Podcasts about incident handling

Die EU-Richtlinie NIS2 verpflichtet künftig deutlich mehr Unternehmen zur Umsetzung von Maßnahmen der Informationssicherheit. Doch für wen gilt die Richtlinie eigentlich? Was ist jetzt konkret zu tun? Und wo liegen die Unterschiede zur bisherigen Kritis-Regulierung oder zur Datenschutz-Grundverordnung? In dieser Themenfolge des Datenschutz Talks gibt Stephan Auge, Teamleiter für Managementsysteme bei migosens, einen kompakten Überblick über die aktuelle Rechtslage, die Anforderungen der Richtlinie und praktische Umsetzungsfragen. Was du aus dieser Folge mitnimmst: Was ist NIS2? Ziel: Harmonisierung der Cybersicherheitsstandards in der EU Hintergrund: Richtlinie ist seit Dezember 2022 in Kraft Umsetzung in nationales Recht bis Mitte/Ende 2025 (geplant) Abgrenzung zur DSGVO und zum Cyber Resilience Act Für wen gilt NIS2? Gilt für besonders wichtige und wichtige Einrichtungen gemäß Anlage 1 und 2 der Richtlinie Betrifft neben KRITIS-Unternehmen auch kleinere Unternehmen aus TK, Gesundheitswesen, Energie, Transport, Entsorgung u. v. m. Keine generelle Schwellenwertgrenze: auch Kleinstunternehmen können betroffen sein BSI stellt ein Tool zur Betroffenheitsprüfung bereit Welche Pflichten entstehen? Selbstregistrierungspflicht beim BSI innerhalb von 3 Monaten nach Inkrafttreten Umsetzung technischer und organisatorischer Maßnahmen (z. B. Risikomanagement, Incident-Handling, Notfallmanagement) Aufbau eines Informationssicherheits-Managementsystems (ISMS) analog ISO 27001 Einführung strukturierter Prozesse zur Meldung von Sicherheitsvorfällen Risikobasierte oder vorfallsbezogene Prüfungspflichten je nach Kategorisierung Was bedeutet das für bestehende KRITIS-Unternehmen? Grundanforderungen weitgehend deckungsgleich mit bisherigen BSI-Nachweisverfahren Erleichterung: Prüfpflicht künftig nur alle drei statt alle zwei Jahre Synergien zwischen NIS2, ISO 27001 und Datenschutzprozessen sinnvoll nutzbar Herausforderungen beim Lieferkettenmanagement Neue Anforderungen an Zulieferer und Dienstleister mit sicherheitsrelevanter Rolle Verpflichtung zur vertraglichen Übernahme von Sicherheitsvorgaben Notwendigkeit von Audits oder anderweitiger Steuerungsmaßnahmen Empfehlung: Business Impact Analyse zur Priorisierung kritischer Dienstleister Sanktionen und Wettbewerbsvorteile Sanktionsrahmen: bis zu 10 Mio. Euro oder 2 % vom weltweiten Umsatz (Anlage 1) Für Anlage 2: bis zu 7 Mio. Euro oder 1,4 % vom Umsatz Frühzeitige Umsetzung von ISMS als Wettbewerbsvorteil – z. B. bei Ausschreibungen Informationssicherheit wird zum geschäftskritischen Erfolgsfaktor Keywords, die in dieser Folge behandelt werden: NIS2 Richtlinie 2025 NIS2 Anforderungen Unternehmen Informationssicherheit Pflicht Cybersecurity Gesetz EU NIS2 Umsetzung Deutschland Betroffenheitsanalyse NIS2 ISMS NIS2 ISO 27001 Datenschutz und NIS2 Vorfallmeldung BSI Lieferkettensicherheit NIS2 Managementsystem Informationssicherheit DORA vs. NIS2 Cyber Resilience Act EU Weitere Infos, Blog und Newsletter finden Sie unter: https://migosens.de/newsroom/ Twitter: https://twitter.com/DS_Talk Übersicht aller Themenfolgen: https://migosens.de/datenschutz-podcast-themenfolgen/ (als eigener Feed: https://migosens.de/show/tf/feed/ddt/) Instagram: https://www.instagram.com/datenschutztalk_podcast/ Folge hier kommentieren: https://migosens.de/nis2-pflichten-fuer-unternehmen-das-musst-du-wissen-stephan-auge-im-datenschutz-talk/

