JUN Colorado Convention Center 700 14th Street Denver, CO 80202 USA
NCC Group's very own Michael Gough will be presenting Preparing for a Ransomware or Malware Incident as well as Incident Response is HARRRRRD… but it doesn’t have to be in Denver at Rocky Mountain Information Security Conference (RMISC)
The RMISC is the only conference of its kind in the Rocky Mountain region. A convenient, affordable knowledge-builder for IT security, audit and compliance professionals at all levels. RMISC provides the perfect blend of education, networking and opportunities that are critical to your success in today’s economy and security climate! With two of the most prominent Denver-based InfoSec organizations, this conference will double your ability to reach your key buyers in the Rocky Mountain region!
To learn more about his presentations, read below.
Preparing for a Ransomware or Malware Incident
Preparing and responding to an incident is an essential skill for today’s Information Security and IT professionals. This course focuses on Ransomware and Malware targeting organizations most, and the types of things that we can do about it to reduce this risk. By identifying the risks, you can identify gaps which helps to define potential budget needs.
The goal and objective is to respond to an incident quickly. What can we do to close the holes that are taken advantage of causing these attacks to succeed will help us to prepare for an eventual incident.
Also covered will be configurations that should be enabled to help incident responders in the event you have an incident and/or require help from an IR firm, which helps us help you. This preparation could help to reduce costs of an incident, and help to justify budget for any gaps.
Incident Response is HARRRRRD… but it doesn’t have to be
So your EDR, AV, or other fancy shiny blinky lights security tools alerted you that Bobs Windows box has some suspicious activity. Do you have the details you need to investigate or remediate the system? Can you quickly and easily investigate it? You can enable a lot of things you already have for FREE to help you with your investigations, no matter the tools used. Let’s take a look how we do Incident Response on Windows systems and what you can do to prepare for an inevitable event.
How is your logging? Is it enabled? Configured to some best practice? (hopefully better than an industry standard that is seriously lacking). Have you enabled some critical logs that by default Microsoft does NOT enable? Do you have a way to run a command, script, or a favorite tool across one or all your systems and retrieve the results? Do you block some well-known exploitable file types so users do not initiate the scripting engine when they double click, rather just open good ol’ Notepad?
Everything mentioned here is FREE and you already have it!