Audits strengthen business operations, yet many organizations are fearful of the process, rather than seeing the benefits of audits. In this webinar, you get better insights in the auditing process and how you can use audits to strenghten and mature your overall risk programme.
Incident Response in the Cloud – Webinar 29 June 2029
29 juni 2020 – Cyber Security Coalition
However difficult the foggy cloud may make it to find out what you need to know, there is always a ray of sunshine that shines a light on security… Because yes, you can automate incident response in the cloud, as Jeroen Vandeleur, Service Line Manager for cyber architecture and cloud security at NVISO, proves in his presentation. That is, provided you enable the available means in the cloud to log and centralize the necessary information, “this is part of the shared responsibility regarding security in the cloud!” Otherwise, you will have no idea about the means, the motive and the opportunity of the cyber criminal. “It would be like a murder case, without a body.”
Common mistakes relate to traffic filtering/logging, enabling default logging, the retention period of log data, access management, host configurations and identification of resource owner – “6 challenges when doing incident response in the cloud.” Both MS Azure and Amazon AWS provide basic and advanced security features, “so make use of what is available,” with Jeroen Vandeleur providing a concise comparison of both offerings.
The ultimate proof of the pudding is in showing how to actually automate incident response handling in a SOC. NVISO has an agile and flexible approach, based on the military ‘observe, orient, decide, act upon’ principle (OODA). Jeroen Vandeleur provided an example of how to script response rules, based on an internal incident case, finishing with an extensive demo (with reference where the script code can be found).
This webinar was the final session in the Cloud Security experience-sharing event, with grateful appreciation expressed to Jeroen Vandeleur as the driving force behind this event.
This webinar focuses on the context of information security through governance, more particularly on the key role of the CISO and the value of COBIT as a digital governance framework for information security activities supported by the presentation of a best practice.
This webinar presents the building blocks of an effective organization-wide risk management and explains the requirements for IT risk management certification.
In this Cyber Talk you gain insights in advanced threats outside your organisation and what you could potentially do to protect you from them.
In this first webinar of the GRC: Be Connected! series, some very basic aspects of cyber security are treated: how to manage necessary skills, what about frameworks, where to find knowledge.