Hi [[ session.user.profile.firstName ]]

Security+ Objective 1.3

In this webinar we are going to cover CompTIA’s SY0-501 Security+ certification exam objective 1.3: Explain threat actor types and attributes.
Types of actors
- Script kiddies
- Hacktivist
- Organized crime
- Nation states/APT
- Insiders
- Competitors
• Attributes of actors
- Internal/external
- Level of sophistication
- Resources/funding
- Intent/motivation
• Use of open-source intelligence
Recorded Jul 25 2019 55 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Donald E Hester & Robert DeRoeck
Presentation preview: Security+ Objective 1.3

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • Ransomware Prevention Part 2 Sep 18 2019 5:00 pm UTC 75 mins
    Donald E. Hester
    Second in a two-part series on ransomware. Local governments are at high risk for ransomware attack, and the Federal Government and government associations recommend immediate action. A recent report from the Cybersecurity and Infrastructure Security Agency (CISA) states that the cost for recovery tops $5 billion in 2019 year to date. The department of Homeland Security, CISA, MS-ISAC, NGA & NASCIO recommend immediate action to safeguard against ransomware attacks. In order to help clients effectively combat the current growing cyber-threats, we have created a ransomware readiness checklist from the recent US Federal Government Interagency technical guideline, Cybersecurity and Infrastructure Security Agency (CISA) guidelines, National Cyber Security Centre (NCSC), UK and NIST guidelines. In this session we will cover the items in our checklist and the recommendations on preparation.

    Coverage
    NIST CSF, NIST SP 800-53, COBIT, ISO 27001, ISA 62443, COSO, AWWA G430-14
    IT, OT, IoT, Cloud, Firmware
  • Ransomware Prevention Part 1 Recorded: Sep 17 2019 71 mins
    Donald E. Hester
    First in a two-part series on ransomware. Local governments are at high risk for ransomware attack, and the Federal Government and government associations recommend immediate action. A recent report from the Cybersecurity and Infrastructure Security Agency (CISA) states that the cost for recovery tops $5 billion in 2019 year to date. The department of Homeland Security, CISA, MS-ISAC, NGA & NASCIO recommend immediate action to safeguard against ransomware attacks. In this session we will cover what ransomware is, how it works, statistics and common features of the attack. We will also cover the costs of some recent incidents, and a discussion on whether to pay the ransom or not. We will look at the anatomy of a ransomware attack and the criminals behind them.

    NIST CSF, NIST SP 800-53, COBIT, ISO 27001, ISA 62443, COSO, AWWA G430-14
    IT, OT, IoT, Cloud, Firmware
  • Security+ Objective 1.5 Recorded: Aug 29 2019 51 mins
    Donald E Hester & Robert DeRoeck
    Our next session in our continuing series of webcast on CompTIA Security+. Objective 1.5. In this session we will explain vulnerability scanning concepts.
    Passively test security controls
    Identify vulnerability
    Identify lack of security controls
    Identify common misconfigurations
    Intrusive vs. non-intrusive
    Credentialed vs. non-credentialed
    False positive
  • Microsoft Azure 2 Virtual Machines Recorded: Aug 22 2019 89 mins
    Donald E Hester & Robert DeRoeck
    Our next session in our continuing series of webcast on Microsoft Azure. In this session we cover virtual machines and virtual machine management. Session will include demos.
    Virtual Machine Planning, Creating Virtual Machines, Virtual Machine Availability, Virtual Machine Extensions
  • Security+ Objective 1.4 Recorded: Aug 15 2019 69 mins
    Donald E Hester & Robert DeRoeck
    In this session we will explain penetration testing concepts.
    Find an exploitable vulnerability.
    Design an attack around it.
    Test the attack.
    Seize a line in use.
    Enter the attack.
    Exploit the entry for information recovery.
  • Security+ Objective 1.3 Recorded: Jul 25 2019 55 mins
    Donald E Hester & Robert DeRoeck
    In this webinar we are going to cover CompTIA’s SY0-501 Security+ certification exam objective 1.3: Explain threat actor types and attributes.
    Types of actors
    - Script kiddies
    - Hacktivist
    - Organized crime
    - Nation states/APT
    - Insiders
    - Competitors
    • Attributes of actors
    - Internal/external
    - Level of sophistication
    - Resources/funding
    - Intent/motivation
    • Use of open-source intelligence
  • Cloud-based Financial Applications Recorded: Jul 10 2019 61 mins
    Donald E Hester
    Good? Bad? Indifferent? I am often asked if it is safe to host financial in the cloud. It depends is almost always the answer. Join this session to learn about the pit-falls and consideration of a cloud-based ERP or financial applications. We will cover; how cloud services change the IT and Financial control environments, the risk of using the cloud, managing the risks, the benefits of using the cloud, and the concept of shared responsibility.
    Coverage
    NIST CSF, NIST SP 800-53, PCI DSS, COBIT, ISO 27001, COSO, CSA
    IT, Cloud
  • Current Cyber Scams & Need for Awareness Recorded: Jul 2 2019 76 mins
    Donald E Hester
    A repeat presentation given at Maze Live 2019. In this session we will cover some of the most popular scams we see for local governments and businesses. We will cover the potential impact of successful scams on organizations. We will also cover how to setup a cybersecurity awareness program and some tips and tricks for maturing your awareness efforts.
  • Administering Azure Recorded: Jun 28 2019 51 mins
    Donald E Hester & Robert DeRoeck
    Azure Administration Tools
    In this webinar, you’ll learn tools used by Azure Administrators to manage their Microsoft Cloud infrastructure
    Azure Portal, Cloud Shell, Azure PowerShell, CLI, Azure Mobile App, Resource Manager, and Resource Manager Templates
  • Security+ Objective 1.2 Recorded: Jun 25 2019 130 mins
    Donald E Hester & Robert DeRoeck
    In this webinar we are going to cover CompTIA’s SY0-501 Security+ certification exam objective 1.2: Compare and contrast types of attacks.

