2nd annual iia/isaca hacking conference - chapters site · pdf filewe welcome you to the 2nd...
Post on 18-Mar-2018
223 Views
Preview:
TRANSCRIPT
2nd Annual IIA/ISACA Hacking Conference
True Security Countermeasures
&
Internal Audit’s Virtual Vector
Summit West
500 West Madison Street (Ogilvie Train Station)
Downtown Chicago | Illinois
October 27th & 28th
Welcome!
We welcome you to the 2nd Annual IIA/ISACA Hacking Conference sponsored by
the Chicago Chapter of the Institute of Internal Auditors and the Chicago Chapter
of ISACA! Today’s sessions is titled “True Security Countermeasures and Audit’s
Virtual Vector”. Our goal was to present a two day event that contains the most
real world hands-on application of Hacking knowledge and skills that can be
applied to the Internal Audit/IT Audit/IT Security world.
By the end of this course, you will have a significantly greater appreciation for the
IT security landscape and how it impacts your organization. The combination of
professional practice information technology experts and the broad landscape of
IT vulnerabilities presented at this conference will increase the operational,
financial and IT auditor’s skill sets to integrate not only information technology
auditing technique, as well as, develop awareness of one of the most significant
changes in the risk profile of businesses today.
Thank You to Our Sponsors
We would like to warmly thank our sponsors!
Platinum
Gold
Course Outline
DAY 1: Tuesday, October 27, 2015
8:00 – 8:30
Registration and Continental Breakfast
8:30 – 9:20 Cyberthreat Landscape
Eric Brelsford, Special Agent, FBI
9:35 – 10:25
Global Honeypot Trends
Elliott Brink, Sr. Associate, RSM McGladrey
10:50 – 11:40
Tracking and Responding to Global
Cybercrime
John Bambenek, Sr. Analyst, Fidelis Cybersecurity
11:50 – 12:30 LUNCH
12:40 – 1:30
Using Passive DNS to Uncover Network and Server Parasites
Alan Clegg, Sales Engineer Farsight Security, Inc.
1:45 – 2:35
The Secretive Zero-Day Exploit Market
Adriel T. Desautels, Partner & CEO, Netragard, Inc.
2:50 – 3:40
Assessing Risk in a Breached World
Chris Gerritz, CEO & Co-founder, Infocyte, Inc
3:55 – 4:45
Internal Audit Considerations for Cybersecurity Risks Posed by Vendors
Joseph Kirkpatrick, Managing Director, KirkpatrickPrice
Course Outline
DAY 2: Wednesday, October 28, 2015
7:30 – 8:00
Registration and Continental Breakfast
8:00 – 9:30
CISO Panel: Perspectives on addressing today’s security challenges
Tina LaCroix-Hauri, President, Bradford Garrett Group
Waqas Akkawi, CISO, SIRVA Worldwide
Kevin Novak, CISO & IT Risk Officer, Northern Trust
Michael Phillips, EVP & CISO, Rosenthal Collins Group
Richard Rushing, CISO, Motorola Mobility
9:35 – 10:45
CryptoLocker Ransomware Variants:
Learn How to Protect Against Them
Ryan Nolette, Sr. Threat Researcher, Bit9
11:00 – 12:00 Software Security Metrics
Neil Bahadur, Managing Consultant, Cigital
11:50 – 12:30 LUNCH
1:00 – 2:00
Forensics for Auditors
Inno Eroraha, Chief Strategist, NetSecurity Corp.
2:15 – 3:15
Welcome to the Internet of Insecure
Things
Chandler Howell, Director of Engineering Nexum
3:30 – 4:30
A New Approach to Audit your Company’s Threat & Vulnerability Management Program
Paul Hinds, Managing Director, PWC
Stephen Asamoah, Senior Consultant, PWC
Sessions at a Glance: Day 1
Session 1: Cyber Threat Landscape
8:30 AM – 9:20 AM
In this session, the Federal Bureau of Investigation (FBI) will provide their unique view of cyber threats, addressing who the attackers are, their objectives, and how to best prepare for attacks. As Sun Tzu famously said: "If you know the enemy and know yourself you need not fear the results of a hundred battles." The FBI will provide insight that can help organizations understand and respond to our common enemies in the cybersecurity space. Eric Brelsford, Special Agent – Criminal & National Security Cyber Investigations, FBI Chicago Division SA Brelsford began his career with the FBI in 2003 in Milwaukee where he started investigating cyber crimes. In 2006, SA Brelsford transferred to Chicago where he has continued to focus on cyber-crime investigations. During this time, SA Brelsford has been the lead investigator on a variety of cyber investigations including data breaches, cyber extortion, financial account takeover, malware distribution, botnet operations, and denial of service attacks. Prior to joining the FBI, Agent Brelsford worked in the private sector performing computer & information security consulting. Agent Brelsford is currently assigned to a criminal computer intrusion squad.
