Enterprise Hacking: Who Needs Exploit Codes? presented at HITBSecConf Malaysia 2007

by Fetri Miftach,

Tags: Security Access Risk Analysis Business Development

Summary : Presentation Title:Presentation Details:Traditional business drivers (time to market, cost basis etc) are still the dominant factors when formulating technology strategy. Security issues, although recognised as being of primary concern, are usually left behind to catch up. In an era where turnkey solutions, outsourcing, enterprise application integration across traditional boundaries are becoming the norm, this approach is causing more of a headache in the long run than the perceived (short-term) economic gains.Highlighting lessons learned during several assignments, we found that the roles played by third parties and the lack of visibility of extended business processes (and related technology infrastructure) are becoming the main challenge for an enterprises information security team. In several cases, access to sensitive systems were engineered through the simple use of guile and cunning, identifying weak links introduced by the complexity of third party relationships and the many inter-connections between business entities. And in a significant number of these cases, exploit codes were not even deployed.Several ideas on how to mitigate these situations will be offered for further discussion.About FetriFetri Miftach is a Principal Consultant at Bellua Asia Pacific. Fetri has a deep understanding of security methodology for the banking and telecommunication industries in Indonesia since 1999 and provided services to government agencies and private sectors. Expert in business process analysis from an information security perspective, risk assessment analysis, analysis and policy development that fit to specific industry need, educational and socialization, and forensic analysis. Fetri hails from aerospace engineering background and has an extensive background in Airborne Systems and Real Time System technology, especially in the aerospace, banking and telecommunication industries.** Presenting withJim Geovedi(Member HERT & Security Consultant, PT Bellua Asia Pacific)