Charlie and Michael are joined by Drew Trumbull, Incident Handling Team Lead for UNC Chapel Hill's Information Security Office, to talk about the latest threats we see and what folks should do if they think they might have been targeted successfully by them, plus the importance of compassion and empathy in our field. There are also side discussions of Michael's history as an employee of COBRA. Remember, every career is a journey. Contact us: dataatrest@unc.edu Musical credit: Pixelland Kevin MacLeod (incompetech.com) Licensed under Creative Commons: By Attribution 3.0 License http://creativecommons.org/licenses/by/3.0/

In this Podcast I am going to talk about a very popular topic "Incident Handling Journey". For more details or free demo with our expert write into us at sales@infosectrain.com Agenda of this session

Sponsor by SEC Playground แบบสอบถามเพื่อปรับปรุง Chill Chill Security Channel: https://forms.gle/e5K396JAox2rZFp19 --- Support this podcast: https://podcasters.spotify.com/pod/show/chillchillsecurity/support

Welcome to Red or Yellow with Adam & Ed. This is a Podcast designed to help with, discuss and entertain on all aspects of refereeing to try and help you become the best referee you can be! This week we only covered news items and questions as we got into a lengthy discussion about Aleksander Mitrovic and how he assaulted a referee in the FA Cup Quarter Final.  We then covered questions on the topics of: How to handle being Observed/Assessed How to handle being physically pushed by a player How clean do players shirts need to be before you tell them to change? ----- Don't forget to get 10% off of your equipment... For UK-based referees head to: www.therefereestore.co.uk For Australia-based referees head to: www.processsports.com The code for both stores is: redoryellow10 Just apply that at checkout. ----- We really want to encourage questions and discussion on anything to do with refereeing, and if you have any that you would like to submit, please email us at redoryellowpod@gmail.com - please feel free to send voice notes! ----- Follow the Podcast on Instagram: @redoryellowpod Follow the Podcast on TikTok: @redoryellowpod Follow the Podcast on Twitter: @redoryellowpod Follow the Podcast on Facebook: Red or Yellow Alternatively, you can follow us both on Social Media here: Instagram: Adam: @the_gym_starter | Ed: @escimo28 Twitter: Ed: @escimo | Adam: @the_gym_starter Website: Adam: www.thegymstarter.com ----- We truly hope you enjoy this episode and thank you so much for being here. Please like and subscribe wherever you get your podcasts! Speak to you again soon! Adam & Ed Music courtesy of City of Thieves Jingle courtesy of Pixabay

In this episode of the We Hack Purple podcast host Tanya Janca met with her colleague from IANs Faculty: Mick Douglas, founder of InfoSec Innovations! We talked about EVERYTHING AppSec and definitely could haveeasily  talked at least 2 more hours! He explained what honey pots/honey files/honey links are, and how to use them. Creating a "tamper evident" network and system, as well as how marketing people have really messed up the term "shift left" for the rest of us. Not only that, but the episode had TONS of laughs! Mick's Bio:Mick Douglas has over 10 years of experience in information security and is currently the Managing Partner for InfoSec Innovations. He specializes in PowerShell, Unix, Data Visualization, Hardware, and Radio Hacking and teaches SEC504: Hacker Tools, Techniques, Exploits, and Incident Handling and SEC555: SIEM with Tactical Very special thanks to our sponsor: Luta Security!Luta Security is the global leader in transforming how governments and organizations work with friendly hackers to bolster their security. LutaSecurity can manage end-to-end vulnerability disclosure and bug bounty programs or train your existing staff to maximize your security investment. Visit LutaSecurity.com/services to get started today!Join us in the We Hack Purple Community:  A fun and safe place to learn and share your knowledge with other professionals in the field. Subscribe to our newsletter for even more free knowledge! You can find us, in audio format, on Podcast Addict, Apple Podcast, Overcast, Pod, Amazon Music, Spotify, and more!#appsec #wehackpurple #shehackspurple

