Download presentation
Presentation is loading. Please wait.
Published byElfrieda Russell Modified over 9 years ago
1
Oklahoma Chapter Information Systems Security Association Oklahoma Chapter, Tulsa Oklahoma City Chapter, OKC Student Chapter, Okmulgee Oklahoma Chapter, Tulsa Oklahoma City Chapter, OKC Student Chapter, Okmulgee
2
Oklahoma Chapter What is ISSA ? A not-for-profit international organization of information security professionals Local chapter for Tulsa’s cyber security and data protection professionals and students Educational forums, publications, peer interaction opportunities Free exchange of information security techniques, approaches and problem solving Education outreach to local security programs Frequent newsletters and podcasts A not-for-profit international organization of information security professionals Local chapter for Tulsa’s cyber security and data protection professionals and students Educational forums, publications, peer interaction opportunities Free exchange of information security techniques, approaches and problem solving Education outreach to local security programs Frequent newsletters and podcasts 2
3
Oklahoma Chapter ISSA Oklahoma Chapter in Tulsa Local Tulsa meetings: –Monthly meetings to network and exchange ideas held second Monday of each month –We support local tech events like TechFest and TechJunction –Participation in and sponsorship of regional security events: Information Warfare Summit, October in OKC BSidesOK, coming to Tulsa in April! Email: info@oklahoma.issa.orginfo@oklahoma.issa.org Visit http://oklahoma.issa.org for more details Local Tulsa meetings: –Monthly meetings to network and exchange ideas held second Monday of each month –We support local tech events like TechFest and TechJunction –Participation in and sponsorship of regional security events: Information Warfare Summit, October in OKC BSidesOK, coming to Tulsa in April! Email: info@oklahoma.issa.orginfo@oklahoma.issa.org Visit http://oklahoma.issa.org for more details 3
4
Oklahoma Chapter See Clearly Through the Fog of War How to better prepare for a cyber attack, respond effectively, and recovery completely. Michael Haney President, ISSA Oklahoma How to better prepare for a cyber attack, respond effectively, and recovery completely. Michael Haney President, ISSA Oklahoma
5
Oklahoma Chapter Michael Haney Over 15 years as an infosec professional 11 years as information security consultant: 1 year as Walmart Stores Digital Forensics Lab QM SANS Institute Mentor CISSP, GSEC, GCIA, GCIH, GCFA, and former PCI QSA Currently full-time Ph.D. student at TU: Michael-Haney@utulsa.edu Over 15 years as an infosec professional 11 years as information security consultant: 1 year as Walmart Stores Digital Forensics Lab QM SANS Institute Mentor CISSP, GSEC, GCIA, GCIH, GCFA, and former PCI QSA Currently full-time Ph.D. student at TU: Michael-Haney@utulsa.edu
6
BE PREPARED 6
7
Oklahoma Chapter Be Prepared Quality Information Security Policies –Disaster Recovery Plan –Incident Response Plan –Communications Plan(s) Awareness, Training, and Education –Appropriate for the Appropriate Level –Everyone should know the policy Outside Assistance: –Know who to call –Know when to call Exercises –Table Top Exercises –Fire Drills –Lessons Learned Quality Information Security Policies –Disaster Recovery Plan –Incident Response Plan –Communications Plan(s) Awareness, Training, and Education –Appropriate for the Appropriate Level –Everyone should know the policy Outside Assistance: –Know who to call –Know when to call Exercises –Table Top Exercises –Fire Drills –Lessons Learned
8
BE PREPARED 8
9
VULNERABILITY INTELLIGENCE 9
10
Oklahoma Chapter Vulnerability Intelligence Inventory Management Configuration Management Patch Management Log Management Secure Code Reviews Vulnerability Scanning and Remediation Lifecycle Penetration Testing –Trusted Security Vendor –White Box and Black Box Testing Inventory Management Configuration Management Patch Management Log Management Secure Code Reviews Vulnerability Scanning and Remediation Lifecycle Penetration Testing –Trusted Security Vendor –White Box and Black Box Testing
11
11 VULNERABILITY INTELLIGENCE
12
THREAT INTELLIGENCE 12
13
Oklahoma Chapter Threat Intelligence Malware Outbreaks (Rogue Actors and Criminals) Targeted Attacks (Enemy Nations and Terrorists) Insider Threats, Negligent Users, Social Engineers Know the Stages of Attack and Compromise Well-tuned Intrusion Detection Systems HONEYPOTS! Time to Go Hunting –Know the threats –Know your vulnerabilities –Don’t Wait for Alerts Malware Outbreaks (Rogue Actors and Criminals) Targeted Attacks (Enemy Nations and Terrorists) Insider Threats, Negligent Users, Social Engineers Know the Stages of Attack and Compromise Well-tuned Intrusion Detection Systems HONEYPOTS! Time to Go Hunting –Know the threats –Know your vulnerabilities –Don’t Wait for Alerts
14
14 THREAT INTELLIGENCE
15
COLLECTIVE INTELLIGENCE 15
16
Oklahoma Chapter Collective Intelligence Publicly Available Information Sources: –Internet Storm Center: isc.sans.edu –SANS NewsBytes and @RISK –The Hacker News, Krebs On Security –Lots of good blogs out there (and some bad ones, too) Vendors: –Verizon Data Breach Investigations Report –Mandiant APT1 and IOC –Symantec Deep Insight Organizations: –FS-ISAC, ES-ISAC, MS-ISAC, REN-ISAC, etc. –CERT/CC, US-CERT, ICS-CERT –ISSA, InfraGard PEERS! READ, LEARN, and SHARE! Publicly Available Information Sources: –Internet Storm Center: isc.sans.edu –SANS NewsBytes and @RISK –The Hacker News, Krebs On Security –Lots of good blogs out there (and some bad ones, too) Vendors: –Verizon Data Breach Investigations Report –Mandiant APT1 and IOC –Symantec Deep Insight Organizations: –FS-ISAC, ES-ISAC, MS-ISAC, REN-ISAC, etc. –CERT/CC, US-CERT, ICS-CERT –ISSA, InfraGard PEERS! READ, LEARN, and SHARE!
17
17 COLLECTIVE INTELLIGENCE
18
18 PRIVACY
19
Oklahoma Chapter Privacy Know the Law Know the Policies and Culture Share information, but do so securely Be cautious of increasing liability and risk Do the Right Thing Know the Law Know the Policies and Culture Share information, but do so securely Be cautious of increasing liability and risk Do the Right Thing
20
20 PRIVACY
21
21 COLLECTIVE INTELLIGENCE
22
22 THREAT INTELLIGENCE
23
23 VULNERABILITY INTELLIGENCE
24
BE PREPARED 24
25
Oklahoma Chapter Thanks and Good Luck!
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.