THREATCROWD.ORG
SMAU MILANO – 23/10/2018 - Social Engineering and other Foes in the GDPR Year – Massimo Chirivì – www.massimochirivi.net – AIPSI – WWW.AIPSI.ORG
10. https://pipl.com/
SMAU MILANO – 23/10/2018 - Social Engineering and other Foes in the GDPR Year – Massimo Chirivì – www.massimochirivi.net – AIPSI – WWW.AIPSI.ORG
11. HTTPS://OPENPHISH.COM
SMAU MILANO – 23/10/2018 - Social Engineering and other Foes in the GDPR Year – Massimo Chirivì – www.massimochirivi.net – AIPSI – WWW.AIPSI.ORG
12. HTTPS://OPENPHISH.COM
SMAU MILANO – 23/10/2018 - Social Engineering and other Foes in the GDPR Year – Massimo Chirivì – www.massimochirivi.net – AIPSI – WWW.AIPSI.ORG
13. HTTPS://OSINTFRAMEWORK.COM/
SMAU MILANO – 23/10/2018 - Social Engineering and other Foes in the GDPR Year – Massimo Chirivì – www.massimochirivi.net – AIPSI – WWW.AIPSI.ORG
14. SHODAN.IO
SMAU MILANO – 23/10/2018 - Social Engineering and other Foes in the GDPR Year – Massimo Chirivì – www.massimochirivi.net – AIPSI – WWW.AIPSI.ORG
15. HTTPS://WPVULNDB.COM/
SMAU MILANO – 23/10/2018 - Social Engineering and other Foes in the GDPR Year – Massimo Chirivì – www.massimochirivi.net – AIPSI – WWW.AIPSI.ORG
16. HTTPS://HAVEIBEENPWNED.COM/
SMAU MILANO – 23/10/2018 - Social Engineering and other Foes in the GDPR Year – Massimo Chirivì – www.massimochirivi.net – AIPSI – WWW.AIPSI.ORG
17. HTTPS://PASTEBIN.COM/
SMAU MILANO – 23/10/2018 - Social Engineering and other Foes in the GDPR Year – Massimo Chirivì – www.massimochirivi.net – AIPSI – WWW.AIPSI.ORG
20. •
•
User Issues
• This issue is best addressed by training and education. An untrained user cannot possibly adhere to
good security practices because he or she is not aware of them. Security training is just as important as
any technology that you can purchase or policy that you can implement.
SMAU MILANO – 23/10/2018 - Social Engineering and other Foes in the GDPR Year – Massimo Chirivì – www.massimochirivi.net – AIPSI – WWW.AIPSI.ORG
21. ZERO-DAY EXPLOITS
•
Secure Protocols
• HTTP – HTTPS
• SMTP – SMTPS
• POP3 – POP3S
• SMTP – SMTPS
• IMAP - IMAPS
• FTP – SFTP
• SSH
• DNS – DNSSEC
• LDAP – LDAPS
• RTP - sRTP
SMAU MILANO – 23/10/2018 - Social Engineering and other Foes in the GDPR Year – Massimo Chirivì – www.massimochirivi.net – AIPSI – WWW.AIPSI.ORG
22. •
•
•
•
•
SECURITY BY DESIGN
SMAU MILANO – 23/10/2018 - Social Engineering and other Foes in the GDPR Year – Massimo Chirivì – www.massimochirivi.net – AIPSI – WWW.AIPSI.ORG
23. •
•
•
•
•
•
•
•
•
•
SMAU MILANO – 23/10/2018 - Social Engineering and other Foes in the GDPR Year – Massimo Chirivì – www.massimochirivi.net – AIPSI – WWW.AIPSI.ORG
24. SMAU MILANO – 23/10/2018 - Social Engineering and other Foes in the GDPR Year – Massimo Chirivì – www.massimochirivi.net – AIPSI – WWW.AIPSI.ORG
25. •
• A SOCIAL ENGINEERING ATTACK MAY COME FROM SOMEONE POSING AS A VENDOR, OR IT COULD
TAKE THE FORM OF AN EMAIL FROM A (SUPPOSEDLY) TRAVELING EXECUTIVE WHO INDICATES THAT
THEY HAVE FORGOTTEN HOW TO LOG ON TO THE NETWORK OR HOW TO GET INTO THE BUILDING
OVER THE WEEKEND.
OCCASIONALLY, SOCIAL ENGINEERING IS ALSO REFERRED TO AS WETWARE. THIS TERM
IS USED BECAUSE IT IS A FORM OF HACKING THAT DOES NOT REQUIRE SOFTWARE OR
HARDWARE BUT RATHER THE GRAY MATTER OF THE BRAIN
SMAU MILANO – 23/10/2018 - Social Engineering and other Foes in the GDPR Year – Massimo Chirivì – www.massimochirivi.net – AIPSI – WWW.AIPSI.ORG
26. •
SMAU MILANO – 23/10/2018 - Social Engineering and other Foes in the GDPR Year – Massimo Chirivì – www.massimochirivi.net – AIPSI – WWW.AIPSI.ORG
28. GREED
SMAU MILANO – 23/10/2018 - Social Engineering and other Foes in the GDPR Year – Massimo Chirivì – www.massimochirivi.net – AIPSI – WWW.AIPSI.ORG
29. •
•
•
•
•
•
•
SMAU MILANO – 23/10/2018 - Social Engineering and other Foes in the GDPR Year – Massimo Chirivì – www.massimochirivi.net – AIPSI – WWW.AIPSI.ORG
30. •
•
•
SMAU MILANO – 23/10/2018 - Social Engineering and other Foes in the GDPR Year – Massimo Chirivì – www.massimochirivi.net – AIPSI – WWW.AIPSI.ORG
31. SMAU MILANO – 23/10/2018 - Social Engineering and other Foes in the GDPR Year – Massimo Chirivì – www.massimochirivi.net – AIPSI – WWW.AIPSI.ORG