ChatGPT: A Valuable Ally for Your Information Security Team

One of the best ways to learn to use ChatGPT and other systems is to simply ask them how they can help you. Here is an example:

Prompt: 

Please write a blog post with some examples of things that ChatGPT could do to help an information security team. For each thing, write one or more sample prompts that they could use to get started. Please output in plain text without any markup or specialized formatting.

Response:

Title: ChatGPT: A Valuable Ally for Your Information Security Team

In a digital age where threats to information security are ever-evolving, having a well-rounded defense strategy is crucial. Among the plethora of tools and resources available, ChatGPT, developed by OpenAI, emerges as a valuable ally for information security teams. Here are some ways ChatGPT could assist in bolstering your organization’s cybersecurity measures, along with sample prompts to kickstart these initiatives:

1. Threat Intelligence Analysis
– Sample Prompt: “Identify recent cyber threats relevant to our industry and summarize their characteristics and potential impact.”

2. Phishing Detection Training
– Sample Prompt: “Generate examples of phishing emails related to our company, and explain how to distinguish them from legitimate communications.”

3. Automated Reporting of Security Incidents
– Sample Prompt: “Develop a script for collecting and formatting data related to security incidents for easier analysis and reporting.”

4. Policy and Compliance Documentation
– Sample Prompt: “Help draft a comprehensive Acceptable Use Policy that aligns with industry standards and regulatory requirements.”

5. Security Awareness Training Material Development
– Sample Prompt: “Create engaging training materials to educate employees about cybersecurity best practices and organizational policies.”

6. Log Analysis and Anomaly Detection
– Sample Prompt: “Analyze these system logs to identify any unusual activities and potentially malicious behavior.”

7. Password Policy Enforcement
– Sample Prompt: “Develop a communication to educate employees about our new password policy and the importance of strong, unique passwords.”

8. Incident Response Plan Development
– Sample Prompt: “Assist in drafting an Incident Response Plan outlining the steps to be taken in the event of a security breach.”

9. Vulnerability Assessment
– Sample Prompt: “Provide a checklist for conducting a vulnerability assessment of our network and systems.”

10. Security Tool Evaluation
– Sample Prompt: “Research and compare different cybersecurity solutions to help us decide which tools would best meet our security needs.”

ChatGPT can be a remarkable asset for information security teams, aiding in a multitude of tasks ranging from threat intelligence analysis to policy documentation. By integrating ChatGPT into your cybersecurity strategy, you stand to not only enhance your defense against cyber threats but also free up valuable time for your security personnel to focus on more complex, critical aspects of your organization’s security posture.

Summary:

Learning to use these AI tools is easy if you ask them for help. Learning to use them properly will go a long way toward increasing your productivity. 

 

* Just to let you know, we used some AI tools to gather the information for this article, and we polished it up with Grammarly to make sure it reads just right!

How Information Security and Risk Management Teams Can Support FinOps

As organizations continue to move their operations to cloud services, it is becoming increasingly important for information security and risk management teams to understand how they can support financial operations (FinOps). FinOps is a management practice that promotes shared responsibility for an organization’s cloud computing infrastructure and cloud cost management. In this post, we will explore some ways in which the information security and risk management team can support FinOps initiatives.

1. Establishing Governance: Information security and risk management teams can play a vital role in helping FinOps teams establish effective governance. This includes creating a framework for budget management, setting up policies and procedures for cloud resource usage, and ensuring that all cloud infrastructure is secure and meets compliance requirements.

2. Security Awareness Training: Information security and risk management teams can provide security awareness training to ensure that all cloud practitioners are aware of the importance of secure cloud computing practices. This includes data protection, authentication protocols, encryption standards, and other security measures.

3. Cloud Rate Optimization: Information security and risk management teams can help FinOps teams identify areas of cost optimization. This includes analyzing cloud usage data to identify opportunities for cost savings, recommending risk-based ways to optimize server utilization, and helping determine the most appropriate pricing model for specific services or applications.

4. Sharing Incident Response, Disaster Recovery, and Business Continuity Insights: Information security and risk management teams can help FinOps teams respond to cloud environment incidents quickly and effectively by providing technical support in the event of a breach or outage. This includes helping to diagnose the issue, developing mitigations or workarounds, and providing guidance on how to prevent similar incidents in the future. The data from the DR/BC plans are also highly relevant to the FinOps team mission and can be used as a roadmap for asset prioritization, process relationships, and data flows.

5. Compliance Management: Information security and risk management teams can help FinOps teams stay compliant with relevant regulations by managing audits and reporting requirements, ensuring that all relevant security controls are in place, auditing existing procedures, developing policies for data protection, and providing guidance on how to ensure compliance with applicable laws.

The bottom line is this: By leveraging the shared data and experience of the risk management and information security teams, FinOps teams can ensure their operations are secure, efficient, and completely aligned with the organization’s overall risk and security posture. This adds value to the work of all three teams in the triad. By working together, the teams can significantly enhance the maturity around technology business management functions. All-in-all, by working together, the teams can create significantly better business outcomes.

