Presentation is loading. Please wait.

Presentation is loading. Please wait.

Oklahoma Chapter Information Systems Security Association Oklahoma Chapter, Tulsa Oklahoma City Chapter, OKC Student Chapter, Okmulgee Oklahoma Chapter,

Published byElfrieda Russell Modified over 9 years ago

Similar presentations

Presentation on theme: "Oklahoma Chapter Information Systems Security Association Oklahoma Chapter, Tulsa Oklahoma City Chapter, OKC Student Chapter, Okmulgee Oklahoma Chapter,"— Presentation transcript:

1 Oklahoma Chapter Information Systems Security Association Oklahoma Chapter, Tulsa Oklahoma City Chapter, OKC Student Chapter, Okmulgee Oklahoma Chapter, Tulsa Oklahoma City Chapter, OKC Student Chapter, Okmulgee

2 Oklahoma Chapter What is ISSA ? A not-for-profit international organization of information security professionals Local chapter for Tulsa’s cyber security and data protection professionals and students Educational forums, publications, peer interaction opportunities Free exchange of information security techniques, approaches and problem solving Education outreach to local security programs Frequent newsletters and podcasts A not-for-profit international organization of information security professionals Local chapter for Tulsa’s cyber security and data protection professionals and students Educational forums, publications, peer interaction opportunities Free exchange of information security techniques, approaches and problem solving Education outreach to local security programs Frequent newsletters and podcasts 2

3 Oklahoma Chapter ISSA Oklahoma Chapter in Tulsa Local Tulsa meetings: –Monthly meetings to network and exchange ideas held second Monday of each month –We support local tech events like TechFest and TechJunction –Participation in and sponsorship of regional security events:  Information Warfare Summit, October in OKC  BSidesOK, coming to Tulsa in April! Email: info@oklahoma.issa.orginfo@oklahoma.issa.org Visit http://oklahoma.issa.org for more details Local Tulsa meetings: –Monthly meetings to network and exchange ideas held second Monday of each month –We support local tech events like TechFest and TechJunction –Participation in and sponsorship of regional security events:  Information Warfare Summit, October in OKC  BSidesOK, coming to Tulsa in April! Email: info@oklahoma.issa.orginfo@oklahoma.issa.org Visit http://oklahoma.issa.org for more details 3

4 Oklahoma Chapter See Clearly Through the Fog of War How to better prepare for a cyber attack, respond effectively, and recovery completely. Michael Haney President, ISSA Oklahoma How to better prepare for a cyber attack, respond effectively, and recovery completely. Michael Haney President, ISSA Oklahoma

5 Oklahoma Chapter Michael Haney  Over 15 years as an infosec professional  11 years as information security consultant:  1 year as Walmart Stores Digital Forensics Lab QM  SANS Institute Mentor  CISSP, GSEC, GCIA, GCIH, GCFA, and former PCI QSA  Currently full-time Ph.D. student at TU: Michael-Haney@utulsa.edu  Over 15 years as an infosec professional  11 years as information security consultant:  1 year as Walmart Stores Digital Forensics Lab QM  SANS Institute Mentor  CISSP, GSEC, GCIA, GCIH, GCFA, and former PCI QSA  Currently full-time Ph.D. student at TU: Michael-Haney@utulsa.edu

6 BE PREPARED 6

7 Oklahoma Chapter Be Prepared Quality Information Security Policies –Disaster Recovery Plan –Incident Response Plan –Communications Plan(s) Awareness, Training, and Education –Appropriate for the Appropriate Level –Everyone should know the policy Outside Assistance: –Know who to call –Know when to call Exercises –Table Top Exercises –Fire Drills –Lessons Learned Quality Information Security Policies –Disaster Recovery Plan –Incident Response Plan –Communications Plan(s) Awareness, Training, and Education –Appropriate for the Appropriate Level –Everyone should know the policy Outside Assistance: –Know who to call –Know when to call Exercises –Table Top Exercises –Fire Drills –Lessons Learned

8 BE PREPARED 8

9 VULNERABILITY INTELLIGENCE 9

10 Oklahoma Chapter Vulnerability Intelligence Inventory Management Configuration Management Patch Management Log Management Secure Code Reviews Vulnerability Scanning and Remediation Lifecycle Penetration Testing –Trusted Security Vendor –White Box and Black Box Testing Inventory Management Configuration Management Patch Management Log Management Secure Code Reviews Vulnerability Scanning and Remediation Lifecycle Penetration Testing –Trusted Security Vendor –White Box and Black Box Testing

11 11 VULNERABILITY INTELLIGENCE

12 THREAT INTELLIGENCE 12

13 Oklahoma Chapter Threat Intelligence Malware Outbreaks (Rogue Actors and Criminals) Targeted Attacks (Enemy Nations and Terrorists) Insider Threats, Negligent Users, Social Engineers Know the Stages of Attack and Compromise Well-tuned Intrusion Detection Systems HONEYPOTS! Time to Go Hunting –Know the threats –Know your vulnerabilities –Don’t Wait for Alerts Malware Outbreaks (Rogue Actors and Criminals) Targeted Attacks (Enemy Nations and Terrorists) Insider Threats, Negligent Users, Social Engineers Know the Stages of Attack and Compromise Well-tuned Intrusion Detection Systems HONEYPOTS! Time to Go Hunting –Know the threats –Know your vulnerabilities –Don’t Wait for Alerts

