Posts

, , ,

Building a Successful Security Operations Center (SOC): Part 4


SOC Planning – Defining SOC Scope

Defining scope for the SOC is crucial for its success and to determine stakeholders for the SOC. The scope will help determine cost, associates needed to run the SOC, SOC processes and many other areas as listed below:

  • Coverage – Decide which areas fall under scope of the SOC (IT, OT, IoT, Physical Security, Cloud Service Providers. Others).

Read more

, ,

Social Engineering Awareness Program Part 4: Clicking the Phish

It is inevitable that at some point, someone will fall victim to a social engineering attack. This could be via clicking the phish, letting an unauthorized person in, or succumbing to a phone scam. Integrating with your Incident Response plan (if you have one; otherwise read my next series) is vital. Read more

,

Social Engineering Awareness Training Part 3: Reinforcement and Incentivization

Reinforcement and Incentivization

At this point in the awareness life cycle, the culture has been set. Training has been designed and conducted. At this point, we are trying to reinforce the training and provide incentives for those who thwart attacks or report “interesting” attempts or by volume. Read more

,

Social Engineering Awareness Program: PART 1

Building the Culture to Support a Social Engineering Awareness Program

Today, companies are investing more than ever before on protecting their IT infrastructure. As a response, hackers and, in turn, penetration testers are using a different vector to gain access to enterprises: the human element. Humans can be exploited using a variety of methods collectively known as social engineering. This broad category includes phishing, spear phishing, whaling, vishing, smishing, pretexting, dumpster diving, and tail gating. Read more