Hi [[ session.user.profile.firstName ]]

eSummit 1 - How I learned to stop worrying and love forensics

There is no such thing as a "secure" system - we do our level best to design them as well as we can, to put controls and measures in place - but, at the end of the day, things can and do go awry. Today we are going to talk about Forensics, and how it is the opposite side of the coin from security. What can we do in advance to aid in forensic investigation? What do we do at the point of a compromise to allow us to preserve as much evidence as is possible? And, ultimately, how to we take a forensic analysis and learn from it to create a better system the next time?
Recorded Oct 26 2016 49 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Simon Biles, Digital Forensic Analyst, Forensic Equity Limited, Christopher Laing, (ISC)2 EMEA Advisory Board Member
Presentation preview: eSummit 1 - How I learned to stop worrying and love forensics

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • Industry Insights: How to Launch a Privileged Access Security Program Oct 8 2019 12:00 pm UTC 60 mins
    Maria Oliva, Director of Consulting Services EMEA, CyberArk, Brandon Dunlap,(ISC)²
    Industry analysts and security leaders agree – organisations should prioritise privileged access security programs to maximize risk reduction with respect to the resources required for deployment. “Privileged Access” is what attackers seek, and this access is increasingly available in places organizations overlook including applications.
    Join us for a session that will cover the basics of privilege access security. We’ll address how to define a program with respect to people, process and technology. We’ll also review some lessons learned from the field that will facilitate a successful launch.
  • Guide to your (ISC)² Membership in EMEA: Benefits, Maintenance & Opportunities Oct 1 2019 12:00 pm UTC 60 mins
    (ISC)² Customer Service Team, EMEA
    Join the Guide to Your (ISC)² Membership in EMEA webinar to learn more about these topics and others including:
    - CPE opportunities, member benefits and getting involved
    - Updates on (ISC)² news, developments and changes in your region
    - Your membership requirements summarized
    - Who are the (ISC)² EMEA team and how we can help you
    - Focus discussions
    - Q&A session
  • Third Party Risk Management: Giving Context to Consumption Sep 26 2019 12:00 pm UTC 60 mins
    Nick Trigg, Solution Consultant, BitSight, Eric LeMartret, Risk & Privacy Lead, ServiceNow, Brandon Dunlap, Moderator, (ISC)²
    Third-parties can pose a very real risk to an organisation. If the risk results in a breach, it can be costly – costlier even than if it did not include a third-party. In addition, new regulations are recognizing the importance of mitigating third party risk to provide greater protection for an individual’s personal data. In other words, managing your vendor’s risk is not only prudent, it’s required.

    This session will showcase how the combined forces of BitSight Security ratings and ServiceNow tackles the unique challenges of:

    - Positioning cyber security in context of the business.

    - Blending the Bitsight security ratings information with more traditional data sources, such as audits and questionnaires, to provide a fully rounded, up-to-date view of your third parties.
  • Should You Care About TLS Decryption? Sep 24 2019 12:00 pm UTC 60 mins
    Ollie Sheridan, Principal Engineer Security, Gigamon, Brandon Dunlap, Moderator, (ISC)²
    With the second anniversary of the Equifax breach not so long ago and the fact that we now know much more about what happened due to the August 2018 release of the GAO Report. There was a lot of new information that came out of that report that was not well-understood at the time of the breach…. Did you know that while Equifax used a tool for network layer decryption, they had certificates nine months out of date? This lapse gave the threat actors all the time they needed to break in and exfiltrate reams of personal data. As soon as Equifax updated the certs on their decryption tools, they began to realise what had happened.

    On the heels of the Equifax breach, we are reminded of the importance of efficient decryption for effective threat detection. That’s more important than ever as today the Ponemon Institute reports that 50% of all malware attacks utilise encryption.

    During this webinar, Ollie Sheridan will talk about:
    - How TLS encryption has become a threat vector
    - Why decryption is essential to security and how to effectively perform detection
    - How to make sure your detection tools are working at their greatest capacity without the latency introduced by decryption
  • (ISC)²’s Digital Transformation Journey – Part 3 Recorded: Sep 17 2019 59 mins
    Bruce Beam, CIO, (ISC)²; Wes Simpson, COO, (ISC)²; Brandon Dunlap (Moderator)
    (ISC)² recently completed our multi-year Digital End-to-End Transformation (DETE) project, which positions us to deliver a more a seamless and user-friendly experience to all members. In addition to revamping our online presence, we launched a new Learning Management Systems where members can access all the courses developed by our Professional Development Institute. In Part 3 of the (ISC)² Digital End-to-End Transformation (DETE) webcast, we will examine the “new world” of what the project has provided to internal (how we serve the members and visitors), the members (what you as members see and experience) and what’s to come. Join Wes Simpson, COO and Bruce Beam, CIO on September 17, 2019 at 1:00PM Eastern for a discussion on these items and a Q&A with our COO and CIO.
  • Curing Alert Fatigue with Risk Based Alerting, MITRE ATT&CK and Automation Recorded: Sep 17 2019 59 mins
    James Hanlon, Director, Splunk, George Panousopoulos, Security Strategist, Splunk, Brandon Dunlap, Moderator, (ISC)²
    The problem of alert fatigue is symptomatic of a plague within most SOC environments, regardless of the tools and platforms being used. The general process within the industry for driving and managing security incidents is broken. It’s time to change perspective and build into alert creation processes a better prioritization procedure. This can be done by aligning it to a more intelligent risk scoring approach and frameworks like MITRE ATT&CK and automation. Security teams will be better positioned to make use of their existing toolchain, scale people and processes, and deliver a much more effective security capability. Join this webinar to learn:

