Hi [[ session.user.profile.firstName ]]

Maze & Associates, LearnSecurity.org

  • Date
  • Rating
  • Views
  • Who should setup access in the ERP (Financial Application)?
    Who should setup access in the ERP (Financial Application)?
    Donald E. Hester; Robert DeRoeck; Ron Puccinelli Recorded: May 16 2019 63 mins
    As an IT auditor for local governments, one of the most often asked I get during audits is who should setup user access in the financial application. There is a debate of whether it should be IT or finance staff that create accounts and setup access. As with any professional my answer is it depends. It depends upon other controls that might be in place. What I like to do with clients is walk them through the needs and risks to help them design and understand the process they come up with. Let’s walk thought the logic and see what might be the best answer for your organization. Plus, we will answer a question from a listener on hacking Instagram accounts.

    Coverage
    NIST CSF, NIST SP 800-53, PCI DSS, COBIT, ISO 27001, COSO
    IT, Cloud
  • IoT / OT and the Death Star Part 2
    IoT / OT and the Death Star Part 2
    Donald E Hester & Robert DeRoeck Recorded: May 6 2019 71 mins
    In the iconic Science Fiction classic Star Wars a New Hope the mightily Death Star was destroyed by the rebels exploiting the vulnerability of a small thermal vent. Similarly, the massive Target data breach was made possible by a remote maintenance connection to their cooling system. Internet of Things (IoT) and Operational Technology (OT) devices have positive impacts on organization efficiency however, they are often overlooked when performing risk and vulnerability assessments. Security systems, environmental controls, automation, SCADA, plant technology, robots, and artificial intelligence all have vulnerabilities. In this session we will explore some of the risks related to IoT & OT and what can be done to mitigate the risks.

    Coverage
    NIST CSF, NIST SP 800-53, PCI DSS, COBIT, ISO 27001, ISA 62443, COSO, AWWA G430-14
    IT, OT, IoT, Cloud, AI
  • IoT / OT and the Death Star Part 1
    IoT / OT and the Death Star Part 1
    Donald E Hester & Robert DeRoeck Recorded: Apr 12 2019 58 mins
    In the iconic Science Fiction classic Star Wars a New Hope the mightily Death Star was destroyed by the rebels exploiting the vulnerability of a small thermal vent. Similarly, the massive Target data breach was made possible by a remote maintenance connection to their cooling system. Internet of Things (IoT) and Operational Technology (OT) devices have positive impacts on organization efficiency however, they are often overlooked when performing risk and vulnerability assessments. Security systems, environmental controls, automation, SCADA, plant technology, robots, and artificial intelligence all have vulnerabilities. In this session we will explore some of the risks related to IoT & OT and what can be done to mitigate the risks.

    Coverage
    NIST CSF, NIST SP 800-53, PCI DSS, COBIT, ISO 27001, ISA 62443, COSO, AWWA G430-14
    IT, OT, IoT, Cloud, AI
  • Why is PCI compliance like the Death Star?
    Why is PCI compliance like the Death Star?
    Donald E Hester & Robert DeRoeck Recorded: Mar 18 2019 61 mins
    If you think you are PCI compliant you’re probably not. A single thermal vent allowed the rebel to destroy the death star. What seemingly insignificant hole do we have that will lead to a payment card data breach? Can we plug every small hole? Why is PCI compliance so difficult for local governments and small to medium sized businesses? Lessons from the Jedi can help us understand PCI compliance. Join this session to here from an auditor what are some of the pitfalls and what can be done to achieve and maintain PCI compliance.