Sessions at a Glance: Day 1
Session 2: Global Honeypot Trends
9:35 AM – 10:25 AM
Many of my computer systems are constantly compromised, attacked, hacked, 24/7. How do I know this? I've been letting them. This talk will cover over one year of my research running several vulnerable systems (or honeypots) in multiple countries including the USA, mainland China, Russia and others. We'll be taking a look at: a brief introduction to honeypots, common attacker trends (both sophisticated and “script kiddie”), brief malware analysis and the statistical analysis of attackers based on GeoIP. Are there differences in attacks based on where a system is located based on GeoIP? Different attackers use different tactics. As part of this presentation, we will discuss the tactics that have been seen in use on these systems. Elliott Brink, Sr. Associate, RSM McGladrey Elliott Brink (@ebrinkster) is an Information Security Senior Associate for RSM based out of Chicago, IL with 4 years experience in the industry. He specializes in internal/external pentesting, web application testing, and social engineering engagements. Elliott has been involved in penetration tests domestically and internationally for fortune 500 companies to organizations with less than 10 employees and manages the penetration testing lab for RSM. He has spoken on this topic as well as others at several information security conferences such as DefCon, GrrCon, etc.
Sessions at a Glance: Day 1
Session 3: Tracking & Responding to Global
Cybercrime
10:50 AM – 11:40 AM
Every week we hear about another major breach or another malware campaign that is defrauding business and consumers’ millions. Very rarely do we here of successful investigations and prosecutions. This talk will focus on investigating cybercriminals across the globe and some tools and techniques for participants to implement in their own organizations. Most malware uses DNS or Domain Generation Algorithms to allow for communication back to the attacker. By reverse engineering those means of communication, it becomes possible to create near-time intelligence to track those adversaries as they move around the Internet. This talk will discuss how to create such surveillance as well as discuss the possibilities of deception and counterintelligence inherent in this kind of tracking. John Bambenek, Fidelis Cybersecurity John is a Sr. Threat Analyst at Fidelis Cybersecurity and an incident handler within the Internet Storm Center. He has been in security for 15 years researching security threats. He is a published author of several articles, book chapters and a book. He has contributed to IT security courses and certification exams. John has participated in many incident investigations spanning the globe, most recently part of Operation Tovar which successfully ended Gameover Zeus and Cryptolocker.
Sessions at a Glance: Day 1
Session 4: Using Passive DNS to Uncover
Network and Server Parasites
12:40 PM – 1:30 PM
Malicious actors may create and operate unauthorized web sites on corporate IT networks and servers. These parasitical sites use corporate resources to host an insider's own home/startup business. Unauthorized sites may also host "otherwise-unhostable" content such as malware, phishing sites, pirated software repositories, online child abuse materials, or extremist/terrorist content. Passive DNS is the perfect technical tool for finding these unauthorized sites. In this talk we'll explain how passive DNS lets an audit team find out what company IP addresses have been used during the period being audited, and for what domains. Alan Clegg, Sales Engineer Farsight Security, Inc. Alan’s focus over the last 10 years is technical training. Alan has trained professionals through the Internet Systems Consortium, InfoBlox, Info2Intel, and other organizations. Primary focus areas are DNS, HHCP, and IPv6. Alan has experience as a UNIX Administrator, technical support engineer, and other roles throughout his career. Alan has extensive experience with computer security issues and trends, having dealt with compromised hosts, denial of service mitigation, and documented and assisted in the implementation of network systems best common practices.
