Category Archives: MicroSolved’s Strategies & Tactics Talks

MSI Strategy & Tactics Talk Ep. 24: When Outsourcing Security Tasks Goes Wrong

Posted on by
1

Outsourcing security tasks can be beneficial to a busy organization. But is there a possible downside? What questions should that organization ask when outsourcing part of their information security tasks?  In this episode of MSI Strategy & Tactics, the techs discuss an incident that happened when an organization outsourced a part of their system administration tasks to an outside consulting firm.  If you are considering outsourcing part of your security tasks, you’ll want to listen! Discussion questions include:

  • How important is it for vendors to vet employees before sending them into the field?
  • How important is it for organizations to be able to see that the vendors have thoroughly done this?
 
Panelists:
Brent Huston, CEO and Security Evangelist
Phil Grimes, Security Analyst
John Davis, Risk Management Engineer
Mary Rose Maguire, Marketing Communication Specialist and moderator
 

Click the embedded player to listen. Or click this link to access downloads. Stay safe!

MSI Strategy & Tactics Talk Ep. 22: 3 Tasks a Security Administrator Hates To Do (But Needs To Do)

Posted on by
3

It’s an understatement to say a security administrator is busy. In the quest to achieve POLA (Principle of Least Access), it’s easy to overlook other tasks that can make a huge difference in your overall security strategy.  In this episode of MSI Strategy & Tactics, the techs discuss three tasks that if consistently put on hold, will eventually cause havoc in your world. If you’re a security administrator, take a listen! Discussion questions include:

  • Password Management: Why is this an issue and what can a security administrator do that will make it easier?
  • Log Reviews: How can this task be better organized?
  • Why is documentation often overlooked and what can a security administrator do to change it?
Tools mentioned:
 
Panelists:
Adam Hostetler, Network Engineer and Security Analyst
Phil Grimes, Security Analyst
John Davis, Risk Management Engineer
Mary Rose Maguire, Marketing Communication Specialist and moderator

Click the embedded player to listen. Or click this link to access downloads. Stay safe!

MSI Strategy & Tactics Talk Ep. 21: The Penetration Testing Execution Standard

Posted on by
2

Penetration Tests have been done for years but yet there has often been confusion regarding what a penetration test should deliver. Enter the beta release of the Penetration Testing Execution Standard (PTES). What does it mean?  In this episode of MSI Strategy & Tactics, the techs discuss the current state of penetration tests and how PTES is a good idea that will benefit many organizations. Take a listen! Discussion questions include:

  • What is PTES? How does it differ from the current state of the industry?
  • What is the importance of industry standardization? Is it a good thing or a bad thing?
  • What does it mean for the future of vulerability and penetration testing?
Panelists:
Adam Hostetler, Network Engineer and Security Analyst
Phil Grimes, Security Analyst
John Davis, Risk Management Engineer
Mary Rose Maguire, Marketing Communication Specialist and moderator

Click the embedded player to listen. Or click this link to access downloads. Stay safe!

MSI Strategy & Tactics Talk Ep. 20: Denial of Service Attacks

Posted on by
Reply

We haven’t seen anywhere near the thresholds that could happen with massive scale bot-nets. I think it’s clear that bot-nets are the future weapon of DoS and we’ll continue to see that until somebody takes away the capability. In addition, mobile devices are going to experience an increase in DoS attacks. – Brent Huston, MSI CEO and Security Evangelist

Denial of Service attacks were alive and well in 2011 as seen with WordPress and MasterCard. What have we learned from these types of attacks?  In this episode of MSI Strategy & Tactics, the techs discuss what DoS attacks and how organizations can respond. Take a listen! Discussion questions include:

  • Organizations have been dealing with denial of service attacks for a while now, what lessons should they have learned?
  • What about this new hashdos attack against web sites?
  • How should they create and test dos detection and response plans?
  • What is the future of denial of service attacks?
Panelists:
Brent Huston, CEO, Founder, and Security Evangelist
Adam Hostetler, Network Engineer and Security Analyst
Phil Grimes, Security Analyst
John Davis, Risk Management Engineer
Mary Rose Maguire, Marketing Communication Specialist and moderator

Click the embedded player to listen. Or click this link to access downloads. Stay safe!

MSI Strategy & Tactics Talk Ep. 18: Vulnerability Assessment vs. Penetration Testing

Posted on by
Reply

A vulnerability is the process of identifying and quantifying vulnerabilities on your network systems. A penetration test is a goal-oriented exercise — it can be to get data on the system or to cause as much damage as you can in order to test the system. – Adam Hostetler, MSI Network Engineer and Security Analyst

What is the best security assessment for you? A vulnerability assessment or a penetration test? Are’t they the same? In this episode of MSI Strategy & Tactics, the techs discuss the differences between the two and how to know which one is best for you. Take a listen! Discussion questions include:

  • The difference between a vulnerability assessment and a penetration test
  • The width versus depth analogy
  • When an organization should use a vulnerability assessment and when to use a penetration test
  • How an organization can make sure they are asking for and getting the right fit

Panelists:
Brent Huston, CEO, Founder, and Security Evangelist
Adam Hostetler, Network Engineer and Security Analyst
Phil Grimes, Security Analyst
John Davis, Risk Management Engineer
Mary Rose Maguire, Marketing Communication Specialist and moderator

Click the embedded player to listen. Or click this link to access downloads. Stay safe!

