Compliance, Technical Controls, and You

Presented at RVAsec 2019, May 22, 2019, 3 p.m. (50 minutes)

Information Security compliance without enforcement through technical controls is just checking boxes.  On the other hand, technical controls without the backing of compliance through effective policy and management support can equate to just playing with the latest bright and shiny security related hardware and software.  We will walk through effective and popular techniques used by attackers.  Then the compliance and technical controls that are designed to detect and mitigate these techniques will be discussed in depth .

Presenters:

• Derek Banks - Black Hills Information Security
  Derek is a Senior Security Analyst at Black Hills Information Security and has over 20 years of experience in the IT industry as a systems administrator for multiple operating system platforms, and monitoring and defending those systems from potential intruders. He has worked in the aerospace, defense, banking, manufacturing, and software development industries. Derek has experience with creating custom host and network based monitoring solutions.

Links:

• https://rvasec2019.sched.com/event/OAxc/compliance-technical-controls-and-you
• https://infocon.org/cons/RVAsec/RVAsec 2019/Derek Banks - Compliance, Techincal Controls, and You.mp4
• https://infocon.org/cons/RVAsec/RVAsec 2019/Derek Banks - Compliance, Techincal Controls, and You.eng.srt (subtitles)

Similar Presentations:

• DEF CON 16 (2008) / Compliance: The Enterprise Vulnerability Roadmap
• GrrCON 2018 / InSpec: Compliance as Code
• DerbyCon 1.0 (2011) / Compliance: An Assault on Reason