    Social Engineering attacks:
    - Phishing
    - Spear phishing
    - Whaling
    - Vishing
    - Tailgating
    - Impersonation
    - Dumpster diving
    - Shoulder surfing
    - Hoax
    - Watering hole attack

    Application/service attacks:
    - DoS
    - DDoS
    - Man-in-the-middle
    - Buffer overflow
    - Injection
    - Cross-site scripting
    - Cross-site request forgery
    - Privilege escalation
    - ARP poisoning
    - Amplification
    - DNS poisoning
    - Domain hijacking
    - Man-in-the-browser
    - Zero day
    - Replay
    - Pass the hash
    - Hijacking and related attacks
    - Clickjacking
    - Session hijacking
    - URL hijacking
    - Typo squatting
    - Driver manipulation
    - Shimming
    - Refactoring
    - MAC spoofing
    - IP spoofing

    Wireless attacks:
    - Replay
    - IV
    - Evil twin
    - Rogue AP
    - Jamming
    - WPS
    - Bluejacking
    - Bluesnarfing
    - RFID
    - NFC
    - Disassociation

    Cryptographic attacks:
    - Birthday
    - Known plain text/cipher text
    - Rainbow tables
    - Dictionary
    - Brute force
    - Online vs. offline
    - Collision
    - Downgrade
    - Replay
    - Weak implementations
  • Security+ Objective 1.1 Recorded: Jun 17 2019 59 mins
    Donald E Hester & Robert DeRoeck
    In this webinar we are going to cover CompTIA’s SY0-501 Security+ certification exam objective 1.1: Given a scenario, analyze indicators of compromise and determine the type of malware.
    Viruses, Crypto-malware, Ransomware, Worm, Trojan, Rootkit, Keylogger, Adware, Spyware, Bots, RATs, Logic Bombs, Backdoors, Cryptojacking, Formjacking, Doxware
  • Who should setup access in the ERP (Financial Application)? Recorded: May 16 2019 63 mins
    Donald E. Hester; Robert DeRoeck; Ron Puccinelli
    As an IT auditor for local governments, one of the most often asked I get during audits is who should setup user access in the financial application. There is a debate of whether it should be IT or finance staff that create accounts and setup access. As with any professional my answer is it depends. It depends upon other controls that might be in place. What I like to do with clients is walk them through the needs and risks to help them design and understand the process they come up with. Let’s walk thought the logic and see what might be the best answer for your organization. Plus, we will answer a question from a listener on hacking Instagram accounts.

    Coverage
    NIST CSF, NIST SP 800-53, PCI DSS, COBIT, ISO 27001, COSO
    IT, Cloud
  • IoT / OT and the Death Star Part 2 Recorded: May 6 2019 71 mins
    Donald E Hester & Robert DeRoeck
    In the iconic Science Fiction classic Star Wars a New Hope the mightily Death Star was destroyed by the rebels exploiting the vulnerability of a small thermal vent. Similarly, the massive Target data breach was made possible by a remote maintenance connection to their cooling system. Internet of Things (IoT) and Operational Technology (OT) devices have positive impacts on organization efficiency however, they are often overlooked when performing risk and vulnerability assessments. Security systems, environmental controls, automation, SCADA, plant technology, robots, and artificial intelligence all have vulnerabilities. In this session we will explore some of the risks related to IoT & OT and what can be done to mitigate the risks.

    Coverage
    NIST CSF, NIST SP 800-53, PCI DSS, COBIT, ISO 27001, ISA 62443, COSO, AWWA G430-14
    IT, OT, IoT, Cloud, AI
  • IoT / OT and the Death Star Part 1 Recorded: Apr 12 2019 58 mins
    Donald E Hester & Robert DeRoeck
    In the iconic Science Fiction classic Star Wars a New Hope the mightily Death Star was destroyed by the rebels exploiting the vulnerability of a small thermal vent. Similarly, the massive Target data breach was made possible by a remote maintenance connection to their cooling system. Internet of Things (IoT) and Operational Technology (OT) devices have positive impacts on organization efficiency however, they are often overlooked when performing risk and vulnerability assessments. Security systems, environmental controls, automation, SCADA, plant technology, robots, and artificial intelligence all have vulnerabilities. In this session we will explore some of the risks related to IoT & OT and what can be done to mitigate the risks.