 

3 Things You Should Be Reading About

Just a quick post today to point to 3 things infosec pros should be watching from the last few days. While there will be a lot of news coming out of Derbycon, keep your eyes on these issues too:

1. Chinese PLA Hacking Unit with a SE Asia Focus Emerges – This is an excellent article about a new focused hacking unit that has emerged from shared threat intelligence. 

2. Free Tool to Hunt Down SYNful Knock – If you aren’t aware of the issues in Cisco Routers, check out the SYNful Knock details here. This has already been widely observed in the wild.

3. Microsoft Revokes Leaked D-Link Certs – This is what happens when certificates get leaked into the public. Very dangerous situation, since it could allow signing of malicious code/firmware, etc.

Happy reading! 

Hiring Data Analysts Who Love Security

MSI is growing again! We are interested in talking to folks about a full time position in our Columbus HQ to help our Intelligence Team.

If you dig being heads down with data, performing deep research and chasing threats around the Internet, this is the gig for you! These folks will be focused primarily on threat profiling, research of companies, crime rings and security news from around the world. The job requires you be familiar with Linux,  have an understanding of information security and to be a power user of the Internet. You should also enjoy python, BASH scripting, command line kung fu and staying bleeding edge current on security happenings. Light public speaking on webinars and conference calls, familiarity with the Mac and excellent writing skills are also preferred.

MSI is an interesting place to work. Our team is seriously dedicated to helping our clients. We are known for doing excellent work, thinking outside the box, going deep into a problem and laser focusing on customer success. Our conversations among team members are fast and full of high density data exchange. It is exciting, fulfilling and demanding work, but we do it with joy, precision and mindful innovation!

Sound like something you might enjoy? If so, get in touch. Send your resume and a cover letter that explains why you are the best choice for our team to info@microsolved.com. You can also touch base with me on Twitter if you have questions (@lbhuston). We hope to hear from you if you truly love deep diving on data and hammering out the truth from content all around the web!

PS – Don’t worry, we know we have to train you. We are looking for people with strong core skills, an eagerness to learn and out of the box thinking. We’ll teach you the rest… 🙂

Three Talks Not To Miss at DerbyCon

 

Here are three talks not to miss this year at DerbyCon:

1. Bill Sempf (@sempf) presents a talk about pen-testing from a developer’s point of view. (PS – He has a stable talk too, catch it if you sell stuff in the Windows store) His work is great and he is a good presenter and teacher. Feel free to also ask him questions about lock picking in the hallways. He is a wealth of knowledge and usually friendly after a cup of coffee in the morning. Beware though, if he asks you to pick the lock to get to the pool on the roof… This talk is Saturday at 6pm. 

2. Definitely catch @razoreqx as he talks about how he is going to own your org in just a few days. If you haven’t seen his bald dome steaming while he drops the knowledge about the nasty stuff that malware can do now, you haven’t lived. I hear he also may give us a bit of secret sauce about what to expect from malware in the next 6 months. You might wanna avoid the first couple of rows of seating in this talk. He often asks for “voluntolds” from the audience and you might not look good in the Vanna White dress… His chrome dome presents on Friday at 7pm.

3. Don’t miss the Keynote by @hdmoore. His keynotes are always amazing and this time it appears he is going to teach you how to port scan the entire Internet, all at once and all in an easy to manage tool and timeframe. He probably will astound you with some of his results and the things he has seen in his research. It’s worth it! The Keynote is Friday at 9am. Yes, 9am in the morning. It rolls around twice a day now… I know… 🙂

Lastly, if you want to see me speak, you can find me on Friday at 1pm as I discuss and unveil the Stolen Data Impact Model (SDIM) project. Check it out! 

PS – There will be plenty of hallway talk and shenanigans at the con. Come out and sit down and chat. I can’t wait to talk to YOU and hear what you have to say about infosec, threats, the future or just what your thoughts are on life. Seriously… I love the hang out. So, drop down next to me and have a chat! See you this weekend!

 PSS – Yes, I might wear my “hippy hacker”/”packet hugger” shirt. Don’t scream “Packet Hugger” at me in the hallway, please, it hurts my feelings…. 

Always Remember the Business, InfoSec Folks

I just got out of yet another meeting with a big company partner for whom we act as an information security and threat advisor. In that meeting, I listened to a keyed-up,  hypercaffinated group of good guy security geeks tell their senior executives about the latest set of DLP controls they were putting in place. They spent 45 minutes describing packet-level checking, data flows, architecture diagrams and the technology of their solution set in painful (even for me) detail. Many of the executives were dosing lightly, while the geeks spun their techno-web. That’s when things took a turn for the worse…

The COO asked them one single question, interrupting a slide about email data flows ~ “How will this impact the business of ‘Dan’s’ group and the ‘Singularity’ project we have been working on since 2011? Doesn’t it depend on some of that data?” (**Names changed to protect the innocent and the guilty…)

Then, NOTHING HAPPENED. You could have heard a pin drop. Dead silence for close to two minutes. Finally, the COO repeated the question. Still nothing. He asked the lead geek if he knew who Dan was, and the geek said yes. He asked if Dan had been interviewed by the geeks prior to this. They said, no. The COO erupted in a rage, railing about how Singularity was the largest new line of business launch in the history of the company and how the projected income from the business would change the landscape of the firm. There were a LOT of apologies and some amount of notes taken to immediately consult with Dan. Much geek cred was lost. It will be a while before they get to present to the executives again like that. 