MSI Strategy & Tactics Ep. 17: Thoughts On The SCADA Breach In Springfield, Illinois

Posted on by
Reply

What happened with the water facility SCADA breach in Springfield Illinois? ICS-SCADA security has been on our radar for a few months, now. The recent attack on a water plant in Illinois has highlighted existing vulnerabilities that open the door to malware. In this special edition of MSI Strategy & Tactics, Chris Lay, Account Executive, interviews MSI CEO, Brent Huston on the breach. Take a listen! Discussion questions include:

  • Breaking down the nuts and bolts of the attack
  • The similarities and differences of the attack vs. the Stuxnet worm
  • What ICS-SCADA organizations can learn from this attack

Panelists:
Brent Huston, CEO, Founder, and Security Evangelist
Chris Lay, Account Executive
Mary Rose Maguire, Marketing Communication Specialist and moderator

Click the embedded player to listen. Or click this link to access downloads. Stay safe!

MSI Strategy & Tactics Talk Ep. 15: Information Security for Credit Unions

Posted on by
Reply

Credit Unions have become popular over the past few weeks as societal trends have placed greater pressure on bank policies. What’s the scoop on Credit Unions and information security? Take a listen! Discussion questions include:

  • Supporting Credit Union swap through infosec
  • The “hactivist” group Anonymous and “Dump Your Bank Day”
  • Is infosec strong at Credit Unions?
  • Our approaching toward testing Credit Unions and banking apps

Panelists:
Brent Huston, CEO, Founder, and Security Evangelist
Adam Hostetler, Network Engineer and Security Analyst
Phil Grimes, Security Analyst
John Davis, Risk Management Engineer
Mary Rose Maguire, Marketing Communication Specialist and moderator

Click the embedded player to listen. Or click this link to access downloads. Stay safe!

MSI Strategy & Tactics Talk Ep. 14: Security Rants and More!

Posted on by
Reply


This edition covers a variety of topics —  Discussion questions include:

  • Footprinting and understanding environments
  • Attack against Mitsubushi and Japan
  • Security with corporate networks and SCADA
  • Where information security is going as an industry

Panelists:
Brent Huston, CEO, Founder, and Security Evangelist
Adam Hostetler, Network Engineer and Security Analyst
Phil Grimes, Security Analyst
John Davis, Risk Management Engineer
Mary Rose Maguire, Marketing Communication Specialist and moderator

Click the embedded player to listen. Or click this link to access downloads. Stay safe!

MSI Strategy & Tactics Talk Ep. 13: SCADA & Handling Threats In a Post-Stuxnet World

Posted on by
Reply


SCADA is becoming a hot property among security professionals who work with Industry Control Systems (ICS). During this discussion, our team tackles how to view threats and respond accordingly. Discussion questions include:

  • How can organizations get their heads wrapped around what it takes to secure a modern SCADA/Business environment hybrid?
  • What happened to the air gap approach that we hear so many SCADA history folks talk about? Why did that model break down? Why can’t we go back to it?
  • What happens to threats against SCADA/ICS as mobile integration, smart grid components and other disruptive technologies come online?
  • How can SCADA/ICS security teams engage with other security professionals and each other?

 
Panelists:
Brent Huston, CEO, Founder, and Security Evangelist
Adam Hostetler, Network Engineer and Security Analyst
Phil Grimes, Security Analyst
John Davis, Risk Management Engineer
Mary Rose Maguire, Marketing Communication Specialist and moderator

Click the embedded player to listen. Or click this link to access downloads. Stay safe!

MSI Strategy & Tactics Talk Ep. 12: Managing Mobile Security Part II

Posted on by
Reply

“Enterprises are starting to move toward mobile device management services. This could be in-house or off-site. It allows remote provisioning and configuration. It really helps an organization with policy issues.”  – Adam Hostetler, Network Engineer and Security Analyst, MicroSolved, Inc.

Samsung Galaxy, Google Android, Apple iPad — mobile devices are a hot item and consumers are bringing them to their workplaces. We wrap up our discussion from Episode 9 on Mobile Security by discussing what you can do to choose your mobile devices wisely and create an action plan for your organization. Discussion questions include:

  • Does it matter which mobile device you use?
  • How can an organization create a plan that is focused on attack prevention?
Panelists:
Adam Hostetler, Network Engineer and Security Analyst
Phil Grimes, Security Analyst
John Davis, Risk Management Engineer
Mary Rose Maguire, Marketing Communication Specialist and moderator

Click the embedded player to listen. Or click this link to access downloads. Stay safe!