    Coverage
    NIST CSF, NIST SP 800-53, PCI DSS, COBIT, ISO 27001, ISA 62443, COSO, AWWA G430-14
    IT, OT, IoT, Cloud, AI
  • Why is PCI compliance like the Death Star? Recorded: Mar 18 2019 61 mins
    Donald E Hester & Robert DeRoeck
    If you think you are PCI compliant you’re probably not. A single thermal vent allowed the rebel to destroy the death star. What seemingly insignificant hole do we have that will lead to a payment card data breach? Can we plug every small hole? Why is PCI compliance so difficult for local governments and small to medium sized businesses? Lessons from the Jedi can help us understand PCI compliance. Join this session to here from an auditor what are some of the pitfalls and what can be done to achieve and maintain PCI compliance.

    Coverage
    PCI DSS, COBIT, COSO
    IT, Cloud
  • RSA Conference 2019 Recap Recorded: Mar 11 2019 75 mins
    Donald E Hester & Robert DeRoeck
    Join Don and Rob as they cover the highlights of the 2019 RSA Conference. If you missed the conference you can hear about some of the things you missed. If you plan on going to 2020 we will have some advice for you. We will cover sessions, expo hall, student day, advice for newbies, and the night time activities. Join us and give us you feed back.
  • Vulnerability Scanning and Penetrating Testing, Do I need both? Recorded: Nov 7 2018 74 mins
    Donald E. Hester, Robert De Roeck, & Qualys
    As an auditor and cybersecurity professional I often find there is confusion between vulnerability scanning and penetration tests. Often people will use the terms interchangeably. However, they are very different tests, testing different things for different reasons. Join this webinar and learn the differences and some best practices to get the best bang for your buck. This session will include a demonstration on how Qualys can help organizations manage vulnerabilities and monitor their systems.

    NIST CSF, NIST SP 800-53, PCI DSS, COBIT, ISO 27001, ISA 62443, COSO, AWWA G430-14
    IT, OT, IoT, Cloud, AI
  • Cybersecurity Documentation Recorded: Nov 2 2018 63 mins
    Donald E Hester, Ron Puccinelli, & Robert De Roeck
    Policies, Plans, Procedures and supporting documentation. We will cover the types of cybersecurity documents an organization may have, what topics they should cover, and guidelines on what should be included in your policies. We will also focus on the unique challenges and opportunities for state and local governments. Cities, Districts and Counties have an advantage on policy development.

    NIST CSF, NIST SP 800-53, PCI DSS, COBIT, ISO 27001, ISA 62443, COSO, AWWA G430-14
    IT, OT, IoT, Cloud, AI
  • The Need for Cybersecurity Awareness Recorded: Oct 17 2018 64 mins
    Donald E. Hester, Rhett Redelings, Robert DeRoeck, & Heather Johnstone
    Cyber threats continue to evolve and become more sophisticated. The majority of hacks and attacks exploited one vulnerability, people. Today’s threat landscape requires focusing on the traditional weakest link, people. One of today’s largest challenges is having management invest in cybersecurity awareness and training. Don’t leave you first and last line of defense defenseless.

    NIST CSF, NIST SP 800-53, PCI DSS, COBIT, ISO 27001, ISA 62443, COSO, AWWA G430-14
    IT, OT, IoT, Cloud, AI
  • Nation States - Threat Source (Part 2) Recorded: Oct 12 2018 64 mins
    Donald E. Hester and Robert De Roeck
    Part 2 There has been a rise in the Nation State sponsored, backed, or directed cyber-attacks if not at least an awareness of such attacks. Whether it is a rise in the Nation State cyber-attacks or just the awareness of it, I think it is time to take a look at Nation States as a serious threat actor and start to look at what we know about them. Their motivation and capabilities differ from the traditional hackers and cybercriminals and as such may require a different response in mitigating threats.

    NIST CSF, NIST SP 800-53, PCI DSS, COBIT, ISO 27001, ISA 62443, COSO, AWWA G430-14
    IT, OT, IoT, Cloud, AI
Working together to make the world cyber safe.
Covering cybersecurity focused on the issues surrounding the challenges of small organizations and local governments. We will be coving issues related to compliance, PCI, NIST, audit findings, IT governance & management, disruptive technologies, current risks, common vulnerabilities, and suggested remediation.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Security+ Objective 1.3
  • Live at: Jul 25 2019 5:00 pm
  • Presented by: Donald E Hester & Robert DeRoeck
  • From:
Your email has been sent.
or close