Hi [[ session.user.profile.firstName ]]

DNSSEC, DANE, DPRIVE...Oh My! A Primer on the Critical State of DNS Security

When was the last time you thought about your Domain Name System (DNS) server? Do you realize DNS is insecure by default? Are you prepared for attacks against your DNS infrastructure? Often a DNS server is set up and then forgotten. You will learn about why you need to be paying attention to this critical core network service. How can DNS Security Extensions (DNSSEC) ensure the integrity of DNS info? How can the DANE protocol add a layer of trust to applications and services using TLS? What is happening with the DPRIVE work to use DNS over TLS? And why should enterprises be concerned?

This session will explore why you need to pay attention to DNS security for a more trusted and secure internet.

Learning Objectives:

• Describe the threats to the security and privacy of DNS servers.
• Understand and describe the mechanisms to protect DNS, such as DNSSEC, DANE and DPRIVE.
• List actions to protect attendees' home networks.
Recorded Mar 22 2018 49 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Dan York, CISSP | DNS Security Program Manager Internet Society
Presentation preview: DNSSEC, DANE, DPRIVE...Oh My! A Primer on the Critical State of DNS Security

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • (ISC)² Town Hall - 2017 Security Congress Recorded: Apr 16 2018 86 mins
    David Shearer, CISSP | CEO (ISC)²
    The panel will consist of members from (ISC)² Management and (ISC)² Board of Directors who will be ready to answer any questions that you may have regarding membership, certifications, information security, etc. The meeting is open to member and non-members.
  • DNSSEC, DANE, DPRIVE...Oh My! A Primer on the Critical State of DNS Security Recorded: Mar 22 2018 49 mins
    Dan York, CISSP | DNS Security Program Manager Internet Society
    When was the last time you thought about your Domain Name System (DNS) server? Do you realize DNS is insecure by default? Are you prepared for attacks against your DNS infrastructure? Often a DNS server is set up and then forgotten. You will learn about why you need to be paying attention to this critical core network service. How can DNS Security Extensions (DNSSEC) ensure the integrity of DNS info? How can the DANE protocol add a layer of trust to applications and services using TLS? What is happening with the DPRIVE work to use DNS over TLS? And why should enterprises be concerned?

    This session will explore why you need to pay attention to DNS security for a more trusted and secure internet.

    Learning Objectives:

    • Describe the threats to the security and privacy of DNS servers.
    • Understand and describe the mechanisms to protect DNS, such as DNSSEC, DANE and DPRIVE.
    • List actions to protect attendees' home networks.
  • Hacking the Leadership Code: Surviving and Thriving as a Security Leader Recorded: Mar 21 2018 52 mins
    Sean Cordero, CISSP,CISA,CRISC,CISM | Senior Executive Director, Optiv
    When security experts are promoted to top leadership positions within their organizations, there often is inadequate time to analyze and jettison the mindsets that worked well as individual contributors but now threaten to undermine their new roles. Often, this drowns out positive changes these leaders hope to see and leaves the security leader gasping to be heard, even though they may be yelling. More of the same will not work. A shift in approach is required.

    This session will provide a firsthand view into what has made some security leaders successful. It will also provide actionable insights for those aspiring to security leadership roles on how to craft a message and an approach that is heard, respected and incites action across the organization.

    Learning Objectives:

    • Identify self-defeating security leadership behaviors which undermine the credibility, resonance and trust needed to drive organizational-wide change; then identify the actions they can take towards addressing their professional gaps.
    • Articulate the differences between a successful security leader and a security expert: How to survive the transition from a security subject matter expert into a person who is now responsible for the success of other professionals, the program and the business
    • Develop a plan of action to improve leadership skills and develop momentum for attendees' security programs in which they become an impactful agent for positive change.
  • 10 Reasons Why Micro-Segmentation and Clouds are Not Secure Recorded: Mar 21 2018 29 mins
    Predrag "Pez" Zivic, CISSP
    Micro-segmentation and cloud architectures decrease threat landscape by design. However, this smaller threat surface creates a false sense of good security. This presentation will clearly demonstrate 10 security controls that are missing in such architectures. Standard private (OpenStack and NSX) and public cloud architectures (AWS and Azure) with micro-segmentation will be presented and analyzed for 10 security controls that are missing. They include identification, authentication, authorization, vulnerability, anti-virus, advance persistence threat detection, denial of service and data protection, visibility with analytics and security system automation.

