Layered Security / Defense in Depth
One area that I have found that even seasoned security professionals have a problem with articulating is layered security (defense in depth). Most are familiar with their area of expertise (servers, networks, pen testing, etc.), but have never viewed security as a heterogeneous process. In my presentation I use a layered diagram to highlight what controls are in what layers, what controls interact across layers, and what a complete layered security model would look like vs. what a more typical company security model does look like.
Nathan Shepard
CISSP, CISM, CRISC, CISA
33 Years in IT.
21 Years in Information Security.
Information Security consulting at the corporate governance level.
Information Security management for outsourced InfoSec delivery.
Cyber Security Layers - Defense in Depth
7P's, 2D's & 1 N
People
Process
Perimeter
Physical
Points (End)
Network
Platform
Programs (Apps)
Database
Data
Building a Next-Generation Security Operations Center (SOC)Sqrrl
So, you need to build a Security Operations Center (SOC)? What does that mean? What does the modern SOC need to do? Learn from Dr. Terry Brugger, who has been doing information security work for over 15 years, including building out a SOC for a large Federal agency and consulting for numerous large enterprises on their security operations.
Watch the presentation with audio here: http://info.sqrrl.com/sqrrl-october-webinar-next-generation-soc
Talking about Next-Gen Security Operation Center for IDNIC+APJII as representative from IDSECCONF. People-Centric SOC requires lot of investment on human in terms of quantity and quality, unfortunately, (good) IT security people are getting rare these days. Organisation need to put their investments more on technology, as in Industry 4.0, machines are getting more advanced to support Human on doing continuous and repetitive task.
Moving from “traditional” to next-gen SOC require proper plan, thats what this talk was about.
Understand and apply concepts of confidentiality, integrity and availability, Apply security governance principles,
Understand legal and regulatory issues that pertain to information security in a global context, Develop and implement documented security policy, standards, procedures, and guidelines, Understand business continuity requirements
Contribute to personnel security policies, Understand and apply risk management concepts, Understand and apply threat modeling, Integrate security risk considerations into acquisition strategy and practice, Establish and manage information security education, training, and awareness
Cyber Threat Intelligence is a process in which information from different sources is collected, then analyzed to identify and detect threats against any environment. The information collected could be evidence-based knowledge that could support the context, mechanism, indicators, or implications about an already existing threat against an environment, and/or the knowledge about an upcoming threat that could potentially affect the environment. Credit: Marlabs Inc
Cyber Security Layers - Defense in Depth
7P's, 2D's & 1 N
People
Process
Perimeter
Physical
Points (End)
Network
Platform
Programs (Apps)
Database
Data
Building a Next-Generation Security Operations Center (SOC)Sqrrl
So, you need to build a Security Operations Center (SOC)? What does that mean? What does the modern SOC need to do? Learn from Dr. Terry Brugger, who has been doing information security work for over 15 years, including building out a SOC for a large Federal agency and consulting for numerous large enterprises on their security operations.
Watch the presentation with audio here: http://info.sqrrl.com/sqrrl-october-webinar-next-generation-soc
Talking about Next-Gen Security Operation Center for IDNIC+APJII as representative from IDSECCONF. People-Centric SOC requires lot of investment on human in terms of quantity and quality, unfortunately, (good) IT security people are getting rare these days. Organisation need to put their investments more on technology, as in Industry 4.0, machines are getting more advanced to support Human on doing continuous and repetitive task.
Moving from “traditional” to next-gen SOC require proper plan, thats what this talk was about.
Understand and apply concepts of confidentiality, integrity and availability, Apply security governance principles,
Understand legal and regulatory issues that pertain to information security in a global context, Develop and implement documented security policy, standards, procedures, and guidelines, Understand business continuity requirements
Contribute to personnel security policies, Understand and apply risk management concepts, Understand and apply threat modeling, Integrate security risk considerations into acquisition strategy and practice, Establish and manage information security education, training, and awareness
Cyber Threat Intelligence is a process in which information from different sources is collected, then analyzed to identify and detect threats against any environment. The information collected could be evidence-based knowledge that could support the context, mechanism, indicators, or implications about an already existing threat against an environment, and/or the knowledge about an upcoming threat that could potentially affect the environment. Credit: Marlabs Inc
An in-depth look at:
1. Disruptive Technology and its impact on organizations.
2. Need for a Security Operations Center (SOC) for the 21st century businesses
3. Designing and operating an effective SOC - what it takes to run a successful SOC starting from how we should prepare our minds in terms of approach to the actual implementation and operation.
4. Qualities any SOC Analyst should possess
5. Measuring the success of a SOC - We discuss critical factors to consider when determining the success of a SOC.
Complete coverage of CISSP 7th Chapter - Security Operations. I have made sure to cover all topics from three books in this presentation. For corrections, clarifications, please feel free to reach me.
Building an effective Information Security RoadmapElliott Franklin
As company information security functions continue to grow each year with increasing attacks and regulations, how are you handling the
pressure? Are you constantly battling to run the business projects and reacting to customer requests? Have you blocked off a few hours each week
on your calendar to close your email, turn off your phone and try to build, assess and maintain an effective vision for your security team? This
presentation will discuss a cascading approach to creating such a roadmap that is easily understood by executives and has helped gain quick buy
in for multiple enterprise wide security projects.
This Edureka PPT on "Application Security" will help you understand what application security is and measures taken to improve the security of an application often by finding, fixing and preventing security vulnerabilities.
Following are the topics covered in this PPT:
Introduction to Cybersecurity
What is Application Security?
What is an SQL Injection attack
Demo on SQL Injection
Follow us to never miss an update in the future.
Instagram: https://www.instagram.com/edureka_learning/
Facebook: https://www.facebook.com/edurekaIN/
Twitter: https://twitter.com/edurekain
LinkedIn: https://www.linkedin.com/company/edureka
The Art of Evading Anti-Virus
There are estimates that security analysts, to include penetration testers, are approximately 5 years behind malicious actors. Anti-virus by itself isn’t enough to stop a malicious individual from gaining access to your servers or computers anymore. In fact many of them have devised ways to evade anti-viruses. We as security professionals should understand how these individuals are doing this, and what tools are available for us to replicate these attacks. Tools such as veil-framework assist us with this. This talk will go over this tool, and how malicious individuals evade anti-viruses with ease.
