Hi [[ session.user.profile.firstName ]]

In-House Digital Forensics Team: Modern Information Security Program 'Must Have"

Litigation happens. Is your preservation, collection, presentation and reporting function legally defensible? Likewise, do you have events within your enterprise that require a methodical investigation using digital forensics--a cyber incident, employee abuse, HR investigations, employment or organizational lawsuits? Need legally sound email preservation and collection, or investigate TOR/BitTorrent client, illicit use, fraudulent activities, or AUP violations? Learn the trained staff, tools, processes, workflows and synergistic relationships with privacy, legal, HR and risk teams required to run successful, value-added and indispensable digital forensics and eDiscovery functions companywide. Digital forensics is a necessary core competency and capability for the modern information security function in enterprises small and large.
Recorded Jan 9 2019 55 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Gregory Braunton National Director, Threat Management, Incident Response & Forensics Catholic Health Intiatives
Presentation preview: In-House Digital Forensics Team: Modern Information Security Program 'Must Have"

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • The Power of Side Hustles and Alliances: Finding your Tribe Recorded: May 5 2021 55 mins
    Jessica Gulick; Lisa Vaughan; Dr Sarah B Lee; Mari Galloway
    The COVID-19 pandemic created a unique and challenging opportunity to do business differently. Finding – and staying connected to – your tribe has never been more important. Your tribe, which can be thought of a “personal advisory council,” can help you as you make decisions and support you as you move forward in your career. “In your tribe, you don’t necessarily surround yourself by people who look just like you. I think it’s important to reach out to get those different perspectives,” said Lisa Vaughan, CIO, Mississippi Department of Environmental Quality. The speakers offer advice for finding your tribe and building your tribe, recommendations for books to read on the subject, as well as guidelines on what your tribe should be able to provide.
  • Don't Miss the BIGGEST (ISC)2 Security Congress Yet! Recorded: Nov 3 2020 1 min
    Join thousands of cybersecurity professionals at all levels for three days of industry discussion, continuing education and networking, November 16 – 18. Get your passes at: https://securitycongress.brighttalk.live/passes/
  • Threat Hunting for M&A Cyber Due Diligence Recorded: Mar 9 2020 61 mins
    Jacob Williams – Principal Consultant, Rendition Infosec
    Don't buy a breach. During a merger or acquisition, you get all the assets of the acquired organization, but you also take on all their liabilities. That's why due diligence has been so important for M&A. Cybersecurity posture is often not considered during M&A due diligence checks, but it absolutely should be. With minimal changes to standard threat hunting methodologies, M&A cybersecurity due diligence is relatively easy to perform. In this session, we will explain the principles of general threat hunting and then show what changes are required to maximize value for M&A due diligence assessments. In every case that the speaker's firm has taken on, the acquired organization's purchase price was decreased due to discovered risk, demonstrating the obvious business value of this activity.
  • Addressing the Benefits & Challenges of Implementing the MITRE ATT&CK Framework Recorded: Mar 9 2020 48 mins
    Douglas Wagner – Security Analytics Leader - N America, IBM
    Security teams frequently struggle with their security analytics (SIEM) practice, specifically how to identify malicious behaviors beyond the vendor-provided content. MITRE's granular approach to detecting threats provides an overarching strategy that organizations can follow. We will discuss the importance, value and some of the challenges implementing the MITRE ATT&CK framework for detection processes. Additionally we will cover the "how" and "why" of implementing a "Model of Continuous Improvement" for threat detection within your organization. Finally we will address the pain points (both technical and managerial) organizations face trying to improve their security analytics practice--and how to overcome those hurdles.
  • Follow the Risk with Adaptive Cybersecurity Assessments Recorded: Mar 9 2020 62 mins
    Gideon T. Rasmussen – Consulting Principal, Virtual CSO, LLC
    This session provides practical cybersecurity assessment advice. It details the end-to-end process including: scoping, work papers, scheduling, on-site assessment, report preparation and presentation.

