When critical infrastructure is hit by a disruptive cyberattack, national security officials need to know about it as soon as possible. That’s the guiding principle behind new rules coming soon from the U.S. Cybersecurity and Infrastructure Security Agency (CISA). In March 2022, the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) was signed into law. Enactment of CIRCIA means CISA will require covered entities d...

What a difference a year can make! Looking back on 2023, we saw some stunning trends and incidents in the realm of cybersecurity that got us all talking. In this webcast (with an associated white paper), SANS Senior Instructor Dave Shackleford will examine: The most significant cybersecurity incidents in 2023, and lessons learned from them What’s happening in the realm of machine learning and AI, both good and bad New security technology...

Securing applications is a complex and cumbersome issue many organizations have yet to solve. Current processes to test and secure applications are manual, ad-hoc, and often disconnected from development cycles. Furthermore, testing tools or results are siloed, and may not focus on overall risk or lack enterprise context. This leads to unnecessary friction, which can impact development processes or leave a security gap in the organization. In...

As physical and cyber attacks on critical infrastructure and industrial control systems (ICS) have become increasingly brazen, ICS defenses must go beyond just preventative security. ICS defenses must be ICS-specific, teams need to be proactive and have ICS cyber specific knowledge and skills. This is because traditional IT security controls applied to ICS are ineffective, cause disruptions and safety interferences. ICS cyber defense is doable...

We’ll review the security trends that will impact you and your clients in 2024. We’ll also share best practices and demonstrate the latest and greatest tools to complete your security stack.

What’s next for cyber in 2024? Join us for a live webinar to round up cybersecurity forecasts, top cyber trends, and cybersecurity industry prediction reports as we head into the 2024 calendar year. You’ll Learn: The top cybersecurity predictions for 2024 from cybersecurity companies Tips and best practices for preparing your agency’s cybersecurity plan for the future Expert insights on the most significant cybersecurity them...

Many cloud-focused tools and third-party vendors require access to your organization’s cloud account. Sure, you could open up the flood gates and allow full, administrative access, but do those vendors and tools need that level of access? Most likely, no. In an age of increased supply chain and upstream vendor compromises, we must ensure that we are limiting any and all external access to what is truly needed and nothing more. In this wo...

In this series, Dean Parsons will review observed ICS attacks in the Oil & Gas, Electric and Water sectors and map them to the MITRE ATT&CK ICS framework. Throughout this series, Dean will review the most common attacker tactics and techniques used across commonly targeted critical infrastructure sectors. In this final part of the series, Dean will specifically speak to the Water sector. This webcast will dive into Initial Access, Atta...

Just how effective or mature is your security program? Given the multitude of assessment, rating, and cybersecurity frameworks, it can be challenging to determine security operations readiness and resilience through a single measurement or framework. Is effectiveness based on defending against an attack or the ability to mitigate attacks in the first place? Should compliance drive our security strategy, or should our security strategy enable c...

A full-day virtual event focusing on innovation in biometrics across the hottest vertical markets: financial, travel and hospitality, government, healthcare, and the enterprise. A special fireside chat with our research partner Acuity Market Intelligence looks back on the year's highlights and controversies.