Hi [[ session.user.profile.firstName ]]

Cloud Breach Incident Response & Forensics

Cloud breaches are on the rise, and none of these breaches are small. Understanding the TTPs is key to determining where to look among the plethora of services available through Cloud Service Providers such as AWS and Azure. In this session we'll enumerate sources of forensic evidentiary data among the vastness of AWS Cloudtrail, GuardDuty, Microsoft Graph, and more. A very clearly defined methodology will be provided as a baseline for combing through this data in a precise and expedited way. Examples from real world breaches will be highlighted providing practical approaches to exposing the attacker's methods and compromise.
Recorded Oct 7 2020 61 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Mike Raggo, Cloud Security Engineer at CloudKnox Security
Presentation preview: Cloud Breach Incident Response & Forensics

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • Machine Learning Ethics Jun 16 2021 3:00 pm UTC 60 mins
    Kevin Carlson, Partner, Fractional CTO | CISO at TechCXO
    Machine Learning and Artificial Intelligence are changing the way businesses gather, relate to, and act on data. Much of that data comes from you or your company, aka users. What are your rights with regard to how your data is used to construct and train a machine learning model? Do you have the right to ask that your data not be used or that an existing model exclude your data in the future? How can seemingly innocuous data lead to models that may be inherently biased? We'll discuss those and other topics as well as how you can protect yourself from unintended use of your data and your company's data.
  • Using IAM to Enhance IT Audit Apr 30 2021 4:00 pm UTC 60 mins
    Ryan Boggs & Ben Sady from DHG
    Summary on talk coming soon...
  • Auditing Continuous Integration/Continuous Deployment Apr 22 2021 3:00 pm UTC 60 mins
    Mary Beth Marchione, MBA, CPA, CISA, CISSP and RAS Senior Manager at WIPFLI
    During this session you will learn the role of DevOps, key control points and phases within CI/CD, and tips for auditing a process that is highly automated.
  • POSSIBILITY LEADERSHIP Apr 16 2021 3:00 pm UTC 60 mins
    Jonathan McCoy & Crystal Fernando at WhatBox Partners
    Level up your ability to lead effectively in increasingly uncertain and complex environments. Possibility leadership unlocks leaders to lead effectively in an impossible world, enabling a more agile approach to leading people through problems,
  • PCI Compliance Standards: What you need to know in 2021 and beyond Mar 18 2021 3:00 pm UTC 60 mins
    Presenter: Tom Arnold, VP, NCC Group / PSC, CISSP, ISSMP, CISA, CFS, GCFE, GNFA, QSA, SSF QSA, PIN QSA, PFI
    This session focuses on the full suite of PCI standards, giving an update on validation and compliance regimes that impact companies globally. We also provide insight on current risks and threats from a forensic perspective; examine the ongoing impact that COVID has had on the compliance demonstration as well as work-at-home issues; and, highlight what to watch out for in the coming year.
  • Enterprise Transformation to Cyberresiliency Mar 11 2021 6:00 pm UTC 60 mins
    Robert Putrus, PMP, CISM, CFE, PE at THE ROBERTS COMPANY, LLC
    The presentation articulates the needs of the enterprise to transition from “cybersecurity” to “cyberresiliency”. Cyberresilience refers to the ability to constantly deliver intended outcomes despite negative cyber events. It is keeping business intact through the ability to effectively restore normal operations in the areas of information systems, business functions and supply chain management. In simple terms, it is the return to a normal state.

    Cyberresiliency is the extrapolation of cybersecurity, and it has progressed to enable enterprises to withstand and rapidly recover from cyber-attacks with criminal intent to induce harm, cripple and extort enterprises. Cyberresiliency is a board-level responsibility with high business content. It is based on initiatives under the auspices of corporate governance, enterprise cyber programs and supply chain network.

    In addition, the presentation describes a business-oriented model as how to an enterprise may develop a framework of a cyberresiliency decision model (CRDM). The proposed business model quantifies and compares the degree of impact of each proposed cyberresiliency initiative on any of the enterprise-stated goals and objectives and develops a prioritized road map to the containment of the cyber threats.

