OAGITM Members: Following is a list of 22 free SANS webcasts throughout October -- National Cyber Security Awareness Month! -- and November & December. Please mark your calendars and share this info with appropriate folks in your organization. Regards, Theresa A. Masse Chief Information Security Officer State of Oregon Department of Administrative Services Enterprise Security Office 503-378-4896 Data Classification 2 - Limited Confidentiality Notice: This message, including any attachments or links, may contain privileged, confidential and/or legally protected information. Any distribution or use of this communication by anyone other than the intended recipient(s) is strictly prohibited. If you have received this communication in error, please notify the sender immediately by replying to this message and then delete all copies of the original communication, including any attachments and/or links. Upcoming SANS Webcasts: WEBCAST 1 Special Webcast: Finding Unknown Malware WHEN: Monday, September 24, 2012 at 1:00 PM EDT (1700 UTC/GMT) Featuring: Alissa Torres https://www.sans.org/webcasts/finding-unknown-malware-95614 If you have ever been given the mission to "Find Evil" on a compromised system, you understand the enormity of that tasking. In this one-hour webcast, we will make use of sound methodology for identifying malware, using strategies based on "Knowing Normal", "Data Reduction" and "Least Frequency of Occurrence" in order to identify malicious software and common methods of persistence. The skills and tools presented here will aid in efficient identification of anomalous files in order to narrow further analysis and facilitate the creation of indicators of compromise, used in enterprise-wide scanning. WEBCAST 2 SANS Asia-Pacific Series: How Attackers Exploit Modern, Secure Wireless Networks WHEN: Tuesday, September 25, 2012 at 18:30 Sydney / 17:30 Seoul-Tokyo / 16:30 Singapore / 14:00 Bangalore Featuring: Lawrence Pesce, SANS Certified Instructor https://www.sans.org/webcasts/attackers-exploit-modern-secure-wireless-netwo rks-95642 Sponsored By: Australian Computer Society, http://www.acs.org.au/ We hope that network professionals are beginning to do a better job understanding the technological risks of implementing wireless networks. We now see appropriate encryption, authentication and all of the technical pieces that go along with it. The problem is, attackers and penetration testers are still getting in. We'll take a look at some often forgotten vectors, the pitfalls and how they relate to pineapples, free hugs, bitcoin mining, and human psychology enter into the equation. WEBCAST 3 Special Webcast: Spear Phishing to Change Employee Behavior: Obvious and Non-Obvious Benefits WHEN: Tuesday, September 25, 2012 at 2:01 PM EDT (1801 UTC/GMT) Featuring: Aaron Higbee, CTO and Co-Founder, PhishMe, Inc. https://www.sans.org/webcasts/spear-phishing-change-employee-behavior-obviou s-non-obvious-benefits-95530 Sponsored By: PhishMe, http://www.phishme.com/ Cyber-crime and electronic espionage, most commonly, initiate with an employee clicking a link to a website hosting malware, opening a file attached to an email and laden with malware, or just simply giving up corporate credentials when solicited via phishing websites. Technical controls presented as silver bullets provide false hope and a false sense of security. These threats can be mitigated significantly by training the workforce to identify, thwart, and report such attacks in a timely manner. How resilient are your employees? WEBCAST 4 Special Webcast: Own Your Own Network: Continuous Monitoring WHEN: Wednesday, September 26, 2012 at 1:00 PM EDT (1700 UTC/GMT) Featuring: Jerry Shenk and Michael Thelander https://www.sans.org/webcasts/network-continuous-monitoring-95574 Sponsored by: Tripwire, http://www.tripwire.com Continuous monitoring has been defined by NIST and the SANS 20 Critical Security Controls as key to reducing risk in IT environments. Under these definitions, continuous monitoring encompasses at lot of moving parts! Change management, configuration management, vulnerability assessment, patch management, threat assessment - all are included in a comprehensive continuous monitoring program. Where do organizations start? What does continuous really mean? How can these efforts be coordinated to improve audit, compliance and risk posture without blowing a gasket trying to connect all the dots? In this webcast, learn how to inventory and assess your systems and network devices, audit