    •The scale of alert overload and why organisations struggle with this problem. You are not alone
    •How to combine risk based alerting, MITRE ATT&CK and automation to optimise security investigation and reduce alert fatigue
    •Insights, learnings and benefits from SecOps teams that have already made this shift
    •Tricks and tips to help you transform the security investigation process using your existing tools and industry frameworks
  • Flipping the Cyberdefense Equation to Tip the Scales Back in Our Favor Recorded: Sep 12 2019 59 mins
    Rick McElroy, Head of Security Strategy, David Balcar, Security Strategist, Carbon Black, Brandon Dunlap, Moderator, (ISC)²
    Far too often, the cybersecurity industry focuses too heavily on all the advantages attackers have. We’ve all heard the saying: “Defenders have to be right 100% of the time while attackers only have to be right once.” Well, what if we could flip that equation?

    As defenders, we have the home field advantage, so why does it seem like we are consistently losing? In order to shift this model and tip the scales back in our favor, we need to be thinking about “Disruption in Depth” rather than just “Defense in Depth.” We need to be making attackers’ lives significantly harder. Attackers make mistakes all the time. Let’s make them have to be 100% right all the time instead of us.

    Join Carbon Black’s Head of Security Strategy, Rick McElroy, as he reveals the reality behind the modern threat landscape and uncovers what security teams can do today to tip these scales and make attacking your organization exponentially more difficult for attackers.
  • Environmental Separation Recorded: Sep 3 2019 56 mins
    Adam Brady, Systems Engineer, Illumio, Brandon Dunlap, Moderator, (ISC)²
    The separation of development, staging, test, and production environments using traditional network solutions is a challenge, or even an impossibility, for organizations with significant assets spread dynamically across heterogeneous data centres as well as public and hybrid cloud environments.

    Segmentation was first developed to improve network performance, but experts have realised that a ‘perimeter only’ approach to security is not working. As organisations seek to secure the interior of their networks have recognised that they need to be more dynamic and granular than previously - facing the challenges of time and resource head on to secure their critical business applications.

    This webinar will highlight:
    •The problem of Environmental Separation
    •A Network Segmentation 101
    •Segmentation Strategies
    •Industry Examples
    •A quick demonstration
    •Illumio
  • (ISC)²’s Digital Transformation Journey - Part 2 Recorded: Aug 20 2019 58 mins
    Bruce Beam, (ISC)²; Beth Paredes, (ISC)²; Sommer Hess, (ISC)²; Brandon Dunlap (Moderator)
    (ISC)² recently completed our multi-year Digital End-to-End Transformation (DETE) project, which positions us to deliver a more a seamless and user-friendly experience to all members. In addition to revamping our online presence, we launched a new Learning Management Systems where members can access all the courses developed by our Professional Development Institute. In Part 2 of the (ISC)² Digital End-to-End Transformation (DETE) will examine how (ISC)² executed the plan for the project, following the AGILE Project Management framework and the buy-in and support from other departments and stake holders within the organization. Additionally, there was board governance and oversight to contend with. Join Bruce Beam, CIO; Beth Paredes, Sr. Corporate Member Services Manager; and Sommer Hess, Director PMO, Quality and Training on August 20, 2019 at 1:00PM Eastern for a discussion on these items and the speed bumps that were run into on this project.
  • Shift Left, Shift Right, or Run Security Right Through The Middle? Recorded: Aug 20 2019 57 mins
    Meera Rao, Senior Principal Consultant, Synopsys, Brandon Dunlap, Moderator, (ISC)²
    Demands for more secure software and more rapid application development have led to the emergence of DevSecOps. DevSecOps maturity requires a risk-based approach to adding security activities, increasing depth, and improving testing governance. The best strategy is to shift from a reactive to a proactive security approach that injects security at the right time and place with automated continuous testing. This presentation covers these aspects of automated continuous testing:

    1. Practices to avoid
    2. Drawbacks
    3. Prerequisites
    4. When and where to use automated testing
    5. Best practices for implementing and improving continuous testing throughout the development life cycle
  • CISO Says with Bruce Beam, CIO, (ISC)² Recorded: Aug 13 2019 60 mins
    Bruce Beam, CIO, (ISC)², Brandon Dunlap, Moderator, (ISC)²
    In the CISO Says Series, information security leaders share their experiences of what it means to be responsible for establishing and maintaining an enterprise's security vision and strategy in an interview format.