    Coverage
    PCI DSS, COBIT, COSO
    IT, Cloud
  • RSA Conference 2019 Recap
    RSA Conference 2019 Recap
    Donald E Hester & Robert DeRoeck Recorded: Mar 11 2019 75 mins
    Join Don and Rob as they cover the highlights of the 2019 RSA Conference. If you missed the conference you can hear about some of the things you missed. If you plan on going to 2020 we will have some advice for you. We will cover sessions, expo hall, student day, advice for newbies, and the night time activities. Join us and give us you feed back.
  • Vulnerability Scanning and Penetrating Testing, Do I need both?
    Vulnerability Scanning and Penetrating Testing, Do I need both?
    Donald E. Hester, Robert De Roeck, & Qualys Recorded: Nov 7 2018 74 mins
    As an auditor and cybersecurity professional I often find there is confusion between vulnerability scanning and penetration tests. Often people will use the terms interchangeably. However, they are very different tests, testing different things for different reasons. Join this webinar and learn the differences and some best practices to get the best bang for your buck. This session will include a demonstration on how Qualys can help organizations manage vulnerabilities and monitor their systems.

    NIST CSF, NIST SP 800-53, PCI DSS, COBIT, ISO 27001, ISA 62443, COSO, AWWA G430-14
    IT, OT, IoT, Cloud, AI
  • Cybersecurity Documentation
    Cybersecurity Documentation
    Donald E Hester, Ron Puccinelli, & Robert De Roeck Recorded: Nov 2 2018 63 mins
    Policies, Plans, Procedures and supporting documentation. We will cover the types of cybersecurity documents an organization may have, what topics they should cover, and guidelines on what should be included in your policies. We will also focus on the unique challenges and opportunities for state and local governments. Cities, Districts and Counties have an advantage on policy development.

    NIST CSF, NIST SP 800-53, PCI DSS, COBIT, ISO 27001, ISA 62443, COSO, AWWA G430-14
    IT, OT, IoT, Cloud, AI
  • The Need for Cybersecurity Awareness
    The Need for Cybersecurity Awareness
    Donald E. Hester, Rhett Redelings, Robert DeRoeck, & Heather Johnstone Recorded: Oct 17 2018 64 mins
    Cyber threats continue to evolve and become more sophisticated. The majority of hacks and attacks exploited one vulnerability, people. Today’s threat landscape requires focusing on the traditional weakest link, people. One of today’s largest challenges is having management invest in cybersecurity awareness and training. Don’t leave you first and last line of defense defenseless.

    NIST CSF, NIST SP 800-53, PCI DSS, COBIT, ISO 27001, ISA 62443, COSO, AWWA G430-14
    IT, OT, IoT, Cloud, AI
  • Nation States - Threat Source (Part 2)
    Nation States - Threat Source (Part 2)
    Donald E. Hester and Robert De Roeck Recorded: Oct 12 2018 64 mins
    Part 2 There has been a rise in the Nation State sponsored, backed, or directed cyber-attacks if not at least an awareness of such attacks. Whether it is a rise in the Nation State cyber-attacks or just the awareness of it, I think it is time to take a look at Nation States as a serious threat actor and start to look at what we know about them. Their motivation and capabilities differ from the traditional hackers and cybercriminals and as such may require a different response in mitigating threats.

    NIST CSF, NIST SP 800-53, PCI DSS, COBIT, ISO 27001, ISA 62443, COSO, AWWA G430-14
    IT, OT, IoT, Cloud, AI
  • Nation States - Threat Source
    Nation States - Threat Source
    Donald E. Hester & Robert De Roeck Recorded: Oct 4 2018 60 mins
    There has been a rise in the Nation State sponsored, backed, or directed cyber-attacks if not at least an awareness of such attacks. Whether it is a rise in the Nation State cyber-attacks or just the awareness of it, I think it is time to take a look at Nation States as a serious threat actor and start to look at what we know about them. Their motivation and capabilities differ from the traditional hackers and cybercriminals and as such may require a different response in mitigating threats.

    NIST CSF, NIST SP 800-53, PCI DSS, COBIT, ISO 27001, ISA 62443, COSO, AWWA G430-14
    IT, OT, IoT, Cloud, AI

Embed in website or blog