and manage configuration and patches, and combine this data with threat assessments for better risk management, accurate response, and improved compliance. WEBCAST 5 Analyst Webcast: User Provisioning and Compliance: SANS Institute Product Review of Oracle Identity Governance Solutions WHEN: Thursday, September 27, 2012 at 9:00 AM PDT / 1:00 PM EDT (1700 UTC/GMT) Featuring: Dave Shackleford and security experts from Wyndham Worldwide, Oracle and PricewaterhouseCoopers https://www.sans.org/webcasts/user-provisioning-compliance-institute-product -review-oracle-identity-governance-solut-95404 Sponsored By: Oracle, http://www.oracle.com Translating the IT-centric, directory based view of access and authorization into the process-driven concerns of business users inevitably creates unique challenges-particularly when determining which users have access to what resources and what they are doing with that access. Enforcing governance controls to manage access, while simplifying the process for users, is critical to reduce the risk of an employee or malicious third party with excessive access taking advantage of that access. In this webcast, learn first-hand from Wyndham Worldwide and PricewaterhouseCoopers about the key issues associated with implementing self-service user provisioning while maintaining appropriate controls on critical applications and data. Also providing commentary will be Oracle's product management director, Viresh Garg, and senior SANS Analyst Dave Shackleford, who will cover highlights of his review of Oracle Identity Governance Solutions User Provisioning capabilities, including the product's unique online "shopping cart" model for self-service setup of user access. WEBCAST 6 Special Webcast: Network Forensics - What Are Your Investigations Missing? WHEN: Friday, September 28, 2012 at 1:00 PM EDT (1700 UTC/GMT) Featuring: Phil Hagen https://www.sans.org/webcasts/network-forensics-investigations-missing-95619 Traditionally, computer forensic investigations focused exclusively on data from the seized media associated with a system of interest. Recently, memory analysis has become an integral part of forensic analysis, resulting in a new and significantly different way for digital examiners and investigators to perform their craft. Now another evolution in computer forensics is at hand - one that includes data collected from network devices as well as the from wires themselves. Every day, more and more network-enabled products hit the market. Incorporating network data from those devices during the analytic process is critical for providing a complete understanding of the event under investigation. Even in traditional data-at-rest examinations, the network may hold the only clues left behind by a diligent attacker that has covered his or her tracks. We'll discuss how network-based evidence can support traditional data-at-rest computer forensic analysis. Other topics will include the sources and methodologies for collecting network evidence. By knowing what existing data to ask for and what additional data to collect during an investigation, we can provide a more comprehensive analysis of the event at hand. WEBCAST 7 Special Webcast: Memory Forensics for Incident Response WHEN: Monday, October 01, 2012 at 1:00 PM EDT (1700 UTC/GMT) Featuring: Hal Pomeranz https://www.sans.org/webcasts/memory-forensics-incident-response-95647 Modern malware has become extremely adept at avoiding detection by traditional endpoint analysis tools. Memory Forensics gives the investigator multiple solutions for detecting typical malware techniques such as code injection, API hooking, and process hiding. This talk is an overview of Memory Forensics including how to acquire memory images and tools and techniques for analyzing them. Hal Pomeranz is the founder and technical lead for Deer Run Associates, a consulting company focusing on Digital Forensics and Information Security. He provides forensic analysis services through his own consulting firm and by special arrangement with MANDIANT. He has consulted on several major cases for both law enforcement and commercial clients. Hal is a SANS Faculty Fellow and and instructor in the SANS Forensics curriculum. WEBCAST 8 Special Webcast: Why Security Awareness Matters - 1st in Series WHEN: Tuesday, October 2, 2012 at 1:00 PM EDT (1700 UTC/GMT) Featuring: Lance Spitzner https://www.sans.org/webcasts/security-awareness-matters-1st-series-95534 Sponsored By: Core Security, http://www.coresecurity.com Many people do