    The first assessment example leverages the NIST Cybersecurity Framework to ensure coverage across security domains. Sample scoping questions will be provided, along with tips and examples to add controls based on business processes, insider threat, privacy and fraud.

    This session also addresses follow-on assessments. Attendees are encouraged to evaluate lines of business and to take deep dives into critical functions. Tips and examples are provided to leverage best practices, creating specific testing procedures.

    Upon returning to work, attendees should be able to conduct an assessment and understand how to develop new testing procedures, adapting to changes in the threat landscape.
  • Diversity, Equity and Inclusion: Create a Winning Security Company Culture Recorded: Mar 5 2020 57 mins
    Jennifer Steffens, Ericka Chickowski, Jennifer Minella, Karen Worstell, Manju Mude,
    The conversation around diversity in security and closing the massive workforce gap with more women is nothing new. It is common knowledge that security is a male-dominated field with women making up only 11% to 24% of cybersecurity jobs, depending on which study you read. At this point, diversity must be a way of life, so we need to move the conversation forward to focus less on recruitment of diverse teams and more on building a culture of inclusion at micro and macro levels. Building a company culture that supports mentorship programs, career building, employee training and more will open up new doors for both a happier workforce and lower turnover employee rate.
  • Preparing for Cyber War: Learnings from Responding to Disruptive Breaches Recorded: Oct 29 2019 66 mins
    Charles Carmakal;. VP, Strategic Services CTO, Mandiant; Jeremy Koppen; Manager, Mandiant
    Some threat actors are motivated by money, some want fame and glory, some want to influence our decisions, and some just want to see the world burn. Threat actors will go to extreme measures to achieve their objectives. The rules of engagement have changed. Over the past two years, we have observed a significant rise in aggressive attacks—extortion, public shaming, destruction, intentional business disruption and even threats to human safety. This talk will walk through several attacks observed on the front lines by the presenters.

    We'll include:

    • an overview of the threat actors and their motivations.
    • a discussion of the TTPs employed by aggressive threat actors.
    • several case studies
    • suggestions for preparing for and responding to aggressive threat actors

    Learning Objectives:

    •Educate the audience on aggressive intrusions by walking through several case studies. Explain motivations by threat actors.

    •Provide guidance on dealing with extortion, public shaming and destructive attacks.

    •Determine how to spot scammers that attempt to extort businesses.
  • Trends in Cloud Security: Where We're Going, We Don't Need Roads Recorded: Oct 29 2019 49 mins
    Liz Tesch – Azure Consultant, Secure Infrastructure, Microsoft
    This presentation will examine the current state of security in a hybrid cloud environment, discuss cloud security tools and technologies, and describe how they will enable us to practice security more effectively in the future.

    We will examine:
    - How security monitoring is being integrated into custom data lake solutions to create cloud-based security analytics solutions.
    - How DevSecOps and AppSecOps are changing the way we deploy and secure workloads in the era of continuous deployment.
    - How AI and machine learning solutions are allowing us to more effectively protect identities and defend against threats anywhere anytime.
    - How information protection is enabling us to protect our organizations resources more effectively even as traditional security barriers are eliminated.

    Learning Objectives:

    •Learn four trends in cloud security that will transform the way we practice security and protect
    organizations in the next 3 to 5 years

    •Describe how cloud-based technologies like identity and information protection, big data
    analytics, machine learning and DevOps are transforming the cybersecurity landscape. The
    audience will understand both the challenges and the opportunities these technologies bring to
    security practitioners as we struggle to secure both new and legacy environments.

    •Demonstrate an awareness of how these technologies can help us secure the business more
    effectively. Also, understand how we can start leveraging these new opportunities in our
    cybersecurity architectures. Finally, feel excited about getting involved in these technologies as we further our careers.
  • Getting Started with SDL Recorded: Oct 29 2019 59 mins
    Steven B. Lipner, CISSP, Executive Director, SAFECode
    The security development lifecycle (SDL) process is the “gold standard” used by large software development organizations to deliver secure software. But what about the rest of us? What if, instead, you work in a small-to-midsized dev shop lacking the resources of larger organizations?

