- Видео 1 070
- Просмотров 2 969 775
SANS Institute
США
Добавлен 27 мар 2014
As the leading organization in computer security training, the SANS Institute is known for providing intensive, immersion training designed to help you and your staff master the practical steps necessary for defending systems and networks.
We also develop, maintain, and make available at no cost the largest collection of information security research documents and whitepapers about various aspects of information security and operate the Internet's early warning system - the Internet Storm Center.
At the heart of SANS are the many information security practitioners in government agencies, corporations, and universities around the world who invest hundreds of hours each year in research and teaching to help the entire information security community.
We also develop, maintain, and make available at no cost the largest collection of information security research documents and whitepapers about various aspects of information security and operate the Internet's early warning system - the Internet Storm Center.
At the heart of SANS are the many information security practitioners in government agencies, corporations, and universities around the world who invest hundreds of hours each year in research and teaching to help the entire information security community.
Cyber Wars: The Legal Force Awakens
Finding yourself in the middle of a major incident and unsure how to engage with law enforcement or your DR/insurance-provided external council is far from ideal? In this talk, Steve will guide you on how to effectively engage with various legal resources available to you. Learn how to collaborate with internal legal staff, external council, law enforcement, and national cybercrime agencies to ensure you're prepared when it matters most. Steve will cover:
-How to reach out to them
-What to say
-How to frame the questions to get the enabling answers and not activity constraints
This webcast supports concepts from LDR553: Cyber Incident Management course: www.sans.org/cyber-security-courses/cyb...
-How to reach out to them
-What to say
-How to frame the questions to get the enabling answers and not activity constraints
This webcast supports concepts from LDR553: Cyber Incident Management course: www.sans.org/cyber-security-courses/cyb...
Просмотров: 478
Видео
Detection and Response | The 8 Domains of the Cloud Security Maturity Model | Part 6
Просмотров 30916 часов назад
This video series covers the 8 Domains of the Cloud Security Maturity Model. This framework guides organizations along the complex journey of achieving a high level of cloud security with measurable progress along the way. Join Jason Lam as he discusses the Detection and Response domain and the 4 focus areas: 1. Security Intelligence 2. Log Management 3. Analysis and Monitoring 4. Security Resp...
Understanding the New NIS2 Directive: Compliance for EU Businesses
Просмотров 419День назад
Join our experts Dean Parsons and Bojan Zdrnja as they delve into the new European NIS2 Directive. This webcast moderated by Brian Correia will provide a comprehensive understanding of the directive and outline the necessary steps your organization should take to achieve compliance and enhance security. Whether your business operates within the EU or interacts with EU entities, this episode is ...
Application & Workload Protection | The 8 Domains of the Cloud Security Maturity Model | Part 5
Просмотров 19514 дней назад
This video series covers the 8 Domains of the Cloud Security Maturity Model. This framework guides organizations along the complex journey of achieving a high level of cloud security with measurable progress along the way. Join Jason Lam as he discusses the Application & Workload Protection domain and the 3 focus areas: 1. Security Protection Services 2. Cloud Workload Assessment 3. Cloud Appli...
Part 2 - The Achilles Systems Hack Assessment Series: Revisiting Enterprise Controls
Просмотров 30321 день назад
Part 2 of 4 In this webcast, we will review the attack at Achilles Systems, their previous security capabilities, and why their existing controls were insufficient to help them resist the attack. Then we will dive deep into what could have been done to better tailor and augment those controls to reduce or eliminate the impacts from the attack. Finally, we will talk about what should be done in ...
Part 1 - The Achilles Systems Hack Assessment Series: Breach or Blueprint?
Просмотров 40621 день назад
Achilles Systems, a fictitious IT service provider to human resources teams in medium and large businesses, has fallen victim to an attack in which sensitive customer data and, potentially, customer networks, have been compromised. Achilles has a small security team who has historically focused on basic controls and compliance. However, it seems clear this attack was the work of a sophisticated...
