Archived National Webcast Initiative Presentations
- April 17, 2014
What is Cross Site Scripting and How to Mitigate It?
- February 12, 2014
Emerging Trends and Threats/2014 Cyber Security Outlook
2014 is off to soaring start for security professionals, with high profile breaches and new types of attacks. Will the rest of the year be any different? This presentation will talk about what is currently happening in the threat landscape and what it means for the future. It will explore the emgering trends and threats and what can be done about them.
- December 5, 2013
Advanced Persistent Threat
This webcast explored topics such as: the difference between APT and cyber crime, what are APT adversaries targeting, the use of social components for intrusions, how traditional tools and practices might not be effective, and that it doesn't have to be advanced to be APT: it's more about the intent than the sophistication.
- October 10, 2013
Cyber Security Is Our Shared Responsibility
As part of the October awareness month activities, the MS-ISAC coordinated a joint webcast with DHS and NASCIO to discuss strategies on how to promote cyber security awareness at all levels, including government, businesses and academia, with specific advice about how individuals and entities can be actively involved to help facilitate a safe Internet experience. The goal of the webcast was to help raise cyber security awareness nationwide and empower citizens, businesses, government and schools to improve their cyber security preparedness and help promote a safe Internet experience.
- August 8, 2013
Creating an Information Security Program
The speaker addressed the importance of the programs overall milestones, goals, and measureable outcomes, especially as it pertains to building out reporting and communication strategies involving upper management. This session brought perspective on varying approaches to include the pros and cons that both early-stage and advanced programs should consider.
- June 5, 2013
Anatomy of a Cyber Attack: Threat Visibility and Intelligence Insight
This webcast explored the top ten reasons why agencies and private companies are failing, and provided simple tactics to change the security posture in public and private organizations. Attendees gained insight in to common attack mechanisms and trends, the assets most often targeted by cybercriminals and new tricks that an organization may be overlooking.
- April 4, 2013
Bring Your Own Risk: Protecting Confidential Information on Mobile Devices
This webcast explored the most reliable, replicable strategies (from both the public and private sectors) for securing and managing user-owned mobile devices. The broadcast discussed tried-and-tested techniques for minimizing risk while maximizing business agility and employee productivity.
- February 6, 2013
Cyber Security Emerging Trends and Threats for 2013
In this presentation we examined the changing cyber threat landscape and what we expect to see during 2013. Discussion included how threats are transferring to new platforms, the evolution of some of the most prevalent attacks (including the increasing sophistication of threats to Android), the progression of direct cost threats from Fake Antivirus to Ransomware and the evolution of exploit kits.
- December 13, 2012
Keys to Defending Against Advanced Persistent Threat
In this presentation we examined the nature of State-sponsored cyber espionage. We took a look at its distinctions and how it differs from normal cyber-crime. From there, we discussed the phases involved in a targeted attack, known as the Kill-Chain, and the tactics, techniques and procedures used by these attackers. Most importantly of all we discussed things an organization can do along each link in the Kill-Chain to disrupt the attackers operations and prevent a full exfiltration of the victim organizations targeted data.
- October 11, 2012
Cyber Security: What You Should Know to Stay Safe Online
As part of the October awareness month activities, the MS-ISAC is coordinating a joint webcast with DHS and NCSA, which provided useful guidance to the non-technical user on the necessary steps to protect themselves and their computers from cyber incidents.
The Internet is a great place to explore and is a new playground of brilliant possibilities, but there's trouble often hiding in its shadows. That trouble can come in many forms, including malicious software, trickery, and identity theft. In this presentation, Ron Woerner talked about the evils of the Internet, how the bad hackers can take over your computer and how they get your private information. It's not all doom and gloom, though. He also showed some easy, everyday steps to protect yourself and others online. This session focused on the basics of computer security, such as using strong passwords, use of external devices, phishing and social engineering, and protecting mobile devices.