    In this session Bruce Beam, Chief Information Officer at (ISC)² will provide insight into the path he took to become a Cybersecurity Leader and how he is reinventing the role in the face of accelerating industry change
  • Lessons from the field: How to Optimise Third Party Risk Management Recorded: Aug 6 2019 59 mins
    Kimberly Johnson, Senior Manager, Chris Poulin, Principal Consulting Engineer, BitSight, Brandon Dunlap, Moderator, (ISC)²
    As organisations increase their reliance on third-party vendors for outsourced solutions, they expand their attack surface.
    Today’s digital environment offers tremendous opportunities for modern organisations. At the same time, there is more risk. Vulnerabilities and infections plague organisations around the globe — and their numbers continue to rise.

    The tips discussed in this webinar will help you start managing third-party risk to centralise your program and get a preliminary perspective of the risks you face. Once this foundation is established, you can build on it and shift to a more proactive approach to managing third-party risk — and limiting your exposure.

    In this webinar, Chris Poulin (Principal Consulting Engineer, BitSight) and Kimberly Johnson Product Marketing Manager, BitSight) discuss:
    •The state risk and the rise of global vulnerabilities and infections.
    •The supply chain as an expanded attack surface.
    •5 tips for launching a third-party risk management program.
  • Guide to your (ISC)² Membership in EMEA: Benefits, Maintenance & Opportunities Recorded: Jul 30 2019 62 mins
    (ISC)² Customer Service Team, EMEA
    Join the Guide to Your (ISC)² Membership in EMEA webinar to learn more about these topics and others including:
    - CPE opportunities, member benefits and getting involved
    - Updates on (ISC)² news, developments and changes in your region
    - Your membership requirements summarized
    - Who are the (ISC)² EMEA team and how we can help you
    - Focus discussions
    - Q&A session
  • How to Prevent Breaches with Phishing Threat Intelligence Recorded: Jul 23 2019 56 mins
    Darrel Rendell, Principal Intelligence Analyst, Cofense, Brandon Dunlap, Moderator, (ISC)²
    Mottos like "If you see something, say something" speak to the power of human observation in preventing security disasters. Similarly, valuable human-generated intelligence can be effective in preventing data breaches emanating from phishing attacks. In today’s changing cyber threat landscape, humans need to be conditioned to recognise phishing attacks and security teams need to be armed with actionable threat intelligence to rapidly manage an attack once it hits.

    This is where Phishing Threat Intelligence comes into play. By extracting key IOCs from newer phishing threats and making them available to security teams, organisations can detect attacks in progress and respond quickly to reduce the effect of a breach. Plus, by incorporating the same intelligence and tactics in your awareness program, you can train your users to more quickly detect and report an active threat.

    Join this webinar to learn about:
    -The constantly changing threat landscape
    -Turning active, real threats into learning moments for your users
    -Speeding up response with timely, actionable intelligence
  • (ISC)²’s Digital Transformation Journey – Part 1 Recorded: Jul 16 2019 59 mins
    Bruce Beam, CIO, (ISC)²; Brandon Dunlap (Moderator)
    (ISC)² recently completed our multi-year Digital End-to-End Transformation (DETE) project, which positions us to deliver a more a seamless and user-friendly experience to all members. In addition to revamping our online presence, we launched a new Learning Management Systems where members can access all the courses developed by our Professional Development Institute. The road to DETE, however, took years of planning and execution as our team modernized our infrastructure and back-end systems, including migrating the majority of key systems to the cloud. In Part One of this series examining the journey the organization undertook, Bruce Beam, CIO, will discuss the rationale behind the initiative and steps taken to gain approval from the board of directors. Join us on July 16, 2019 at 1 p.m. Eastern as we begin this three-part, in-depth case study of how (ISC)² accomplished this ambitious project.
  • DDI data – a Critical Enabler of SOAR Recorded: Jul 9 2019 58 mins
    Michael Katz, Security Specialist, Infoblox, Brandon Dunlap, Moderator, (ISC)²
    Constantly evolving threats and shortage of qualified cybersecurity professionals have led security teams to move to security workflow automation to meet the demands. It’s not enough to have a great tool nowadays. These tools have to work better together to meet today’s security challenges. Security orchestration, automation and response (SOAR) tools improve efficiency and efficacy of security operations by automating threat intel management, event monitoring and incident response processes.