not understand the value of security awareness, especially how it dramatically reduces risk. In this short webinar we will explain to you the value of security awareness and give you to the tools to communicate that value. Key areas we will cover include: Why humans are so vulnerable and how threats are exploiting those vulnerabilities. What security awareness is and how it addresses human vulnerabilities. Common misconceptions of security awareness. Moving awareness beyond just prevention to detection and response. Security Awareness Maturity Model. How to build stakeholder and management support of your security awareness program. WEBCAST 9 ISC Threat Update WHEN: Wednesday, October 10, 2012 at 1:00 PM EDT (1700 UTC/GMT) Featuring: Johannes Ullrich, PhD https://www.sans.org/webcasts/isc-threat-update-20121010-95049 Sponsored By: Core Security, http://www.coresecurity.com The SANS Internet Storm Center (ISC) uses advanced data correlation and visualization techniques to analyze data collected from thousands of sensors in over sixty countries. Experienced analysts constantly monitor the Storm Center data feeds searching for trends and anomalies in order to identify potential threats. When a threat is identified, the team immediately begins an intensive investigation to gauge the threat's severity and impact. This monthly webcast discusses recent threats observed by the Internet Storm Center, and discusses new software vulnerabilities or system exposures that were disclosed over the past month. The general format is about 30 minutes of presentation by senior ISC staff, followed by a question and answer period. WEBCAST 10 Analyst Webcast: Beyond Continuous Monitoring: Threat Modeling for Real-time Response WHEN: Thursday, October 11, 2012 at 1:00 PM EDT (1700 UTC/GMT) Featuring: G. Mark Hardy and Tiffany Jones https://www.sans.org/webcasts/continuous-monitoring-threat-modeling-real-tim e-response-95579 Sponsored By: Symantec, http://www.symantec.com Threat agents to federal systems run the gamut from state-sponsored attacks emanating from countries like China, to social rebels including Anonymous and Wiki Leaks, to spies for hire in espionage, or to common criminals working to access financial data that could be used in identity theft. The threat has yet to spill over into the realm of cybercombat, but vulnerabilities have been demonstrated in military drones and other connected mechanical and communications systems, making security of all connected systems a priority for multiple Federal regulatory bodies. As it turns out, most successful intrusions are the result of vulnerabilities (known or unknown) left open by the system owners-whether these be leaving unpatched systems, running vulnerable ports and services, using default and shared passwords, or end users making mistakes. This is why FISMA, which originally mandated periodic enterprise audits and reports, ultimately upgraded requirements from point-in-time audits and reports to continuous monitoring to discover and repair these types of vulnerabilities before they become a huge security event to the enterprise. In its purest sense, continuous monitoring is inwardly focused on such activities as vulnerability assessment and patch management, which provides valuable situational awareness of systems and potential vulnerabilities. Continuous assessment of the security posture of network devices and security systems will help prevent incidents from being successful. But in the case of an event, monitoring is nothing without the ability to respond accurately and in a timely manner. In this webcast, G. Mark Hardy, an instructor with the SANS Institute and the founder of National Security Corporation, will discuss how continuous monitoring can go beyond compliance to create a real-time threat model that enables active response with situational awareness. By reducing the latency in sensor feeds, we can begin to defend our networks in real-time, rather than playing catch-up. (But even real-time isn't as continuous as it seems.) If used to continuously repair vulnerabilities, continuous assessments will result in improved network security and compliance over time. Register for this webcast and be among the first to receive an advanced paper on the same topic. WEBCAST 11 Special Webcast: Harvesting the Rotten Fruit III: Killer Tomatoes Attacking the Client! WHEN: Monday, October 15, 2012 at 1:00 PM EDT (1700 UTC/GMT) Featuring: Kevin Johnson https://www.sans.org/webcasts/harvesting-rotten-fruit-iii-killer-tomatoes-at