Members only – log in to register
Friday 14 May 2021, 3pm-4.30pm (BST)
Our May Academy series looks at how to assess cyber health and risks.
Hackers gain access to systems by exploiting a series of vulnerabilities in their escalation to achieving data theft or destruction. A concept widely known as the ‘kill chain’, it is best represented by a pyramid where the available surface area (or systems) that are exploited at each level narrows on their approach to targeted services, network(s), user rights and behaviours, and ultimately – data. Although there is a greater risk of exploitation at the lower tiers, it is spread out. Yet at higher levels, it is more focused – and has more impact that leads to damage.
This paradigm of cyber risk provides a context for assessing the health of an organisation’s cybersecurity.
This session continues from the first with a focus on identifying common cyber risks from the ‘services’ layer and provides an overview of the methods for assessing cyber heath. It will include scripts, demonstrations, and data analysis techniques – as well as references useful for collating information.
Ahead of this session, we recommend reading the following cases:
- Backdoored in 30 seconds: Attack exploits Intel AMT feature
- How to hack a turned-off computer, or running unsigned code in Intel Management Engine
- Explained – How Intel AMT vulnerability allows to hack computers remotely
The rest of the series
Shane Shook, PhD (info), Chief Security Advisor, Secrutiny
Review the advice on using Zoom and other webex platforms securely here.