Security Assurance | The 8 Domains of the Cloud Security Maturity Model | Part 4
Просмотров 26121 день назад
This video series covers the 8 Domains of the Cloud Security Maturity Model. This framework guides organizations along the complex journey of achieving a high level of cloud security with measurable progress along the way. Join Jason Lam as he discusses the Security Assurance domain and the 3 focus areas: 1. Posture Validation 2. Regulatory Compliance 3. Security Testing Follow along by downloa...
For the Win: Aligning Security Initiatives with the Business
Просмотров 329Месяц назад
It is fundamentally faster and more effective to align Security initiatives to the business to gain buy-in from executives, the Board, and internal functions. The key is to help your audience understand how and why Security is a business enabler, which is far easier said than done. Using a new framework, Olivia Rose, a two-time CISO and 22-year industry veteran, will walk through how to align S...
Managing Risk in an AI-powered Future
Просмотров 286Месяц назад
In this presentation, Walter will address how security leaders can help their organizations leverage AI while at the same time protecting their data, customers, and reputations. Specifically, he'll go deep on how to: 1. Develop clear business and security requirements 2. Address privacy and compliance needs 3. Publish and enforce an AI policy 4. Create an (AI) asset inventory 5. Develop SOPs an...
Keynote | Challenges and Opportunities for Modern CISOs
Просмотров 213Месяц назад
Jerich will address the critical intersection of cybersecurity leadership, the integration of AI into the business of security, and the pivotal role of under-discussed diversity aspects within cyber teams. This presentation will illuminate how these elements collectively influence cultural changes within security organizations, shaping a more inclusive and innovative cybersecurity landscape. By...
Fireside Chat | Leading Cybersecurity: Risks, Relationships, and Resilience
Просмотров 226Месяц назад
Join us for this interactive fireside chat as we explore: - Emerging risks, and threats. - The latest technologies shaping cybersecurity. - Deepening and enhancing cyber and business relationships through collaboration. - New tactics and tools (including humor and empathy) for navigating challenges. - The idea that cybersecurity leadership extends to every individual contributor. SANS Cybersecu...
Leading Without Authority: Leadership Beyond Titles
Просмотров 214Месяц назад
Some of most impactful leadership stories are of "regular" men and women who able to step up, be the change, and mobilize the masses. Gandhi, JFK Jr, Rosa Parks, who were neither leaders of nations, nor kings with crowns. And yet in the technology and business world "leadership" is closely knit with tiles, roles, and pay grades. Leadership without Authority, is your call-to-action to step up an...
Navigating the AI Security Horizon: A CISO’s Guide to Sustaining Cyber Resilience
Просмотров 200Месяц назад
Navigating the AI Security Horizon: A CISO’s Guide to Sustaining Cyber Resilience
Supply Chain Compromises Pt. 1 | The Incident Commander Series Ep. 3
Просмотров 418Месяц назад
Supply Chain Compromises Pt. 1 | The Incident Commander Series Ep. 3
Security Governance | The 8 Domains of the Cloud Security Maturity Model | Part 3
Просмотров 624Месяц назад
Security Governance | The 8 Domains of the Cloud Security Maturity Model | Part 3
Learn to Manage Human Risk | LDR433 Training
Просмотров 354Месяц назад
Learn to Manage Human Risk | LDR433 Training
Masterclass with Leading CISOs: Elevating Cybersecurity Talent
Просмотров 219Месяц назад
Masterclass with Leading CISOs: Elevating Cybersecurity Talent
The responsible use of generative AI in academic information security research
Просмотров 219Месяц назад
The responsible use of generative AI in academic information security research
Your Journey to the New GenAI-DFIR Era Starts Today
Просмотров 130Месяц назад
Your Journey to the New GenAI-DFIR Era Starts Today
Expertise isn't all you need - Building an AI Red Team
Просмотров 263Месяц назад
Expertise isn't all you need - Building an AI Red Team
IAM | The 8 Domains of the Cloud Security Maturity Model | Part 2
