This document outlines one university's approach to information security incident management. It discusses core principles of information security, why incident response is important, what constitutes an incident, common incident methodologies, how incidents are discovered, response and evidence acquisition processes, impact on business operations, investigation and analysis, forensic tools and processes, reporting results, and lessons learned. The goal is to effectively contain security breaches and determine if sensitive information was compromised while minimizing business disruption.
Current trends in information security โดย ผศ.ดร.ปราโมทย์ กั่วเจริญBAINIDA
Current trends in information security โดย ผศ.ดร.ปราโมทย์ กั่วเจริญ
ในงาน THE FIRST NIDA BUSINESS ANALYTICS AND DATA SCIENCES CONTEST/CONFERENCE จัดโดย คณะสถิติประยุกต์และ DATA SCIENCES THAILAND
Current trends in information security โดย ผศ.ดร.ปราโมทย์ กั่วเจริญBAINIDA
Current trends in information security โดย ผศ.ดร.ปราโมทย์ กั่วเจริญ
ในงาน THE FIRST NIDA BUSINESS ANALYTICS AND DATA SCIENCES CONTEST/CONFERENCE จัดโดย คณะสถิติประยุกต์และ DATA SCIENCES THAILAND
Threat Hunting 101: Intro to Threat Detection and Incident ResponseInfocyte
Join Infocyte's Vice President of Customer and Partner Success, Chris Mills, for Threat Hunting 101: An intro to using Infocyte HUNT to detect, investigate, and respond to advanced persistent threats, file-less malware, and other sophisticated attacks.
Beyond these slides, please reference the video for additional insight and instruction on how to use our Threat Hunting and Incident Response platform.
This presentation was provided by Blake Carver of Lyrasis during the NISO webinar, DIgital Security: Protecting Library Resources against Piracy, held on November 16, 2016.
In this brief presentation, Chris Gerritz (co-founder and CPO of Infocyte) shares insights on finding and responding to hidden attackers within your network.
Learn about cybersecurity incident response, forensic triage, and the differences between telemetry and protection.
This presentation originally took place at Check Point Software's 2019 CPX 360 conference in Las Vegas.
On today's increasingly militarized Internet, companies, non-profits, activists, and individual hackers are forced to melee with nation-state class adversaries. Just as one should never bring a knife to a gunfight, a network defender should not rely on tired maxims such as “perimeter defense” and “defense in depth”. Today’s adversaries are well past that. This webinar provides:
- Key insights into what we call the Library of Sparta - the collective written expertise codified into military doctrine. Hidden in plain sight, vast free libraries contain the time-tested wisdom of combat at the tactical, operational, and strategic levels.
- Better understanding on how adversaries will target your organization, and it will help you to employ military processes and strategies in your defensive operations.
- Provide you with new approaches and examples about how to translate and employ doctrinal concepts in your current operations.
The Presentation is about the Basic Introduction to Cybersecurity that talks about introduction and what is security means. Also the presentation talks about CIA Triad i.e confidentiality, integrity and availability
Security is a serious issue in the IT industry across the globe, especially with the IT market booming despite the prevailing economic uncertainties. While following
best practices and security policies are very important, they cannot guarantee that your data safety will not be compromised. Ethical hacking and countermeasures
serve to test and evaluate the security of the corporate environment in the real world, using real-world hacking tools and methodologies.
Cybersecurity Incident Response Readiness: How to Find and Respond to Attacke...Infocyte
According to recent reports, nearly 1/3rd of all US Businesses experienced a cybersecurity related breach last year.
With hackers increasingly targeting US businesses and insiders mishandling or misusing their privileges and access, its' imperative that all organizations have incident response (IR) capabilities at the ready. We're talking about real capabilities that include: threat visibility, centralized logging, root cause analysis, and assessment.
While we can agree IR capabilities are important, most businesses do not and may never have on-staff responders or organized security operations - if you are one of these, this talk is for you.
In this talk, Chris explores the processes, procedures, and best practices surrounding Incident Response (IR) as it relates to cybersecurity: Finding, containing, investigating, and eliminating attackers from within your network.
Learn more about cyber threat hunting, incident response, and how a strong incident response process will help your organization stay better protected from cyber attackers.
This presentation, reviewing Cybersecurity Incident Response (IR) Readiness, was originally shared during the 2019 DataConnectors Houston Cybersecurity Conference.
Building a Successful Threat Hunting ProgramCarl C. Manion
Understanding the key components necessary to build a successful threat hunting program starts with visibility, the appropriate tools and automation. Skilled, experienced analysts, engineers and incident responders with analytical minds who can apply concepts and approaches to a variety of different toolsets are also instrumental to the process. In this presentation, We'll describe and discuss some of the most common challenges, recommended best practices, and focus areas for achieving an effective threat hunting capability based on lessons learned over the past 15 years.
Threat Hunting 101: Intro to Threat Detection and Incident ResponseInfocyte
Join Infocyte's Vice President of Customer and Partner Success, Chris Mills, for Threat Hunting 101: An intro to using Infocyte HUNT to detect, investigate, and respond to advanced persistent threats, file-less malware, and other sophisticated attacks.
