SANS Institute Posters Summaries
Securing The Human
'You are a Target'
This poster is a great tool for creating cyber-security awareness in the workplace, explaining why an individual's PII (personally identifiable information) is valuable to a hacker and why it is vital to protect it. Education of the IT User community in your organization is now essential – no longer can Corporate IT Security measures be relied upon as the only means of protecting your information assets in today's environment where phishing and ransomware are targeting every single weak spot in your defences.
'Don't Get Hooked'
This poster helps individuals and organizations alike understand the Phishing phenomenon that we have been continuously duped by over the last several years. These specially crafted phishing messages are sent to entice an individual into clicking on a malicious link, opening an infected attachment, or responding to a scam. This poster also highlights spear phishing, the same concept as phishing, but instead of sending emails to random potential victims, the emails are sent to very specific, targeted individuals. This poster also breaks down 8 key phishing indicators you and your organization can use to help combat phishing attacks.
'Security Awareness Roadmap'
This roadmap was created to help organizations build, maintain, and accurately measure a security awareness program that cuts risk by changing individual’s behaviour while also meeting your compliance & audit requirements. Historically, very little has been done to secure the “human” operating system, so by introducing security awareness training, organizations can effectively address the problems and therefore reduce risk by taking the following steps to get there: 1.) No Awareness Program, 2.) Compliance Focused, 3.) Promotes Awareness and Change, 4.) Long Term Sustainment, and 5.) Metrics Framework.
'CIS Critical Security Controls - SANS Top 20'
This poster breaks down each of the 20 CIS Critical Security Controls (formerly the SANS Top 20 Security Controls), a prioritized set of cyber practices created to stop today’s most pervasive and dangerous cyberattacks. These controls derive from the most common attack patterns emphasised in the leading threat reports and were created by the people who know how attacks work. The added value to these controls is that they are continually updated as new threats and attack measures are introduced to our threat landscape. This poster also highlights the numerous frameworks like PCI DSS, ISO 27001, US CERT, and many more that are aligned with the 20 CIS controls. These controls are meant to put the power back in the hands of the ‘good guys’ by better organizing and collaborating on security best practices.
'Perspective of a Cyber Attack'
This poster delves into the defensive actions that determine what your next attack will look like: System Variables, Cyber Maturity Variables, Adversary Capabilities, Adversary Intent, and External Drivers.
'Industrial Control Systems- Control Systems are a Target'
This poster brings awareness to the various ways that cyber criminals gain access to an Industrial Control System (ICS) environment. This poster highlights the overwhelming need for ICS engineer training in an effort to reinforce conscious engineer decision making and reinforce secure behaviours when interacting with an ICS. Remember, your organizations ICS automation, process control, access control devices, system accounts, and asset information are incredible valuable to cyber thieves. Monitoring these elements are an essential dimension of NERC CIP Compliance.
'Protecting Healthcare Data'
This poster breaks down the various elements involved in obtaining and handling sensitive healthcare data. This poster highlights why exactly healthcare data in targeted, due to treasure trove of information kept in healthcare records like PHI, financial information, and intellectual property. SANS explains why healthcare organizations have an obligation to protect this private information and abide by the HIPAA Privacy and Security Rules and the HITECH Act. Healthcare data can be found just about everywhere, from computers, smart phone, and portable hard drives, to biomedical devices and fax machines, so it’s incredible important healthcare organizations enforce strong passwords, control the healthcare data in your organization, enforce encryption, never share healthcare data, and understand and follow policies in place to protect healthcare data.