Name: Security+ Objective 1.4
Start: 2019-08-15T20:30:00Z
End: 2019-08-15T21:38:38.000Z
Location: BrightTALK
Rating: 4.5

Covering cybersecurity focused on the issues surrounding the challenges of small organizations and local governments.  We will be covering issues related to compliance, PCI, NIST, audit findings, IT governance & management, disruptive technologies, current risks, common vulnerabilities, and suggested remediation.

People are IT's most important and expensive resource, but historically they have not been treated accordingly. Staffing for IT and cybersecurity can be difficult. How do you hire the right people? How do you grow your staff? How do you grow our career? In this session we will cover partnering with HR, investing in staff, education, certifications, soft skill development, work environment, flexible work options, professional networks, retention, justifying IT staff and teamwork. Improve your ability to grow, deploy, and manage your team.

Coverage
Career, Human Resources, Staffing, Education, Certification, Talent

MISAC MuniTech Academy IT Staffing & Career (Part 2)

People are IT's most important and expensive resource, but historically they have not been treated accordingly.  Staffing for IT and cybersecurity can be difficult.  How do you hire the right people?  How do you grow your staff?  How do you grow our career?  In this session we will cover partnering with HR, investing in staff, education, certifications, soft skill development, work environment, flexible work options, professional networks, retention, justifying IT staff and teamwork.  Improve your ability to grow, deploy, and manage your team.  

Coverage
Career, Human Resources, Staffing, Education, Certification, Talent

MISAC MuniTech Academy IT Staffing & Career (Part 1)

It is mission critical for IT Directors and CIOs to maintain quality communication with senior management and key stakeholders.  Quality communication will help to build strong relationships and establish trust.  Strong relationships and trust help to pave the way to gaining approval for cybersecurity initiatives and budgets.  The factors that contribute to this situation vary from organization to organization.  One obstacle to establishing quality communications with senior management is the fact that many local government IT departments don’t have access to senior management.  Other issues include business alignment with cybersecurity, soft skills, and senior management.  Governance of information and technology is key to help foster communication and engagement between IT and senior management. 
Coverage
NIST CSF, NIST SP 800-53, PCI DSS, COBIT, ISO 27001, ISA 62443, COSO, AWWA G430-14
IT, OT, IoT, Cloud, AI

MISAC MuniTech Academy Talking Cybersecurity with Senior Management

CIO CISO Table Talk.  The COVID-19 pandemic has demonstrated the importance of technology in dealing with emergency situations.  Some organizations were prepared for the transition to work from home and others struggled with the transition. How do we plan for the unknown?
Having a strategic mindset is an important trait for CIOs and CISOs.  This is much more difficult in technology because of the rapid change rate and dynamic nature of technology.  How do you make decisions now to set yourself and your organization up for success in the future?  Think strategic, act tactical, always keep your current projects focused on the long-term objectives.  Join Don, Ron, and Rob for this talk on having a strategic mindset. 
Speakers:
Donald E Hester, Maze & Associates 
Ron Puccinelli, City of Fairfield
Robert DeRoeck, Indiana University

Being Prepared for the Unforeseen by Having a Strategic Mindset

COVID-19 has forced many organizations to prioritize money, programs, projects.  According to GFOA, local governments, on average, only spend 2% of their IT budgets on cybersecurity. The current threat landscape demonstrates that local governments continue to be a target of threat actors.  Ransomware continues to plague local governments.  Local governments have traditionally not invested in cybersecurity coupled with COVID-19 is decreasing revenue and the fact that cyber risk continues unabated places local governments at higher risk.
Solution: local governments and organizations are increasingly looking to outsource cybersecurity operations.  There are two different cybersecurity services local governments can take advantage.  Two prime areas for outsourcing is the Security Operations Center (SOC) (SOC-as-a-Service) and Executive cybersecurity management (CISO-as-a-Service).

Cost-Effective Cybersecurity: CISOaaS & SOCaaS

The Covid-19 epidemic has prompted the widescale adoption of virtual meetings.  Since Teams comes with Office 365, many organizations are adopting it for virtual meetings.  Microsoft Teams is so much more than video conferencing or chat; there is a much more Teams can do for you and your organization.  Learn the key features and basic navigation.  We will have Bryan Tuttle, CEO of CodeRight a Microsoft Partner, Donald Hester IT Director for Maze and Robert De Roeck instructor from Indiana University.