    Good news! SDL is for you too -- and it doesn’t have to break the bank.

    There are a variety of approaches and free resources that can help smaller organizations create effective SDL programs. With management commitment to SDL fundamentals, and an investment of resources proportional to the size of the development organization and its products, it's possible for smaller organizations to get started and build an effective SDL program that delivers software that customers will find secure.

    Learning Objectives:

    •Create a plan for rolling out an SDL program in their organization, know what management and stakeholder buy-in they need, and get moving on implementing an SDL.

    •Access a variety of free and affordable resources to help create and sustain an SDL program.

    •Recognize and address secure development concerns of importance to smaller organizations and ways that they can address those concerns.
  • We Take Security Seriously Recorded: Oct 29 2019 52 mins
    Javvad Malik, CISSP, Security Awareness Advocate, KnowBe4
    "We take security seriously"—four words that are so easy to say, but what do they mean in the real world? Are they just soothing words designed to pacify frustrated users in the aftermath of a breach? Or can these words mean something more?

    The presenter spent months speaking to CISOs, security professionals and practitioners, as well as going undercover to speak to business owners, which certainly rattled some cages. Thankfully, he dodged many bullets, all in the name of attempting to quantify the unquantifiable: What does it really mean to take security seriously?

    So, come along, find out what the professionals think, what the general landscape is, what steps businesses can take and maybe a few hard-to-believe side stories.

    Learning Objectives:

    •Take an objective look at what it means to take security seriously, covering all aspects around
    people, processes and technology.

    •Appreciate the complexities of researching and trying to find the tangibles in something

    •Learn to reprioritize actions and activities—and maybe even their entire risk framework based
    on outcomes of the research.
  • Privacy Laws, Cyber Cases and the Changing Landscape Recorded: Oct 29 2019 61 mins
    Adriana Sanford, JD, dual LLM – International TV Commentator, CNN Español Analyst/ Contributor
    What You Need to Know About Global Privacy Laws, Cyber Cases and the Changing Landscape

    Multinational corporations and small businesses alike continue to struggle to stay compliant with multiple regulations in different jurisdictions that may result in serious consequences from non-conformance with the law. This presentation will examine the changing global cybersecurity landscape, unique risks and key challenges posed by the complex and rapidly evolving set of global data privacy regulations, with particular focus on EU General Data Protection Regulation (GDPR) violations, significant areas of cyber law currently in flux in the courts, recent trends across the globe, and new developments on the horizon, such as the California Consumer Privacy Act (CCPA) and other landmark rulings that may have far-reaching implications on business operations.

    Learning Objectives:

    •Comprehend critical details about domestic and international cyber cases that impact the conduct of business operations.

    •Identify significant multijurisdictional concerns relating to new cybersecurity regulations and landmark rulings on a global scale.

    •Adapt policies to suit the changing security landscape.
  • The Automation Quandary Recorded: Oct 29 2019 55 mins
    Michael S. LeLand, Principal Engineer and Chief Technology Strategist, McAfee
    Today’s security professionals face challenges to their ability to secure their organizations’ digital assets. Threats are more sophisticated, digital infrastructures more complex, data more voluminous and cyber talent scarce. The burden is becoming overwhelming and companies are asking how they can get more capacity out of the resources they already have.

    While automating processes is an obvious solution, there’s historically been reticence on the part of security teams to embrace automation. This hesitation stems from an underlying fear that without a human element something will go wrong, leaving security teams spending precious time on clean-up. See how a new approach is encouraging disparate solution providers to band together to share threat intelligence in real time, enhancing the benefits of a more automated approach to security.

    Learning Objectives:

    •Understand the organizational impact of current industry challenges.

    •Define why security organizations often hesitate to automate their
    security processes.