Quentin Rhoads-Herrera is a security analyst for State Farm. In this position he is responsible for risk analysis and application security assessments. He is accountable for ensuring risks are identified and properly mitigated throughout the organization.
He previously served as the Information Security Director for Clearview Energy and Solarview. In this position he oversaw all information security activities. These included development of company-wide cyber security standards, development of layered defense approaches and the hardening and defense of all company systems.
Mr. Rhoads-Herrera has worked in the Information Security space for a total of seven years serving in roles ranging from Security Consultant to Information Security Director.
An in-depth look at:
1. Disruptive Technology and its impact on organizations.
2. Need for a Security Operations Center (SOC) for the 21st century businesses
3. Designing and operating an effective SOC - what it takes to run a successful SOC starting from how we should prepare our minds in terms of approach to the actual implementation and operation.
4. Qualities any SOC Analyst should possess
5. Measuring the success of a SOC - We discuss critical factors to consider when determining the success of a SOC.
Complete coverage of CISSP 7th Chapter - Security Operations. I have made sure to cover all topics from three books in this presentation. For corrections, clarifications, please feel free to reach me.
Building an effective Information Security RoadmapElliott Franklin
As company information security functions continue to grow each year with increasing attacks and regulations, how are you handling the
pressure? Are you constantly battling to run the business projects and reacting to customer requests? Have you blocked off a few hours each week
on your calendar to close your email, turn off your phone and try to build, assess and maintain an effective vision for your security team? This
presentation will discuss a cascading approach to creating such a roadmap that is easily understood by executives and has helped gain quick buy
in for multiple enterprise wide security projects.
This Edureka PPT on "Application Security" will help you understand what application security is and measures taken to improve the security of an application often by finding, fixing and preventing security vulnerabilities.
Following are the topics covered in this PPT:
Introduction to Cybersecurity
What is Application Security?
What is an SQL Injection attack
Demo on SQL Injection
Follow us to never miss an update in the future.
Instagram: https://www.instagram.com/edureka_learning/
Facebook: https://www.facebook.com/edurekaIN/
Twitter: https://twitter.com/edurekain
LinkedIn: https://www.linkedin.com/company/edureka
The Art of Evading Anti-Virus
There are estimates that security analysts, to include penetration testers, are approximately 5 years behind malicious actors. Anti-virus by itself isn’t enough to stop a malicious individual from gaining access to your servers or computers anymore. In fact many of them have devised ways to evade anti-viruses. We as security professionals should understand how these individuals are doing this, and what tools are available for us to replicate these attacks. Tools such as veil-framework assist us with this. This talk will go over this tool, and how malicious individuals evade anti-viruses with ease.
Quentin Rhoads-Herrera is a security analyst for State Farm. In this position he is responsible for risk analysis and application security assessments. He is accountable for ensuring risks are identified and properly mitigated throughout the organization.
He previously served as the Information Security Director for Clearview Energy and Solarview. In this position he oversaw all information security activities. These included development of company-wide cyber security standards, development of layered defense approaches and the hardening and defense of all company systems.
Mr. Rhoads-Herrera has worked in the Information Security space for a total of seven years serving in roles ranging from Security Consultant to Information Security Director.
Introducing the Vulnerability Management Maturity Model - VM3
The information security landscape has evolved significantly during the last 5 years with the emergence and wider use of new technologies such as Cloud, BYOD, Mobile and the Internet of Things. Alongside this landscape, corporate organizations‰Ûª key defense leaders, CIOs, CSOs and CISOs, have evolved in their information security defense strategies, as well as in how they think and approach information security. This different and evolved landscape, combined with defense leaders‰Ûª new mindset, has influenced key information security processes and in particular, has resulted in a greater understanding of the process of Vulnerability Management.
This session presents a Vulnerability Management Maturity Model, referred to as VM3, and which identifies six different levels of vulnerability management maturity within which different organizations operate. Detailed findings and lessons learned from of a recent study on vulnerability management maturity are shared.
The session covers the six high level activities, as well as a surrounding business environment which characterize an organization's execution of the vulnerability management process. Key challenges present within each of the six high level activities of vulnerability management, as well as challenges imposed by the organization's surrounding business environment are identified and described. Attendees will learn and appreciate how these key challenges impede one's ability to achieve higher levels of maturity, as well as strategies on overcoming these identified challenges. Attendees will learn how they may help their organization evolve to higher levels of vulnerability management maturity, with the goal of achieving lower levels of information security risk.
Gordon MacKay, CISSP, Software/Systems Guru with a dash of security hacking, serves as CTO for Digital Defense, Inc. He applies mathematical modeling and engineering principles in investigating solutions to many of the challenges within the information security space. His solution to matching network discovered hosts within independent vulnerability assessments across time resulted in achieving patent-pending status for the company’s scanning technology.
He has presented at many conferences including ISC2 Security Summit, Cyber Texas, BSides Detroit, BSides San Antonio, BSides Austin, BSides DFW, RSA and more, and has been featured by top media outlets such as Fox News, CIO Review, Softpedia and others.
He holds a Bachelor's in Computer Engineering from McGill University and is a Distinguished Ponemon Institute Fellow.
Array Networks - A Layered Approach to Web and Application Security
Encryption creates the need for at least two levels of security. ADC’s provide high availability and a secure layer for SSL traffic termination, decryption, inspection and forwarding to advanced security appliances for further inspection.
Ed Keiper is a senior systems engineer with Array Networks. His background includes 10+ years of experience in cloud computing, infrastructure and security.
Detecting and Catching the Bad Guys Using Deception
Traditional controls are well known for their short comings in the face of modern cyber-attacks. Cyber security technologies will make use of signature based, behavioral, Next Generation capabilities or attempt to augment capabilities by leveraging cloud based or on premise cyber analytics warehouse and threat intelligence feeds via indicator of compromise (IOC) or other mechanisms. Although the later efforts have increased organizational cyber capabilities, they only do so with proper investments in people, process and technology. Additionally, as attackers adapt to defenses, these controls begin to experience decreasing marginal rates of defensive capability.
Deception programs, architectures and technologies endeavor to augment existing cyber security capabilities through the use of honeypots or honey net (decoys) or breadcrumbs or broken glass (deceptions).
