Topic: DevSecOps: Integrating and Maturing a Security Culture Cybersecurity professionals have a robust suite of tools and methodologies for assessing risk to operating systems, firewalls, and other components but have limited resources to review webapps. As demonstrated by the Equifax … Continued
Chapter Business Meeting Slides: 2020-02-26 Meeting Slides Speaker Slides: Business Email Compromise (BEC) Topic: Business Email Compromise: More Sophistication, More Problems Business Email Compromise (BEC) is a major threat vector for the private sector. These attacks usually begin with a spear-phishing attempt, … Continued
Chapter Business Meeting Slides: 2020-01-22-Meeting-Presentation.pdf Speaker Slides: The Next Gen of Vulnerability Management Topic: The Next Gen of Vulnerability Management Traditionally, Vulnerability Management has become entrenched in the CVSS scoring system which itself, has undergone some revision to more appropriately address … Continued
Topic: Risk Mitigation Strategies for Cybersecurity Service Providers Everyone is talking about “vendor risk” and “vendor management” on the client side, but who’s looking out for the risks that your cybersecurity product or service company faces when helping those same … Continued
Topic: Threat Informed Defense with MITRE ATT&CK™ Chapter Business Meeting Slides: 2019-11-20-Meeting-Presentation.pdf The MITRE ATT&CK framework has become a widely used knowledge base and model for real cyber adversary behavior. In use across governments, private sector, and security solutions providers, ATT&CK … Continued
Chapter Business Meeting Slides: 2019-10-16-Meeting-Presentation.pdf Speaker Presentation: ISSA Central MD is hosting an event at the National Electronic Museum to celebrate National Cybersecurity Month. Topic: Taking a holistic approach to an insider threat program This presentation will provide insider threat mitigation … Continued
Chapter Business Meeting Slides: 2019-10-08-Meeting-Presentation.pdf Topic: A Security Walkthrough of IAM in Light of Data Breaches in the Cloud Identity has become the new perimeter in the world of api-driven infrastructures (cloud computing). Understanding the challenges and complexity of least … Continued
Chapter Business Meeting Slides: 2019-09-25-Meeting-Presentation.pdf Speaker Presentation: .govCAR: Threat Based Cyber Capability Review The Cybersecurity and Infrastructure Security Agency (CISA) developed the .govCAR methodology to take a threat-based approach to cybersecurity risk management. .govCAR represents an evolution in managing cybersecurity … Continued
Chapter Business Meeting Slides: 2019-08-28-Meeting-Presentation.pdf Speaker Presentation: Failing-at-Cybersecurity.pdf Topic: Fail Secure: 20 Ways to Undermine Your Security Program There’s policy, and then there’s reality. All too often, security teams find their efforts overridden or bypassed. Here’s some unconventional wisdom and tips … Continued
Chapter Business Meeting Slides: 2019-07-24-Meeting-Presentation.pdf Speaker Presentation: Attackers-Prey-on-Uncertainty_ISSA-Central-MD.pdf Topic: Attackers Prey on Uncertainty: How to Fail at Threat Detection It takes a lot of visibility and context to detect and respond to sophisticated threats. Attackers usually target data, where enterprises have … Continued