14 14 THREAT INTELLIGENCE

15 COLLECTIVE INTELLIGENCE 15

16 Oklahoma Chapter Collective Intelligence Publicly Available Information Sources: –Internet Storm Center: isc.sans.edu –SANS NewsBytes and @RISK –The Hacker News, Krebs On Security –Lots of good blogs out there (and some bad ones, too) Vendors: –Verizon Data Breach Investigations Report –Mandiant APT1 and IOC –Symantec Deep Insight Organizations: –FS-ISAC, ES-ISAC, MS-ISAC, REN-ISAC, etc. –CERT/CC, US-CERT, ICS-CERT –ISSA, InfraGard PEERS! READ, LEARN, and SHARE! Publicly Available Information Sources: –Internet Storm Center: isc.sans.edu –SANS NewsBytes and @RISK –The Hacker News, Krebs On Security –Lots of good blogs out there (and some bad ones, too) Vendors: –Verizon Data Breach Investigations Report –Mandiant APT1 and IOC –Symantec Deep Insight Organizations: –FS-ISAC, ES-ISAC, MS-ISAC, REN-ISAC, etc. –CERT/CC, US-CERT, ICS-CERT –ISSA, InfraGard PEERS! READ, LEARN, and SHARE!

17 17 COLLECTIVE INTELLIGENCE

18 18 PRIVACY

19 Oklahoma Chapter Privacy Know the Law Know the Policies and Culture Share information, but do so securely Be cautious of increasing liability and risk Do the Right Thing Know the Law Know the Policies and Culture Share information, but do so securely Be cautious of increasing liability and risk Do the Right Thing

20 20 PRIVACY

21 21 COLLECTIVE INTELLIGENCE

22 22 THREAT INTELLIGENCE

23 23 VULNERABILITY INTELLIGENCE

24 BE PREPARED 24

25 Oklahoma Chapter Thanks and Good Luck!

Download ppt "Oklahoma Chapter Information Systems Security Association Oklahoma Chapter, Tulsa Oklahoma City Chapter, OKC Student Chapter, Okmulgee Oklahoma Chapter,"

Similar presentations

ETHICAL HACKING A LICENCE TO HACK

ETHICAL HACKING A LICENCE TO HACK
Travelers CyberRisk for Insurance Companies

Travelers CyberRisk for Insurance Companies
1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.

1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.
Target Data Breach – Cost of the Learning Curve Discuss the recent Target data breach and its impact on the industry as well as individuals January 29/30,

Target Data Breach – Cost of the Learning Curve Discuss the recent Target data breach and its impact on the industry as well as individuals January 29/30,
David A. Brown Chief Information Security Officer State of Ohio

David A. Brown Chief Information Security Officer State of Ohio
CERT ® System and Network Security Practices Presented by Julia H. Allen at the NCISSE 2001: 5th National Colloquium for Information Systems Security Education,

CERT ® System and Network Security Practices Presented by Julia H. Allen at the NCISSE 2001: 5th National Colloquium for Information Systems Security Education,
Formulating a Security Policy for the Modern IT Landscape.

Formulating a Security Policy for the Modern IT Landscape.
Controls for Information Security

Controls for Information Security
Www.more.net | University of Missouri Copyright ©2007 MOREnet and The Curators of the University of Missouri Statenet Security on the cheap and easy Beth.

| University of Missouri Copyright ©2007 MOREnet and The Curators of the University of Missouri Statenet Security on the cheap and easy Beth.
The Difficult Road To Cybersecurity Steve Katz, CISSP Security Risk Solutions 631-692-5175 Steve Katz, CISSP Security.

The Difficult Road To Cybersecurity Steve Katz, CISSP Security Risk Solutions Steve Katz, CISSP Security.
Company LOGO Copyright Carrie Kerskie Data Breach & Identity Theft By Carrie Kerskie Kerskie Group, Inc.

Company LOGO Copyright Carrie Kerskie Data Breach & Identity Theft By Carrie Kerskie Kerskie Group, Inc.
1 Title ECI: Anatomy of a Cyber Investigation Who Are the Actors.

1 Title ECI: Anatomy of a Cyber Investigation Who Are the Actors.
SEC835 Database and Web application security Information Security Architecture.

SEC835 Database and Web application security Information Security Architecture.
Did You Hear That Alarm? The impacts of hitting the information security snooze button.

Did You Hear That Alarm? The impacts of hitting the information security snooze button.
Staying Ahead of the Curve in Cyber Security Bill Chang CEO, SingTel Group Enterprise.

Staying Ahead of the Curve in Cyber Security Bill Chang CEO, SingTel Group Enterprise.
Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #6 Forensics Services September 10, 2007.

Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #6 Forensics Services September 10, 2007.
Thomas Levy. Agenda 1.Aims: Reducing Cyber Risk 2.Information Risk Management 3.Secure Configuration 4.Network Security 5.Managing User Access 6.Education.

Thomas Levy. Agenda 1.Aims: Reducing Cyber Risk 2.Information Risk Management 3.Secure Configuration 4.Network Security 5.Managing User Access 6.Education.
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.

Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
Can your team outwit, outplay and outlast your opponents to be the ultimate CyberSurvivor?

Can your team outwit, outplay and outlast your opponents to be the ultimate CyberSurvivor?
2 ictQATAR “ Information and Communication Technology (ICT) improves how we live and work in countless ways.”  The Ministry of Information Communication.

2 ictQATAR “ Information and Communication Technology (ICT) improves how we live and work in countless ways.”  The Ministry of Information Communication.

Similar presentations

Ads by Google