homepage
Open menu
Contact Sales

Dugaan Pelanggaran – Model yang Lebih Baik

  • Thursday, 21 Jul 2022 11:30AM SST (21 Jul 2022 03:30 UTC)
  • Speaker: Tim Medin

Tim keamanan tidak boleh beroperasi dengan asumsi bahwa suatu pelanggaran akan terjadi, melainkan kapan suatu pelanggaran akan terjadi. Sentuhan baru pada pengujian penetrasi dilakukan dengan menempatkan seorang penyerang (orang baik) pada sistem Anda yang memiliki posisi sebagai pengguna berwenang. Hal ini bertujuan untuk menyimulasikan sebuah sistem yang disusupi atau orang dalam tepercaya yang memiliki niat jahat. Tujuan pengujian ini harus difokuskan pada risiko bisnis serta pengaruh ketidakamanan, kerentanan, dan kesalahan konfigurasi terhadap data dan proses penting perusahaan. Tujuan tersebut difokuskan pada bisnis dan risiko realistisnya, bukan pada kemenangan teknis dan akses awal yang lambat (dan mahal).

English

Security teams should not operate under the assumption that a breach will happen, but when. The fresh twist on penetration testing puts an attacker (good guy/gal) on your systems running under the context of an authorized user. The goal is to simulate a compromised system or a rogue trusted insider. The goals of the test should be focused on the business risk and how insecurities, vulnerabilities, and misconfigurations can impact the data and processes vital to the organization. Goals are on the business and their realistic risk, not around technical wins and slow (and costly) initial access.

*You can also register to view this webcast recording in English
View English Recording >

Login to Register

Related Content

Blog
N2C_blog_image.png
Security Awareness, Cybersecurity Leadership, Cloud Security, Open-Source Intelligence (OSINT), Industrial Control Systems Security, Digital Forensics, Incident Response & Threat Hunting, Cybersecurity and IT Essentials, Cyber Defense, Offensive Operations, Pen Testing, and Red Teaming, CyberLive, Workforce Development, Career Development, Why Certify, Imposter Syndrome, NetWars, Mentorship, Job Hunting, Operating System & Device In-Depth, Artificial Intelligence (AI)
A Visual Summary of SANS New2Cyber Summit 2024
Check out these graphic recordings created in real-time throughout the event for SANS New2Cyber Summit 2024
370x370-person-placeholder.png
Alison Kim
read more
Blog
HackFest_blog_image.png
Offensive Operations, Pen Testing, and Red Teaming, Open-Source Intelligence (OSINT), Penetration Testing and Red Teaming
A Visual Summary of SANS HackFest Summit
Check out these graphic recordings created in real-time throughout the event for SANS HackFest Summit 2023
370x370-person-placeholder.png
Alison Kim
read more
Blog
Offensive Operations, Pen Testing, and Red Teaming, Penetration Testing and Red Teaming
SEC670 Prep Quiz Answers
Answers for the SEC670 Prep Quiz. For more details about the course and the quiz, please clickthrough to see the quiz article.
370x370_jonathan-reiter.jpg
Jonathan Reiter
read more