SOC analysts are often overworked and under-appreciated — but that needs to change! How and where do the SOC and the SOC analyst make positive impacts on the business? That's exactly what we explore in this new episode.In this special panel held live during the first-ever SOC Analyst Appreciation Day, we get to speak with Kathy Wang, the CISO at Very Good Security and former SOC Analyst, Amina Aggarwal, a Senior Security Analyst at Workday, and Bennett Hendrix III, a Tier 1 SOC Analyst at CyberClan. During our conversation, we look at the past, present, and future of the SOC analyst role.ITSPmagazine is proud to partner with Devo to recognize the efforts put in by the practitioners working away in the trenches and on the front lines of cybersecurity. Join us to help us recognize them and their efforts.About the SOC Analyst Appreciation DayJoin us for five hours of live-streamed content — with sessions ranging from what skills are needed to move up in the SOC, to desk decompression from a yoga instructor, to a panel discussion about a day in the life of a SOC, to a "Lunch & Laugh" where a stand-up comedian will provide some much-needed de-stressing entertainment. There's a ton to celebrate — let's do this!Learn more about SOC Analyst Appreciation Day and watch the video of this panel: https://itspm.ag/devoq0zz______________________________GuestsKathy WangOn Linkedin | https://www.linkedin.com/in/kathywang/On Twitter | https://twitter.com/wangkathy and https://twitter.com/WiCySorgAmina AggarwalOn Linkedin | https://www.linkedin.com/in/aminaagg/On Twitter | https://twitter.com/amina_aggarwalBennett Hendrix IIIOn Linkedin | https://www.linkedin.com/in/bennetthendrixiii/On Twitter | https://twitter.com/OneCyversity______________________________To see and hear more conversations about and from this event as we explore the personal, technical, operational, and innovative aspects of this role:

SOC analysts are often overworked and under-appreciated — but that needs to change! How and where do the SOC and the SOC analyst make positive impacts on the business? That's exactly what we explore in this new episode.In this third of three episodes covering the first-ever SOC Analyst Appreciation Day, we get to speak with Nipun Gupta, a security engineer and security operations leader who has held roles at Deloitte and Deutsche Bank. During our conversation, we look at how the business value of the SOC can be much more than just blocking attacks and how business requirements map to SOC objectives and vice versa.ITSPmagazine is proud to partner with Devo to recognize the efforts put in by the practitioners working away in the trenches and on the front lines of cybersecurity. Join us to help us recognize them and their efforts.About the SOC Analyst Appreciation DayJoin us for five hours of live-streamed content — with sessions ranging from what skills are needed to move up in the SOC, to desk decompression from a yoga instructor, to a panel discussion about a day in the life of a SOC, to a "Lunch & Laugh" where a stand-up comedian will provide some much-needed de-stressing entertainment. There's a ton to celebrate — let's do this!Learn more about SOC Analyst Appreciation Day: https://itspm.ag/devoq0zz______________________________GuestNipun GuptaOn Linkedin | https://www.linkedin.com/in/guptanipun/______________________________To see and hear more conversations about and from this event as we explore the personal, technical, operational, and innovative aspects of this role:

The cybersecurity gaming event, Hack For Troops, takes place on October 30, 2021  from 9AM–4PM ET. Listen in to learn how you can play, watch, and support this program which helps raise money for the non-profit, Tech For Troops.About the Hack For Troops EventHack For Troops is an annual capture the flag fundraising event to support Tech For Troops. Tech For Troops is the fastest growing national non-partisan veterans organization bridging the digital divide. We provide in-need veterans and children of veterans with affordable refurbished computers and opportunities to partner with businesses that provide training and networking experiences.Learn more about Hack For Troops: https://itspm.ag/154ca8About Tech For TroopsTech for Troops is the fastest growing national non-partisan veterans organization bridging the digital divide. We provide in need veterans and children of veterans with affordable refurbished computers and opportunities to partner with businesses that provide training and networking experiences.Learn more about Tech For Troops: https://itspm.ag/69ac92______________________________GuestMark CasperOn Linkedin | https://www.linkedin.com/in/mark-casper-b2b4896/Tech For TroopsOn LinkedIn | https://www.linkedin.com/company/4794466/On Twitter | https://twitter.com/TechForTroopsVAOn Facebook | https://www.facebook.com/Tech4Troops/On YouTube | https://www.youtube.com/channel/UCnEJtjGP-D6_92XrjjAsqRw______________________________ResourcesThe Why ... https://www.youtube.com/watch?v=zRYZFIhG804The What ... https://www.youtube.com/watch?v=iCIE6QAveI0______________________________Learn more about promoting your own event on ITSPmagazine:

SOC analysts are often overworked and under-appreciated — but that needs to change! Many look to improve their work environment through the use of technology and innovation. In the SOC, we need a lot of tuning to find that delicate balance between business goals, technology innovation, and the humanity in the machine.Scripting, coding, and other forms of automation come in handy when trying to make it through the day as a Security Operations Center (SOC) Analyst. However, there's much more to the role when it comes to innovation.Why and how we use technology is at the core of many of our conversations here at ITSPmagazine. When we talk about professions where technology can be at the same time a massive player in business performance and mental health improvement, we do wonder if, and how, the two can be leveraged to serve the same purpose. We hope it does.In this second of three episodes covering the first-ever SOC Analyst Appreciation Day, we get to speak with Josh Klick, a SOC practitioner who successfully worked his way up into managerial and advisory positions for some large global enterprises. Together, we explore how and when innovation can be used to help the organization become more efficient and how the analysts themselves can open their minds creatively to not only accomplish more but to also feel better, mentally, about the work they are performing.ITSPmagazine is proud to partner with Devo to recognize the efforts put in by the practitioners working away in the trenches and on the front lines of cybersecurity. Join us to help us recognize them and their efforts.About the SOC Analyst Appreciation DayJoin us for five hours of live-streamed content — with sessions ranging from what skills are needed to move up in the SOC, to desk decompression from a yoga instructor, to a panel discussion about a day in the life of a SOC, to a "Lunch & Laugh" where a stand-up comedian will provide some much-needed de-stressing entertainment. There's a ton to celebrate — let's do this!Learn more about SOC Analyst Appreciate Day: https://itspm.ag/devoq0zz______________________________GuestJosh KlickOn Linkedin | https://www.linkedin.com/in/klick/______________________________To see and hear more conversations about and from this event as we explore the personal, technical, operational, and innovative aspects of this role:

Today's guest Harry Marshall is an expert in incident handling and gives some much-needed insight into the incident handling process in some of the most successful companies. Today, we hear what the attackers are after and how to prepare ahead of time, knowing that incidents will occur. In addition, it was interesting to listen to the most common attack points on some of the most recent attacks. Finally, this conversation is also great about describing where the cloud has introduced new challenges to the corporate threat environment. You will gain a lot of value from his experience on where other companies have failed and the common pain points of his experience with incident handling. Visit our sponsors: BlockFrame Inc. SecureSet Academy Murray Security Services

SOC analysts are often overworked and under-appreciated — but that needs to change! This conversation is designed to encourage organizations to take steps to improve job satisfaction and mental well-being through recognition and rewards.We must remember that SOC analysts aren't robots tasked solely with clicking buttons from start to finish during their often stressful shift each day. Yes, their work can appear tedious and therefore seem unimportant to those outside of the security operations function, but that doesn't mean that what they do daily isn't critical for protecting the business.In this first of three episodes covering the first-ever SOC Analyst Appreciation Day, we get to speak with Jason Mical, a leader in the world of Security Operation Centers, exploring the reasons behind why the SOC analysts' work doesn't always get noticed.ITSPmagazine is proud to partner with Devo to recognize the efforts put in by the practitioners working away in the trenches and on the front lines of cybersecurity. Join us to help us recognize them and their efforts.About the SOC Analyst Appreciation DayJoin us for five hours of live-streamed content — with sessions ranging from what skills are needed to move up in the SOC, to desk decompression from a yoga instructor, to a panel discussion about a day in the life of a SOC, to a "Lunch & Laugh" where a stand-up comedian will provide some much-needed de-stressing entertainment. There's a ton to celebrate — let's do this!Learn more about SOC Analyst Appreciate Day: https://itspm.ag/devoq0zz______________________________GuestJason MicalOn Linkedin | https://www.linkedin.com/in/jason-mical-43a147/______________________________To see and hear more conversations about and from this event as we explore the personal, technical, operational, and innovative aspects of this role:

On this episode of CISO Tradecraft, you can learn the 10 steps to Incident Response Planning: Establish a Cyber Incident Response Team Develop a 24/7 Contact list for Response Personnel Compile Key Documentation of Business-Critical Networks and Systems Identify Response Partners and Establish Mutual Assistance Agreements Develop Technical Response Procedures for Incident Handling that your team can follow: External Media - An alert identifies someone plugged in a removable USB or external device  Attrition - An alert identifies brute force techniques to compromise systems, networks, or applications.  (Examples Attackers trying thousands of passwords on login pages) Web - A Web Application Firewall alert shows attacks carried out against your website or web-based application Email - A user reports phishing attacks with a malicious link or attachment Impersonation - An attack that inserts malicious processes into something benign (example Rogue Access Point found on company property) Improper Usage - Attack stemming from user violation of the IT policies.  (Example employee installs file sharing software on a company laptop)  Physical Loss- Loss or theft of a physical device (Example employee loses their luggage containing a company laptop) Classify the Severity of the Cyber Incident Develop Strategic Communication Procedures Develop Legal Response Procedures Obtain CEO or Senior Executive Buy-In and Sign-off Exercise the Plan, Train Staff, and Update the Plan Regularly To learn more about Incident Response Planning, CISO Tradecraft recommends reading this helpful document from the American Public Power Association If you would like to automate security reviews of infrastructure-as-code, then please check out Indeni CloudRail Link

Cada vez se utilizan más los entornos cloud computing y eso exige estar al día en cuanto a seguridad en la nube, conocer los diversos tipos de #ciberataques que se producen, cómo protegerse e incluso tener claro quien tiene la responsabilidad en caso de ataque a los datos almacenados en la nube. Un ciberdebate en Palabra de hacker para tratar todos estos aspectos con grandes profesionales de la #ciberseguridad y los entornos #cloud Más información en: https://www.yolandacorral.com/seguridad-en-la-nube-cibertaques-cloud Los invitados que participan en el ciberdebate son: ◼️ David Lladró (https://twitter.com/davidlladro) Senior Cloud Security Engineer en Flywire (www.flywire.com) donde se encarga de proteger la infraestructura cloud en AWS y GCP. Ingeniero Informático, cuenta con 10 años de experiencia en el sector, con experiencia en proyectos de Pentesting, Incident Handling y Threat Intelligence. ◼️ Blanca Fernández de Córdoba (https://twitter.com/Miss_Redes) se dedica a analizar diferentes entornos y desarrollos para securizarlos. Cuenta con más de ochenta certificaciones en diversas materias de ciberseguridad y gestión pues siempre intenta estar al día, estudiando y aprendiendo todo lo posible. ◼️ José Manuel Ortega (https://twitter.com/jortfal) estratega tecnológico con una capacidad analítica que le permite tomar decisiones óptimas incluso en momentos de crisis. Un apasionado de la tecnología desde que tiene uso de razón y un entusiasta de la seguridad informática que divulga en su canal de Twitch (https://www.twitch.tv/jortfal). ◼️ Adataliz Castillo (https://twitter.com/adataliz) es Ingeniera Informática. Especialista en ciberseguridad, asesora en diseño e implementación de arquitecturas de ciberseguridad y líneas de defensa para las plataformas tecnológicas de una organización. Cofundadora de CySecbyWomen (https://www.cysecbywomen.org). ◼ Miguel Ángel Arroyo (https://twitter.com/Miguel_Arroyo76) es Responsable de Seguridad en SEMIC (https://www.semic.es). Auditor de sistemas de información, autor del blog de Hacking ético (https://hacking-etico.com), fundador de la comunidad Hack&Beers y un apasionado de la seguridad informática. Profesor en varios másters de ciberseguridad. Directora y presentadora: ◼️ Yolanda Corral (https://twitter.com/yocomu). Periodista. Formadora freelance especializada en ciberseguridad de tú a tú y competencias digitales (https://www.yolandacorral.com/servicios-formacion). Fundadora del canal Palabra de hacker. _________ Sigue Palabra de hacker tu canal de #ciberseguridad de tú a tú: 🔴 Canal de YouTube, suscríbete para no perderte ningún vídeo: https://www.youtube.com/c/Palabradehacker-ciberseguridad 🎙 Suscríbete y escucha todos los podcasts en: ✔️ Ivoox: http://www.ivoox.com/podcast-palabra-hacker_sq_f1266057_1.html ✔️ iTunes: https://itunes.apple.com/es/podcast/palabra-de-hacker/id1114292064 ✔️ Spotify: https://open.spotify.com/show/1xKmNk9Gk5egH6fJ9utG86 ✔️ Google Podcast: https://podcasts.google.com/?feed=aHR0cDovL3d3dy5pdm9veC5jb20vcGFsYWJyYS1oYWNrZXJfZmdfZjEyNjYwNTdfZmlsdHJvXzEueG1s - Toda la información en la web https://www.yolandacorral.com/palabra-de-hacker - Canal en Telegram: t.me/palabradehacker - Twitter: https://twitter.com/palabradehacker - Facebook: https://www.facebook.com/Palabradehacker

