A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Search Irongeek.com:

Affiliates:
ISDPodcast Button
RootSecure Button
Social-engineer-training Button
Irongeek Button

Web Hosting:
Dreamhost Logo
Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


Social Aftermath Responding to Social Pwnage - Steven F. Fox (BSides Las Vegas 2013) (Hacking Illustrated Series InfoSec Tutorial Videos)

Social Aftermath Responding to Social Pwnage - Steven F. Fox

Many social engineering talks focus on the exploitation of trust relationship and the resulting compromise of corporate and personal assets. However, what happens after the pwnage is done'

This session opens with the aftermath of a successful social engineering incident on a major automotive financing company. Attendees will learn of the methodical analysis of the interactions which led to the compromise of customer information, as well as employee and executive network credentials. The case study also illustrates how this organization was able to use the forensic analysis of social interactions to enhance its customer service business processes. This information was used to engage employees in protecting information with the associated business processes. Most importantly, the customer care process was transformed such that it was able to frustrate social engineers and enhance the experience of their customers.

Attendees will learn:

 - How the incident response team used log information and incident investigation to determine the social nature of this incident.

 - How the incident response team employed Open Source Intelligence techniques to profile the social attack surface, narrowing the focus of their investigation.

 - How the incident response team worked with management to modify business processes to be resilient in the face of social exploits.

BIO: Steven F. Fox offers security guidance to ensure compliance with Federal standards and requirements as a Sr. Security Architecture and Engineering Advisor for the U.S. Treasury. He also contributes to multiple working groups including the IPv6 transition team, Developer Security Testing workgroup, and the Security and Privacy workgroup. Mr. Fox brings a cross-disciplinary perspective to the practice of information security; combining his experience as a security consultant, a Sr. IT Auditor and a systems engineer with principles from behavioral/organizational psychology to address security challenges. He has performed security services including risk/vulnerability/penetration testing assessments, incident response planning, PCI DSS services, and social engineering. Steven is a syndicated blogger covering IT Governance, Risk Management, and IT-Business fusion topics. His speaking engagements include ISSA and ISACA events, SecureWorld Dallas/Detroit, Hacker Halted, Security B-Sides Chicago/Detroit/Las Vegas, and GrrCon. He also volunteers his time to the Ponemon Institute, Security BSides Detroit and the MichSec security organization.

 

Back to BSides Las Vegas 2013 video list

Printable version of this article

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2014, IronGeek
Louisville / Kentuckiana Information Security Enthusiast