tacking-client-95419 With the rise of hactivism and other types of attackers, it becomes very important for organizations to understand what their applications expose them too. In our work and classes we find that many of the current attacks are focused on the low hanging fruit our web application contain. So in this the third part of this trilogy, we will explore how XSS and XSRF are rife through applications and how to find it before the attackers do! WEBCAST 12 Special Webcast: Security Awareness: Planning for Success WHEN: Tuesday, October 16, 2012 at 1:00PM EDT (1700 UTC/GMT) Featuring: Lance Spitzner https://www.sans.org/webcasts/security-awareness-planning-success-95544 Sponsored By: Core Security, http://www.coresecurity.com Once an organization is committed to a security awareness program they often wonder what next, where do they start. We will walk organizations through the planning process, including using the Security Awareness Roadmap for planning, executing and maintaining a high impact awareness program. Key areas we will cover include: Overview of Security Awareness Maturity Model and Roadmap Gaining stakeholder support, developing a Project Charter and defining key expectations. Building your Steering Committee Identifying WHO are the key targets of your awareness program Identifying WHAT key behaviors you want to change and the relevant content/topics you will teach them Identifying HOW you will communicate those key topics Developing an execution plan Long term sustainment Metrics WEBCAST 13 Special Webcast: Understanding Chinese APT Hackers: Attribution, Attack Trends and Why It Matters WHEN: Wednesday, October 17, 2012 at 11:25 AM EDT (1525 UTC/GMT) Featuring: Greg Hoglund https://www.sans.org/webcasts/understanding-chinese-apt-hackers-attribution- attack-trends-matters-95604 Sponsored By: HB Gary, http://www.hbgary.com/ Chinese hackers have a long history. Many of the hackers know each other, have social links, potentially trade malware and tools, etc. As HBGary has expanded its threat intelligence around Chinese APT, it has become very clear that the actionable data has nothing to do with the number of groups. Chinese APT is an emulsion of largely similar intentions, tools, and backstories. In this webinar, Greg Hoglund, CTO ManTech CSI and VP of HBGary, will present surprising new research findings about Chinese APT threat actors, trends in Chinese APT attacks and why it matters. Leveraging new HBGary's link analysis tool, traditional computer forensics, and other resources, Mr. Hoglund will discuss how HBGary's threat intelligence team has been able to make significant advances in attribution for specific Chinese APT attacks, as well as provide an overview of what incident response professionals should look for in their investigations to correlate attacks and attribute them to a particular actor or group. WEBCAST 14 Ask The Expert Webcast: Not So Private Browsing WHEN: Thursday, October 18, 2012 at 1:00 PM EDT (1700 UTC/GMT) Featuring: Rob Lee and Jad Saliba https://www.sans.org/webcasts/private-browsing-95520 Sponsored By: Magnet Forensics Let's face it -- the web browser is used more than any other application on our computers. We connect via the browser to read email, chat with friends, post to Facebook, tweet, and much more. Browser data has become more secure recently, but most of it is still recoverable in a variety of ways. Using standard forensic techniques, we will walk through some of the cutting-edge methods that an investigator can use to determine where someone was browsing - even if they were using the latest privacy enhanced features such as "Private Browsing" or "Incognito". This talk will cover artifacts left behind in Firefox, IE, and Chrome browsers, and the tools and techniques analysts can use to recover hidden artifacts long after browsing history has been cleared from a computer. WEBCAST 15 Analyst Webcast: SANS Mobility Policy and Management Survey, Part of the SANS Mobility Survey Series, Part I WHEN: Tuesday, October 23, 2012 at 1:00 PM EDT (1700 UTC/GMT) Featuring: SANS Mobility Expert Kevin Johnson https://www.sans.org/webcasts/mobility-policy-management-survey-mobility-sur vey-series-95429 Sponsored By: Box https://www.box.com/, F5 http://www.f5.com/, McAfee http://www.mcafeesecurity.com, Oracle http://www.oracle.com, Mobile Iron https://www.mobileiron.com/, RSA http://www.emc.com/domains/rsa/index.htm SANS released its First Mobility Security Survey on April 12. In it, more than 