Guest: IGN Mantra – Cyber Security Senior Trainer, Praktisi dan Peneliti. The post Incident Handling, Apa dan Bagaimana Menangani Incident Security di Organisasi – E25 written by Faisal Yahya appeared first on Bincang Cyber.

John Strand: How Does Defence in Depth Look Today? “Our main goal is not to prove that we can hack into a company but to help the customer deveop a series of on point solutions and technologies that will improve the overall security of the company. Testing should never be adversarial, but collaborative”  -- John Strand In this week’s episode of InSecurity, Matt Stephenson sits down with John Strand. John is the owner of Black Hills Information Security. If you aren’t familiar, you may want to check out their Sacred Cash Cow Tipping webcast to learn why security love and fear BHIS. Take a walk with us on this one… Matt and John dig into hosted firewalls, Powerman 5000, types of Artificial Intelligence, Joe Vs the Volcano and a few other relevant topics. You are definitely going to want to catch this episode… About John Strand John Strand(@strandjs) is a senior instructor with the SANS Institute. He teaches SEC504: Hacker Techniques, Exploits, and Incident Handling; SEC560: Network Penetration Testing and Ethical Hacking; SEC580: Metasploit Kung Fu for Enterprise Pen Testing; and SEC464: Hacker Detection for System Administrators. John is the course author for SEC464: Hacker Detection for System Administrators and the co-author for SEC580: Metasploit Kung Fu for Enterprise Pen Testing. John is also the owner of Black Hills Information Security, a company specializing in penetration testing and security architecture services. He feels strongly that education is how the world of information security will change for the better and spends a considerable amount of time teaching and presenting around the world. He has presented for the FBI, NASA, the NSA, DefCon and is a frequent guest on Enterprise Security Weekly. In his spare time he writes loud rock music and makes various futile attempts at fly-fishing. There’s a reason the name Black Hills Information Security puts security vendors on notice… check out their webcasts and podcasts to find out why. About Matt Stephenson Insecurity Podcast host Matt Stephenson (@packmatt73) leads the Security Technology team at Cylance, which puts him in front of crowds, cameras, and microphones all over the world. He is the regular host of the InSecurity podcast and host of CylanceTV Twenty years of work with the world’s largest security, storage, and recovery companies has introduced Stephenson to some of the most fascinating people in the industry. He wants to get those stories told so that others can learn from what has come Every week on the InSecurity Podcast, Matt interviews leading authorities in the security industry to gain an expert perspective on topics including risk management, security control friction, compliance issues, and building a culture of security. Each episode provides relevant insights for security practitioners and business leaders working to improve their organization’s security posture and bottom line. Can’t get enough of Insecurity? You can find us wherever you get your podcasts including Spotify, Stitcher, SoundCloud, I Heart Radio as well as ThreatVector InSecurity Podcasts: https://threatvector.cylance.com/en_us/category/podcasts.html iTunes/Apple Podcasts link: https://itunes.apple.com/us/podcast/insecurity/id1260714697?mt=2 GooglePlay Music link: https://play.google.com/music/listen#/ps/Ipudd6ommmgdsboen7rjd2lvste Make sure you Subscribe, Rate and Review!