Sessions at a Glance: Day 1
Session 5: The Secretive Zero-Day Exploit
Market
1:35 PM – 2:35 PM
The secretive zero-day exploit market and zero-day exploits themselves are both misunderstood and misrepresented. Zero-day exploits are dual purpose tools that take advantage of existing vulnerabilities in software. Zero-day exploits are valuable from the intelligence, law-enforcement, and even corporate defense perspective. As a former zero-day exploit broker Desautels will discuss the realities behind the zero-day exploit market, what zero-days are and aren’t, and how they can be used. He will also discuss why he supports regulation but is against the Wassenaar arrangement as it stands today. The zero-day market is a necessity and zero-days are here to stay. Adriel Timothy Desautels, Partner & CEO, Netragrd, Inc Netragard specializes in the delivery of realistic threat, protective penetration testing services. Adriel is the architect behind most of Netragard’s services. Adriel is well known for his efforts towards building an ethical, legitimate and legal 0‐day exploit market. Adriel ran Netragard’s 0‐day Exploit Acquisition Program (EAP) from 1999 through summer of 2015.
Sessions at a Glance: Day 1
Session 6: Assessing Risk in a Breached
World
2:50 PM – 3:40 PM
Network intrusions have spiked in recent years resulting in millions in financial losses, theft of intellectual property, and exposure of customer information. The groups responsible for these high profile attacks are organized and are able to persist in your network without detection for months, even years. Yet even with the threat of undetected compromise and zero-day attacks, today’s risk and vulnerability assessments are still focused on answering questions we already know the answer to (i.e., “Can you be hacked?”). In this session, Chris will: discuss the shortfalls of today’s network assessments for use in enterprise risk measurement, and, the need for new assessment approaches that answer more critical questions (i.e. Are you hacked right now?)
Chris Gerritz, CEO & co-founder of Infocyte Chris is a developer of proactive cyber security solutions focusing primarily on breach discovery. Chris is a pioneer in defensive cyberspace operations having served as initial cadre of the U.S. Air Force’s elite Defensive Counter Cyber (DCC) practice. From a decade of military service, Chris draws on both leadership and deep technical experience serving in various roles such as cryptographic systems maintainer, cyber warfare officer and Air Force pilot. Prior to co-founding Infocyte, Chris served as the Air Force Computer Emergency Response Team (AFCERT)'s first Chief of DCC Operations.
Sessions at a Glance: Day 1
Session 7: Internal Audit Considerations for
Cybersecurity Risks Posed by Vendors
2:50 PM – 3:40 PM
Understanding the threat posed by vendors to your organization
Identifying and quantifying vendor risks
Recommended security measures for vendor risk management
Onboarding and offboarding control objectives
Example audit programs for three common vendor types
How to move beyond the test of non-disclosure agreements to stronger tests that confirm control effectiveness
Recommendations for identifying and mitigating cybersecurity risks
Strategies to evaluate business impact from common vendor types
Joseph Kirkpatrick, Managing Director, KirkpatrickPrice Joseph holds CISA, CGEIT, CRISC and QSA certifications as a certified specialist in data security, IT governance, and regulatory compliance. He has delivered auditing and security assessment services for more than 14 years. Joseph, Managing Partner of KirkpatrickPrice, serves clients and stakeholders who are seeking to understand compliance and regulatory requirements by helping them navigate the complex world of data security.
Sessions at a Glance: Day 2
Session 1: CISO Panel – Perspectives on
addressing today’s security challenges
8:00 AM – 9:30 AM
In this session, top Chicagoland Chief Information Security Officers will answer questions on a range of topics including:
Security Trends
Threat Landscape
Data Security
What success looks like for security leadership Panelists will address the above topics and then receive questions from the audience. CISO Panel Moderator: Tina LaCroix-Hauri, President & Co-Founder, Bradford Garrett Group, Inc. Tina leads the CISO Advisory Services Practice. As the first executive level Information Security leader hired by both Discover Financial Services (DFS) and Aon Corporation, Tina understands the diverse skill set needed to lead as a global CISO. Tina sits on the Industry Advisory Board of the Masters of Science in Information Technology in the McCormick School of Engineering of Northwestern University where she is also an Adjunct Professor – Risk Management.
Sessions at a Glance: Day 2
Session 1: CISO Panel – Perspectives on
addressing today’s security challenges
8:00 AM – 9:30 AM
Panelists: Waqas Akkawi, CISO, SIRVA Worldwide Waqas is responsible for SIRVA’s information security program, operations, and delivering information security and privacy protection value to clients globally.
Kevin Novak, CISO & IT Risk Officer, Northern Trust Kevin is CISO and a member of the Northern Trust Corporate Risk Group. He is responsible for the security of Company and Client information and for the management of information technology risks across Northern Trust's global business. Kevin joined Northern Trust in August 2011.