60 percent of 651 respondents allowed BYOD in their mobile policies, but only 9 percent felt they were fully aware of the devices accessing corporate resources. The majority lacks policy to manage this risk, and those that are attempting to do so are throwing multiple point technologies at the problem and hoping they stick. In this webcast, learn about results from our second survey on policy and management of BYOD/mobility that is now underway. In it, senior SANS analyst Kevin Johnson will reveal what enterprises are considering in their mobile/BYOD risk management policies and how their management practices stand up in major categories such as malware protection, mobile device management, access and application controls, and user policy. Register for this webcast and be among the first to receive an advanced copy of the associated Mobility Survey Policy and Management Survey whitepaper report. WEBCAST 16 Analyst Webcast: SANS Mobility Policy and Management Survey, Part of the SANS Mobility Survey Series, Part II WHEN: Tuesday, October 25, 2012 at 1:00 PM EDT (1700 UTC/GMT) Featuring: SANS Mobility Expert Kevin Johnson https://www.sans.org/webcasts/mobility-policy-management-survey-mobility-sur vey-series-95434 Sponsored By: Box https://www.box.com/, F5 http://www.f5.com/, McAfee http://www.mcafeesecurity.com, Oracle http://www.oracle.com, Mobile Iron https://www.mobileiron.com/, RSA http://www.emc.com/domains/rsa/index.htm SANS released its First Mobility Security Survey on April 12. In it, more than 60 percent of 651 respondents allowed BYOD in their mobile policies, but only 9 percent felt they were fully aware of the devices accessing corporate resources. The majority lacks policy to manage this risk, and those that are attempting to do so are throwing multiple point technologies at the problem and hoping they stick. In this webcast, learn about results from our second survey on policy and management of BYOD/mobility that is now underway. In it, senior SANS analyst Kevin Johnson will reveal what enterprises are considering in their mobile/BYOD risk management policies and how their management practices stand up in major categories such as malware protection, mobile device management, access and application controls, and user policy. Register for this webcast and be among the first to receive an advanced copy of the associated Mobility Survey Policy and Management Survey whitepaper report. WEBCAST 17 Special Webcast: How to Create an Engaging Program People Want To Take WHEN: Tuesday, October 30, 2012 at 1:00 PM EDT (1700 UTC/GMT) Featuring: Will Pelgrin, Chair of the MS-ISAC, President and CEO of the Center for Internet Security https://www.sans.org/webcasts/create-engaging-program-people-95539 Sponsored By: Core Security, http://www.coresecurity.com One of the biggest challenges is getting people to take the training. We will explain how to create a program so engaging employees will be asking how their families can take it. Key areas we will cover include: Marketing 101: "What Is In It For Me" approach. Avoiding FUD, instead focusing on enabling people and technology Most effective ways to communicate Primary & Reinforcement training Case studies of effective engagement Enforcement vs. Rewarding WEBCAST 18 ISC Threat Update WHEN: Wednesday, November 14, 2012 at 1:00 PM EDT (1700 UTC/GMT) Featuring: Johannes Ullrich, PhD https://www.sans.org/webcasts/isc-threat-update-20121114-95054 Sponsored By: Core Security, http://www.coresecurity.com The SANS Internet Storm Center (ISC) uses advanced data correlation and visualization techniques to analyze data collected from thousands of sensors in over sixty countries. Experienced analysts constantly monitor the Storm Center data feeds searching for trends and anomalies in order to identify potential threats. When a threat is identified, the team immediately begins an intensive investigation to gauge the threat's severity and impact. This monthly webcast discusses recent threats observed by the Internet Storm Center, and discusses new software vulnerabilities or system exposures that were disclosed over the past month. The general format is about 30 minutes of presentation by senior ISC staff, followed by a question and answer period. WEBCAST 19 Special Webcast: How to Develop a Bring-Your-Own-Device Policy WHEN: Thursday, November 15, 2012 at 1:00 PM EDT (1700 UTC/GMT) Featuring: Benjamin Wright https://www.sans.org/webcasts/develop-bring-your-own-device-byod-policy-9556 4 As mobile devices like