    •Describe the reasons automation must be a requirement for a sound
    security infrastructure.
  • The History of the Future of Cybersecurity Education Recorded: Oct 29 2019 52 mins
    Winn Schwartau. Chief Visionary Officer, The Security Awareness Company
    Ill-prepared for real-world cyberdefense? Teach strategic generalities to improve our workforce. Consider:

    Basic engineering: “Things” are designed and built by engineers, constrained by the laws of physics. “Things” must be tested, stressed and measured. With the rise of anthro-cyber-kinetics and AI, cybersecurity professionals need greater engineering fluencies.

    History: Security problems reappear in new guises, yet we use the same futile approaches to defense. Teach technological history and theory: Boole and Bayes; information theory and entropy by Shannon; Cybernetics by Norbert Weiner as anthro-cyber-kinetics dominate autonomous systems.

    Neuroscience: The brain is the greatest averaging machine in the universe. It is also the weakest piece of any security system. We tend to blame the end user, but neural subtleties guide human behavior. Social-media triggers dopamine for every Like, resulting in addiction.

    Learning Objectives:

    - Learn how and why current cybersecurity education is lacking.

    - Discover why engineering, history and neuroscience are so critical to cybersecurity. defense.

    - Understand how these approaches will benefit organizations and how they can help realize these goals.
  • The Future of Digital Identity in the Era of Digital Transformation Recorded: Oct 29 2019 59 mins
    Zulfikar Ramzan, PhD, Chief Technology Officer, RSA Security
    Digital transformation is a priority for enterprises, but it leads to unique risks and security challenges. This spurs the evolution of identity management systems where control is gradually moving away from a central authority and towards the user. On this evolutionary path, the latest trend is an emerging model called decentralized (or self-sovereign) ID—or DID.

    This session presents proof of concept for an emerging identity management model based on the distributed ledger and self-sovereign principles that enable enterprises to securely manage this ecosystem. Understand why it makes it unnecessary to have a central authority such as a certificate authority, employer, Google or Facebook to create (and own) a user’s identity. We will discuss how eliminating the intermediaries means more efficient processes for provisioning of IDs, authentication, etc.

    Learning Objectives:

    •Understand the key elements of the decentralized (or self-sovereign) ID (DID) model
    through a new proof of concept, based on a user creating and managing/owning their
    own identity following defined standards.

    •Hear additional advantages for this type of identity model through a comparison of DID
    against other models and learn of its relevant standards.

    •Understand the challenges facing the adoption of DID and what the industry can do to
    help overcome them.
  • Cybersecurity Tips, Tools and Techniques for Every CISSP—Updated for 2019 Recorded: Oct 29 2019 57 mins
    Ronald Woerner, Cybersecurity Instructor, Bellevue University, CISSP
    Every cybersecurity professional needs to keep a toolkit of programs, apps and resources for troubleshooting and securing systems. This rapid-fire presentation—an update from the hugely popular 2018 talk—showcases apps used in cybersecurity testing, investigations, administration and just day-to-day work. You’ll experience advanced techniques using security tools such as Kali Linux, Windows SysInternals Suite, VMWare, Wireshark, NMAP and many more.

    This session also provides a variety of websites, references and resources to help you do your job as a cybersecurity professional, as well as tips to keep yourself and others out of trouble. Another new area is the use of open source intelligence used for information gathering and social engineering. You'll leave ideas to help you make intelligent choices as a cybersecurity professional.