Advanced deception technologies are differentiated by the use of distributed deception technology which features agentless, simple deployment capabilities with lightweight deceptions that leverage operating system objects deceive attackers into triggering alerts. Normal users would never trigger the deceptions as an attacker would, resulting in high fidelity alerting with near-zero false positives. Such technology consequently serves to not only augment cyber security capabilities post-breach but provides a new, highly effective post-breach cyber security capability along with precise real-time forensics.
James Muren is a strategist and delivers workshops in cyber security strategy, GRC and security architecture that are used to develop long-term strategies and tactical roadmaps for customers that addresses security for legacy and cloud architectures. As a strategic management consultant and having built fully capable cyber programs in the past, he helps mentor and lead teams for programs & projects in information technology & cyber security. James is primarily focused on the business benefits of cyber security, and the demonstration of those benefits through metrics that can be quickly communicated to executive leadership. By properly integrating security controls within a regulatory and policy context, security programs such as breach and incident response, data governance, forensics, etc. can properly demonstrate value, receive proper investment and adequately secure organizations.
James is also a researcher. His areas of research include: Continuous GRC, cyber analytics, Trusted Computing Group (TCG), Security Automation, Hardware & Software Security, ICS, SCADA, IOT, Malware Research, Full System Security Design Lifecycle and Leap Ahead technology.
A Brief History of Cryptographic Failures
Cryptography is hard. It's not hard in the way a challenging video game is, or hard like getting through War and Peace without falling asleep, or even hard like learning a new skill. Cryptography is hard because it's both a system and a technical implementation, and failures in either part can have catastrophic (and sometimes existential) impacts. In this talk we'll take a look at some of the many ways that cryptographic systems have failed over the years, from accidental design flaws like the Data Encryption Standard (DES) defeat so elegantly demonstrated by the Electronic Frontier Foundation to intentional design flaws such as the reported National Security Agency (NSA) backdoor in the Dual Elliptic Curve (EC) Deterministic Random Bit Generator (DRBG). This talk will be a high-level discussion... no PhD in mathematics is required!
Brian Mork is the Chief Information Security Officer for Celanese, where he acts as a senior level executive reporting to the Chief Information Officer (CIO) and leading the strategy and operations of Information and Systems Security. His areas of responsibility include the Security Operations Center (SOC), SAP security, global security architecture, Industrial Control Systems (ICS) security architecture and governance, and the firewalls. He is responsible for establishing and maintaining an enterprise wide information security program to ensure that data information assets are adequately protected. Responsible for identifying, evaluating and reporting on information security risks in a manner that meets company needs, compliance and regulatory requirements. Mr. Mork oversees all technology risk management activities and acts as an advocate for all information security and business continuance best practices.
Between The Keyboard And The Chair - Cybersecurity's Secret Weapon
People are usually dismissed as Cybersecurity's weakest link, but what if they weren't? What if instead they could be a secret weapon? This session will focus on moving away from basic cybersecurity awareness toward building a comprehensive cybersecurity wellness program that uses communication, recognition, and incentives to build relationships with employees. In turn, the presentation will also examine the measurable return on investment for cybersecurity education as compared with the traditional investment in technology controls.
George Finney, J.D., has worked in Cybersecurity for over 15 years and is the author of the book No More Magic Wands: Transformative Cybersecurity Change for Everyone. He is currently the Chief Information Security Officer for Southern Methodist University where he has also taught on the subject of Corporate Cybersecurity and Information Assurance. Mr. Finney is an attorney and is a Certified Information Privacy Professional as well as a Certified Information Security Systems Professional and has spoken on Cybersecurity topics across the country.
Artifacts Are for Archaeologists: Why Hunting for Malware Isn't Enough
Spoiler Alert: It's because attackers can (and do) abuse legitimate software, administrative tools, and scripting environments which are considered benign and not caught by traditional antivirus software. Since attackers can use legitimate software to conduct their nefarious behavior, how do you catch them? It’s simple: Look for the behavior.
LightCyber's Behavioral Attack Detection platform detects and highlights the network behaviors of attackers that have penetrated the perimeter. This provides visibility that allows security teams to locate and eradicate network intruders quickly, regardless of what tools the attackers are using to achieve their goals. With LightCyber's Network-to-Process Association technology, attacker behaviors can be tracked back to the exact process that originated the behavior.
We will discuss the top tools that have been detected and associated with attacker behavior inside of LightCyber customer environments, all of which are legitimate software. There will also be an overview of how LightCyber Magna works.
Mark Overholser has been a lifelong technology enthusiast, and made his passion his career. After working for many years at a multi-billion-dollar medical supply manufacturer and distributor using technology to achieve business goals, he started to wonder about what sorts of controls were in place to help make sure technology would only do good, not harm. One thing led to another, and he then was one of the first members of the new information security team. After working hard to grow the team and build the information security practice, he left to take a breather and now is working to help information security teams everywhere understand threats and get the most out of their defensive technologies.
A Day in the Life of a CISO
The intent of this presentation is to present the diverse nature of being a CISO today within the context of a public, regulated and targeted organization. The content is to both inspire and warn those whose career choices may include the CISO destination.
Mark Nagiel SVP/CISO, PrimeLending (4th. largest mortgage company in the US)
Director, Information Security (MetroPCS/T-Mobile)
VP, Technology/VP Information Security (InCharge Institute - Financial Services)
Co-Founder, Network Audit Systems, Inc. (Acquired by Armor Holdings (NYSE company)
InfoSec Chief (Niagara Mohawk Power Corp.)
User and Entity behavior analytics (UEBA) and identity analytics (IdA) created from behavior-based machine learning models are changing security methodologies and architecture in many domains. UEBA and IdA are converging with SIEM, IAM, DLP, CASB and EDR solution areas to impact security solution design and functionality. The shift includes moving from a declarative rules and roles-based environment into behavior-based risk scoring to determine intelligent roles, adaptive access, plus predicting and detecting insiders, account hijacking, data exfiltration and cloud access and abuse. We are surrounded by many uses of machine learning in our daily lives and until only recently are security solutions catching up to this force multiplier.