    Attendees will learn how to add these 10 controls to micro-segmentation to architect strong security. We'll show how the implementation of most of these controls may be used to set a foundation for zero-trust model implementation.

    Learning Objectives:
    • Learn what security controls are missing in micro-segmentation in private and public cloud implementations
    • Learn how to go about implementing 10 security controls presented
    • Learn how to use these 10 security controls to set a foundation for zero-trust implementation
  • GDPR - What You Need to Know - A Panel Discussion Recorded: Mar 12 2018 62 mins
    Harvey Nusz | Kevin Stoffell | Mariano Benito | Andrew Neal
    The European Union General Data Protection Regulation is a huge culture change for those U.S. companies doing business within the EU or with EU citizens, and those who store these users' data in the United States. And it's coming in less than a year. Join an accomplished panel, including a practitioner from Europe and hear about how to prepare for GDPR, what companies must implement, enforce and measure. We'll also explore compliance controls and how that will change the workforce behavior, while allowing EU citizens access to data.


    Learning Objectives:
    - Understand the major requirements of GDPR, the magnitude, and scope of its differences with U.S. privacy laws (think HIPAA), and truly appreciate the gargantuan task of implementing a cultural change within your workforce to avoid costly fines and breaches.

    - Understand access methodologies and choose the method that fits your needs, as this is key. This new privacy culture will not allow giving read access where a workforce member has no need to access privacy data, and will require obfuscation of privacy data in testing.

    - Learn how best to architect GDPR implementation in your environment, and how to apply architectural principles to maximize effectiveness and minimize unintended consequences.
  • Ignorance: What Does that Event Really Mean? Recorded: Mar 9 2018 51 mins
    Kristy Westphal, Senior Manager, Charles Schwab CISSP, CISA, CRISC, CISM, CIPP/US
    In the worlds of incident response and forensics, we live in the analysis of data. But are our conclusions following a scientific process or just a gut feeling? This talk will explore various cases where the gut feeling wasn't the best way to analyze a security event and the consequences that came from an improper analysis. We'll also explore possible methods that put ego aside and look for the right answers. Critical thinking and scientific processes will be looked at in depth, as well as ways to show organizations that ignorance is not such a bad thing.

    Learning Objectives:
    - Understand why it's important to apply sound processes to incident response, yet also include creative thinking.
    - Understand how to implement critical thinking and scientific methodology to security event analyses.
    - Realize instant value in higher quality security event analyses.
  • Do Containers Fully 'Contain' Security Issues? A Closer Look at Garden & Docker Recorded: Mar 9 2018 62 mins
    Farshad Abasi, CISSP, Principal Global Security Architect, IT Security Architecture, HSBC
    Container technology has been around in various shapes or forms for some time; however, the recent arrival of Docker, Garden and other providers of a lightweight option to virtualization has put the "container" buzzword on top of most DevOps' toolkits. As usual, what has been overlooked is security and potential issues that can come about as a result.

    This presentation takes a closer look at a few of the more commonly used container technologies today, namely Docker and Warden/Garden, and the associated potential security issues.

