RVAsec 2019

Information Security is constantly in the news and making headlines. Which companies are breached? What are the impacts? How will the government respond to adversarial nations? The Internet still behaves much like the wild west – policy decisions are consistently being made and changed based on the structure and sustainability of the web. Organizations large and small are feeling the impacts of having a poor cyber security posture. This talk is perfect for those who are beginners, career changers, or anyone who needs a refresh on the building blocks of  information security. It will discuss how data can be compromised, what those impacts are, and some suggestions of first steps. We will then dive into what vulnerabilities are and what to do about it. Finally, we will go over the things the rest of the 101 track will cover.

Attendees of this session will gain a clear perspective of what benefits Cyber Insurance can provide to their existing Cyber Security Program.  Today, Cyber Insurance is no longer a “nice to have” but is a “must have” for every company doing business in a digital world.  But how much coverage do you need and what’s really involved in getting cyber insurance?  People who attend this session will gain a clear perspective on what Cyber Insurance can and can’t provide and where traditional insurance policies fall short.

A quick look at the marketing FUD of 'Automated Pentests' and a high level look at the various technical pieces that delineate the difference between scanning and the real-world attacks used in pentesting. Touches on technical and business processes to ensure that your organization is spending its resources in the right places.

You may think that USB drops are a thing of the past but that’s certainly not the case. Sometimes breaching a target with a massive defense budget is as simple as a $10 USB dropped at the right location. In this talk I’ll share how an organization could start their own USB drop assessment by detailing the history, common research, tools of the trade, tactics, and mindset of a potential attacker. 

Everywhere you look today you see “risk-based security” being touted as the next big thing. Knowing your assets, understanding the threats and vulnerabilities that may impact those assets, and calculating a risk score in order to prioritize mitigation actions, should be every organization’s goal. Risk-based security is not accomplished by performing a risk assessment exercise once a year. It requires a continuous assessment of your organization’s risk posture. Too many businesses think that completing a risk assessment is a difficult and complicated process that requires expensive software and can only be done by third party consultants. As a result, risk assessments are not conducted or conducted once and stored away to show the auditors. Risk assessments are essential in order to assure that the expenditures involved in mitigating vulnerabilities and the implementation of security controls are commensurate with the risks facing the organization. Attend this interactive session to explore the definitions, methodologies, structure and the expected results of a proper risk assessment that can be produced by your organization.

Think the network is a black box that magically gets your cat videos to you? This talk explains how it works at the fundamental levels.

Charles will explain the beginner concepts of identifying, quantifying, qualifying, and decisioning risks with a focus on how this differs from the practice of cybersecurity.

A recap of the 101 track and Q&A with some of our speakers and RVAsec experts.
Moderated by Deana Shick.