Attendees will learn the following:
• The shift from declarative rules and roles to machine learning models
• Understanding excess access risks, outliers and intelligent roles
• How machine learning models predict and detect unknown threats
• The importance of dynamic peer groups in clustering and outlier machine learning
• Migrating to adaptive access and risk-based access reviews
• Driving deterrence and detection with self-audits for employees and partners
Mark Timothy Mandrino GURUCUL Sales Director of User Entity Behavior Analytics at Gurucul Mark is an accomplished sales professional with over 25 successful years in the Security and Information Technology space. 5 plus years in sales management and 2 years in business development startup ownership venture. He runs the practice for Gurucul in a 7 state region educating Fortune 100 and up customers in the Identity Detection Intelligence and the UEBA market.
He is ITIL certified, has worked in the eDiscovery space, security services space and is associated with many of the top security vendors in the world. For fun Mark likes to hunt, fish, cook and spend time with his family. Loves sports and has coached little league baseball for 10 plus years before moving to Texas in 2015 from Boston, MA. Mark has traveled the world as a missionary’s son and lived in 22 states and 4 countries before he was 18. He enjoys the daily challenges of information security and IT. Loves helping his clients tackle the tough issues.
Cyber Insurance – Did You Know?
We present a brief discussion of risk and the ways that risk can be handled by an organization, one of which mechanisms is the transfer of risk via insurance.
We describe key terms and concepts related to business insurance generally and cyber insurance specifically.
These concepts will include brief descriptions of duties to indemnify, duties to defend, limits, sublimits, exclusions, and retentions, as well as different types of insurance, including CGL policies, Crime policies, E&O, D&O, PGL, and cyber policies.
We present an introduction to the domain of cyber insurance, discussing how cyber events may or may not be covered by traditional insurance products as well as by cyber insurance products.
We will talk about the role of “standardized” contracts supplied by the ISO (Insurance Services Office), how these are changing in the cyber age, and the need for customized contracts.
We will also present a general discussion of the cost of cyber insurance, the market penetration of cyber insurance in the US, and the cost of cyber events, citing data from public sources as well as reports from NetDiligence®
Heather Goodnight-Hoffmann
Over 20 years as Global Sales and Business Development Consultant
Cofounder and President, Risk Centric Security, Inc.
Ponemon Institute RIM Council (Responsible Information Council)
Business Development Manager at Navilogic, Inc.
Cofounder and Partner, Cyber Breach Response Partners, LLC
Co-author & co-analyst, NetDiligence® 2016 Cyber Claims Study
Patrick Florer
37 years in Information Technology
17 year parallel career in evidence-based medicine
Cofounder and CTO, Risk Centric Security, Inc.
Member, Ponemon Institute RIM council
Distinguished Fellow, Ponemon Institute.
Cofounder and Partner, Cyber Breach Response Partners, LLC.
Co-author & co-analyst, NetDiligence® 2016 Cyber Claims Study
Intellectual Property Protection―
Cross Roads between Ethics, Information Security, and Internal Audit
Richard (Rick) Brunner has more than 40 years experience in information security and technology, specializing in secure systems/application design and development, system architectures, information risks and controls, testing, and strategy and program management. Rick’s past assignment was as an Assistant Vice President, Security Strategy and Architecture at GM Financial and has worked in Healthcare, Finance, Human Resources, Military, and Intelligence. Rick has 32 years of military service, both active and reserves, rising to the rank of Colonel (0-6). He holds an Executive Jurist Doctorate degree, concentration in Law and Technology from Concord Law School; Master of Science degree in Computer Science, concentration in Information Systems Security from James Madison University; and a Bachelor of Science degree in Mathematics and Computer Science from University of Texas at San Antonio. Rick is an Assistant Faculty member at Collin College, instructing courses in their cyber security program and is an active member of Collin’s Cyber Security Advisory Board. Rick holds the following certifications:
• Certified Information Systems Security Professional (CISSP) (Certification Number: 375658)
• SABSA Chartered Security Architect - Foundation Certificate (SCF) (License SCF14020703)
• ITIL Foundation Certificate in IT Service Management (Certification Number: 37823)
Ransomware: History Analysis & Mitigation
An hour long look at ransomware's beginnings, ransomware in the news, variants throughout the years, cutting edge malware analysis, and mitigation techniques.
Andy Thompson is a member of the Shadow Systems Hacker Collective, and Dallas Hackers Association, I'm active in the Dallas InfoSec community. Currently a Technical Advisor for CyberArk Software, I work with Fortune 500 companies assisting them in advancing their CyberSecurity Programs.
Mitigating Security Risks in Vendor Agreements
Providers of software, software-as-a-service, managed services, and professional services have varying degrees of sophistication in addressing security in their form contracts. Learn from an experienced technology attorney how to understand key clauses, or discover when they are missing, to ensure that the company's vendors are compliant with the appropriate security measures before signing the deal.
Brian Kirkpatrick is the founding shareholder of Kirkpatrick Law PC and a business attorney with a technology focus. He also serves as Of Counsel to Mullin Law PC for matters involving technology and information security.
His practice revolves around clients needing assistance in technology transactions, data privacy, cyber security, software compliance and audits, and general counsel related to business matters. Brian was voted 2015 Top Technology Attorney in Tarrant County by his peers as published in Fort Worth Texas Magazine.
Brian has published numerous articles and lectured nationally on legal topics such as software as a service, software licensing, contract negotiation, cyber security and legal considerations when starting a business. He is also featured in radio news interviews, as a conference panelist, a featured speaker, and is featured in an instructional video series about conducting negotiations. Before entering the legal profession, Brian was a Vice President commercial banker.
Brian is a graduate of Texas A&M University School of Law where he was inducted into the National Order of Barristers. He also has a Masters of Arts in Applied Economics from Southern Methodist University and a Bachelors of Science in Economics from Texas A&M University - Commerce where he was inducted into the Omicron Delta Epsilon International Economics Honor Society.
Day in the Life of a Security Solutions Architect
I'd like to present my "Day in the Life of a Security Solutions Architect" at Hewlett Packard Enterprise. In this presentation, I'll go into detail of what exactly I do as a security architect, and my career progression which got me there. I'll speak about my daily activities, successful client engagements, skills required, etc. I'm happy to answer any questions from the audience, share insights, what I wish I had done earlier in my career, etc.
Marco Fernandes is a Security Solutions Architect at Hewlett Packard Enterprise. Prior to that I worked in IT in the defense industry and security consulting in the commercial world. I'm also President of the North Texas Cyber Security Association. I was born in Dallas, TX, and I obtained my Bachelor of Science in Business Computer Information Systems from the University of North Texas. I've In my free time I enjoy card games, reading, fitness, watching WWE wrestling, & helping my community.