    Learning Objectives:

    •Determine the best security tools and applications to use within both home and work environments to build a
    better security posture.
    •Incorporate systems protection, testing, investigations and administration techniques into their daily security
    •Analyze tools, tips and techniques for using open-source tools in any environment.
  • 2019 Security Congress Preview – Cloud Security Recorded: Jul 23 2019 56 mins
    Richard Tychansky, Travis Jeppson, Brandon Dunlap (Moderator)
    (ISC)² will hold its Security Congress 2019 in Orlando, FL October 28th – 30th. This conference will bring together 3000+ attendees and over 180 educational sessions. One of the 18 tracks that are being offered with focus on Cloud Security and the challenges practitioners face when dealing with all things cloud related. On July 23, 2019 at 1:00PM Eastern, join (ISC)² and several of the speakers who’ll be presenting in the Cloud track as we preview their sessions, get an idea of what will be discussed and discuss the state of cloud security today.
  • One CyberSecurity Standard to Rule Them All?! Recorded: Jan 10 2019 51 mins
    James McQuiggan, CISSP Product & Solution Security Officer Siemens Gamesa Renewable Energy
    Companies today are increasingly discovering that it is difficult to determine which standard they should implement to secure their company's data, assets and people. Within the manufacturing, oil and gas, and electricity industries, they have a responsibility to themselves but also to customer's demands to be secure and compliant. Which one should they use? NIST, ISO, UL, NERC CIP, IEC 62443? This alphabet soup of standards certainly gets confusing. Is there a right one to use? Should more than one be used? From the purchaser standpoint in regards to a long-term model for industry control systems and how commodity hardware and software are demanding a change in paradigm, but rate cases do not allow for it.
  • Implementing a Successful Privileged Access Management Program - Lessons Learned Recorded: Jan 10 2019 53 mins
    Tariq Shaikh, CISSP, PMP, ITIL IT Program Manager, IAM Aetna
    Exploitation of privileged access is the #1 root cause of most large scale breaches in the recent past. Organizations are at risk of exploitation as there are typically limited controls (tools, processes) to manage privileged access and little to no comprehensive view of these controls A well-run Privileged Access management program can considerably mitigate the intentional/unintentional misuse of privileged access at all levels in the IT Stack (Host, Database, Network, Applications). This session will provide pointers on how to run a successful multi-year Privileged Access Management Program.
  • In-House Digital Forensics Team: Modern Information Security Program 'Must Have" Recorded: Jan 9 2019 55 mins
    Gregory Braunton National Director, Threat Management, Incident Response & Forensics Catholic Health Intiatives
    Litigation happens. Is your preservation, collection, presentation and reporting function legally defensible? Likewise, do you have events within your enterprise that require a methodical investigation using digital forensics--a cyber incident, employee abuse, HR investigations, employment or organizational lawsuits? Need legally sound email preservation and collection, or investigate TOR/BitTorrent client, illicit use, fraudulent activities, or AUP violations? Learn the trained staff, tools, processes, workflows and synergistic relationships with privacy, legal, HR and risk teams required to run successful, value-added and indispensable digital forensics and eDiscovery functions companywide. Digital forensics is a necessary core competency and capability for the modern information security function in enterprises small and large.
  • Performing AWS Cloud Security Audits Recorded: Jan 8 2019 46 mins
    Tim Sills, MBA, CISSP, CISM, CISA
    The migration to cloud services provides companies with enormous opportunities to deliver their brand worldwide. The ease by which the cloud providers enable their complex services offers convenience. Yet, the providers do not always take into consideration security requirements needed to safeguard sensitive data, maintain compliance and protect against data breaches.

    We will answer the question of how do you perform an audit against an environment that consists of hundreds of resources that are all located world-wide? How do you validate that the deployment aligns with corporate policies? We will introduce open source tools to show how data can be collected across AWS deployments, and we’ll discuss how to interpret the results in that green is good and red is bad may not always apply.
(ISC)² Security Congress sessions, locations and sponsors.
(ISC)² Security Congress channel contains digital content of activities at (ISC)2's Flagship conference event. You'll find keynotes, sessions and related items.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: In-House Digital Forensics Team: Modern Information Security Program 'Must Have"
  • Live at: Jan 9 2019 2:40 pm
  • Presented by: Gregory Braunton National Director, Threat Management, Incident Response & Forensics Catholic Health Intiatives
  • From:
Your email has been sent.
or close