SANS invites you to join 2 special complimentary SANS@Night sessions during Community SANS Augusta. Please plan to join us on Monday June 11 or Thursday June 14 (or both!). These evenings will offer informative presentations as well as the opportunity to network with other like-minded Security professionals from the Augusta community, including ISSA members and SANS attendees.
Earn some CPE’s, get great SANS content!
RSVP for either event to firstname.lastname@example.org
(include “Augusta” in the subject line)
“20 Critical Controls”
A consensus of defensive and offensive security practitioners developed the SANS 20 Security Controls. In their implementation of this program, the United States Department of State demonstrated an 85 percent reduction in vulnerabilities in the first year alone. Small businesses can use practical and often no cost ways to leverage existing security and administration tools to bolster their information security posture. Each control is paired with pragmatic ways for small business to rapidly deploy a continuous monitoring program. By leveraging and leaning into existing tools, the small business can develop a robust continuous monitoring program that is positioned to better recognize and respond to threats.
Traditional Intrusion Detection Systems (IDS) can be costly,
difficult to install, and may not provide all the capabilities that you need to defend your network. Network Security Monitoring (NSM)combines traditional IDS alerts with additional data to give you a more complete picture of what’s happening on your network. This presentation will demonstrate how to deploy NSM in just a few minutes using a free Linux distro called Security Onion.
Thursday, June 14
7:00 to 9:00 pm
“Cloud Forensics: The elephant in the room”
The cloud is here, and it appears to be here to stay. There is little doubt that mass migration to the cloud will continue by companies large and small alike. Every time I check my favorite news feeds, I see another eye catching article about a) how to implement cloud security or b) how security in the cloud can’t be achieved. People however avoid the elephant in the room: forensics. No matter how good our security is, incidents can and will happen. When they do, we jump to our forensics teams to help us make sense of it all and prosecute the offenders. But what process will they use to gather evidence? Has it been validated by the courts, or even industry as an accepted best practice? Hint: you can’t use a hardware write blocker on a cloud “drive” since it isn’t a physical drive at all.
In this talk we’ll consider the implications of forensics “in the cloud” as well as offer some suggested best practices for performing forensic acquisition of assets located in the cloud. We’ll also discuss some things to look for (from a forensic perspective) when selecting a Cloud Service Provider (CSP). Even if you aren’t directly involved in forensics, this knowledge is a must in understanding what questions to ask when selecting a CSP so you can set correct managerial expectations when the inevitable incident occurs.