Archived National Webcast Initiative Presentations
- December 13, 2012
Keys to Defending Against Advanced Persistent Threat
In this presentation we examined the nature of State-sponsored cyber espionage. We took a look at its distinctions and how it differs from normal cyber-crime. From there, we discussed the phases involved in a targeted attack, known as the Kill-Chain, and the tactics, techniques and procedures used by these attackers. Most importantly of all we discussed things an organization can do along each link in the Kill-Chain to disrupt the attackers operations and prevent a full exfiltration of the victim organizations targeted data.
- October 11, 2012
Cyber Security: What You Should Know to Stay Safe Online
As part of the October awareness month activities, the MS-ISAC is coordinating a joint webcast with DHS and NCSA, which provided useful guidance to the non-technical user on the necessary steps to protect themselves and their computers from cyber incidents.
The Internet is a great place to explore and is a new playground of brilliant possibilities, but there's trouble often hiding in its shadows. That trouble can come in many forms, including malicious software, trickery, and identity theft. In this presentation, Ron Woerner talked about the evils of the Internet, how the bad hackers can take over your computer and how they get your private information. It's not all doom and gloom, though. He also showed some easy, everyday steps to protect yourself and others online. This session focused on the basics of computer security, such as using strong passwords, use of external devices, phishing and social engineering, and protecting mobile devices.
- August 9, 2012
Botnets and Zombies: Securing Your Organization Against an Evolving Threat
A botnet, short for robot network, is an aggregation of computers compromised by bots that are connected to a central "controller." The compromised computers are often referred to as "zombies." Botnet controllers are often controlled from chat rooms, and can be linked together to form even larger botnets. They are a growing source for staging denial of service attacks, identity theft, phishing attacks and SPAM mail relay services. Defending your network against this malware is not a trivial exercise, but some simple truths can make the challenge manageable. This presentation provided an overview of the threat, using specific examples of relatively known botnet attacks, offered tips to help you recognize when your systems may have been compromised, and provided guidance about how to make your network defenses more effective.
- June 27, 2012
Cloud Computing: Security Risks and Consideration
Cloud computing offers substantial benefits that, when evaluated alone, seem to make its adoption a no-brainer. The "easy deployment" and "no longer requiring in-house IT staff" ideas make cloud computing especially attractive to government and smaller organizations unable to afford the resources and personnel necessary to run their own dedicated servers 24/7. But as with any new technology, cloud computing brings a lot of extra baggage and potential unintended consequences, ranging from security concerns to the risks associated with centralization. This webcast explored both the risks and benefits associated with cloud computing.
- April 18, 2012
Cyber Security Emerging Trends and Threats: Risk in a Cyber World
In this presentation, Lieutenant General Harry Raduege broadly described the state of the cybersecurity threat and the associated risks, the responses to this threat, and how to develop a "cyber mindset." Beginning with a history of significant cyber milestones, related quotes, and a summary of the cybersecurity world and its challenges, General Raduege emphasized why cybersecurity is of paramount importance to any public or private sector entity. Highlighting particular threats and risks that are of interest to the audience, the presentation underscored the importance of these threats with statistics.
- February 15, 2012
Top 10 Tips to Protect Your Organization from Cyber Attacks
We all know that cyberspace is getting more dangerous each year. We also know that we can take steps to protect ourselves from general Internet threats as well as attacks specifically targeting our organizations. But often we are overwhelmed by all of the reports and recommendations and don't know specifically where to start. In this webcast we will briefly look at the different types of online threats and their motivations, then we'll walk through ten steps you can take right now to protect yourself and your organization from cyber attacks. The main theme is that cyber attacks can and will happen. However, some simple countermeasures to make yourself less of a target combined with early detection and early mitigation will dramatically reduce the risk of a catastrophic breach or data loss.
- December 15, 2011
Social Networking: The Latest Security Issues and How to Manage Them
As the explosion in use of social networking sites continues, so too does the increase in risks brought about by cyber criminals trying to take advantage of users. In this webcast, attendees learnt about the potential risks social networking brings to enterprises, including targeted attacks, phishing, exploitation of accounts, and spread of malware, and how to address the security risks so that you may use social networking more securely and minimize the potential of becoming a victim of an incident.
- October 6, 2011
Cyber Security and You: Top 10 Tips
This webcast, conducted in recognition of October as National Cyber Security Awareness Month, provided useful guidance to the non-technical user on the necessary steps to protect themselves and their computers from cyber incidents including using secure passwords, identifying and avoiding phishing and social engineering attacks, shopping safely online, patching and updating systems, and securing mobile devices.
