Chapter News & Updates:
- Slides from March Meeting!
07:45 – 08:00 Chapter meeting Registration with light Breakfast
08:00 – 08:50 Phishing Attacks
Advanced Persistent Threats (APT’s) – APT’s employ a combination of social engineering and well-coordinated, targeted, cyber attacks using trojans, remote control software, and other malware. Several organizations are working to raise awareness surrounding APT’s, and they’re not just marketing firms. This presentation will be an overview of two such awareness campaigns, Operation Aurora & Night Dragon from McAfee. The lesson from both is the same: It’s up to the Human Element to protect your organization.
Aaron Ansari, PhishMe
09:00 – 09:50 Case Study- Breach in the Cloud
This is a case study where an organization looking to gain scalability, without bearing the massive expense of running the entirety of its e-commerce environment on in-house data centers, outsourced to a cloud provider. The organization’s compliance officer noticed that their site had “offshore pharmacy” links to it and that following them in turn bounced to another site. Internal attempts to remediate did not last. Analysis ultimately determined that the content management system used for the store had a vulnerability in it that had been exploited, allowing the attackers to achieve root access to the cloud provider’s systems underneath the application. The software used to compromise the system was made up of heavily obfuscated code to search for, stage, and deliver payment card numbers back to the attacker in Moscow. Root cause analysis ultimately identified mismatches between the expectations of the organization and the Cloud provider about responsibility for software management.
Matt Curtin, founder Interhack Corporation
10:00 – 10:30 Regulatory Update
This presentation will cover the latest legal developments relating to privacy, security, and technology. He will discuss upcoming legislation relating to security, breach notification, and privacy. He will also focus on recent enforcement actions by the Federal Trade Commission and developing case law. Evan will discuss strategy, decision making process, and tools that can be utilized to approach GRC in the enterprise. Expect discussion on the very recent news regarding Facebook password requests from employers.
Mehmet Munur – Attorney, Tsibouris & Associates
10:40 – 11:30 Setting Up Internal Sting Operations
You’re boss comes in one day and tells you he thinks someone is reading his emails. He claims that every night he leaves his email open and when he comes in the next morning messages he hasn’t seen are marked as read. He wants you to solve the mystery. Now what do you do? When logs don’t give you the specific visibility you may need to solve some situations, sting operations might be able to help. This talk will cover the basics of setting up corporate “cyber” sting operations. We’ll discuss when they are appropriate and when they might not be a good idea. We’ll discuss some common ways that organizations use these techniques to identify insider and external threats. Examples will be detailed to help you think outside of the box. The takeaways will be a few basic techniques that have shown value, a deep understanding of what data to capture and how to manage it, plus some strategic tips for effectively out maneuvering attackers with these techniques.
Brent Huston –CEO, Microsolved, Inc.
Begins July 26th, 1 night weekly/12 weeks
April 11th – Forensics Lab
Steve Romig of OSU will conduct a full day lab with a mix of lecture and hands-on application (lap top required). Beginner and intermediate level content, this course is very well suited for the IT professional or security practitioner who does not have forensics as their core competency. With a morning of lecture and a an afternoon lab, Steve will carefully layout the correct processes and procedures to follow, teach the audience how to utilize certain VMware tools critical to enabling a forencis project, and ensure the practitioner understands how to properly prepare and hand off data to an investigator.
Senior Business Development Manager
W: 614-246-0104 C: 614-397-2329
Two volunteers needed!
contact email@example.com to be placed on waiting list!
May 17th & 18th - Central Ohio Infosec Summit
For more information regarding the InfoSec Summit