Red, Amber, Green Status: The Human Dashboard
This session will outline the importance of presenting actionable metrics for the Security Awareness program. Oftentimes security programs are presented while omitting the most constant threat to Information Systems: the human. From a security awareness perspective, we will review analytics that include key performance indicators that may already be available to you; they just need to be added to the new human dashboard.
Laurianna Callaghan currently serves as a security consultant for Ana Academy, a Dallas based security training company. Previously, Laurianna worked with Dell where she was the creator of security analytics for a major healthcare customer which were presented at the 2016 IASAP conference. In addition, Laurianna has more than 21 years experience in various IT domains. She has served as the Director of Systems Engineering for a telemarketing firm, the UNIX/MVS Manager for a major airline and has IT experience in the healthcare, communications, transportation, education, retail, and other industry sectors. Laurianna holds both the CCNA Security and CISSP designations.
Hacking Performance Management, the Blue Green Game - With a live demo!
Dr. Branden R. Williams has almost twenty years of experience in technology and information security, both as a consultant and an executive. Branden co-founded a technology services company that provided the foundation to a prominent e-learning company. He has vast experience as a practitioner and consultant which included helping companies create user-centric security controls and models. His specialty is navigating complex landscapes—be it compliance, security, technology, or business—and finding innovative solutions that save companies money while reducing risk and improving performance. Along the way, he was a Consulting Director for VeriSign/AT&T, one of four CTOs at RSA, ISSA Distinguished Fellow, elected to the PCI Board of Advisors, and author of four books.
Assuming people are rational, we all do things to maximize our payoffs. It's why things like Enron, and the Sub Prime mortgage crisis happen. This demonstration will show you a key element to designing performance management systems that employees will hack to their advantage.
Business Geekdom: 1 = 3 = 5
Each year a security team participates in several audits, meetings with the business and strategy meetings. Often times, security is seen as one imposing requirements that are either too difficult, impossible to manage or flat out ridiculous.
This is similar to a geek. A geek is defined, as, "an unfashionable or socially inept person." Is this socially ineptness actually just the lack of the ability to translate the passion of the security professional to the business professional?
In this presentation, I would like to cover how to create, establish and evangelize a framework that has one backend with several frontends. The backend is a common security control framework (not the UCF) and the front end translates to the various business units, audits and business strategies encountered in a security professionals profession each year.
Grant Gilliam is a Enterprise and Solutions Architect for CHRISTUS Health. Previously, Gilliam has been a security architect, senior security engineer and senior data security analyst. Industries worked in include healthcare, insurance, software and news media. Gilliam has also established and created his own business focusing in outsourcing non-competitive business tasks for allowing clients a strategic advantage over competitors by minimizing FTE and contractor headcount.
His educational background includes a Master of Science in Information Systems, focusing in Information Security, and Bachelor of Business Administration in Management Information Systems, both from Baylor University. The focus of his masters degree research was IT law and Intellectual Property. Gilliam also is a Certified Information Systems Security Professional, Certified Information Security Manager and Certified Information Systems Auditor.
From Jisc's campus network engineering for data-intensive science workshop on 19 October 2016.
https://www.jisc.ac.uk/events/campus-network-engineering-for-data-intensive-science-workshop-19-oct-2016
We'll hear from a few local industry experts on the war stories, design considerations and best practices of NAC (Network Admission Control / 802.1x ) deployments. Each lightning talk will feature different point of views and vendors. After the talks, we'll host a Q/A panel with questions from our audience. Please come with some questions! Feel free to enter them in the RSVP or post on the meetup page.
Talks and Q/A panel will be done by: Kyeyeon Kim, Andy Richter, Josh Trivilino
How do we separate hype from useful information in Cyber Security? As Congress is debating a National privacy law, and several states have privacy and breach reporting laws, how will that impact our workload? Privacy starts with good cyber-hygiene. We will look at how we can leverage the focus on Privacy to address standards for:
Firewall and network Configs,
Cloud security
Protocols and ports that need attention
Authentication best practices
Server and network rights
Password rules
Watch the TechWiseTV Episode: http://cs.co/9001Bvqpz
Watch the workshop replay: http://bit.ly/2bAsxby
See how the latest evolution of Cisco TrustSec helps protect critical assets by extending and enforcing policies anywhere in your network. Go in-depth with how Cisco TrustSec simplifies your network security with software-defined segmentation.
The SOC analyst training program is meticulously designed by the subject matter experts at Infosec Train. The training program offers a deep insight into the SOC operations and workflows. It is an excellent opportunity for aspiring and current SOC analysts (L1/L2/L3) to level up their skills to mitigate business risks by effectively handling and responding to security threats.
https://www.infosectrain.com/courses/soc-analyst-expert-training/
The SOC analyst training program is meticulously designed by the subject matter experts at Infosec Train. The training program offers a deep insight into the SOC operations and workflows. It is an excellent opportunity for aspiring and current SOC analysts (L1/L2/L3) to level up their skills to mitigate business risks by effectively handling and responding to security threats.
https://www.infosectrain.com/courses/soc-analyst-expert-training/
My talk from the ICS Cyber Security Conference in Atlanta on October 24th. Really enjoyed the great conversations on a topic which really can highlight the difference of opinions in the ICSsec community. Hope you all enjoy!
PLNOG19 - Gaweł Mikołajczyk & Michał Garcarz - SOC, studium ciężkich przypadkówPROIDEA
Sesja o doświadczeniach profesjonalnego zespołu SOC (Security Operations Center) w oparciu o przykłady z życia wzięte. Od anatomii ataków do rekomendacji jak można się skutecznie bronić.
The presentation provides a topical overview of the areas to be looked at when conducting a Firewall, Router, or Switch configuration review. This presentation is based on a slide deck I prepared for an internal Learning & Growth session in March of 2014. More detailed material is available from the "References" slide.
Don’t Get Caught in a PCI Pickle: Meet Compliance and Protect Payment Card Da...DataStax
Data security is an absolute requirement for any organization – large or small – that handles debit, credit and pre-paid cards. But navigating, understanding and complying with PCI-DSS (Payment Card Industry – Data Security Standards) regulations can be tough. In this webinar, we’ll examine the guidelines for securing payment card data and show you how a combined solution from DataStax and Gazzang can put you on course for compliance.