- August 25, 2011
Bring Your Own Device: Addressing the Security Challenges of Employee-Owned Devices in the Workplace
This webcast explored many of the ethical, legal and operational aspects, with a broad look at some of the major issues, challenges, and security threats both public and private-sector organizations should consider given their respective risk posture. Practical references to resources that can give organizations a jump-start were provided, and hands-on, real-world experiences with mobile devices in enterprise settings provided insight into emerging threats to the confidentiality, integrity, and availability of sensitive organizational data, applications and network/systems.
- June 22, 2011
Federal Cybersecurity Initiatives for State and Local Governments
This webcast provided attendees with an update on Federal Cybersecurity Initiaitives for States and Local Governments, including status of the National Strategy for Trusted Identities in Cyberspace and the National Initiative for Cybersecurity Education.
- April 21, 2011
Advanced Persistent Threat
Advanced Persistent Threat (APT) refers to a long-term pattern of targeted and sophisticated cyber attacks designed to access and steal information from compromised computers. These complex attacks are ongoing against both large and small organizations and are increasingly being used to pursue financial gain. APT attacks are difficult to detect and difficult to prevent.
This webcast demystified APT and provided the knowledge you organizations need to plan their startegy to help detect, remediate and recover from these attacks.
- February 16, 2011
Emerging Trends and Threats for 2011
This webcast provided a broad look at some of the major issues and challenges we face regarding cyber security threats. Current and emerging trends were discussed, including botnets, kits for attackers, DDoS attacks, security of mobile devices, and network based defenses. The presentation provided practical, timely advice on what we can do--in both the public and private sectors-to mitigate the risks and enhance our protection against these threats.
- December 15, 2010
Security and Risk Management
This presentation provided a proactive and comprehensive approach that entities in both public and private sectors can use to manage security risks.Â Topics covered included:
- an overview of basic risk management concepts
- how to begin applying information security and risk management to an organization
- Â an overview of Advanced Persistent Threats, and introducing the audience to successful techniques to defend against them
October 14, 2010
Cyber Security Is Our Shared Responsibility
As part of the October awareness month activities, the MS-ISAC coordinated a joint webcast with DHS and NCSA, along with several other sector-specific ISACs to discuss strategies on how to promote cyber security awareness at all levels, including government, businesses and academia, with specific advice about how individuals and entities can be actively involved to help facilitate a safe Internet experience. The goal is to help raise cyber security awareness nationwide and empower citizens, businesses, government and schools to improve their cyber security preparedness and help promote a safe Internet experience.
September 16, 2010
Social Networking Sites / Web 2.0
While there can be undeniable benefits from the collaborative, interactive and distributed approaches promoted by the use of social media, the information security concerns are real and significant. The presentation:
- described how Web 2.0 services, especially social networking sites, are being used
- described the potential security risks associated with the use of these services
- provided guidance for organizations, including modernizing related acceptable use policies, security risks and mitigation techniques for use of externally hosted social media, (e.g., Facebook, Twitter)
- provided guidance for organizationally hosted social media accessible by the public, (e.g., wikis, blogs, social networking, Internet forums, and file sharing).
- provided discussion on privacy and e-discovery concerns.
June 23, 2010
This webcast provided best practices for developing and implementing strategies for effective incident response. Topics of discussion included the following:
- Global Threats
- Incident Response Policies
- Why it’s important to have an incident response plan
- What should be included in a plan?
- How some plans differ and what might be best for your organization
- What are common pitfalls?
- How to pre-plan for the imminent incident:
- Forensic Data Sources
- Log Retention
- Forensic Preservation
- First Responder
April 21, 2010
Cloud Computing -- "Security Considerations You Should Know"
Cloud computing provides on-demand network access to a shared pool of computing resources such as networks, servers, storage and applications. Cloud computing can generally be divided into three models: Software as Service, Platform as Service, and Infrastructure as Service.
While cloud computing can offer benefits - such as potential cost reductions and scalability of services - there are also security and privacy concerns that must be considered before moving to the cloud. The webcast included overviews of the different cloud computing models, discussion of the security challenges, and guidance for government, businesses and other organizations in addressing those issues to help protect the confidentiality, integrity and availability of their data.
February 24, 2010
Emerging Trends and Threats for 2010
This webcast provided a broad look at some of the major issues and challenges we face regarding cyber security threats. Current and emerging trends were discussed along with practical, timely advice on what we can do--in both the public and private sectors-to mitigate the risks and enhance our protection against these threats.