- August 9, 2012
Botnets and Zombies: Securing Your Organization Against an Evolving Threat
A botnet, short for robot network, is an aggregation of computers compromised by bots that are connected to a central "controller." The compromised computers are often referred to as "zombies." Botnet controllers are often controlled from chat rooms, and can be linked together to form even larger botnets. They are a growing source for staging denial of service attacks, identity theft, phishing attacks and SPAM mail relay services. Defending your network against this malware is not a trivial exercise, but some simple truths can make the challenge manageable. This presentation provided an overview of the threat, using specific examples of relatively known botnet attacks, offered tips to help you recognize when your systems may have been compromised, and provided guidance about how to make your network defenses more effective.
- June 27, 2012
Cloud Computing: Security Risks and Consideration
Cloud computing offers substantial benefits that, when evaluated alone, seem to make its adoption a no-brainer. The "easy deployment" and "no longer requiring in-house IT staff" ideas make cloud computing especially attractive to government and smaller organizations unable to afford the resources and personnel necessary to run their own dedicated servers 24/7. But as with any new technology, cloud computing brings a lot of extra baggage and potential unintended consequences, ranging from security concerns to the risks associated with centralization. This webcast explored both the risks and benefits associated with cloud computing.
- April 18, 2012
Cyber Security Emerging Trends and Threats: Risk in a Cyber World
In this presentation, Lieutenant General Harry Raduege broadly described the state of the cybersecurity threat and the associated risks, the responses to this threat, and how to develop a "cyber mindset." Beginning with a history of significant cyber milestones, related quotes, and a summary of the cybersecurity world and its challenges, General Raduege emphasized why cybersecurity is of paramount importance to any public or private sector entity. Highlighting particular threats and risks that are of interest to the audience, the presentation underscored the importance of these threats with statistics.
- February 15, 2012
Top 10 Tips to Protect Your Organization from Cyber Attacks
We all know that cyberspace is getting more dangerous each year. We also know that we can take steps to protect ourselves from general Internet threats as well as attacks specifically targeting our organizations. But often we are overwhelmed by all of the reports and recommendations and don't know specifically where to start. In this webcast we will briefly look at the different types of online threats and their motivations, then we'll walk through ten steps you can take right now to protect yourself and your organization from cyber attacks. The main theme is that cyber attacks can and will happen. However, some simple countermeasures to make yourself less of a target combined with early detection and early mitigation will dramatically reduce the risk of a catastrophic breach or data loss.
- December 15, 2011
Social Networking: The Latest Security Issues and How to Manage Them
As the explosion in use of social networking sites continues, so too does the increase in risks brought about by cyber criminals trying to take advantage of users. In this webcast, attendees learnt about the potential risks social networking brings to enterprises, including targeted attacks, phishing, exploitation of accounts, and spread of malware, and how to address the security risks so that you may use social networking more securely and minimize the potential of becoming a victim of an incident.
- October 6, 2011
Cyber Security and You: Top 10 Tips
This webcast, conducted in recognition of October as National Cyber Security Awareness Month, provided useful guidance to the non-technical user on the necessary steps to protect themselves and their computers from cyber incidents including using secure passwords, identifying and avoiding phishing and social engineering attacks, shopping safely online, patching and updating systems, and securing mobile devices.
- August 25, 2011
Bring Your Own Device: Addressing the Security Challenges of Employee-Owned Devices in the Workplace
This webcast explored many of the ethical, legal and operational aspects, with a broad look at some of the major issues, challenges, and security threats both public and private-sector organizations should consider given their respective risk posture. Practical references to resources that can give organizations a jump-start were provided, and hands-on, real-world experiences with mobile devices in enterprise settings provided insight into emerging threats to the confidentiality, integrity, and availability of sensitive organizational data, applications and network/systems.
