OISC 2020

NIST recommends that organizations perform cyber risk assessments regularly to identify security vulnerabilities and to control levels of exposure to threats. We discuss a method to customize the ranking of cyber threats based on the organization’s maturity level of implementing NIST controls. We use LEF as a measure of severity of cyber threats.  The methodology integrates NIST maturity levels to calculate the resistance strength component and produce the LEF values for each threat. The LEF value is then used to represent the severity level of the threat to the specific organization.

With over $1.2 billion dollars lost in 2018 due to email compromises, it is one of the leading methods attackers use to launch cyber-attacks. Companies often don’t take the basic necessary precautions to prevent it, and don’t know how to respond to them when they occur. Learn how to secure your Office 365 tenant to reduce your risk of attack, the common methods attackers use to compromise email accounts, the proper response to an email compromise, and how to perform threat hunting. Also learn how to utilize PowerShell to provide deep insight into your tenant and perform incident response.

You've been hit by a cyber-attack.  The calls from the media and your customers are coming fast and furious.  What will your team tell the media and your customers?  In this panel we will (1) discuss how organizations – both large and small – typically communicate about such incidents, (2) offer some critique about the strategies those organizations employed, and (3) demonstrate how you can use the Benoit model of image restoration to develop effective messaging strategies for your various publics or constituencies.

Our systems are operating in a contested environment, our enemies are playing on our playground. We are at the pinnacle in time where we must ensure our business and mission critical systems are resilient enough to fight through these attacks. This presentation introduces system cyber resiliency, how organizations can effectively play in the adversary's sandbox and the incorporation of adversarial assessments into your organization.