Getting the Most Out of Microsoft Teams

Many organizations struggle to protect their Industrial Control Systems (ICS) and SCADA systems.  Other organizations struggle with knowing how much cyber risk their organization has. ICSs are often critical systems with low tolerance for interruption, making them very tempting targets for threat-actors especially nation-states. Thus far, incidents have been low but the emergence of proof-of-concept attack software suggests that this trend may not hold for long. Local Governments need to get ready now before they find themselves a victim.  Unlike personal computers, which can be reformatted and restored from backup if required, PLCs and other components can be “bricked.” This means that malware could render them completely inoperable and requiring physical replacement.  In this session we will cover some of the difficulties with cybersecurity and ICS, including Supply Chain, Vendor Management, Shared Responsibility and going beyond the standards.
ICS-CERT
Coverage
NIST CSF, NIST SP 800-53, COBIT, ISO 27001, ISA 62443, COSO, AWWA G430-14
IT, OT, IoT, Cloud, AI

MISAC MuniTech Academy ICS SCADA Cybersecurity

Local governments have unique challenges and are a growing target for attackers.  With limited resources, staff, and budget, IT staff continue to be asked to increase the services they provide and address a continuously evolving threat landscape. The controls necessary to mitigate the growing threat of ransomware stretch resources, staff and budget to the limit. There is no silver bullet for cybersecurity; however, there are technologies such as AI that are a game-changer balance the scales in favor of those defending these critical networks. Learn how some organizations are turning to Darktrace’s Immune System approach, powered by AI to combat these threats.
Coverage
NIST CSF, NIST SP 800-53, PCI DSS, COBIT, ISO 27001, ISA 62443, COSO, AWWA G430-14
IT, OT, IoT, Cloud, AI

Local Governments Leverage AI to Mitigate Cyber Risks

MISAC MuniTech Academy presentation. Local governments are at high risk for ransomware attack, and the Federal Government and government associations recommend immediate action. A recent report from the Cybersecurity and Infrastructure Security Agency (CISA) states that the cost for recovery tops $5 billion in 2019 year to date. The department of Homeland Security, CISA, MS-ISAC, NGA & NASCIO recommend immediate action to safeguard against ransomware attacks.  In order to help clients effectively combat the current growing cyber-threats, we have created a ransomware readiness checklist from the recent US Federal Government Interagency technical guideline, Cybersecurity and Infrastructure Security Agency (CISA) guidelines, National Cyber Security Centre (NCSC), UK and NIST guidelines.   In this session we will cover the items in our checklist and the recommendations on preparation.

MISAC Ransomware Prevention

Second in a two-part series on ransomware. Local governments are at high risk for ransomware attack, and the Federal Government and government associations recommend immediate action. A recent report from the Cybersecurity and Infrastructure Security Agency (CISA) states that the cost for recovery tops $5 billion in 2019 year to date. The department of Homeland Security, CISA, MS-ISAC, NGA & NASCIO recommend immediate action to safeguard against ransomware attacks.  In order to help clients effectively combat the current growing cyber-threats, we have created a ransomware readiness checklist from the recent US Federal Government Interagency technical guideline, Cybersecurity and Infrastructure Security Agency (CISA) guidelines, National Cyber Security Centre (NCSC), UK and NIST guidelines.   In this session we will cover the items in our checklist and the recommendations on preparation. 

Coverage
NIST CSF, NIST SP 800-53, COBIT, ISO 27001, ISA 62443, COSO, AWWA G430-14
IT, OT, IoT, Cloud, Firmware

Ransomware Prevention Part 2

First in a two-part series on ransomware.  Local governments are at high risk for ransomware attack, and the Federal Government and government associations recommend immediate action. A recent report from the Cybersecurity and Infrastructure Security Agency (CISA) states that the cost for recovery tops $5 billion in 2019 year to date. The department of Homeland Security, CISA, MS-ISAC, NGA & NASCIO recommend immediate action to safeguard against ransomware attacks.  In this session we will cover what ransomware is, how it works, statistics and common features of the attack.  We will also cover the costs of some recent incidents, and a discussion on whether to pay the ransom or not. We will look at the anatomy of a ransomware attack and the criminals behind them.