Просмотров 299Месяц назад
IAM | The 8 Domains of the Cloud Security Maturity Model | Part 2
How Accurate is Your Recovery Timeline? | The Incident Commander Series Ep. 2
Просмотров 459Месяц назад
How Accurate is Your Recovery Timeline? | The Incident Commander Series Ep. 2
CISOs Confront AI: Adapting Cybersecurity to the AI Era
Просмотров 717Месяц назад
CISOs Confront AI: Adapting Cybersecurity to the AI Era
Data Protection | The 8 Domains of the Cloud Security Maturity Model | Part 1
Просмотров 478Месяц назад
Data Protection | The 8 Domains of the Cloud Security Maturity Model | Part 1
Keynote | The Fast-Food Effect: Translating Fast-Food Mastery into Cross-Industry Success
Просмотров 143Месяц назад
Keynote | The Fast-Food Effect: Translating Fast-Food Mastery into Cross-Industry Success
El Efecto de la Comida Rápida - Traduciendo elDomino de la Comida Rápida en Éxito Intersectorial
Просмотров 54Месяц назад
El Efecto de la Comida Rápida - Traduciendo elDomino de la Comida Rápida en Éxito Intersectorial
Thank you
Great tips!!
sans undertale?!?!?!?!
Well, technically social engineering is the practice of INFLUENCING others to take a course of action. This can be deceptive, or it can be straightforward. But just as the term 'hacking' has been misrepresented and confused by popular media over the years, the same is happening with SE, sadly. Also, I'm just curious... the advice given for 'defending' against such attacks has been pretty consistent for years - actually, decades - now. So, why are these types of attacks still so successful so much of the time? Because the targets and the timing are both very carefully chosen by attackers to be most effective, and when taking advantage of near-universal human weaknesses, education and training don't really seem to make that big of a difference in the moment when faced with such threats. This is why, although social engineering attacks have gotten more and more sophisticated over the years, the defenses have progressed only minimally. How do we do better, I ask?
Just a small remark: mr Zdrnja is correct that the Dutch government released an "assessment tool" to see if you as a company need to comply with NIS2. And what's really important is that the number of employees in your company is not the only factor. The other condition, apart from being in either a critical or important sector of course, is your revenue and balance. It is not an AND condition, it's an OR. So you can find yourself with 40 employees but still hitting 10 million in revenue and therefor have NIS2 apply to you. In addition, there are a couple of companies which don't fit the employee or revenue criteria but are still in scope of NIS2 because of the critical services they deliver.
Can't finish it, way too much of a star wars groupie.
Thanks for the advice.
Tanya is awesome. As a non-dev, I appreciate the way she plainly and clearly illustrates appsec basics and explains helpful ways to step-by-step mature through appsec. Great guest on a great podcast.
Can’t believe sans did this after the pacifist timeline
10:36 - Classic Stephen Sims.
Sans
This is very good material and well presented thanks
Thanks
I am diving deep into Human Risk Management
Great conversation
This is the best show ever. SANS Institute is awesome! 💚
Great dialogue with your guest, here, @JerichBeason
Love it. He indeed gave really good real-world examples.
This guy is talking to us like a kindergarten teacher lol
What most experts fail to discuss in detail is the fact that the bad guys also have AI and can use it for even more effective attacks.
first
same here, cybersecurity certificateion salary dropdown like anything now. window admin getting better then this.
I am GRC Consultant with a cyber background. I made sure I studied AI in conjunction with my expertise.
Great Vid
"Cyber Rosetta Stone": a useful idea, supported by a great analysis work. The standards comparison and categorisation is awesome, and throws light into how complex our industry is becoming.
Excellent
Undertale reference
Great Job Rich!
Thanks a lot for this talk Chris, it's very valuable to learn about an actual day-to-day workflow of a CTI analyst/engineer
Megalovania moment
enjoyed this webinar any links to resources or the slide deck?