    Learning Objectives:
    - Understand what containers are.
    - Be familiar with potential security issues related to containers.
    - Gain knowledge on how to use containers securely in an environment.
  • You Want to Do What with My Cell Phone? Privacy Rights at Border Crossings Recorded: Feb 19 2018 45 mins
    Scott Giordano, Esq, MBA, MS, CISSP
    Imagine the following scenario: You enter (or return to) the United States and border officials demand that you hand over your cell phone and PIN. Or, perhaps you are stopped at a checkpoint or pulled over by law enforcement officials and they make the same demand. Suppose they want all passwords to access your data? Even worse, they want to copy all of your data – can they do that? Demands by law enforcement officials to search mobile devices without a warrant seem to be a daily occurrence. In this session, privacy industry veterans will discuss the legalities of searching cell phones and other mobile devices, including your rights and how you can minimize your exposure.
  • From 10% to 100% Cloud in 3 Years: How (ISC)² is Doing it & Putting Security 1st Recorded: Jan 16 2018 49 mins
    Wesley Simpson, MSM, COO, (ISC)²
    (ISC)² COO Wesley Simpson, shares the association’s experience as (ISC)² transitions to a 100% cloud-based services model. This interactive discussion explores how (ISC)² decided to go all in with cloud, why the cloud was the best option, how the team ensured its cloud strategy mapped to operational needs, and how security is front and center throughout the entire process. Learn how we are doing it and share your cloud migration experiences. This discussion is for anyone thinking about moving to the cloud, already making the transition or even those who completed a cloud migration but still looking for best practices to apply.
  • Help Wanted! – Addressing the Cybersecurity Skills Shortage Recorded: Jan 15 2018 66 mins
    Gary Beach, Brandon Dunlap, Donald W. Freese, David Shearer, Deidre Diamond
    Panel Moderator: Gary Beach – Author: The U.S. Technology Skills Gap

    Panelist: Brandon Dunlap – Speaker, (ISC)²
    Panelist: Donald W. Freese – Deputy Assistant Director, F.B.I.
    Panelist: David Shearer, CISSP – CEO, (ISC)²
    Panelist: Deidre Diamond – Founder and CEO, CyberSN and #brainbabe
  • Agile Cloud Security Recorded: Jan 15 2018 61 mins
    Paul Oakes, CISSP, ISSAP, CCSP, CSM, CSPO, AWS PSA, Senior Enterprise Security Architect, TD Bank
    How does an established data center-centric organization with high trust and security needs move to the public cloud? How does a waterfall-model-oriented organization make such a move in a timely fashion so as to not be left behind by its competition? What does governance look like for such an organization's use of the public cloud? What can these organizations avoid doing wrong?

    These questions are answered by using the fundamentals of Agile methodologies: prioritization by highest value and risk; technical excellence; and continuous delivery of valuable products as seen through the lense of security principles. Those principles include least privilege, separation of duties, data protection, and visibility to examine and provide solutions for the trust, security and governance needs of cloud-new adopting organizations.
  • Cybersecurity Careers: It’s Not Just Hacking Recorded: Jan 15 2018 63 mins
    Deidre Diamond Founder and CEO CyberSN and brainbabe.org
    With more than 500,000 unfilled cybersecurity jobs, an industry made up of 10 percent women and a trend of 56 percent of women leaving tech inside 10 years, we have a big problem. The stereotype of a hoodie-clad man at a terminal in a dark room -- a myth our schools perpetuate -- is harmful. Those in cybersecurity can change this right now! Come discuss how to sell all the diverse cybersecurity jobs to women, so they will want to join us.
  • Cyber, Risk and Gender: Is There a White Male Effect in Cybersecurity? Recorded: Jan 4 2018 57 mins
    Stephen Cobb: CISSP, MSc, Senior Security Resesarcher ESET | Lysa Myers: Security Researcher III ESET
    Accurate assessment of risk is vital for effective cybersecurity, yet numerous studies show that perceptions of risk vary considerably, between demographic groups and along gender lines. Leveraging established research in areas like cultural theory of risk perception, plus original research by the authors, this session presents evidence of a “white male effect” leading to underestimation of technology risks. Could this account for the persistent insecurity of digital product design? Does it undermine efforts to protect information systems from criminal abuse? Given that most cybersecurity professionals are males who tend to see more risk in technology than their peers, the researchers explore the causes of white male effect, then suggest strategies for countering its influence, such as increasing diversity in technology companies and the cybersecurity workforce.
  • Resiliency is More Than A Mood: Building a Safer Homeland - Juliette Kayyem Recorded: Nov 22 2017 40 mins
    Juliette Kayyem, Founder, Kayyem Solutions, LLC
    Much of cybersecurity work focuses on preventing attacks and protecting vulnerabilities in the system, commonly referred to "left of boom" policies. Those are important efforts and an integral part of a security managers portfolio. But what happens when the vulnerability is exposed, by a state actor or an individual, and the consequences must be managed. How do we -- as corporations, individuals and a nation -- better invest in response, recovery and resiliency efforts? In this keynote, Juliette Kayyem will offer five important steps to building a more resilient system and what we all need to do to "keep calm and carry on."
  • It’s a Brave New Cybercrime World - Donald W. Freese Recorded: Nov 22 2017 64 mins
    Brandon Dunlap, Donald Freese
    Join us for a wide-ranging discussion with FBI Deputy Assistant Director Don Freese. The former director of the National Cyber Investigative Joint Task Force (NCIJTF), Mr. Freese will share his insights into how nation-state adversaries are changing the security game and the critical role that threat intelligence now plays in defending everything from our national security infrastructure to your own personal data. Moderator Brandon Dunlap hosts this interactive session, during which you will learn firsthand how this experienced cybersecurity professional views our readiness to secure our critical infrastructure, the shifting intersection of cybersecurity and law enforcement, the increasing need for public/private information-sharing partnerships and the evolving nature of the threats we are all facing.
  • Sneak Peek into (ISC)² Security Congress 2017 Recorded: Mar 20 2017 3 mins
    David Shearer, CEO
    Attend our 7th annual conference in Austin, Texas on September 25-27. As cyber threats and attacks continue to rise, (ISC)² Security Congress provides the knowledge, tools, direction and expertise that cybersecurity professionals need.