Michael Phillips, EVP & CISO, Rosenthal Collins Group LLC Michael is the Executive Vice President and Chief Information Security Office at Rosenthal Collins Group, LLC. In this capacity, he serves as Co-Executive of the Information Technology Group and senior adviser to the Chairman / CEO, providing insights on various aspects of Operational Risk Management including Information Assurance & Privacy Protection.
Richard Rushing, CISO, Motorola Mobility Richard is CISO for Motorola Mobility and participates in several corporate, community, private, and government Security Council’s and working groups. Activities include setting standards, policies, and solutions to current and emerging security issues.
Sessions at a Glance: Day 2
Session 2: CryptoLocker Ransomware
Variants Are Lurking “In the Shadows”,
Learn How to Protect Against Them
9:35 AM – 10:45 AM
Recently, attackers employing a CryptoLocker variant have been removing volume shadow copies on systems, disallowing the users from restoring those files and then encrypting the files for ransom. If a user cannot recover from backups, he/she is at the attacker’s mercy.
In this technical session, we’ll discuss the ins and outs of shadow copies, reveal how attackers are using them to encrypt files for ransom and then discuss ways you can quickly, and easily, detect and respond to these kinds of attacks.
Ryan Nolette, Sr. Threat Researcher, Bit9 + Carbon Black Ryan draws from intense and active experience in Incident Response (IR), Threat Research, and IT experience to add a unique perspective of technical expertise and strategic vision. Prior to joining Bit9, Ryan was a Technology Risk Analyst for Fidelity Investments, where he was the malware expert for their Cyber Security Group and focused on signature verification and placement for all IPS devices, and provided non‐signature based malware detection and prevention through manual auditing and automated tools. Ryan earned a bachelor’s degree in Information Security and Forensics from the Rochester Institute of Technology.
Sessions at a Glance: Day 2
Session 3: Software Security Metrics
11:00 AM – 12:00 PM
Often, auditors must interpret the instantiation of how a set of "must-do" items are getting done to make sure that they meet the spirit of the person or entity requiring them. These items may come from regulatory, statutory, contractual, business practice, insurance, etc. sources and can be jeopardized by bad software. This session is a journey into how to understand the measurements being used for software security and how they track progress against the must-dos or want-to-dos for your organization. This presentation includes a look at the numerical data that comes from a Software Security Initiative and how to put that information in the context of determining whether your organization is meeting the spirit of the must-do obligations for your organization. Neil Bahadur, Managing Consultant, Cigital Neil has been with Cigital since 2011. Coming from a process automation and penetration testing background, Neil looks at every business process skeptically; paying special attention to exploitable loopholes. Currently performing BSIMM assessments, Neil leads enterprise-scale software security initiatives, injecting security into SDLCs across several verticals including financial, insurance, healthcare and retail. He believes that while organic growth and volunteerism can be useful to get started with process improvement, organizations must perform application security on purpose to be truly successful.
Sessions at a Glance: Day 2
Session 4: Computer Forensic Jujitsu for
Auditors: Conducting Legally Defensible
Forensics Investigations
1:00 PM – 2:00 PM
Whether you are conducting or supporting the investigation of illicit pornography, disgruntled employee, malicious software outbreak, fraud, advanced cyber attack, or other sophisticated zero-day targeted attack launched by China, the investigation primitives are the same. The investigators or supporting casts have to quickly identify and collect the most crucial evidence wherever it may be – laptop, mobile device, server, desktop, network, social media, or in the wild. This session will provide guidance for conducting or overseeing such investigations in a in a forensically-sound and legally-defensible manner, and without preconceived ideas about the guilt or innocence of the subjects. Inno Eroraha, Founder & Chief Strategist, NetSecurity Inno’s main responsibility is to position NetSecurity as “the brand of choice for forensics, security, and training”, by delivering high-quality, timely, and customer-focused solutions. Inno oversees NetSecurity’s day-to-day operations, including the proprietary HANDS-ON HOW-TO® training program and the state-of-the-art NETSECURITY FORENSIC LABS. He leads the execution of NetSecurity’s solutions and helps clients protect, defend, and recover valuable assets from cyber attacks and computer fraud.
