Learn essential security practices and cost-effective strategies in this conference talk from GrrCON 2014. Explore risk management, industry standards, and the Critical Security Controls' first five quick wins. Dive deep into 73 quick wins, secure configurations, and controlled use of admin privileges. Discover cheap and free tools for implementing controls, threat modeling for incident response, and often overlooked social vectors. Gain insights on PowerShell scripts, network forensics, password cracking, and recovery techniques. Access a comprehensive list of tools and references to enhance your security posture without breaking the bank.
Overview
Syllabus
Intro
BASICS FOCUS
WHAT RISK CAN WE CONTROL?
WHAT ARE YOUR STANDARDS?
CSC FIRST FIVE QUICK WINS
THE FIRST FIVE
QUICK WINS DEEP DIVE
73 QUICK WINS
CAVEAT EMPTOR
CHEAP FREE
TOOLS FOR CONTROLS
CSC 3-SECURE CONFIGURATIONS
DO YOUR RESEARCH
HARDENING EXAMPLES
CSC 12 - CONTROLLED USE OF ADMIN
PREVENT BRUTE FORCING
EASY 2ND FACTOR
THREAT MODELING FOR INCIDENT RESPONSE
POWERSHELL SCRIPTS
NETWORK FORENSICS
PASSWORD CRACKING
OFT OVERLOOKED
SOCIAL VECTORS
A WORD ON RECOVERY
TOOLS & REFERENCES LIST
CONTACT INFO
