BREAKOUT SESSIONS
Teddy Bear Attack & Penetration: Using USB as an Attack Vector
Steve Goldsby, CISSP, ISSAP, ISSMP
CEO / Integrated Computer Solutions, Inc. (ICS)
This presentation will present methods of circumventing physical and technical security controls via social engineering. The demonstration will discuss the problem with current security and operational policies, social engineering opportunities, and a technical demonstration of a USB-based attack tool. Methods of circumventing multiple physical, computer and network security controls will be demonstrated.
Acceptable Use and Social Engineering
Michael Rosen, CISSP, GIAC-GCFA, PCI-QSA
Senior Investigator / Verizon Business Investigative Response Team
The Internet is a constantly growing and evolving universe of good, bad and unknown sites. Government agencies and corporations alike are tending to find themselves in a position of having to allow various types of Internet access. Sometimes it’s for business use (i.e. networking and media relations), but other times not. The various social websites (such as Facebook, MySpace, Twitter, LinkedIn, etc.) have played an increasing role in business, but also bring a new angle of attack. This session will explore the various aspects of Acceptable Use and how social websites play into security concerns and Incident Response.
Incident Response Fundamentals
J. Andrew Valentine
Senior Investigator, Team Lead / Verizon Business Forensics and Incident Response Team
The discussion covers the ABCs of incident response, starting with detection and analysis, including evidence collection and maintaining the “chain of evidence.” Also discussed are the steps you can take to keep damage to a minimum within your network, removing the threat, and recovering from the attack. Finally, the benefits of the proper post-incident actions are outlined.
Fahrenheit 98.6 – Using the Art of Planning and Teamwork to Keep Your Organization Alive Through a Disaster
Jim Geuin
Information Security Manager / Florida Department of Law Enforcement
The goal of this session is to take you from the beginning to the end of the operational planning process. Real world case law examples will be used to illustrate proper deployment and use of policy in an organization. Asset inventory/valuation, Risk Assessment, Strategic Planning, the Operational Security Plan, Policy, Procedures, Compliance and Incident Response will all be tied together to present a "boiler plate" for developing a working "Operational Information Security Plan" in an organization. Participants will learn about best practices for information security, and how to translate them into policy and procedure documents. Selected case law examples will be analyzed to see where a viable policy could have made a difference in the case outcome. This presentation will aid in moving from conceptualization to actual policy deployment, and will provide helpful keys for ensuring compliance with your policies and procedures, for incident response and for threat identification.
Liaising with Law Enforcement
Michael Rosen, CISSP, GIAC-GCFA, PCI-QSA
Senior Investigator / Verizon Business Investigative Response Team
Many organizations have an Incident Response plan that is very inward focused. This session will be presented jointly between a Verizon Business Investigator and a Law Enforcement Investigator. It will highlight how public and private organizations can interface with law enforcement, along with dispelling some common misconceptions that sometimes can inhibit an investigation’s success.
Building Blocks for a Cyber Security Program
Jane Sowerby, CISSP
Information Security Manager / Agency for Enterprise Information Technology
Amy Caldeira
Security Outreach Coordinator / Agency for Enterprise Information Technology
Description - In many businesses and organizations, information security has been a fly-by-night operation -- operating in the shadows and coming out only when bad things happen. Information security has been tactical and reactive as opposed to strategic, preventative, managed, and measured. Increased accountability, liability, and regulatory compliance along with the complexity of today's systems and applications are forcing positive changes in our security environments. To succeed we must build security programs that are aligned, managed, and measured around the business operations. This presentation will offer some basic building blocks to help you in this security program construction effort.
Case Studies & Lessons Learned
J. Andrew Valentine
Senior Investigator, Team Lead / Verizon Business Forensics and Incident Response Team
This session covers the lessons learned by the Forensics and Incident Response Teams within Verizon Business/Cybertrust Inc., as revealed by specific case studies. The topics covered include Data Breach Metrics, the Threat Landscape, Attack Vectors, and Breach Timelines.
Digital CSI: Police Cybercrime Response
Brett Cureton
Network and Systems Security Administrator / Florida Department of Law Enforcement
Clifford Stokes, Jr.
Incident Response and Digital Forensics Consultant / Florida Department of Law Enforcement
Did you ever think your network could become a crime scene? All business organizations experience incidents on their networks, usually on a regular basis. Have you ever had to consider if the incident warranted a call to law enforcement for criminal investigation?
For IT personnel and IT managers the odds are good that at some point in your career you will have to consider the need to contact law enforcement based on an incident on your network. This can be a daunting issue for the typically extremely busy, overworked IT professional that is focused on ‘up’ time, keeping services running smoothly. This presentation will better prepare you for what to expect from a law enforcement response should you decide on that course of action. Specifically we will discuss how to be prepared for the types of questions you will be asked and what type of information will serve as evidence in the case.
This presentation will be open to any questions you may have about the law enforcement investigative process and will include a tour of FDLE’s mobile digital forensics platform ECTO-1 (Evidence Collection for Technical Operations) van. As seen on America’s Most Wanted!
TABLETOP EXERCISES
There will also be a half-day tabletop exercise featuring real-life scenarios.