Sessions at a Glance: Day 2
Session 5: Welcome to the Internet of
Insecure Things
2:15 PM – 3:15 PM
The Internet of Things (IoT) is a term that is showing up more and more and includes a wealth of devices which have frequently been with us for some time, such as medical devices, refrigerators, and even cars, but to which we are now are adding network connectivity and integration with remote systems. Chandler will provide a brief overview and definition of IoT, then examine why security is frequently an afterthought in these devices, the implications of weak IoT security, provide a framework for understanding the implications of these security issues, the provide some guidance on effective Controls and Architectural approaches to manage the risks that these devices are creating.
Chandler Howell, Director of Engineering, Nexum Starting as a humble *NIX Sysadmin, Chandler worked up as a C, perl, Java and eventually Rails coder. Sometime in the mid-90's, Chandler landed in the world of Risk Management & IT Security. Finally having found his place, Chandler has led, built and been a member of security teams for everything from an online dating site to Fortune 500 companies.
Chandler now manages a nation-wide team of approximately 20 Engineers providing Pre- and Post-Sales consulting and Training.
Sessions at a Glance: Day 2
Session 6: A New Approach to Audit your
Company’s Threat & Vulnerability Management
(TVM) Program
3:30 PM – 4:30 PM
The complexity of tools to protect a company’s IT assets continues to grow. What is concerning is that most companies cannot clearly explain the company's IT architecture, what tools are in place to protect these assets and what capabilities these tool possess to mitigate the risks identified. Even more importantly, few organizations can assess if these tools are properly configured and what gaps exist, based on the tools and how they are configured.
Internal Audit needs to be able to articulate the threat vectors that exist in their company and the TVM Program and tools in place, and be able to audit these components to help ensure the risks thought to be addressed are actually reduced.
Paul Hinds & Stephen Asamoah, PwC Paul is Managing Director and leads a cybersecurity, privacy, and IT risk management team. Paul also leads ERP security and control design and implementation teams for SAP, Oracle, and many other similar enterprise solutions. Paul has served as the CAE, IT Audit Director and IT security director for several Fortune 1000 companies. Stephen is a Senior Consultant for PWC’s cybersecurity practice. Stephen held prior positions at BMO Harris Bank as a Security Advisor II, Security Administrator for Affinia and Security Analyst for Community Health Systems.
Thank You
This is the 2nd Annual Chicago Hacking Conference and has been
developed, organized and presented in large part due to the efforts of
Jason Torres and Corbin Del Carlo. I would like to thank both Jason and
Corbin for their extensive efforts in creating this conference to educate
the profession on emerging trends in the IT Security arena. This
conference attracted well over 100 participants in 2014. In 2015, due to
the leadership of Jason, Corbin, and a team of volunteers from both the
IIA and ISACA Chicago chapters, registration has grown to nearly 200
participants. Please join me in providing a thank you for the efforts of
Jason, Corbin and the team for making this a successful new event for the
Internal Audit professional annual events calendar.
Sincerely,
Michael L. Davidson
Vice President of Education
The Institute of Internal Auditors, Chicago Chapter
We recognize the following individuals for their noteworthy efforts:
Jason Torres Corbin Del Carlo
Nathan Anderson Patrick Coffey
Richard Kokoszka Juilee Shinde
Scott Shinners
Our Sponsors
Platinum
McGladrey is committed to helping companies like yours
improve at every turn. Whatever the challenge, we strive to
understand your business and deliver objective advice and
high quality, customized services that help you make more
confident business decisions.
www.mcgladrey.com
Gold
Nexum, Inc. is a cybersecurity and networking company that
builds and secures global networks for organizations across
multiple verticals around the world. In addition to its Chicago
headquarters, Nexum has sales, training and support
presence in Kentucky, Michigan, New Hampshire, Ohio and
Wisconsin as well as the Security and Network Operations
Command Centers (SNOCC) in New Mexico and Illinois.
www.nexuminc.com
ThreatConnect, Inc. provides industry-leading advanced
threat intelligence software and services including
ThreatConnect®, the most comprehensive Threat
Intelligence Platform (TIP) on the market. ThreatConnect
delivers a single platform in the cloud and on-premises to
effectively aggregate, analyze, and act to counter
sophisticated cyber-attacks. Leveraging advanced analytics
capabilities, ThreatConnect offers a superior understanding
of relevant cyber threats to business operations. To register
for a free ThreatConnect account, or to learn more about
our products and services, visit:
www.threatconnect.com
top related