    One of the key sources of contextual network and threat intel data comes from infrastructure that organizations already rely on for connectivity – DNS, DHCP and IPAM. This data along with timely, reliable and accurate threat intel can be used to improve scoring and investigation, assist in prioritizing incoming incidents, and can be relied upon to build automation.

    Join this webinar to learn how a well architected DNS, DHCP and IPAM can power SOAR platforms to:

    -Block/unblock domains using context
    -Enrich other security tools with valuable IPAM data
    -Enhance and improve incident response with better threat intelligence
  • Speed & Precision: The Keys to Stopping Modern Adversary Recorded: Jul 2 2019 59 mins
    Zeki Turedi, Technology Strategist EMEA, CrowdStrike, Brandon Dunlap, Moderator, (ISC)²
    Defending against modern adversaries requires the ability to detect and to understand threats quickly, and to respond decisively. CrowdStrike’s experts fight and win these battles every day, and have one of the industry’s most comprehensive pictures of today’s top cyber threats. Join CrowdStrike for a deep dive into global observations and trends, and real-world intrusion case studies, delivering deep insights on modern adversaries, and their tactics, techniques, and procedures (TTPs).

    Learning Outcomes:
    -Why “speed” is the new critical metric in cybersecurity.
    -How organisations are using the MITRE ATT&CK framework to shorten the time to investigate and understand threats.
    -Trends in adversary tradecraft, as seen across 1000s of real-world intrusion attempts.
    -Action plans that you can use to ensure your organisation is ready to anticipate and defend against the most dangerous threats of tomorrow.
  • Taking Security From Mediocre to Mighty With The MITRE ATT&CK Framework Recorded: Jun 25 2019 58 mins
    Matthias Maier, EMEA Director of Product Marketing, Splunk, Brandon Dunlap, Moderator, (ISC)²
    What is the MITRE ATT&CK framework? Where did it come from? Why and how should you use it? Get the answers to all of these questions, as security experts from Splunk take a practical look at how your SOC and SIEM can apply the MITRE ATT&CK framework. Ensure the coverage of known TTP’s of threats your business is exposed to, to improving threat hunting and detection of Adversary’s. Join this webinar to discover:

    • What the MITRE ATT&CK framework is, and why it should be used
    • How to align your use cases to the MITRE ATT&CK framework
    • How to navigate an ATT&CK Threat group TTP's
    • How to track and monitor your detection capabilities to ensure wide coverage
  • Introducing Application Metadata Intelligence Recorded: Jun 18 2019 60 mins
    Ollie Sheridan, Principal Engineer Security, Gigamon, Chris Green, Head of PR and Comms EMEA, (ISC)²
    For many years the choice for monitoring networks has been focussed on the collection and Analysis of raw packets. With the increasing need for multiple tools and SIEM's to get access to this data, along with requirements from Forensic Response teams, a more streamlined method of understanding the behaviour of traffic and user behaviour is required. Whilst NetFlow version 5 and 9 do provide some visibility, there are challenges such as sample rates and lack of Application Layer inspection that need to be addressed.

    Join us for this webinar to learn more about how you can:

    -Produce rich Metadata from network traffic and dive into the Application Layer
    -Use this rich Metadata for Security, Forensics and Business Intelligence purposes
    -Generate Metadata based on the application rather than the IP & Port
    -Ensure that the Application traffic, regardless of port spoofing, produces the correct Metadata
  • How Attackers Exploit Office 365 Vulnerabilities Recorded: Jun 11 2019 62 mins
    Liam Cleary, Microsoft MVP, CEO, SharePlicity, Dan Goater, Solutions Engineer, Netwrix, Brandon Dunlap, Moderator, (ISC)²
    Office 365 has become the platform of choice for document collaboration and sharing. If you’re using Microsoft Office 365 or planning to migrate there, understanding the types of security attacks you can expect is imperative.

    Discover how to:

    - Simulate common Office 365 attacks
    - Test and educate your end users
    - Spot attacks in their early stages
(ISC)² Secure Webinars - EMEA
Forming part of the (ISC)² commitment to Inspiring a Safe and Secure Cyber World, we welcome you to the (ISC)² Secure Webinars - EMEA Channel. Sign up to join us for educational Security Briefings, Roundtables and eSummits aimed at all those vested in the world of information security. We welcome members and non members alike.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: eSummit 1 - How I learned to stop worrying and love forensics
  • Live at: Oct 26 2016 9:00 am
  • Presented by: Simon Biles, Digital Forensic Analyst, Forensic Equity Limited, Christopher Laing, (ISC)2 EMEA Advisory Board Member
  • From:
Your email has been sent.
or close