Professional Documents
Culture Documents
H lth
Healthcare
2
©2013, TeleCommunication Systems, Inc. (TCS). Proprietary Level 2
State of Cybersecurity and Healthcare
3
©2013, TeleCommunication Systems, Inc. (TCS). Proprietary Level 2
State of Cybersecurity and Healthcare
4
©2013, TeleCommunication Systems, Inc. (TCS). Proprietary Level 2
State of Cybersecurity and Healthcare
5
©2013, TeleCommunication Systems, Inc. (TCS). Proprietary Level 2
State of Cybersecurity and Healthcare
6
©2013, TeleCommunication Systems, Inc. (TCS). Proprietary Level 2
State of Cybersecurity and Healthcare
7
©2013, TeleCommunication Systems, Inc. (TCS). Proprietary Level 2
TCS Cyber Solutions
8
©2013, TeleCommunication Systems, Inc. (TCS). Proprietary Level 2
TCS Cyber Solutions: ESP
9
©2013, TeleCommunication Systems, Inc. (TCS). Proprietary Level 2
TCS Cyber Solutions: ESP
10
©2013, TeleCommunication Systems, Inc. (TCS). Proprietary Level 2
ESP Assessment
11
©2013, TeleCommunication Systems, Inc. (TCS). Proprietary Level 2
ESP Validation
» Penetration Tests et o sco e y
Network Discovery
Identify publicly available hosts (Internet Protocols [IPs])
yp y (
Identify available ports on identified hosts
[ ])
Identify application versions on ports
» “White Box” Testing Identify security mechanisms and locations
Penetration Testing Identify vulnerabilities in identified applications
Attempt exploitation of vulnerabilities
Social engineering
Targeted phishing
Structured Query Language (SQL) injection
Cross‐‐Site Scripting (XSS)
Cross
Upon successful exploitation, establish covert presence on
vulnerable
vulnerable host
host
12
©2013, TeleCommunication Systems, Inc. (TCS). Proprietary Level 2
ESP Validation
Deliverables
» Open Source Report
» Network Reconnaissance
R
Reportt
» Exploitation Report
» Impact Report
» Recommendations Deliverable
Deliverable Contents
Open Source Report Open source view of corporation;
(Appendix A) preliminary network map.
Network Discovered IPs, operating systems,
Reconnaissance
Reconnaissance installed applications, security devices.
installed applications, security devices.
Report (Appendix B)
Exploitation Report Captured IPs; established presence in
(Appendix C) network; significant accesses acquired.
Impact Report Information retrieved through access.
(Appendix D)
Final Assessment
Final Assessment All previous information as well as
All previous information as well as
Report recommended actions to further
secure network.
13
©2013, TeleCommunication Systems, Inc. (TCS). Proprietary Level 2
ESP Training
Christina Wiegand
410-280-4931
cwiegand@telecomsys.com
www.telecomsys.com