Tasks vs. Roles Part 2

00:00

welcome back to acid security course. And in this lesson, I'm going to talk about specific tasks versus rolls scenario in

00:10

acid security focused field.

00:14

So if we are talking about this specialized as a security portion off I d.

00:23

I'm going to talk about security tasks in protection of acids and how the people performed these tasks.

00:31

So let's go first. Bye. List of tasks. And, uh,

00:37

you'd have to protect from attacks outside in.

00:41

So you have Ah, dear as DDOS attacks Ah, um,

00:47

Then you have a man in the middle attacks

00:51

which are there when somebody is basically

00:56

putting

00:58

some kind of piggybacking on the connection that one of your users is doing between from the outside of the company network. Why are some kind of connection or to different parts of the company communicating, which are physically on the different geographical locations?

01:17

Then we have passed for the tax. We have eavesdropping attacks. And then, of course, there are zero day attacks which are usually used in what's a cold

01:26

targeted attacks. So when when somebody finds something that hasn't some some exploits ah, whole or begin in, for example, operating system,

01:38

that hasn't been published yet. So there is no patch for operating system and they use it just to attacker one or more companies. So these air typical hacking types of attacks.

01:53

Then they have to protect from attacks that are physically from inside to out

01:57

which is, for example, fishing. Yes, fishing comes from the outside, but the physical execution of the attack comes by.

02:06

Basically, Mallory, that is caught by fishing is acting from inside the company network and sending information outside in some ways or doing damage inside, but then communicate the ites outside for for

02:23

some kind of connection with whoever is performing the the attack.

02:29

Then we have U S B flash mob ER, which can be done by people just not knowing that they have infected U S B flash.

02:39

Or it can come from this Gruntal employees that they are going to know that they're going to be fired or they're performing bed or they have some dispute with their manager. So these people might intentionally infecting that for were used be a member and USB flash, or

02:59

they can intentionally open mellower sites,

03:01

our or phishing emails, whatever. So so they can do that. They can even raise data. Uh, bye bye. Intention? So we have these tasks coming from outside in. So in case of outside in attacks, we have to protect their network of firewalls

03:21

are operating systems. Make sure that all the holes have been plugged

03:25

in and then re very protect from out attacks inside out. You basically have to protect the endpoint. So PCs and printers and copiers inside the company from acting as a as a back door or some something that sends information that shouldn't be sent

03:45

outside of the company.

03:49

So when you have, ah,

03:51

hierarchical structure and even if you have any other kind of structure in the company,

03:58

there are two kinds of people. There are people who focus on their jobs. And when you ask them to do something else, they usually say that's not my job.

04:06

And also, they have a tendency to use the sentence. That's the only way to do it.

04:12

So

04:14

because they have learned one way to do things,

04:17

uh, they're focusing on doing it really well, and they don't want to get outside their comfort zone and do things the other way around. So they were following what they have been learning in the past and there

04:33

doing just that.

04:35

These people are

04:38

really dangerous for a company unless everything is functioning perfectly. And you have enough people in enough budget to hire enough people to have them performed there just there. Tasking, nothing else. Why? Because if you're looking from the outside and

04:57

the way these hierarchical structures are organized

05:00

Um uh, if you're a hacker, you will know if your if your cyber criminal, you will probably know how these things work and you will trying to find a way to basically attack in the field, which is on the on the on the border line off to jurisdictions.

05:20

It's like in tennis when people play doubles. And the best way to win a point is to put the ball between

05:27

two players on the opposing team,

05:29

because then they don't cannot agree. Who is going toe hit the ball, and sometimes none of them hits the bull and you score. So the same thing is happening here

05:41

if you're doing something that might be somebody's else in jurisdictions. So so if two people who should be working to together both say that's not my job,

05:50

you have easy way of getting in.

05:54

On the other hand, you have people who have the attitude. Let's sit and talk

06:00

and they say, How can we adapt to the new threat landscape? And when they sit to the table, there is no not usually not somebody at the head of the table. They sit, you know, like a roundtable like in the nights.

06:13

So in this case, you have people who are pretty much equal in in their approach off course. There are some people who have higher knowledge, and they have greater respect of their colleagues. But anyone's idea is welcome. And they are there now for focused on them,

06:32

uh,

06:33

performing tasks in the best possible way and not just holding on to their jurisdiction.

06:42

So this is this is very important thing, and this is something that if you're in in any way in charge of organizing some kind off security structure or strategy, you should look for the people on the lower end of this slide.

07:02

So in this video, I have been talking about

07:05

what are the security tasks that are focused on acid

07:10

protection