Red Team, Threat-based Approach to Cyber Security To Be Explored at ISACA's Inaugural CSX Europe Conference
Best and brightest minds in technology and cyber security gather to share insights, tools and best practices
The CSX Europe 2016 Conference is part of ISACA’s Cybersecurity NexusTM (CSX) training and certification programme. Attendees will have the opportunity to explore trends and threats, exchange ideas and insights, learn how to excel at defending against threats and consider new approaches to add value to their enterprises.
The “threat-based” approach to cyber security will be explored at CSX Europe by Peter Wood, CEO of ethical hacking firm First Base Technologies. In his session, titled “Lessons from a Red Team Exercise,” Wood will advise on the vulnerabilities he sees organisations facing using real case studies from Red Team exercises that First Base has executed with its clients.
While many organisations still approach cyber security as a due diligence check list, this is becoming more challenging as they become increasingly distributed, using third-party services and multiple vendors with a wide variety of technologies. Instead, an organisation’s security approach should be based on real-world threats, rather than the ability to pass an audit.
What is a Red Team exercise?
Based on a military model, Red Teams are designed to subject an organisation’s IT and security systems to rigorous analysis and challenge. By simulating real attack scenarios, red teaming provides a realistic picture of an organisation’s cyber security readiness. Before developing the specific scenario, an ethical hacking organisation will determine the type of attacker the organisation might be exposed to, what they might be trying to achieve, how motivated they are and what methodologies they might use.
The simulation then tests the business’s defenses at each step of the attack, or along the so-called “kill chain.” This includes steps where the attacker undertakes research and reconnaissance on the target organisation, “social engineers” target employees to gain access, and breaches the organisation’s security perimeter in order to finally take control of internal systems or networks and achieve their objectives.
“Going beyond those responsible for risk, audit and information security, cyber security is increasingly becoming a board-level issue with leaders of FTSE 100 companies requesting these services,” said Wood. “They are beginning to understand that their security posture needs to be informed by the threat landscape and that a threat-based approach to security makes sense. Too many people still think like defenders rather than attackers, but understanding the attacker’s mind-set and motivation is crucial to putting robust security measures in place.”
“We’re focused on ensuring that businesses have the right cyber security framework, knowledge, skills and resources in place to manage the multitude of threats they will inevitably face,” said Christos K. Dimitriadis, Ph.D., CISA, CISM, CRISC, chair of ISACA’s Board of Directors. “While due diligence continues to be crucial, testing existing security measures with this type of exercise highlights where vulnerabilities still exist and enables organisations to take proactive steps to improve security before a real attack occurs.”
The inaugural CSX Europe 2016 Conference in London will also feature keynotes from renowned security experts including Raj Samani, chief technical officer, Intel Security EMEA and Misha Glenny, investigative journalist and author specialising in global organised crime and cybersecurity. ISACA, a global association serving more than 140,000 members and certification holders in 180 countries, will offer five workshops at the conference and more than 50 sessions around seven tracks: Identify, Protect, Detect, Respond & Recover, Defend, Explore.
Another key focus of the event will be ISACA’s Connecting Women Leaders in Technology programme, with a related networking event taking place on 1 November.
Additional details, registration and venue information can be found at www.isaca.org/csx-europe.
ISACA® (isaca.org) helps global professionals lead, adapt and assure trust in an evolving digital world by offering innovative and world-class knowledge, standards, networking, credentialing and career development. Established in 1969, ISACA is a global nonprofit association of 140,000 professionals in 180 countries. ISACA offers the Cybersecurity Nexus™ (CSX), a holistic cybersecurity resource, and COBIT®, a business framework to govern enterprise technology. ISACA also advances and validates business-critical skills and knowledge through the globally respected Certified Information Systems Auditor® (CISA®), Certified Information Security Manager® (CISM®), Certified in the Governance of Enterprise IT® (CGEIT®) and Certified in Risk and Information Systems Control™ (CRISC™) credentials.
LinkedIn: ISACA (Official), http://linkd.in/ISACAOfficial