ISC2 Security Congress 2021

Oct 16, 2021 ‐ Oct 20, 2021



Sessions

Kickoff and Welcome iconKickoff and Welcome

Preview Available

Kickoff and Welcome

Oct 18, 2021 9:00am ‐ Oct 18, 2021 9:30am

Identification: 1786703

Speaker(s):

Keynote - Defend Today, Secure Tomorrow

Oct 18, 2021 9:30am ‐ Oct 18, 2021 10:30am

Identification: 1786819

Chris Krebs calls it like he sees it, covering serious and timely issues with relatable stories, surprising insights, a little bit of paranoia, and a touch of humor. His engaging style and extensive expertise brings the audience along for the ride on emerging national security events, from the rise of ransomware, defending elections, major cyber attacks, and the growing challenges of disinformation. Krebs translates complex technology, business, and societal issues into straightforward and understandable terms, leaving audiences with actionable insights into how organizations can become more resilient and how leaders in any line of business can be more prepared for today's and tomorrow's threats.

Speaker(s):

Teamwork: Law Enforcement, the FBI, and You

Oct 18, 2021 11:00am ‐ Oct 18, 2021 12:00pm

Identification: 1778696

With the frequency of incidents and breaches on the rise, you may be in a situation where you need assistance… but who do you call? Do you need law enforcement support? The Federal Bureau of Investigation? Exactly where should you start? How should you work with them? What steps do you need to take to protect your organization and the evidence? In this session, FBI representatives from the FBI Tampa Division, who focus on crimes such as BEC and ransomware, will share their insights and real-life stories on when to bring in law enforcement, how to work with them and how to make vital pre-incident connections. Learn from and about cybersecurity professionals at the FBI and how they help secure and defend the country.

Learning Objectives:
  • Learn how to work with law enforcement.
  • Discover how establish relationships with local and federal law enforcement.
  • Hear what the FBI and federal law enforcement is doing combat cybercrime like ransomware and BEC.
Speaker(s):
Tags: Intermediate

Measuring Security Effectiveness

Oct 18, 2021 11:00am ‐ Oct 18, 2021 12:00pm

Identification: 1778680

How do you measure the effectiveness of security? In 2016, we established a security function within software engineering. Taking a software engineering approach to security, we created testing services, hired developers to build tools, conducted secure code reviews and created our AppSec training program. In 2020, we challenged ourselves to evaluate the effectiveness of our program by analyzing the impact of our team’s services on pen-test findings. A three-month data analysis found that development teams working with us fixed their pen-test findings faster and had significantly fewer new pen-test findings than teams we didn’t work with. In this talk, we will share the specific application security practices that led to these improved outcomes, and how we adjusted our services in response to our findings.

Learning Objectives:
  • Identify the key application security practices that have been shown to reduce risk.
  • Understand how to analyze the security data and adjust a program in response.
  • Know how to set up and run a experiment to evaluate the effectiveness of a security control.
Speaker(s):
Tags: Intermediate

The Map and the Territory: MITRE ATT&CK In Theory and Practice

Oct 18, 2021 11:00am ‐ Oct 18, 2021 12:00pm

Identification: 1778681

Cybersecurity practitioners have often drawn insights and ideas from other domains, relying on their insights, adopting their maxims and terminology. Sun Tzu famously wrote, “If you know the enemy and know yourself, you need not fear the result of a hundred battles.” Carl Linneaus is credited with developing the standard taxonomy for naming organisms. Only recently, however, has our industry begun to effectively apply the synthesis of such ideas. The MITRE ATT&CK Framework, publicly released in 2015, has been growing in scope and influence, but it is not the first of its kind. How does it compare with its predecessors in improving our understanding of adversary behavior and our defenses? This talk describes key concepts and goals of MITRE ATT&CK to help support successful implementations.

Learning Objectives:
  • Understand the origins, design goals and components of the MITRE ATT&CK Framework.
  • Compare and contrast the MITRE ATT&CK Framework with other frameworks in order to judge appropriateness for and applicability to an organization's security programs.
  • Use the MITRE ATT&CK Framework to correlate between offensive actions and defensive capabilities and measure coverage of ATT&CK techniques.
Speaker(s):
Tags: Intermediate

Red Teaming with Dark Web and GitHub PoC Exploits

Oct 18, 2021 11:00am ‐ Oct 18, 2021 12:00pm

Identification: 1778544

Examined is a collection of open source tools that are used in an authorized red team engagement of a cloud-native Kubernetes cluster environment to discover application security defects. Our collection of dark web and GitHub proof-of-concept (PoC) tools provide a red team with an advanced adversarial advantage over traditional commercial tooling across all stages of an engagement. We report the results in relation to our understanding of the cloud shared responsibility model as it applies to IaaS, PaaS, and SaaS. Several flaw discovery and exploit tools with be demonstrated to show their utility. We explore how CVEs are weaponized on the internet and how having red team a-priori knowledge of them can help organizations create defense-in-depth mitigating controls.

