Hacker Guard: Threat Update
The SANS Hacker Guard continuing education program of quarterly threat attack vector briefings provide invaluable information to SEC464 students. Participants will learn how to apply the baselining and continuous monitoring skills to search for signs of the latest malware in their systems.
Section 1: Understanding the Critical Security Controls
The Twenty Critical Security Controls have already begun to transform security in government agencies and other large enterprises by focusing their spending on the key controls that block known attacks and find the ones that get through. These controls allow those responsible for compliance and those responsible for security to agree, for the first time, on what needs to be done to make systems safer. No development in security is having a more profound and far reaching impact. These Top 20 Controls were agreed upon by a powerful consortium brought together by John Gilligan (previously CIO of the US Department of Energy and the US Air Force) under the auspices of the Center for Strategic and International Studies. Members of the Consortium include NSA, US Cert, DoD JTF-GNO, the Department of Energy Nuclear Laboratories, Department of State, DoD Cyber Crime Center plus the top commercial forensics experts and pen testers that serve the banking and critical infrastructure communities.
In this presentation James Tarala of Enclave Security and a technical advisor to the control development process will present an introduction to the Critical Security Controls and help students to understand how the controls can enhance an organization's ability to defend themselves against targeted cyber attacks. Students will be given very practical prescriptions for defending themselves against the attacks most likely attempted against organization's today.
Section 2: These are the vulnerabilities I see in your systems that make me giggle like a schoolchild
John will be discussing how the activities of hackers can help teach your organization how to detect system breaches within hours after they happen, rather than weeks, months, or never, the current status quo.
John will share facts that a bad guy might, as part of their recon, get inside the network and learn:
- How long it takes to have the breach alarm go off
- How long it takes to have the breach remedied once the alarm goes off
- Who participates in the DFIR resolution
*CPE/CMU credits not offered for the SelfStudy delivery method