Excellent as always. Thank you!
32:06 This was published in 1984. That’s 30 years ago. And yet we are where we are. What happened? Sheer stupidity doesn’t provide a credible explanation given that there are enough people who are intelligent enough to understand. The only other possible explanation points to ill intent. The same with this cloud stupid madness. Even if I could create something-anything, I won’t. Ever. One has to be utterly irresponsible to put anything in the hands of criminals even if they are disguised as defenders. Do you understand?
This is one course I plan to take!
I would argue that recovery has no place within blue teams . The cyber incident management being referred to here involving recovery is training for ISOs and business continuity. At a certain scale nist 80061 is absolutely essential to sec im and keeps an official record solid for regulatory proof . While I see where you are coming from this becomes mom and pop vs large enterprise reality .
Amazing video!! Love the content!
Threat Vectors
45:20 Listen. You seem to be a decent man and a very good teacher, however… If their stupid incompetence affects me, I can’t be chilled about it, can I? If I were just an external consultant, it would be probably easier. But if my job in that company is at risk and/or if my data is at risk because an idiot up there can’t be bothered…Huston, we have a big problem. And, by the way, this typical Western type of mentality is one of the main causes for the demise of the West.
The best one purple teaming explanation on youtube But not the best explanation
This is so appalling that I had to come back to it. I have a question. Do the candidates know that they are subjected to a psychometric test? Presumably not. How does it fit then with Data Protection/ GDPR and other ethical considerations? (Not that anyone is bothered by law or ethics. I am an idiot, I know). It’s hacking into their minds. Listen. I don’t know who the hell you are and why you are doing this, but if you put my account on a RUclips clone, have the minimal decency to, actually, do a fucking proper job and throw a reply to my comments now and then (hopefully with something intelligent and useful). Morons.
35:35 Thanks for the tip. If I will ever take this test that is obscenely expensive (who can afford it in their first five years of IT work?) and run by robots (because these days humans are unable to think and exercise sound judgement), I will read some Marcus Aurelius in the morning to get in the appropriate mood. I had a look at some questions on a IT website and the first one was ‘Which factor is the most important item when it comes to ensuring security is successful in an organization?’ to which, at least according to this seemingly reputable website, the correct answer is ‘Senior management support’ instead of the common sense one which is ‘Security awareness by all employees’. Not even the highly dubious excuse that this is a ‘research question’ would be good enough for me. Why? Because any test should primarily be about teaching the candidates and improving their practice. Even if they fail, they will know more. But no. This overhyped test not only that confuses them with the so- called ‘research questions’, it, also, deprives them of the opportunity of pondering on relevant issues (because it stops when the bot decides so) and doesn’t provide them with at least an indication as to why their answers were wrong. It doesn’t help their professional development and can have a devastating impact on their self- esteem. All the administrators want is for the bot to tell them who is worthy of having this certification. Its very purpose is selfish and counterproductive. It is rubbish. How did it get to have this aura of excellence is beyond me 😃
30:10 I think you may be a little bit economical with the truth here. Are you sure that the questions with the obviously wrong possible answers do not test something else (such as resilience when faced with frustration/cognitive dissonance and suchlike)?
Great overview. I regularly have the 'IM or IR' question raised to me, and this sums up the answer perfectly. Having also attended LDR553, I can say it's an awesome course.
Can you publish the slides used here?
Really wanted to work on my GCIH cert. Unfortunately, the price isnt something I can afford as a student.
yeah! are you irani?
@@user-vy9oi1vx9i I am Indian. But currently living in the US.
I did SEC-401 in 2022 and it really helped me to get much more than just a security overview!
There's 2 types of people. Grateful people with a positive mindset, who are willing to learn and who will pass the CISSP. Then there are people who complain about microphones which are of adequate quality for the purpose, whilst people were working from home during a global pandemic.
*megalovania*
Expensive but worth it. Whilst saving moneys I am walking through the syllabus and preparing myself with the topics provided. Quite nice course.