Hi [[ session.user.profile.firstName ]]

Maze & Associates, LearnSecurity.org

  • Date
  • Rating
  • Views
  • Cloud-based Financial Applications
    Cloud-based Financial Applications
    Donald E Hester Recorded: Jul 10 2019 61 mins
    Good? Bad? Indifferent? I am often asked if it is safe to host financial in the cloud. It depends is almost always the answer. Join this session to learn about the pit-falls and consideration of a cloud-based ERP or financial applications. We will cover; how cloud services change the IT and Financial control environments, the risk of using the cloud, managing the risks, the benefits of using the cloud, and the concept of shared responsibility.
    Coverage
    NIST CSF, NIST SP 800-53, PCI DSS, COBIT, ISO 27001, COSO, CSA
    IT, Cloud
  • Current Cyber Scams & Need for Awareness
    Current Cyber Scams & Need for Awareness
    Donald E Hester Recorded: Jul 2 2019 76 mins
    A repeat presentation given at Maze Live 2019. In this session we will cover some of the most popular scams we see for local governments and businesses. We will cover the potential impact of successful scams on organizations. We will also cover how to setup a cybersecurity awareness program and some tips and tricks for maturing your awareness efforts.
  • Administering Azure
    Administering Azure
    Donald E Hester & Robert DeRoeck Recorded: Jun 28 2019 51 mins
    Azure Administration Tools
    In this webinar, you’ll learn tools used by Azure Administrators to manage their Microsoft Cloud infrastructure
    Azure Portal, Cloud Shell, Azure PowerShell, CLI, Azure Mobile App, Resource Manager, and Resource Manager Templates
  • Security+ Objective 1.2
    Security+ Objective 1.2
    Donald E Hester & Robert DeRoeck Recorded: Jun 25 2019 130 mins
    In this webinar we are going to cover CompTIA’s SY0-501 Security+ certification exam objective 1.2: Compare and contrast types of attacks.

    Social Engineering attacks:
    - Phishing
    - Spear phishing
    - Whaling
    - Vishing
    - Tailgating
    - Impersonation
    - Dumpster diving
    - Shoulder surfing
    - Hoax
    - Watering hole attack

    Application/service attacks:
    - DoS
    - DDoS
    - Man-in-the-middle
    - Buffer overflow
    - Injection
    - Cross-site scripting
    - Cross-site request forgery
    - Privilege escalation
    - ARP poisoning
    - Amplification
    - DNS poisoning
    - Domain hijacking
    - Man-in-the-browser
    - Zero day
    - Replay
    - Pass the hash
    - Hijacking and related attacks
    - Clickjacking
    - Session hijacking
    - URL hijacking
    - Typo squatting
    - Driver manipulation
    - Shimming
    - Refactoring
    - MAC spoofing
    - IP spoofing

    Wireless attacks:
    - Replay
    - IV
    - Evil twin
    - Rogue AP
    - Jamming
    - WPS
    - Bluejacking
    - Bluesnarfing
    - RFID
    - NFC
    - Disassociation

    Cryptographic attacks:
    - Birthday
    - Known plain text/cipher text
    - Rainbow tables
    - Dictionary
    - Brute force
    - Online vs. offline
    - Collision
    - Downgrade
    - Replay
    - Weak implementations
  • Security+ Objective 1.1
    Security+ Objective 1.1
    Donald E Hester & Robert DeRoeck Recorded: Jun 17 2019 59 mins
    In this webinar we are going to cover CompTIA’s SY0-501 Security+ certification exam objective 1.1: Given a scenario, analyze indicators of compromise and determine the type of malware.
    Viruses, Crypto-malware, Ransomware, Worm, Trojan, Rootkit, Keylogger, Adware, Spyware, Bots, RATs, Logic Bombs, Backdoors, Cryptojacking, Formjacking, Doxware
  • Who should setup access in the ERP (Financial Application)?
    Who should setup access in the ERP (Financial Application)?
    Donald E. Hester; Robert DeRoeck; Ron Puccinelli Recorded: May 16 2019 63 mins
    As an IT auditor for local governments, one of the most often asked I get during audits is who should setup user access in the financial application. There is a debate of whether it should be IT or finance staff that create accounts and setup access. As with any professional my answer is it depends. It depends upon other controls that might be in place. What I like to do with clients is walk them through the needs and risks to help them design and understand the process they come up with. Let’s walk thought the logic and see what might be the best answer for your organization. Plus, we will answer a question from a listener on hacking Instagram accounts.