This week, Paul interviews Dean Coclin, Senior Director of Business Development at DigiCert! In our second feature interview, we welcome Chris Dale, Head of the Penetration Testing and Incident Handling at Netsecurity! In the Security News, Bluetooth bug allows man-in-the-middle attacks on phones and laptops, serial killer electrocutes himself in jail cell sex act, Google launches its own USB-based FIDO U2F keys, and more on this episode of Paul’s Security Weekly! Full Show Notes: https://wiki.securityweekly.com/Episode569   Visit https://www.securityweekly.com/psw for all the latest episodes!   →Visit https://www.activecountermeasures/psw to sign up for a demo or buy our AI Hunter!! →Follow us on Twitter: https://www.twitter.com/securityweekly →Like us on Facebook: https://www.facebook.com/secweekly

This week, Paul interviews Dean Coclin, Senior Director of Business Development at DigiCert! In our second feature interview, we welcome Chris Dale, Head of the Penetration Testing and Incident Handling at Netsecurity! In the Security News, Bluetooth bug allows man-in-the-middle attacks on phones and laptops, serial killer electrocutes himself in jail cell sex act, Google launches its own USB-based FIDO U2F keys, and more on this episode of Paul’s Security Weekly! Full Show Notes: https://wiki.securityweekly.com/Episode569   Visit https://www.securityweekly.com/psw for all the latest episodes!   →Visit https://www.activecountermeasures/psw to sign up for a demo or buy our AI Hunter!! →Follow us on Twitter: https://www.twitter.com/securityweekly →Like us on Facebook: https://www.facebook.com/secweekly

Protecting the internet and its users against cyber attacks requires a significant increase in the number of skilled cyber warriors. Related Courses Information Security for Technical Staff Fundamentals of Incident Handling   Listen on Apple Podcasts.

The security of an organization is composed of technology, people and processes. In the last few years, many organizations have done a good job addressing technology but have focused very little on the people and processes. This presentation reviews the formal methodology for performing Social Engineering Engagements. The method is divided into four sections including the Pre-Engagement, Pre-Assessment, Assessment and Post-Assessment. The Pre-Engagement, is the sales process for performing the assessment. In this section, we will review the business justification and headlines of current attacks. Pre-Assessment if focused on identifying the scope of the project, limitation, targets and attack vectors. Also included are examples of what information must be gathers for use in the assessment and post assessment phase. The most interesting and tedious part is the actual assessment. In this section, we will discuss how to engage the target, utilize company information, how to achieve the goal and what to do when you are caught. Included in this section is also how and what to document about every contact. Post assessment is the analysis and reporting phase. In it, we will review documenting findings, and mapping them to recommendations. Joe Klein, CISSP is Senior Security Consultant at Honeywell and a member of the IPv6 Business Council. He performs network, application, web-application, wireless, source-code, host security reviews and security architecture design services for clients in the commercial and government space Prior to joining Honeywell, Joe worked as a consultant performing attack and penetration assessments for many significant companies in the IT arena. While consulting, Joe also taught "Hacking and Incident Handling", "IDS/IPS management" and "Managing Network Security" at a local college in Jacksonville Florida. He regularly speaking at conferences including Defcon, InfoSecWorld, PhreakNic and regional meetings including Infragard, ASIS and ISSA.>

The security of an organization is composed of technology, people and processes. In the last few years, many organizations have done a good job addressing technology but have focused very little on the people and processes. This presentation reviews the formal methodology for performing Social Engineering Engagements. The method is divided into four sections including the Pre-Engagement, Pre-Assessment, Assessment and Post-Assessment. The Pre-Engagement, is the sales process for performing the assessment. In this section, we will review the business justification and headlines of current attacks. Pre-Assessment if focused on identifying the scope of the project, limitation, targets and attack vectors. Also included are examples of what information must be gathers for use in the assessment and post assessment phase. The most interesting and tedious part is the actual assessment. In this section, we will discuss how to engage the target, utilize company information, how to achieve the goal and what to do when you are caught. Included in this section is also how and what to document about every contact. Post assessment is the analysis and reporting phase. In it, we will review documenting findings, and mapping them to recommendations. Joe Klein, CISSP is Senior Security Consultant at Honeywell and a member of the IPv6 Business Council. He performs network, application, web-application, wireless, source-code, host security reviews and security architecture design services for clients in the commercial and government space Prior to joining Honeywell, Joe worked as a consultant performing attack and penetration assessments for many significant companies in the IT arena. While consulting, Joe also taught "Hacking and Incident Handling", "IDS/IPS management" and "Managing Network Security" at a local college in Jacksonville Florida. He regularly speaking at conferences including Defcon, InfoSecWorld, PhreakNic and regional meetings including Infragard, ASIS and ISSA.>