    Determining the portfolio of cyberresiliency investment and the realized value of such initiatives is highly correlated to an organization’s willingness to articulate the following

    - The risk of potential costs of security incidents that the enterprise is willing to bear
    - The level of risk that the enterprise is willing to accept when running its business
    - The enterprise’s recognition that investment in cyberresiliency ought to be mapped and prioritized to the desired outcome and types of threats
  • Privacy-Preserving Computing and Secure Multi-Party Computation Mar 3 2021 6:00 pm UTC 60 mins
    Ulf Mattsson, Chief Security Strategist at Protegrity
    A major challenge that many organizations faces, is how to address data privacy regulations such as CCPA, GDPR and other emerging regulations around the world, including data residency controls as well as enable data sharing in a secure and private fashion. We will present solutions that can reduce and remove the legal, risk and compliance processes normally associated with data sharing projects by allowing organizations to collaborate across divisions, with other organizations and across jurisdictions where data cannot be relocated or shared.
    We will discuss secure multi-party computation where organizations want to securely share sensitive data without revealing their private inputs. We will review solutions that are driving faster time to insight by the use of different techniques for privacy-preserving computing including homomorphic encryption, k-anonymity and differential privacy. We will present best practices and how to control privacy and security throughout the data life cycle. We will also review industry standards, implementations, policy management and case studies for hybrid cloud and on-premises.
  • Modern Wireless Attacks – PEAP BOMB Recorded: Feb 18 2021 46 mins
    Anthony Ralston, Senior Security Consultant at Abricto Security
    Hacking into Wi-Fi networks have always been fairly straight forward and nowadays the techniques to do so are easily detected and prevented. In this talk we will look at the history of wireless attacks; what's worked well in the past, how attacks have evolved, and modern-day approaches used to breach Wi-Fi networks. We will then discuss PEAP bomb - a novel technique of attacking Wi-Fi to obtain active directory credentials to ultimately breach the enterprise.
  • A Conversation with the 2020 AICPA SOC School Author and Instructor Recorded: Feb 4 2021 59 mins
    Shelby Nelson, Partner, CISA, CISSP, CDPSE, CyberSOC, Advanced SOC
    An open format allowing participants to ask questions of a leading SOC SME, and an opportunity to review the recently published AICPA SOC FAQs.
  • Understanding an Environments Attack Surface Recorded: Jan 29 2021 56 mins
    Robert Hawes, VS-Labs Research Team Lead
    This talk will provide key insight for developers and security professionals when it comes to performing attack surface enumeration. Along with attack surface enumeration, knowledge around common abuse cases that VerSprite VS-Labs Research team has seen plague products, is covered briefly. It is also important to understand that the security posture of a product is not only tied the product itself; however, understanding the attack surface of the operating system the product is deployed on is equally critical.
  • Offensive Threat Models for Supply Chain Attacks Recorded: Jan 28 2021 65 mins
    Tony UcedaVelez, CEO, VerSprite
    his talk will focus on how org threat models can help to identify supply chain risks for enterprise organizations. This presentation will focus on what organization threat models are, how they incorporate attack surfaces along with threat intel sources and how companies can continuously manage their threat models as part of a blueprint for a security program.
  • Auditing the Cloud: AWS Recorded: Jan 21 2021 62 mins
    Mary Beth Marchione, MBA, CPA, CISA, CISSP RAS Senior Manager
    Key tips and tricks to navigating the AWS environment. You will walk away with an understanding of the cloud service model, redundancy and backup strategies, key security roles, and logging.
  • LEVERAGING COMPLIANCE AUTOMATION FOR OUR CLOUD-FIRST WORLD Recorded: Jan 15 2021 57 mins
    Scott Schwan Co-founder and CEO of Scott Schwan Co-founder and CEO of Shujinko
    Attendees of this presentation will gain insight into:
    • What is driving change and how will it play out?
    • What are the implications for security, compliance, and audits?
    • What is the right level of automation to increase efficiency but not incur additional risk?
    • Why will automation augment and not replace IS audit, control, and security professionals?
    • How are compliance automation tools being adopted today?
  • Novel File-level Encryption and Regulatory Compliance Recorded: Dec 4 2020 50 mins
    Daniel H. Gallancy, CEO, Dimitri Nemirovsky, COO at Atakama
    State and federal cybersecurity regulations are expanding and becoming increasingly more onerous. Whether your company is trying to comply with California's CPA, New York's DFS cybersecurity requirements, GDPR, etc., granular file-level encryption solutions will help you get there and please your regulators in the process.
  • Protecting Data Privacy in Analytics and Machine Learning Recorded: Nov 19 2020 59 mins
    Ulf Mattsson | Chief Security Strategist | Protegrity
    In this session, we will discuss a range of new emerging technologies for privacy and confidentiality in machine learning and data analytics. We will discuss how to put these technologies to work for databases and other data sources.
    When we think about developing AI responsibly, there’s many different activities that we need to think about.
    This session also discusses international standards and emerging privacy-enhanced computation techniques, secure multiparty computation, zero trust, cloud and trusted execution environments. We will discuss the “why, what, and how” of techniques for privacy preserving computing.
    We will review how different industries are taking opportunity of these privacy preserving techniques. A retail company used secure multi-party computation to be able to respect user privacy and specific regulations and allow the retailer to gain insights while protecting the organization’s IP. Secure data-sharing is used by a healthcare organization to protect the privacy of individuals and they also store and search on encrypted medical data in cloud.
    We will also review the benefits of secure data-sharing for financial institutions including a large bank that wanted to broaden access to its data lake without compromising data privacy but preserving the data’s analytical quality for machine learning purposes.
  • The new CPRE (sometimes called CCPA V 2.0) Recorded: Nov 17 2020 58 mins
    Michael Lester, Chief Security Office at Magenic
    CPRE (California Privacy Rights and Enforcement Act) is on the ballot for November 2020 in California and will be more strict than CCPA (California Consumer Protection Act) and more akin to GDPR (General Data Protection Regulation). The discussion with focus on what is means for individuals and companies.
  • Privacy Certifications and what you need to know Recorded: Nov 10 2020 58 mins
    Jay Trinckes Technical Director Risk Management & Governance North America, NCC Group
    For the past several years privacy has been a major area of focus for companies. Ever since GDPR came into force companies are starting to realize privacy is not joke. Privacy is not something you can easily bolt on to a product and typically requires a team to test and verify that privacy is properly in place. Certifying your privacy program can help your company demonstrate your company’s commitment to privacy but also provide a mechanism to standardize. Today there are two main certifications associated with privacy APEC CBPR and ISO22701. During this event we will answer the following questions:

    o What is APEC CBRP and ISO27701?

    o Who is in scope for these certifications?

    o What is the difference between the two?

    o Common challenges implementing?

    o What about HIPAA and all the state regulations; how do those pay into the privacy certification landscape?

    o What do these certifications mean for your third party risk management program?
  • You CAN get there from here! Recorded: Nov 5 2020 56 mins
    Maryann Douglass, CISM, CISA, QSA, PCIP - Senior Consultant Sherri Collis, QSA, CISSP, CISA - Director, PCI Services Rosemary
    Guide women through process to align current strengths and responsibilities to Cyber security job requirements. Establish a path to reach their goal to move into a new Cyber Security position.
  • Identity - The key to securing data in the public cloud Recorded: Oct 27 2020 61 mins
    Daniel Martin, Principal Security Consultant, vCISO, Veristor Systems Inc.
    Securing the public cloud can feel like a dark gray storm off the horizon; however, aligning a cloud identity solution can be your first glimpse into the silver lining. Join us as we talk about the new perimeter of cloud security and how your Identity and Access Model can securely extend your reach into the cloud while simplifying the user’s login experience.

    Executing a digital transformation strategy results in a continuous outcome to have more sensitive data transitioning into our cloud environments and applications. The data security perimeter has changed, making perimeter firewalls less effective and insufficient for protecting data at scale in environments where the data can reside virtually anywhere. This has led to the importance of tracking user identities across multiple applications and environments to build a true story of what correlated actions a user may be taking throughout the enterprise. As a result, we must transition to an identity and access ecosystem that enriches contextual environmental, biological, and technological information to create a seamless user authentication and authorization process - no matter where the data or application resides.

    This session will illustrate the building blocks for leveraging a strong foundational directory service that will extend across your corporate and newly extended home offices while utilizing automation to increase user satisfaction and a reduction in support hours spent dealing with passwords and access requests.
  • Security Policy Automation Recorded: Oct 27 2020 35 mins
    Rebecca Finnin, Director of CyberSecurity, AT&T
    In the past, determining security requirements relevant to a particular project or technology was not a simple or speedy task, and required reading though dry policy documentation or engaging a subject matter expert. Now, DevOps teams must contend with new architectural components - like containers - which add new security requirements. Additionally, complex support models in cloud environments - like IaaS vs. SaaS - shift the responsibility for traditional security requirements onto new parties. This challenge lead AT&T to develop a new service which provides a report of only relevant security requirements to a project team, after they answer a few simple questions in an online, self-service format.

    This talk will introduce this new service and demonstrate how it is saving DevOps teams time while simultaneously helping them ensure they have addressed all relevant security requirements.
Creating meaning engagements for out membership
Welcome to the ISACA Atlanta Chapter web site. The aim of our Chapter is to sponsor local educational seminars and workshops, conduct regular chapter meetings, and help further promote and elevate the visibility of the IT audit, risk, control and security professions throughout the local area.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Cloud Breach Incident Response & Forensics
  • Live at: Oct 7 2020 4:00 pm
  • Presented by: Mike Raggo, Cloud Security Engineer at CloudKnox Security
  • From:
Your email has been sent.
or close