Hi {{ session.user.profile.firstName }}

IT Security

  • A traditional penetration test is a snapshot of vulnerabilities for an environment that is in constant flux. The snapshot may also be an incomplete picture, addressing only a portion of a more complex system. To give a view of real business risk, can we link the vulnerabilities to real-world threats and, more importantly, vice versa? Wouldn’t it be better to start with the threats and work forward down the kill chain to the target? How feasible is it to take up-to-date threat intelligence and use that to scope our penetration tests? Peter Wood will try to answer these questions and provide a strategy better suited to today’s attacks.
  • In this webinar I will discuss what security culture is, where it belongs in the organisation, and how good security culture can reduce the likelihood of being breached. I will point to research on culture, human behaviours, and how to motivate people to do the right thing.
  • We're seeing a massive shift in cyber security activity from internal threats to organised gangs and targeted state sponsored activities. Recent news items suggest there is an overwhelming need for organisations to understand their "Situational Awareness".

    In this webinar, (ISC)² and IBM will explore what to expect in 2016, focusing on the following key questions:

    - How do organisations understand what threats are real?
    - How much risk appetite do boards have in this complex, mobile, interconnected near real-time world?
    - As more and more devices are connecting to an ever-increasing number of communication channels, how do you ensure you can protect, prevent and respond to cyber security issues, yet provide a transparent easy to use multi-channel experience?

    Adrian Davis, Managing Director (ISC)² EMEA
    Peter Jopling, Executive Security Advisor, Deputy WW Tiger Team Leader, IBM
    Simon Moores, Information Security Futurist
  • It’s no secret that there are botnets for hire, groups of computers that can, and are, used against our organizations on a daily basis. But what is the nature of these botnets? What abilities do each of the installed toolkits offer to the attacker? Most importantly how do their capabilities change the defenses necessary to protect yourself?

    We’ll cover two of the most recent toolkits that have been seeing wide usage. Learn a little about the people behind the attacks, where the attacks are coming from and what you might expect to see in the near future. You might be a bit surprised at where a lot of the traffic is coming from (hint: it’s closer than you think).
  • The increased complexity and frequency of attacks, combined with reduced effectiveness of detective or preventative control frameworks, elevate the need for organisations to roll out enterprise wide incident response initiatives to ensure rapid containment and eradication of threats.

    In this webcast, Don Smith, Technology Director at Dell SecureWorks, describes three organisation’s experience with “APT” actors, examining techniques deployed for intrusion, persistence, lateral expansion and exfiltration.

    Don will highlight where changes to the detective or preventative control frameworks could have prevented the attackers from achieving their objectives and outline key steps to building a robust incident response plan.

    Webcast takeaways include:

    · Real-world examples of APT attacks from the coalface

    · The latest tools and techniques that advanced threat actors are using

    · Recommendations for preventing and responding to APTs
  • Penetration testing is just one element in the overall process of obtaining confidence in the cyber security of the organisation. Consideration to security must be given in the architectural design of networks and the coding of applications and website. Where this is not the case penetration testing will provide an indication of what should be done to retrospectively apply security or to provide a ‘patch’ to make things better.

    Many investigations of cyber attacks have highlighted that the system has been compromised for some time, often years, without the system owner knowing. The penetration test provides an insight into the internal controls and the ability of the SOC or NOC to identify attacks. If the test is conducted and there is no indication that it has been detected, it is highly likely that real attacks have not been detected either and further analysis is required.

    It must be recognised that no security is impenetrable and therefore the ability to react to a cyber security incident is really important. The penetration testing is essential to test the organisation’s ability to respond. The statement that a penetration test will be quickly out of date is valid to some extent but without it the organisation is blind to the types of threats it is exposed to and the vulnerabilities in the systems. To be effective the testing programme must be placed in context and the links between assurance activities fully understood.
  • With each passing year, the frequency and number of organisations that are hacked increases at a dizzying rate. No industry vertical can ignore this trend. One of the key challenges facing all business is to come to grips rapidly with an ever-changing threat landscape.

    How can your organisation understand specifically what threats is being targeted with? In order to answer this question business need to be able to quantify and qualify the threats aligned against them. In essence being able to understand what malicious actor’s know about an organisation and how that knowledge may be deployed in attack campaigns and vectors.

    During the course of the webinar session, Blueliv’s Cyber Security Development Manager, Nahim Fazal will present the Blueliv proposal for improving the cyber threat visibility of a business.

    Key Takeaways:
    - Why the same approach gives the same results
    - Actionable intelligence – what does this look like in the real world?
    - Reducing your cost and incident response time