SANS CISO Networking Forum

Virtual - British Summer Time Wednesday, 4th August 2021

SANS CISO Networking Forum Agenda

The discussion in August is on effective & efficient incident response, focussing on major cyber incident management and best practices for defending with an overall theme on malware and ransomware.
Agenda is all in BST (may be subject to change)

15:00-15:10 - Opening Remarks


15:10-15:35 - CISO Eyes on the Prize: 3 Critical Focus Points for Ransomware

  • Ryan Chapman, SANS Certified Instructor, Principal Incident & Response Forensics Consultant and SANS Author of Ransomware for Incident Response

    Ransomware is an ever-evolving, pervasive threat. If anything has been consistent from case to case, it's that organizations that get hit realize how unprepared they were only after the fact. CISOs have a lot on their plates -- Dealing with the information overload related to ransomware preparedness shouldn't have to be one of them. In this talk, Principal Incident Response Consultant and SANS Author Ryan Chapman will discuss three critical focus points for ransomware from the CISO perspective. 

    Ask yourself these questions: Is your organization blind to the true threats of ransomware? Do you have gratuitous logging enabled? Are those logs stored in a SIEM or other log aggregator? Would you be able to identify data staging and/or exfil should a ransomware event occur? Does your organization maintain an active, up-to-date business impact database detailing all dependencies should systems be unavailable? And finally, is your Incident Response Plan (IRP) battle tested? Will your team panic in the face of a ransomware outbreak, or will the response be a well-coordinated show in exercised caution due to experience and familiarity? Please join us in this talk so that we may work together to help prepare your business for one of the top threats to companies around the globe.

15:40-16:10 - An Inside-Out View of the Ransomware Pandemic

      • Wendi Whitmore, Senior Vice President Palo Alto Networks

        While it sounds cliche (and a bit alarmist) to use the term pandemic, that is, in fact, exactly what we’re facing. Ransomware attacks, double, triple and quadruple extortion, state sponsored attacks, and other cyber crimes are affecting organizations around the world, every minute. In times like this it’s imperative to understand your adversaries, re-examine your security posture, and make significant changes that would otherwise be difficult in relative peacetime. With our threat intelligence, incident response, and product development teams working together, Palo Alto Networks sees attacks from a very different perspective. During this discussion, Wendi Whitmore, Senior Vice President of Palo Alto Networks Unit 42 will share an inside-out view of the ransomware pandemic with detailed intelligence, best practices, and practical guidance to ensure your worst day isn't as bad as it could have been.

      16:15-17:00 - Panel Discussion

        1. Ransomware is wreaking havoc on businesses and individuals across the globe. We’ve seen ransomware attacks in targeting (from individuals to companies) and impact (from encrypting data to extortion based on publicly releasing data). Where do you see it going next and what will it take to stop this evolution? Will Ransomware attacks ever go away? What will it take?
        2. Is there accountability in paying the ransom? Are executives who consider paying the ransom going to pay a personal cost in this decision? Many governments are thinking about passing legislation making it illegal for companies to pay the ransom.
        3. What circumstances lead companies to consider paying the ransom seriously? In other words, how are they not prepared for this eventuality? When CISOs are asking for $1m for proactive cybersecurity – it gets ignored. When a hacker asks for $10m ransomware, the money is handed over rather quickly.
        4. What are your views on the value of exercising/role-playing as a way of testing and developing internal strategies for defending against and responding to such attacks.
        5. Technically for organizations, where is the “we have no other choice” line in the decision-making process?

        What are the reasons organisations are not prepared or what preparatory steps they didn’t take. (Focussing on what orgs should now be doing so that they don’t end up in a similar position)

        17:00 - Closing Remarks


        Bonus Session - How to Manage and Measure Human Risk

        Pre-recorded and accessible for all our network members shortly after the event has concluded.


        • Lance Spitzner - Director, Research and Community at SANS Security Awareness.

        In this short talk for security leaders we will walk you through what human risk is and how to create a strategic plan that enables your organization to effectively manage and measure it. Far too many organizations are struggling as their attempts are too small, confused and often have no real plan nor any alignment with their other security efforts. In this short presentation you will walk away better understanding

        - What are the drivers of human risk
        - The Security Awareness Maturity Model and how to leverage it as a roadmap
        - The three key strategic steps to managing human risk
        - The top metrics to use in measuring human risk