    Coverage
    NIST CSF, NIST SP 800-53, PCI DSS, COBIT, ISO 27001, COSO
    IT, Cloud
  • IoT / OT and the Death Star Part 2
    IoT / OT and the Death Star Part 2
    Donald E Hester & Robert DeRoeck Recorded: May 6 2019 71 mins
    In the iconic Science Fiction classic Star Wars a New Hope the mightily Death Star was destroyed by the rebels exploiting the vulnerability of a small thermal vent. Similarly, the massive Target data breach was made possible by a remote maintenance connection to their cooling system. Internet of Things (IoT) and Operational Technology (OT) devices have positive impacts on organization efficiency however, they are often overlooked when performing risk and vulnerability assessments. Security systems, environmental controls, automation, SCADA, plant technology, robots, and artificial intelligence all have vulnerabilities. In this session we will explore some of the risks related to IoT & OT and what can be done to mitigate the risks.

    Coverage
    NIST CSF, NIST SP 800-53, PCI DSS, COBIT, ISO 27001, ISA 62443, COSO, AWWA G430-14
    IT, OT, IoT, Cloud, AI
  • IoT / OT and the Death Star Part 1
    IoT / OT and the Death Star Part 1
    Donald E Hester & Robert DeRoeck Recorded: Apr 12 2019 58 mins
    In the iconic Science Fiction classic Star Wars a New Hope the mightily Death Star was destroyed by the rebels exploiting the vulnerability of a small thermal vent. Similarly, the massive Target data breach was made possible by a remote maintenance connection to their cooling system. Internet of Things (IoT) and Operational Technology (OT) devices have positive impacts on organization efficiency however, they are often overlooked when performing risk and vulnerability assessments. Security systems, environmental controls, automation, SCADA, plant technology, robots, and artificial intelligence all have vulnerabilities. In this session we will explore some of the risks related to IoT & OT and what can be done to mitigate the risks.

    Coverage
    NIST CSF, NIST SP 800-53, PCI DSS, COBIT, ISO 27001, ISA 62443, COSO, AWWA G430-14
    IT, OT, IoT, Cloud, AI
  • Why is PCI compliance like the Death Star?
    Why is PCI compliance like the Death Star?
    Donald E Hester & Robert DeRoeck Recorded: Mar 18 2019 61 mins
    If you think you are PCI compliant you’re probably not. A single thermal vent allowed the rebel to destroy the death star. What seemingly insignificant hole do we have that will lead to a payment card data breach? Can we plug every small hole? Why is PCI compliance so difficult for local governments and small to medium sized businesses? Lessons from the Jedi can help us understand PCI compliance. Join this session to here from an auditor what are some of the pitfalls and what can be done to achieve and maintain PCI compliance.

    Coverage
    PCI DSS, COBIT, COSO
    IT, Cloud
  • RSA Conference 2019 Recap
    RSA Conference 2019 Recap
    Donald E Hester & Robert DeRoeck Recorded: Mar 11 2019 75 mins
    Join Don and Rob as they cover the highlights of the 2019 RSA Conference. If you missed the conference you can hear about some of the things you missed. If you plan on going to 2020 we will have some advice for you. We will cover sessions, expo hall, student day, advice for newbies, and the night time activities. Join us and give us you feed back.

Embed in website or blog