SANS Institute Posters Summaries
Securing The Human
This poster is a great tool for creating cyber-security awareness in the workplace, explaining why an individual's PII (personally identifiable information) is valuable to a hacker and why it is vital to protect it. Education of the IT User community in your organization is now essential – no longer can Corporate IT Security measures be relied upon as the only means of protecting your information assets in today's environment where phishing and ransomware are targeting every single weak spot in your defences.
This poster helps individuals and organizations alike understand the Phishing phenomenon that we have been continuously duped by over the last several years. These specially crafted phishing messages are sent to entice an individual into clicking on a malicious link, opening an infected attachment, or responding to a scam. This poster also highlights spear phishing, the same concept as phishing, but instead of sending emails to random potential victims, the emails are sent to very specific, targeted individuals. This poster also breaks down 8 key phishing indicators you and your organization can use to help combat phishing attacks.
This roadmap was created to help organizations build, maintain, and accurately measure a security awareness program that cuts risk by changing individual’s behaviour while also meeting your compliance & audit requirements. Historically, very little has been done to secure the “human” operating system, so by introducing security awareness training, organizations can effectively address the problems and therefore reduce risk by taking the following steps to get there: 1.) No Awareness Program, 2.) Compliance Focused, 3.) Promotes Awareness and Change, 4.) Long Term Sustainment, and 5.) Metrics Framework.
This poster breaks down each of the 20 CIS Critical Security Controls (formerly the SANS Top 20 Security Controls), a prioritized set of cyber practices created to stop today’s most pervasive and dangerous cyberattacks. These controls derive from the most common attack patterns emphasised in the leading threat reports and were created by the people who know how attacks work. The added value to these controls is that they are continually updated as new threats and attack measures are introduced to our threat landscape. This poster also highlights the numerous frameworks like PCI DSS, ISO 27001, US CERT, and many more that are aligned with the 20 CIS controls. These controls are meant to put the power back in the hands of the ‘good guys’ by better organizing and collaborating on security best practices.
This poster delves into the defensive actions that determine what your next attack will look like: System Variables, Cyber Maturity Variables, Adversary Capabilities, Adversary Intent, and External Drivers.
This poster breaks down the steps involved in operating systems and device in-depth incident response and adversary hunting. SANS explains that there’s 3 levels of threat intelligence: strategic, operational, and tactical, all requiring different audiences and have different requirements of threat intelligence. This poster goes on to discuss the Active Cyber Defense Model that can start at any phase, but includes: Threat Intelligence Consumption, Threat and Environment Manipulation, Network Security Monitoring, and Incident Response. This poster discusses the concept of The Kill Chain that represents the steps that adversaries usually perform to complete their objective. Lastly, this poster discusses the Diamond Model Intrusion Analysis which seeks to identify the four core components of any malicious event: the victim, the capability, the infrastructure, and the adversary.
This poster represents the SWAT Checklist that’s an all in one reference and best practices guide to help development teams create more secure applications. SANS suggests using this checklist to identify the minimum standard that is required to neutralize vulnerabilities in your critical applications. This poster covers topics like error handling and logging, data protection, configuration and operations, authentication, input and output handling, access control, and session management. This poster claims included in your application security program should be: testing, designing, governing, and fixing.
This poster discusses the painful process of finding unknown malware. While not an easy process, using the techniques this poster mentions will help readers narrow the 80,000 files on a typical machine down to the 1-4 files that could possibly be malware through the process of malware funneling, a thirteen step process broken down in detail by SANS.
This poster discusses various tools and techniques that security professionals should be well-versed on in order to maximize the value of the organizations pen testing and vulnerability assessment efforts. This poster shows in-depth network diagrams with numerous attack surfaces every enterprise must defend against, as well as world-class pen test techniques
This poster brings awareness to the various ways that cyber criminals gain access to an Industrial Control System (ICS) environment. This poster highlights the overwhelming need for ICS engineer training in an effort to reinforce conscious engineer decision making and reinforce secure behaviours when interacting with an ICS. Remember, your organizations ICS automation, process control, access control devices, system accounts, and asset information are incredible valuable to cyber thieves. Monitoring these elements are an essential dimension of NERC CIP Compliance.
This poster breaks down the various elements involved in obtaining and handling sensitive healthcare data. This poster highlights why exactly healthcare data in targeted, due to treasure trove of information kept in healthcare records like PHI, financial information, and intellectual property. SANS explains why healthcare organizations have an obligation to protect this private information and abide by the HIPAA Privacy and Security Rules and the HITECH Act. Healthcare data can be found just about everywhere, from computers, smart phone, and portable hard drives, to biomedical devices and fax machines, so it’s incredible important healthcare organizations enforce strong passwords, control the healthcare data in your organization, enforce encryption, never share healthcare data, and understand and follow policies in place to protect healthcare data.