tablets, laptops and smartphones have become the typical tools for professionals to do their work, many employers have allowed and even encouraged employees to use their own devices. Some employers today subsidize the cost of mobile devices that employees purchase and then use part time for work. But setting policy on employee-owned devices can be really hard. This webinar will examine case law and policy options related to such topics as security and record retention and destruction. It will offer sample language as a starting place for drafting policy, while explaining the risks and benefits of wording a policy one way or another. Mr. Wright will give practical tips and suggestions on how to develop a policy that everyone in an enterprise can (more or less) live with, while explaining pitfalls and suggestions for employee training and education. WEBCAST 20 ISC Threat Update WHEN: Wednesday, December 12, 2012 at 1:00 PM EDT (1700 UTC/GMT) Featuring: Johannes Ullrich, PhD https://www.sans.org/webcasts/isc-threat-update-20121212-95059 Sponsored By: Core Security, http://www.coresecurity.com The SANS Internet Storm Center (ISC) uses advanced data correlation and visualization techniques to analyze data collected from thousands of sensors in over sixty countries. Experienced analysts constantly monitor the Storm Center data feeds searching for trends and anomalies in order to identify potential threats. When a threat is identified, the team immediately begins an intensive investigation to gauge the threat's severity and impact. This monthly webcast discusses recent threats observed by the Internet Storm Center, and discusses new software vulnerabilities or system exposures that were disclosed over the past month. The general format is about 30 minutes of presentation by senior ISC staff, followed by a question and answer period. WEBCAST 21 Analyst Webcast: SANS Survey on Application Security Policies in Enterprises WHEN: Thursday, December 13, 2012 at 1:00 PM EDT (1700 UTC/GMT) Featuring: Frank Kim https://www.sans.org/webcasts/survey-application-security-policies-enterpris es-95622 Sponsored By: NT Objectives www.ntobjectives.com<http://www.ntobjectives.com>, Qualys http://www.qualys.com/, WhiteHat Security https://www.whitehatsec.com/ Applications are hard to monitor, full of vulnerabilities and easy to manipulate. It's no surprise that applications have become the top vector of attack. But what may surprise IT professionals is what organizations are doing about the risks posed by their web, database, mobile and cloud applications. What application security policies are emerging in organizations with sensitive data to protect? Register for this webcast to hear the findings of a new SANS Survey on Security Policies in the Enterprise. Questions of interest include (but are not limited to): Are any organizations managing their applications securely throughout their lifecycles? Who's responsible for application security? What are the most critical applications and perceived threats? How integrated is organizational application security management with the overall risk management program? The data gathered from this survey can help shape the industry. So, join us for this webcast and be among the first to receive a complimentary copy of the associated whitepaper citing survey results. WEBCAST 22 Special Webcast: The Role of Email and Other E-messages in Modern Contracts: How to Get the Terms You Want WHEN: Thursday, December 27, 2012 at 1:00 PM EDT (1700 UTC/GMT) Featuring: Benjamin Wright https://www.sans.org/webcasts/role-email-e-messages-modern-contracts-terms-9 5559 E-commerce is not your grandfather's commerce. Contracts negotiated, formed and amended through electronic means behave differently from contracts written on paper and signed in ink. Today, the communication of legal terms and conditions by way of email, instant message, world wide web and other electronic channels has become the norm, even when some paper is exchanged. Savvy players know how to use these electronic channels to advantage, whereas, clueless chumps get taken to the cleaners. Through this webinar, Mr. Wright will illuminate you on numerous leading edge cases. He will explain tips, tricks and strategies for improving the changes that you and your organization get the terms you desire and avoid unexpected pratfalls. If you are involved in sales or procurement, you will learn invaluable lessons that even your organization's own lawyer will either not know or neglect to tell you.