Deconstruct Past Attacks to
Better Plan for New Ones
Data breaches ultimately exploit weaknesses in identity access management (IAM) infrastructure. We can better plan and prepare by improving our conceptual understanding of how and where attacks exploit the flaws and imperfect harmony amongst the people, processes, and technology that comprise our IAM risk mitigation controls.
Do common, successful attack vectors reveal better ways to contend with the human element and ineradicable technical uncertainties permeating our defenses? We will conceptually deconstruct attack vectors to try to better answer such questions together.
We are very fortunate to have Eirik Iverson present on this subject. Eirik has been in cybersecurity product management for over 20 years: Virtual Private Network (VPN) services, software, and appliances; public key infrastructure (PKI); managed Firewall service; network admission control (NAC) software; signatureless anti-malware software; PKI Directory Design, Implementation, and Operations services; Assessment & Authorization; Enterprise Penetration Testing; Product Penetration Testing; Security Program Assessment; CyberOps Readiness Exercises; Incident Response; Forensics; PCI Compliance; Active Directory User Account Auto-Provisioning (smart card logon) software; and Employee Cybersecurity Awareness Training & Conditioning. Mr. Iverson has a BS in Aerospace Engineering from University of Maryland an MBA from Carnegie Mellon University.
Note that this will be the twentieth meeting discussing cyber security aspects related to the RMF. At our last meeting, Cindy Faith and Mary Pat Anderson volunteered as panel members on a special topic: “Privileged Accounts Management and Auditing of those Accounts.” This fascinating question was the motivational subtitle for our topic: “How can an Edward Snowden event be prevented?” By the way, we selected our topic and subtitle before the recent public focus on Snowden. Their initial discussion presentation is available in the meetup’s library for meetup members. They included some useful references in their slides.
REGISTER at http://www.meetup.com/NCR-Risk-Management-Framework-Lifeboat/ SOONEST. You’ll find the practical information for our LifeBoat group meeting there. You can also tell other folks that they can easily get information and RSVP by starting on our ISSA Northern Virginia (NOVA) home page at http://nova.issa.org/ .
If anyone decides against using a free Meetup account, they are welcome to call 703-402-4379 to RSVP and get the practical details (where, when, and free parking). They can also optionally request to be added to our BCC email distro list. HOWEVER, many valuable RMF LifeBoat files are posted on our meetup for download by our Meetup group members.