Beyond these slides, please reference the video for additional insight and instruction on how to use our Threat Hunting and Incident Response platform.
This presentation was provided by Blake Carver of Lyrasis during the NISO webinar, DIgital Security: Protecting Library Resources against Piracy, held on November 16, 2016.
In this brief presentation, Chris Gerritz (co-founder and CPO of Infocyte) shares insights on finding and responding to hidden attackers within your network.
Learn about cybersecurity incident response, forensic triage, and the differences between telemetry and protection.
This presentation originally took place at Check Point Software's 2019 CPX 360 conference in Las Vegas.
On today's increasingly militarized Internet, companies, non-profits, activists, and individual hackers are forced to melee with nation-state class adversaries. Just as one should never bring a knife to a gunfight, a network defender should not rely on tired maxims such as “perimeter defense” and “defense in depth”. Today’s adversaries are well past that. This webinar provides:
- Key insights into what we call the Library of Sparta - the collective written expertise codified into military doctrine. Hidden in plain sight, vast free libraries contain the time-tested wisdom of combat at the tactical, operational, and strategic levels.
- Better understanding on how adversaries will target your organization, and it will help you to employ military processes and strategies in your defensive operations.
- Provide you with new approaches and examples about how to translate and employ doctrinal concepts in your current operations.
The Presentation is about the Basic Introduction to Cybersecurity that talks about introduction and what is security means. Also the presentation talks about CIA Triad i.e confidentiality, integrity and availability
Security is a serious issue in the IT industry across the globe, especially with the IT market booming despite the prevailing economic uncertainties. While following
best practices and security policies are very important, they cannot guarantee that your data safety will not be compromised. Ethical hacking and countermeasures
serve to test and evaluate the security of the corporate environment in the real world, using real-world hacking tools and methodologies.
Cybersecurity Incident Response Readiness: How to Find and Respond to Attacke...Infocyte
According to recent reports, nearly 1/3rd of all US Businesses experienced a cybersecurity related breach last year.
With hackers increasingly targeting US businesses and insiders mishandling or misusing their privileges and access, its' imperative that all organizations have incident response (IR) capabilities at the ready. We're talking about real capabilities that include: threat visibility, centralized logging, root cause analysis, and assessment.
While we can agree IR capabilities are important, most businesses do not and may never have on-staff responders or organized security operations - if you are one of these, this talk is for you.
In this talk, Chris explores the processes, procedures, and best practices surrounding Incident Response (IR) as it relates to cybersecurity: Finding, containing, investigating, and eliminating attackers from within your network.
Learn more about cyber threat hunting, incident response, and how a strong incident response process will help your organization stay better protected from cyber attackers.
This presentation, reviewing Cybersecurity Incident Response (IR) Readiness, was originally shared during the 2019 DataConnectors Houston Cybersecurity Conference.
Building a Successful Threat Hunting ProgramCarl C. Manion
Understanding the key components necessary to build a successful threat hunting program starts with visibility, the appropriate tools and automation. Skilled, experienced analysts, engineers and incident responders with analytical minds who can apply concepts and approaches to a variety of different toolsets are also instrumental to the process. In this presentation, We'll describe and discuss some of the most common challenges, recommended best practices, and focus areas for achieving an effective threat hunting capability based on lessons learned over the past 15 years.
Session 2 (two) of the course Information Technology Security and Business Continuity . Objective if information security, attacking method, responsibilities, risk management and Security System Development Life Cycle are discussed
Presented at Bangladesh Institute of Management on 21 November 2015.
Incident handlers manage security incidents by understanding common attack techniques, vectors and tools as well as defending against and/or responding to such attacks when they occur. In this talk we will discuss modern attacks, techniques, how to defend & respond to those threats.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
Let's dive deeper into the world of ODC! Ricardo Alves (OutSystems) will join us to tell all about the new Data Fabric. After that, Sezen de Bruijn (OutSystems) will get into the details on how to best design a sturdy architecture within ODC.
Search and Society: Reimagining Information Access for Radical FuturesBhaskar Mitra
The field of Information retrieval (IR) is currently undergoing a transformative shift, at least partly due to the emerging applications of generative AI to information access. In this talk, we will deliberate on the sociotechnical implications of generative AI for information access. We will argue that there is both a critical necessity and an exciting opportunity for the IR community to re-center our research agendas on societal needs while dismantling the artificial separation between the work on fairness, accountability, transparency, and ethics in IR and the rest of IR research. Instead of adopting a reactionary strategy of trying to mitigate potential social harms from emerging technologies, the community should aim to proactively set the research agenda for the kinds of systems we should build inspired by diverse explicitly stated sociotechnical imaginaries. The sociotechnical imaginaries that underpin the design and development of information access technologies needs to be explicitly articulated, and we need to develop theories of change in context of these diverse perspectives. Our guiding future imaginaries must be informed by other academic fields, such as democratic theory and critical theory, and should be co-developed with social science scholars, legal scholars, civil rights and social justice activists, and artists, among others.