Learning Objectives:
  • Plan a penetration test using open source tools.
  • Recall specific dark web toolkits for red teaming.
  • Demonstrate an understanding of GitHub proof-of-concept (PoC) exploits and their applicability to red teaming engagements.
Speaker(s):
Tags: Intermediate

How to make Black Swans extinct and why ISO31000 is the weapon of choice

Oct 18, 2021 11:00am ‐ Oct 18, 2021 12:00pm

Identification: 1778558

We lack an agreed definition for cybersecurity and even worse, despite an international risk management standard endorsed by more than 160 nations, our profession uses multiple differing security risk management frameworks. If every employer, client and supplier has a different view of risk management, how can we expect to keep up with the bad guys, let alone beat them consistently? Even if your cybersecurity framework is best in the world, we all need to be in alignment. When 100 security professionals developed the Security Risk Management Body Of Knowledge, we integrated best practice from around the world. And it started with the ISO31000 Risk Management Guideline. This presentation is about applying ISO31000 principles, framework and process in the real cybersecurity world, and in the internet of things.

Learning Objectives:
  • List the internationally agreed six-word definition of risk, explain the key implications of this risk definition, and describe the key components of the ISO31000 Risk Management Guideline.
  • List the key limitations of existing risk management frameworks and describe why some of the current approaches to risk management enable attackers to breach systems far too easily.
  • Argue for a better risk management framework, explain the critical importance of objectives and describe the implications of the internet of things in the context of risk management.
Speaker(s):
Tags: Intermediate

Human Security Engineering: A Strategy to Address "The User Problem"

Oct 18, 2021 11:00am ‐ Oct 18, 2021 12:00pm

Identification: 1778566

When users make a harmful action, cybersecurity professionals believe that the solution is more awareness. This is like saying that if a canary dies in a coalmine, the solution is healthier canaries. When the user fails, it is a failure of the entire system. The problem is not that users cause a loss, but that they can potentially initiate a loss. The solution is to engineer the user out of the process, or at least filter out an attack. When a user is in the position of possibly initiating a loss, you create a user experience and provide awareness to avoid initiating a loss. You anticipate the loss being initiated and put detection and reaction in place. We call this Human Security Engineering.

Learning Objectives:
  • Understand conceptually how a user is only an operational part of a system, and how the initiate loss, but not create it.
  • Strategically define technologies and processes to mitigate loss throughout the entire life cycle of an attack, from initiation to user action to mitigating the harm resulting from the user action.
  • Determine how users are put in the position of potentially initiating a loss, and to examine if a user can be removed from the process.
Speaker(s):
Tags: Advanced

Introducing Law, Regulation and its Increasing Intersections with Information Security

Oct 18, 2021 11:00am ‐ Oct 18, 2021 12:00pm

Identification: 1778578

Law and regulation are of increasing importance for information security programs and professionals. Cybersecurity risks are directly tied to legal and regulatory risk. This presentation provides a foundational knowledge of law and the specific laws applicable to cybersecurity programs. It demystifies and explains important legal concepts as well as the evolution of law and regulation applicable to cybercrime and cybersecurity. All of this empowers infosec pros to understand and comply with the growing body of legal rules, and have productive conversations about the law.

Learning Objectives:
  • Understand foundational legal concepts and how they relate to information security.
  • Understand the evolving legal and regulatory framework surrounding information security, cybersecurity and privacy.
  • Communicate more effectively about laws, regulations, and how they relate to information security programs and actions.
Speaker(s):

Just How Far Can We Trust ‘Zero Trust’

Oct 18, 2021 11:00am ‐ Oct 18, 2021 12:00pm

Identification: 1778586

SolarWinds and other recent cybersecurity events have brought renewed attention on zero trust architectures (ZTAs), and whether ZTAs can be a single solution to current and future threats. Organizations have become dependent on an ever-increasing number of third-party providers who do a greater percentage of overall services. Cybersecurity threat exposure is further complicated by the sage of cloud service providers, remote workers, Internet of Things (IoT) and Bring Your Own Device (BYOD). It is recognized that ZTA can be "a solution," but is it "the solution" for cybersecurity challenges of today and tomorrow? Organizations that partially or fully shift to ZTA need to understand the impacts to cybersecurity, and also the impacts to programmatics, organizational structures, financials and missions.

Learning Objectives:
  • Understand the impact Zero Trust Architectures (ZTAs) have on an organization's cybersecurity posture and related organization changes.
  • Conduct assessments of the impact of ZTA and other solutions that may be layered to achieve organization cybersecurity goals.
  • Quantify and prioritize the attributes of ZTA and recognize the problems they address and the common gaps that remain.
Speaker(s):
Tags: Basic
Print Certificate
Completed on: token-completed_on
Print Transcript
Please select the appropriate credit type:
Number of hours attended:
/
test_id: 
credits: 
completed on: 
rendered in: 
* - Indicates answer is required.
token-content

token-speaker-name
token-index
token-content
token-index
token-content
token-index
token-content
token-index
token-content
token-index
token-content
token-index
token-content
/
/
token-index
token-content
token-index
token-content