    Learn more about (ISC)² Security Congress: https://congress.isc2.org
  • Experience (ISC)² Security Congress 2016 Recorded: Nov 18 2016 2 mins
    (ISC)2
    Over 1,500 attended the 2016 Security Congress in Orlando, FL. This year’s Congress advanced security leaders with an exciting week packed full of education, networking, vendor solutions, and fun. Take a look into the week at #ISC2Congress to see what it’s all about! Save the date for 2017 Security Congress – September 25 – 25, 2017 – Austin, TX.

    ----------------------------------------­------------------------------------------------------------

    (ISC)² Website: https://www.isc2.org
    © Copyright 1996-2016. (ISC)², Inc. All rights reserved.
  • What's your Password Recorded: Nov 18 2016 2 mins
    (ISC)2
    See how InfoSecurity professionals react when asked what their password is at (ISC)² Security Congress.
  • Ripped from Headlines: Demonstrations of the Year's Top Breaches Recorded: Nov 18 2016 60 mins
    Mike Landeck, CISSP®, CyberSecOlogy
    With so many breaches being reported in the media, information security professionals can develop “breach fatigue,” losing sight of the cause and effect of the controls that failed and not learning from those mistakes. This talk uses specially created technology to re-create some recent breaches and walks participants through actual hacks of the vulnerabilities that allowed the breach to occur. Then we discuss how the failed controls could have been hardened to reduce or even eliminate the risk. We'll include demonstrations of attacks against web sites, spear phishing, mobile devices and access control failures.
  • Compromising Merchants: A Live Hack Demo Recorded: Nov 18 2016 49 mins
    Gary Glover, CISSP®, SecurityMetrics
    Merchant data is continually under attack. But how? What makes them vulnerable? This live hack demo helps technical and non-technical audiences understand how easily unprotected credit card data can be stolen. This demonstration covers past compromises, hacking methodology, live hacking examples and tips to implement the Payment Card Industry Data Security Standard.
(ISC)2 Security Congress sessions, locations and sponsors.
(ISC)2 Security Congress channel contains digital content of activities at (ISC)2's Flagship conference event. You'll find keynotes, sessions and related items.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: DNSSEC, DANE, DPRIVE...Oh My! A Primer on the Critical State of DNS Security
  • Live at: Mar 22 2018 5:10 pm
  • Presented by: Dan York, CISSP | DNS Security Program Manager Internet Society
  • From:
Your email has been sent.
or close