"Impact of front-end architecture on development cost", Viktor TurskyiFwdays
I have heard many times that architecture is not important for the front-end. Also, many times I have seen how developers implement features on the front-end just following the standard rules for a framework and think that this is enough to successfully launch the project, and then the project fails. How to prevent this and what approach to choose? I have launched dozens of complex projects and during the talk we will analyze which approaches have worked for me and which have not.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
Cause 11 im final
1. Information Security Incident Management
One EDU’s Approach
Johnny Nipper, EnCE
Kevin Lanning, MSIS GSEC CISSP
Benjamin Bressman, GSEC GCIH GCFA
2. Information Security
Level Set
• Core Principles of Information Security
– Confidentiality – Keeping information private
– Integrity – Keeping information accurate
– Availability – Keeping information available (even
in disasters) to authorized parties
3. Why Incident Response?
• Legal and Compliance obligations require
notification when sensitive information is acquired
by unauthorized parties
• University Policy requires a process for responding to
incidents
• Computing environments at large are under constant
attack. (We are no exception)
• Attack Stats
4. What is an incident?
• Acceptance Criteria
– How do we determine the difference between an
incident and an event?
• Could sensitive information/critical system be at risk?
• Was event malicious?
– Maintaining a publicly accessible definition of
sensitive data helps bring clarity during events
– Trust support personnel and the campus
community, but maintain the ability to verify
when validation is needed
5. Incident Management
Methodologies
• One approach—see SANS.org—Course 504
– Planning
• Your departmental contacts
• Communication strategies
• Failover systems and strategies, data
archives/backups
– Identification-Is it an incident?
– Containment-Are intrusions contained?
– Eradication-Is intrusion over?
– Recovery-Are your business functions back to
normal?
– Lessons Learned-Recommendations
6. Incident Management
• Incident Environment?
– Higher education institutions compared with
business or military
– Governance/Culture
– Mission
– Technology types/Infrastructure
7. How are incidents discovered?
• Intrusion Detection/Prevention Systems
• Centrally Managed Anti-Virus
• Complaints by attacked parties
• Support Personnel - Often our first responders
– Help contain the incident and preserve data
– Help balance forensics with business continuity
8. Response, Evidence Acquisition
• Preserve Evidence
– Disconnect from the network?
– How do we power down?
– Preserve “last accessed” times (No AV scans)
– Log access can overwrite valuable information
• What evidence?
– A forensic image, an exact copy of the disk(s)
– Preserving timestamps is key
– Network data, Off-site logs, etc
9. Business Impact
• Must be mindful of business impact
– How will incident response/forensics impact…
• University mission
– Teaching
– Research
– Public Service
• The Department/Group
– When will systems be back up and running?
– Will intruders have a way back into the systems?
• The User
11. Investigation and Analysis
• Provide context for decision makers
– From the perspective of sensitive information:
• Where did sensitive information exist, if at all?
– From the technical perspective:
• Create timelines that detail (for example)…
– File creation and access
– When was malware introduced?
• Capabilities of the malware?
• When was sensitive information last accessed?
12. Forensic Processes and Tools
• Integrity and confidentiality of evidence
– Chain of custody forms
– Cryptographic Hash of hard drives, images
– Storage of hard drives and hard drive images
• Tools
– Guidance Software EnCase, AccessData FTK
– Open source tools like log2timeline
– Anti-malware software (SEP)
– Registry/Log/Browser/OS Artifact data viewers
– Identity Finder – Finds sensitive information
13. Reporting Results
• Cases can be presented to…
– Information Security management
– Office of University Counsel
– Office of Research Compliance
– Internal Audit
– Law Enforcement
• Decision makers help determine next steps
– Is a notification appropriate?
– How can we prevent recurrence?
14. Lessons Learned/Recommendations
• Behavior Modification
– User learns best practices to prevent future incidents
– Sys Admin configures systems to resist similar attacks
• Software Modifications
– Harden software if flaws are found during investigation
– Introduce vulnerability management to be proactive
• Process Modifications
– Business processes may be modified to reduce risk
15. References
• How to Reach Us?
– security@unc.edu
• Documents:
– NIST 800-61 – “Computer Security Incident Handling Guide” (csrc.nist.gov)
• Courses:
– SANS 504 – “Hacker Techniques, Exploits and Incident Handling” (sans.org)
• Tools:
– Guidance Software / EnCase – www.guidancesoftware.com
– Access Data / FTK – www.accessdata.com
– log2timeline – www.log2timeline.net
– Identity Finder – www.identityfinder.com
• Online Resources:
– Forensics Wiki – www.forensicswiki.org
– Forensic Focus – www.forensicfocus.com
– Windows Incident Response – windowsir.blogspot.com
Editor's Notes
Millions of probestens of thousands of attacks per dayfirewalls drop ~3 million attacks per day