How do we separate hype from useful information in Cyber Security? As Congress is debating a National privacy law, and several states have their own privacy and breach reporting laws including Georgia, how will that impact our workload? Privacy starts with good cyber-hygiene. We will look at how we can leverage the focus on Privacy to address standards for:
Firewall and network setups
Cloud security
Protocols and ports that need attention
Authentication best practices
Server and network rights
Password rules
Similar to NTXISSACSC4 - Layered Security / Defense in Depth (20)
Italy Agriculture Equipment Market Outlook to 2027harveenkaur52
Agriculture and Animal Care
Ken Research has an expertise in Agriculture and Animal Care sector and offer vast collection of information related to all major aspects such as Agriculture equipment, Crop Protection, Seed, Agriculture Chemical, Fertilizers, Protected Cultivators, Palm Oil, Hybrid Seed, Animal Feed additives and many more.
Our continuous study and findings in agriculture sector provide better insights to companies dealing with related product and services, government and agriculture associations, researchers and students to well understand the present and expected scenario.
Our Animal care category provides solutions on Animal Healthcare and related products and services, including, animal feed additives, vaccination
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptxBrad Spiegel Macon GA
Brad Spiegel Macon GA’s journey exemplifies the profound impact that one individual can have on their community. Through his unwavering dedication to digital inclusion, he’s not only bridging the gap in Macon but also setting an example for others to follow.
Meet up Milano 14 _ Axpo Italia_ Migration from Mule3 (On-prem) to.pdfFlorence Consulting
Quattordicesimo Meetup di Milano, tenutosi a Milano il 23 Maggio 2024 dalle ore 17:00 alle ore 18:30 in presenza e da remoto.
Abbiamo parlato di come Axpo Italia S.p.A. ha ridotto il technical debt migrando le proprie APIs da Mule 3.9 a Mule 4.4 passando anche da on-premises a CloudHub 1.0.
1.Wireless Communication System_Wireless communication is a broad term that i...JeyaPerumal1
Wireless communication involves the transmission of information over a distance without the help of wires, cables or any other forms of electrical conductors.
Wireless communication is a broad term that incorporates all procedures and forms of connecting and communicating between two or more devices using a wireless signal through wireless communication technologies and devices.
Features of Wireless Communication
The evolution of wireless technology has brought many advancements with its effective features.
The transmitted distance can be anywhere between a few meters (for example, a television's remote control) and thousands of kilometers (for example, radio communication).
Wireless communication can be used for cellular telephony, wireless access to the internet, wireless home networking, and so on.
This 7-second Brain Wave Ritual Attracts Money To You.!nirahealhty
Discover the power of a simple 7-second brain wave ritual that can attract wealth and abundance into your life. By tapping into specific brain frequencies, this technique helps you manifest financial success effortlessly. Ready to transform your financial future? Try this powerful ritual and start attracting money today!
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024APNIC
Ellisha Heppner, Grant Management Lead, presented an update on APNIC Foundation to the PNG DNS Forum held from 6 to 10 May, 2024 in Port Moresby, Papua New Guinea.
1. @NTXISSA #NTXISSACSC4Dell - Internal Use - Confidential
Layered Security/Defense In
Depth
Nathan Shepard
Customer Information Security Manager
Dell Services
October 7-8, 2016
2. @NTXISSA #NTXISSACSC4Dell - Internal Use - Confidential
Bio
• Customer Information Security Manager
• Currently on a financial customer
• Serviced over 20 customers in my 17 years with Perot/Dell
• Healthcare
• Power
• Finance
• Others
• Corporate level consulting
• Information Security Management
• CISSP
• CISM
• CISA
• CRISK
• 33 Years in IT
• 21 Years in InfoSec
• Veteran, U.S. Army, U.S. Coast Guard
NTX ISSA Cyber Security Conference – October 7-8, 2016 2
3. @NTXISSA #NTXISSACSC4Dell - Internal Use - Confidential
This Presentation
• Is based on Information Security best practices (a conglomeration of practices
derived from regulatory requirements and published industry standards) and is
meant to give a general overview of what a comprehensive Information Security
program should look like in any given industry.
• Is high level, my objective is to outline the scope of an entire Information
Security program, not provide precise details on each and every aspect.
• Is not a sales presentation. I have nothing to sell you.
• Isn’t meant to scare you, but it might.
• Isn’t meant to dissuade you from following an InfoSec career, but it might.
• Don’t ask me detailed in depth questions about the controls, I’m a generalist. I
point to the correct subject matter experts for the controls.
4. @NTXISSA #NTXISSACSC4Dell - Internal Use - Confidential
Why this presentation?
• In many of the presentations you will see this weekend, or at other venues, you will
receive an in depth analysis of a problem, or a process, or a tool, or a control.
• While these are excellent, I have seen no presentations on how it all fits together.
• In my role, I frequently have to interview individuals for the same or similar positions
as the one I occupy and enjoy.
• I ask each one of them to explain to me “Defense in Depth” or “Layered Security”.
Maybe 1 in 5 can give a good answer. And these are all seasoned security
professionals.
• May of us have tunnel vision, knowing a LOT about specific aspects of security, but
lacking an overview of the entire process.
• Today, I want to remedy that situation.
5. @NTXISSA #NTXISSACSC4Dell - Internal Use - Confidential
Confusion! So many vendors, so little time.