NIST CSF, NIST SP 800-53, COBIT, ISO 27001, ISA 62443, COSO, AWWA G430-14
IT, OT, IoT, Cloud, Firmware

Ransomware Prevention Part 1

Our next session in our continuing series of webcast on CompTIA Security+.  Objective 1.5.  In this session we will explain vulnerability scanning concepts.
Passively test security controls
Identify vulnerability
Identify lack of security controls
Identify common misconfigurations
Intrusive vs. non-intrusive
Credentialed vs. non-credentialed
False positive

Security+ Objective 1.5

Our next session in our continuing series of webcast on Microsoft Azure. In this session we cover virtual machines and virtual machine management.  Session will include demos. 
Virtual Machine Planning, Creating Virtual Machines, Virtual Machine Availability, Virtual Machine Extensions

Microsoft Azure 2 Virtual Machines

In this webinar we are going to cover CompTIA’s SY0-501 Security+ certification exam objective 1.3: Explain threat actor types and attributes.
Types of actors
- Script kiddies
- Hacktivist
- Organized crime
- Nation states/APT
- Insiders
- Competitors
• Attributes of actors
- Internal/external
- Level of sophistication
- Resources/funding
- Intent/motivation
• Use of open-source intelligence

Security+ Objective 1.3

Good? Bad? Indifferent? I am often asked if it is safe to host financial in the cloud.  It depends is almost always the answer.  Join this session to learn about the pit-falls and consideration of a cloud-based ERP or financial applications.  We will cover; how cloud services change the IT and Financial control environments, the risk of using the cloud, managing the risks, the benefits of using the cloud, and the concept of shared responsibility. 
Coverage
NIST CSF, NIST SP 800-53, PCI DSS, COBIT, ISO 27001, COSO, CSA
IT, Cloud

Cloud-based Financial Applications

A repeat presentation given at Maze Live 2019.  In this session we will cover some of the most popular scams we see for local governments and businesses.  We will cover the potential impact of successful scams on organizations.  We will also cover how to setup a cybersecurity awareness program and some tips and tricks for maturing your awareness efforts.

Current Cyber Scams & Need for Awareness

Azure Administration Tools
In this webinar, you’ll learn tools used by Azure Administrators to manage their Microsoft Cloud infrastructure
Azure Portal, Cloud Shell, Azure PowerShell, CLI, Azure Mobile App, Resource Manager, and Resource Manager Templates

Administering Azure

In this session we will explain penetration testing concepts. 
Find an exploitable vulnerability.
Design an attack around it.
Test the attack.
Seize a line in use.
Enter the attack.
Exploit the entry for information recovery.

Security+ Objective 1.4

Penetration Testing

White Hat

Hackers

Vulnerability Scanning

Vulnerability Intelligence

Vulnerability Management

CompTIA

Certification

Security+

Assessment

Cloud computing has exploded over the past few years, delivering a previously unimagined level of workplace mobility and flexibility. The cloud computing community on BrightTALK is made up of thousands of engaged professionals learning from the latest cloud computing research and resources. Join the community to expand your cloud computing knowledge and have your questions answered in live sessions with industry experts and vendor representatives.

Cloud Computing

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Information Technology

The accounting and tax community on BrightTALK features relevant content around tools and strategies for tax planning, internal controls, auditing and more. Join the conversation by engaging with accounting and tax thought leaders and accountants and asking questions during live webinars and round table discussions on tax and auditing topics.

Accounting and Tax

Internal audit and compliance professionals are facing increasingly stringent regulatory requirements when it comes to compliance reporting and internal control procedures. Join the audit and compliance community to learn best practices from thought leaders on topics such as regulatory compliance, internal audit checklists and audit program strategies.

Audit and Compliance

Effective financial management strategies can help organizations meet their business objectives. The financial management community on BrightTALK is made up of engaged finance and accounting professionals. Find relevant webinars and roundtable discussions featuring financial planning advice from industry thought leaders and insights into optimizing financial reporting, accounting, risk management and value measurement.

Financial Regulation

Join this new, vibrant community to learn and connect with top thought leaders, startups and banks who are disrupting the financial services industry. Keep up with the latest news and trends in Fintech and take part in lively debates on topical issues and challenges.

Fintech

The accounting and finance community on BrightTALK features presentations from leading accountants and finance professionals. The accounting community includes tax planning strategies, QuickBooks webinars and other accounting webinars, while the finance community features presentations on financial capital regulations and forensic data analytics. Join the conversation by attending live financial and accounting presentations and connecting with industry thought leaders.

Security+ Objective 1.4

Presented by

About this talk

More from this channel