I tell you this story simply to remind all infosec folks about something I see all too often. It’s about the business. We are about the business. We are there to secure the business, nurture it, protect it, empower it to succeed. If that’s not where you or your team are, then you are doing it wrong. Get it right. Talk to the business. Speak their language. Give up on the “beauty of the baud” approach. Your packets and technology stack may be gorgeous to you, but if they don’t align with the business, then they won’t do anyone, including you, any good at all. Keep that in mind at all times. Also, remember to always talk to Dan ~ he’s a nice guy and he appreciates it. He can give you the answers you need and usually, he desperately wants to understand what you can do to make his project a success. Get to know all the Dan’s in your organization. They drive the world, you support them, together you build business and all of you will succeed!

CMHSecLunch Announcement

We wanted to take a moment and send out a special announcement to our Columbus, Ohio area readers. Brent Huston is pulling together a monthly casual event for IT and InfoSec focused folks in our area. He posted this a few days ago to Twitter (@lbhuston):

#CMHSecLunch 1st attempt – Monday, Nov 12, 11:30 -1pm at Tuttle Mall food court. Informal lunch gathering of infosec geeks. Be There!

We invite all of our local readers to attend. Just have a casual lunch with infosec friends and great conversations. No sign up, no membership fees, no hassle, no fuss. If you can make it, cool, if not, also cool. So, if you have time, drop in and break bread. We hope to see you there.

Let us know on Twitter or in the comments if you have feedback. 

Ask The Experts: Insights on Facebook Friends

This time around, the experts tackle this question:

Q: “Hey Security Experts, should I be friends with everyone that asks on Facebook? What’s the risk of friending people I don’t really know? Can we be friends on Facebook?” –Scott918

Adam Hostetler weighed in with:

I wouldn’t recommend accepting friends request for anyone on Facebook, unless you actually know them. This especially goes for somebody that claims they work at the same company as you, as it really could be somebody building a network of targets to social engineer.

Take advantage of Facebook privacy settings also. Don’t make your information public, and only make it viewable by friends. I would even recommend against putting too much personal information on there, even if it is only among friends. There have been security issues in the past that allow people to get around privacy controls, and Facebook really doesn’t need a lot of information from you anyway.

John Davis added:

The short answer is NO! I’m a big believer in the tenet the you DON’T want the whole world to know everything about you. Posting lots of personal facts, even to your known friends on Facebook, is akin to the ripples you get from tossing a pebble into still water – tidbits of info about you radiate out from your friends like waves. You never know who may access it and you can never get it back! There are lots of different people out there that you really don’t want as your friend – I’m talking about everything from annoying marketers to thieves to child molesters. People like that are trying to find out information about you all the time. Why make it easy for them?

Finally, Phil Grimes chimed in:

Facebook is a ripe playground for attackers. This is something I speak about regularly and the short answer is NO, absolutely not. If you don’t know someone, what is the benefit of “friending” them? There is no benefit. On the contrary, this opens a can of worms few of us are prepared to handle. By having friends who aren’t really friends one risks being attacked directly, in the case of the unknown friend sending malicious links or the like. There is also the risk of indirect attack. If an attacker is stalking Facebook pages, there is a lot of information that can be viewed, even if you think your privacy settings are properly set. Stranger danger applies even more on the Internet.

So, while they may not be your friends on Facebook, you can follow the Experts on Twitter (@microsolved) or keep an eye on the blog at http://www.stateofsecurity.com. Until next time, stay safe out there! 

Touchdown Task for Fall: Prepare Your Holiday Coverage Plan

J0289377

The holidays are right around the corner. Use some cycles this month to make sure your IT support and infosec teams have a plan for providing coverage during the holiday season. 

Does your help desk know who to call for a security incident? Do they have awareness of what to do if the primary and maybe even secondary folks are out on holiday vacation? Now might be a good time to review that with them and settle on a good plan.

Planning now, a couple of months before the holiday crush, just might make the holiday season a little less stressful for everyone involved. Create your plan, socialize it and score a touchdown when everyone is on the same page during the press of the coming months!

 

Great article on File Crypto Tools

I saw this excellent article this morning that covers 5 basic tools for doing file cryptography across platforms. Many of these tools are great solutions and we use them frequently with clients. In particular, we find True Crypt to be a very powerful and useful tool. Many client have embraced this solution for laptop encryption, leveraging the free price and benefit for compliance.

You can read more about these tools here.

Check them out and use the ones that fit your needs in your organization. They are great tools for keeping your business, your business.