Alert
Logic
SecurIS
SafeNet
Sentinel IPS
Shavlik
Solutionary
VeloCloud
Vipre
SourceFire
Niksun
Varonis
Cylance
Tempered
ThreatTrack
Cadre
SecureData Vormetric
VisualClick
Wild Packets
ZixCorp
Attivo
ProtectWise
iScanOnLine
PaloAlto
NSFocus
UDI
SentinalOne
Data Solutions
LightCyber
LogRhythm
Lumeta
LanDesk
NexusGuard
Kasperskey
JumpCloud
IXIA
InNet
Hytrust
Gigamon
eSkyCity
InfoBlox
F5
Fortinet
Future
Com
Genalto
GlobalScape
Interface
Masters
Preferred Technology SkyPort Systems
NetBoundry
Observable
Networks
OpenDNS
Dell Secure
Works
Sumologic
Unique Digital
Cyber Reason
Juniper
egress
Druva
DarkTrace
Cumulus
Symantec
Microsoft
McAfee
Nessus
Qualys
A10
Above Security
AccuData
Barracuda
Beyond
Security
BlueCoat
Cleo
CheckPoint
Cisco
Critical Start
Critical Watch
BitDefender
Sophos
TrendMicro
eset
BAE
Systems
Clearswift
RedSeal
F-Secure
Stormshield
Webroot
Panda
IBM
Bit9
SnoopWall
InfoDefense
iNetU
Apcon Packetviper
SIMS
Tiepoint
Synack
Caliber
DirectDefense
AVI
Networks
Forrester
Duo
SecureAuth
Stealthbits
Fidelis
Venafi
ForeScout
Xirrus
BeyondTrust
BluVector
Illumio
MaxNet
Aerohive
invincea
Centrify
Cyber-Ark
Axway
WatchGuard
iMPERVA
RSA
Riverbed
Tripwire
FireEye
Intelisecure
NetSpi
Accenture
TippingPoint
Aruba
Networks
Extreme Networks
13. @NTXISSA #NTXISSACSC4Dell - Internal Use - Confidential
Data Centers
• Redundancy:
• Locations Power suppliers Off line power (generators)
• Fuel for off line power Telecommunications Networking
• Air Conditioning Water
• Capacity Planning
• Access
• Highly Restricted Card Keys Locked cabinets
• Segregated areas (fencing/locks) Tied to change management Controlled by DC Ops
• Detection
• Fire/Smoke Water Temperature
• Humidity CCTV Intrusion (Doors)
• Fire Suppression
• Change Procedures
• Cleaning and Maintenance
• Hard drive retention/disposal
15. @NTXISSA #NTXISSACSC4Dell - Internal Use - Confidential
Network
• Segmentation
• Avoiding flat networks
• VLANs for separation
• Avoiding any-any rules
• Separate Users from Infrastructure
• Separate Development, Test, Q/A, UAT, Production
• Separate regulated areas such as for PCI compliance
• Separate other high risk departments (medial records, finance, HR)
• Separate by major Departments
• Separate by geographically
• Separate by function (such as administrator access on a separate VLAN)
• Admin access
• Strict controls over modify access
• Ensure all of your eggs are NOT in one basket (San Francisco, 2008,
http://www.infoworld.com/article/2653004/misadventures/why-san-francisco-s-network-admin-
went-rogue.html)
• Network Intrusion Prevention/Detection
• On internal segments, not just ingress/egress
16. @NTXISSA #NTXISSACSC4Dell - Internal Use - Confidential
Network (cont)
• Internal Transmission Encryption
• Password transmission
• General internal transmission encryption is not mandated (that I know of), but should be
considered
• NAC (Network Access Controls)
• Server registration
• End point device registration and mandatory controls.
• Non-compliant isolation
• Rogue Wireless Access Points
17. @NTXISSA #NTXISSACSC4Dell - Internal Use - Confidential
Servers/Databases
• Asset Management
• If you don’t know what you have, how can you protect it.
• Business Ownership
• What servers, DBs, support what applications
• File Integrity Monitoring
• HIDS
• Crown Jewels (PII, PHI, PCI, DC, Key Manager, Finance)
• Backups
• Backup Encryption
• OS Patching
• DB Patching
• Encryption at Rest
• Access Control
• Provisioning/De-Provisioning
• Separation of duties
• RBAC
• Auditing
• Identity Management (IDM)
18. @NTXISSA #NTXISSACSC4Dell - Internal Use - Confidential
Servers/Databases (cont)
• Admin Access
• Unique UserID (no generic) access
• Don’t use the same UserID as their normal network/workstation access.
• Minimize domain and server admin access
• Log actions taken
• Encrypted access (no Telnet)
• Change Controls
• Post deployment changes (applications, databases, etc)
• Vulnerability Scanning
• Promotion to use (Dev/Test/Prod)
19. @NTXISSA #NTXISSACSC4Dell - Internal Use - Confidential
Servers/Databases (cont)
• Secure Configuration
• Industry standard controls (vendor, NIST, customized) Gold images
• Standardized configurations per OS, per use, per zone Vulnerability scanned images
• Supported OS (n-1); Documentation (run documents) Log Settings
• Centralized Logging Anti-Virus
• Removal of un-needed services/software Asset Management
• Patching Asset Management Agent
• Monitoring File integrity monitoring
• Authentication credential controls Encryption at Rest
• Encryption in transit Auto-logoff
• Default UserIDs Default Passwords
• No dual-homed More
21. @NTXISSA #NTXISSACSC4Dell - Internal Use - Confidential
Applications (cont)
• SDLC (Software Development Lifecycle)
• Code change controls
• Separation of duties
• Libraries access
• Development environment controls
• Equal security controls
• Live data use restrictions (ePHI De-Identification)
• Network segregation
• No development on production systems
• Integrity controls
• Input/output verification Error handling Incomplete data
• Missing field required Data field Limit Balancing controls
• Duplicate records processing Data buffer overrun Check digit validation
• Data field combination or correlation tests
• Scripting vulnerabilities identification and remediation prior to publication
• Restrict stored data changes to the application interface only
22. @NTXISSA #NTXISSACSC4Dell - Internal Use - Confidential
EndPoint
• Desktop admin access
• Secure Configuration
• Anti-Virus
• Local Firewall
• Media Controls
• Application Controls
• Host Data Loss Prevention
• Host Intrusion Prevention
• Disk/File Encryption
• Patching
• Mobile devices
• BYOD
• Monitored 24x7
24. @NTXISSA #NTXISSACSC4Dell - Internal Use - Confidential
Virtualized Environment
• Tools may differ from the ‘physical’ devices
• Consistency of controls across all guests
• Hardening of the host virtualization environment
• Ensuring resource allocation has accounted for security control overhead (such
as AV scanning which can be resource intensive)
• Patching and Vulnerability Scanning at the HV Level
• AV needs to have resource utilization leveling to ensure that simultaneous scans
or updates won't impact the performance of virtual environments
• May require a different product
• Randomize when scans and updates take place, preventing resource
contention and leveling CPU resources
• IO aware Scan Tuning, and multithreading for optimal performance
26. @NTXISSA #NTXISSACSC4Dell - Internal Use - Confidential
Penetration Testing
• Done by an internal party (pre-testing)
• Done by an external party (Compliance
Certification such as PCI)
• Proactive identification of weak controls
• Remediation
• Re-scanning
27. @NTXISSA #NTXISSACSC4Dell - Internal Use - Confidential
DOS Front End
• Denial of Service (DOS), Distributed Denial of Service (DDOS)
• In front of the internet router
• 3d party or ISP provided services
• Monitoring
• Incoming data re-direct and filtering
28. @NTXISSA #NTXISSACSC4Dell - Internal Use - Confidential
Firewalls
• Traditional Firewalls
• NexGen Firewalls
• At the parameter
• Segmenting
• Internal/External
• External/DMZ
• DMZ/Internal
• Internal/Internal
• Critical Rules
• Deny by Default
• Elimination of any-any
• Restricting rules to specific IPs, ranges, ports
• Geo Blocking
• Maintenance
• Reporting; Alerting; Logs
• Rule Tracking
• Auditing
• Critical to have a periodic 3d party rules/configuration review
29. @NTXISSA #NTXISSACSC4Dell - Internal Use - Confidential
NIPS/NIDS
• NIDS (Passive)/NIPS (Active)
• Positioning is critical.
