Professional Documents
Culture Documents
Attention Attendees:
Remember to type your messages to all panellists and attendees
Defence
Topics
• Governance
• Technical Controls
• Audit & Compliance
• Active and Passive Defence
Governance
• Policies and procedures
• Security frameworks and standards
• ISO/IEC 27001:2013
• NIST Cyber Security Framework
• AG Information Security Manual
• ACSC Essential Eight
Technical Controls
• Antivirus/antimalware
• Application whitelisting
• Authentication, authorization, and
accounting (AAA)
• Encryption
• Firewalls
• IDS & IPS systems
Audit & Compliance
• Vulnerability Assessment
• Ethical Hacking/Security Testing
• Penetration Testing
• Certification Audits and Internal Audit
• Other monitoring & measurement
Active & Passive Defence
Passive Defence
• More common controls
• Examples of passive defence controls
• Firewalls
• Application whitelisting
• Access control
• Device hardening
• Antivirus/anti malware
Active Defence
• Ongoing threat assessment and defence in real-time
• Examples of passive active controls
• Security information and event management (SIEM)
• Anomaly detection
• Threat intelligence
• Incident management
Snitkin, 2017
Demo
Me
About Me
• 20+ years industry experience
• DIT (Graduand), MMgmt(InfoTech), BIT(SysAdmin)
• CCISO, CDPSE, CISM, CISSP, ISO27001 Lead Implementer,
MACS Snr. CP (Cyber Security)
• ACS Profession Advisory Board Member
• linkedin.com/in/georgthomas
@georgathomas
scholar.google.com/citations?user=z72s_9MAAAAJ
Questions?
References
• Microsoft (2017). AppLocker – Windows 10. Retrieved from
https://docs.microsoft.com/en-us/windows/security/threat-protectio
n/windows-defender-application-control/applocker/applocker-overvie
w
• Snitkin, S (2017). ICS Cybersecurity Requires Passive and Active
Defense. Retrieved from:
https://www.arcweb.com/blog/ics-cybersecurity-requires-passive-acti
ve-defense