- June 22, 2011
Federal Cybersecurity Initiatives for State and Local Governments
This webcast provided attendees with an update on Federal Cybersecurity Initiaitives for States and Local Governments, including status of the National Strategy for Trusted Identities in Cyberspace and the National Initiative for Cybersecurity Education.
- April 21, 2011
Advanced Persistent Threat
Advanced Persistent Threat (APT) refers to a long-term pattern of targeted and sophisticated cyber attacks designed to access and steal information from compromised computers. These complex attacks are ongoing against both large and small organizations and are increasingly being used to pursue financial gain. APT attacks are difficult to detect and difficult to prevent.
This webcast demystified APT and provided the knowledge you organizations need to plan their startegy to help detect, remediate and recover from these attacks.
- February 16, 2011
Emerging Trends and Threats for 2011
This webcast provided a broad look at some of the major issues and challenges we face regarding cyber security threats. Current and emerging trends were discussed, including botnets, kits for attackers, DDoS attacks, security of mobile devices, and network based defenses. The presentation provided practical, timely advice on what we can do--in both the public and private sectors-to mitigate the risks and enhance our protection against these threats.
- December 15, 2010
Security and Risk Management
This presentation provided a proactive and comprehensive approach that entities in both public and private sectors can use to manage security risks.Â Topics covered included:
- an overview of basic risk management concepts
- how to begin applying information security and risk management to an organization
- Â an overview of Advanced Persistent Threats, and introducing the audience to successful techniques to defend against them
October 14, 2010
Cyber Security Is Our Shared Responsibility
As part of the October awareness month activities, the MS-ISAC coordinated a joint webcast with DHS and NCSA, along with several other sector-specific ISACs to discuss strategies on how to promote cyber security awareness at all levels, including government, businesses and academia, with specific advice about how individuals and entities can be actively involved to help facilitate a safe Internet experience. The goal is to help raise cyber security awareness nationwide and empower citizens, businesses, government and schools to improve their cyber security preparedness and help promote a safe Internet experience.
September 16, 2010
Social Networking Sites / Web 2.0
While there can be undeniable benefits from the collaborative, interactive and distributed approaches promoted by the use of social media, the information security concerns are real and significant. The presentation:
- described how Web 2.0 services, especially social networking sites, are being used
- described the potential security risks associated with the use of these services
- provided guidance for organizations, including modernizing related acceptable use policies, security risks and mitigation techniques for use of externally hosted social media, (e.g., Facebook, Twitter)
- provided guidance for organizationally hosted social media accessible by the public, (e.g., wikis, blogs, social networking, Internet forums, and file sharing).
- provided discussion on privacy and e-discovery concerns.
June 23, 2010
This webcast provided best practices for developing and implementing strategies for effective incident response. Topics of discussion included the following:
- Global Threats
- Incident Response Policies
- Why it’s important to have an incident response plan
- What should be included in a plan?
- How some plans differ and what might be best for your organization
- What are common pitfalls?
- How to pre-plan for the imminent incident:
- Forensic Data Sources
- Log Retention
- Forensic Preservation
- First Responder
April 21, 2010
Cloud Computing -- "Security Considerations You Should Know"
Cloud computing provides on-demand network access to a shared pool of computing resources such as networks, servers, storage and applications. Cloud computing can generally be divided into three models: Software as Service, Platform as Service, and Infrastructure as Service.
While cloud computing can offer benefits - such as potential cost reductions and scalability of services - there are also security and privacy concerns that must be considered before moving to the cloud. The webcast included overviews of the different cloud computing models, discussion of the security challenges, and guidance for government, businesses and other organizations in addressing those issues to help protect the confidentiality, integrity and availability of their data.
February 24, 2010
Emerging Trends and Threats for 2010
This webcast provided a broad look at some of the major issues and challenges we face regarding cyber security threats. Current and emerging trends were discussed along with practical, timely advice on what we can do--in both the public and private sectors-to mitigate the risks and enhance our protection against these threats.