• Internal/External
• Between Zones
• Centralization of logs
• SIEM
• SOC
30. @NTXISSA #NTXISSACSC4Dell - Internal Use - Confidential
DMZ
• All external access terminates in a DMZ
• Site 2 Site VPNs
• Client 2 Site VPNs
• Web Servers
• E-mail
• Internet
• Strict controls over access between DMZ and internal zones.
• Can have multiple DMZ Zones such as a separate zone for vendor or 3d party
interaction.
32. @NTXISSA #NTXISSACSC4Dell - Internal Use - Confidential
Internet Gateway
• Internet Content Filter
• Web surfing Web threats Social media use
• Instant messaging Web based e-mail use Live Stream
• Reputational blocking Lexical and a scoring systems
• ‘Break-the-glass’
• Can be used for compliance monitoring and remediation
• Can be tied to AD/LDAP for positive identification of the individual
33. @NTXISSA #NTXISSACSC4Dell - Internal Use - Confidential
Transmission Encryption
• All transmission of sensitive or regulated data over open networks (the Internet)
• All transmission of passwords
• All administrator access sessions (no Telnet or FTP)
34. @NTXISSA #NTXISSACSC4Dell - Internal Use - Confidential
Data Loss Prevention
• Addresses accidental or intentional disclosure of data and data theft
• Network-based
• Scan and report
35. @NTXISSA #NTXISSACSC4Dell - Internal Use - Confidential
Cloud Computing
• May add multiple layers to Information Security
• How has your data?
• The 3d party you contracted with?
• The DC they outsourced to?
• 3d Parties the DC has outsourced to?
• Contract Criticality
• Vendor vetting Data ownership Data access
• Data retention Data restoration SLAs
• Geographical Locations HR Processes/Employee Vetting
• You are not relieved of responsibility
• Security Controls
• Leveraged Firewalls Leveraged IPS Leveraged Physical Hdw
• Access Management Centralized logging Data Flow
37. @NTXISSA #NTXISSACSC4Dell - Internal Use - Confidential
Policies, Standards and Procedures
• Core of the Information Security cyclical process
• ISO9001: “Document what you do, do what you document”
• Used to educate and direct the end users as well as IT staff, vendors, etc
• Used to enforce compliance, consistent configurations and practices
• Used to force formal exceptions for bad practices
• Regulatory required
• Audit required
• Establish a process for documentation review and approval
• Establish document templates for policies, standards and procedures
• Establish a numbering system to ensure a logical order to documentation
• Establish a desired documentation matrix (next slide)
39. @NTXISSA #NTXISSACSC4Dell - Internal Use - Confidential
BCP/DR
• Critical part, frequently not see as ‘security’
• BC
• Where will an employee work?
• How will the employee connect?
• Are there ‘off line’ processes?
• What services are mandatory? Not?
• Exercises
• DR
• Planning
• Criticality
• Recovery Point
• Recovery Time
• Hot, Warm, Cold Sites
• Exercises
40. @NTXISSA #NTXISSACSC4Dell - Internal Use - Confidential
Audits
• Compliance
• HIPAA, HITECH, PCI, FERC/NERC, SEC, GLBA, SOX
• Self Auditing
• Keep your controls under control.
• Access, Incidents, Tasks
• Internal Audit
• Your best friend. Helps you to find issues first.
• External ‘Prep’ Audit
• Your best friend. Helps you to find issues first.
• External Formal Audit
• Good time to take a vacation.
41. @NTXISSA #NTXISSACSC4Dell - Internal Use - Confidential
Logging, SIEM, SOC
• Have an audit trail.
• Anti-Forensic resistant.
• Determine what must be logged by IPS, DLP, Firewalls, Servers, Applications, AV,
etc.
• React at the earliest possible time to reduce impact
• 24x7 or via report and request
• Expert review and analysis (if using a managed SOC)
• Minimize false positives through analysis and tuning
42. @NTXISSA #NTXISSACSC4Dell - Internal Use - Confidential
Event Analysis
4,159,085,410,119 - Total Events
157,202,478,589
Total Security Events
4,216,300,021
Advance Correlated
Events
15,137,697
Analyst Events
321,290
Tickets Escalated
Event Filters
Automated Correlation (MPLE)
Expert Analysis & Investigation
Client Escalations
Technology
People &
Process
Escalations is 0.000008% of Total Events
44. @NTXISSA #NTXISSACSC4Dell - Internal Use - Confidential
ITIL Processes
• Information Technology Infrastructure Library
• ITIL processes are used throughout the Information Security program to ensure
integration with the rest of IT operations
• Request Management
• Incident Management
• Change Management
• Problem Management
• Configuration Management Data Base (CMDB) for asset tracking
48. @NTXISSA #NTXISSACSC4Dell - Internal Use - Confidential
@NTXISSA #NTXISSACSC4
The Collin College Engineering Department
Collin College Student Chapter of the North Texas ISSA
North Texas ISSA (Information Systems Security Association)
NTX ISSA Cyber Security Conference – October 7-8, 2016 48
Thank you