We will introduce Cybersecurity’s Incident Response (IR) team and walk through our investigation process using examples from real events on campus.
In this session you will learn how to report an incident, why reporting is important, what to expect from the IR team, possible outcomes of an investigation, and how to not panic.
When specialized IT fields – Development, Security and Operations – work together, they can solve problems that separate departments many not be able to handle. The process looks different from each perspective. Yet it is teamwork and respect for people with different skill sets that strengthens the UW IT community and keeps technology growing to meet the needs of the University and beyond.
Part traditional, part facilitated discussion, this session features presenters from the campus Policy Planning & Analysis Team (PAT) and will provide attendees with a refresh of the IT policy process in addition to a brief overview of key IT policies currently in development at UW-Madison. Attendees will be provided with the opportunity to give feedback on key IT policies currently in development in small group breakout sessions with time allocated at the conclusion of the session for a brief Q&A.
Attendees will come away with more knowledge on how IT policy can assist them in their respective roles and how to become active participants in the IT policy process.
Basic knowledge of campus IT policies beneficial, but not required.
*Captions have been auto-generated via YouTube. We are actively working to edit these. Please check back if you need captions.
Description
If you have servers, you might want to use Qualys Cloud Agent to learn about which of your servers have vulnerabilities, like Log4J. This session will go over how to navigate the VMDR dashboard to see which Vulnerabilities are highest priority, which servers they are on, and how you’re making progress over time.
Attendees will learn how Qualys can help you avoid scrambling during security events like Log4J.
This is a brief overview of how you can use features in AWS to protect web resources. It will include several examples of how to architect for resilience against the unknown and varied threats that attack us daily.
Attendees will learn about each feature of AWS can be used to protect web resources.
Cybersecurity Governance, Risk, and Compliance (GRC) is often the overlooked, and misunderstood, subset of cybersecurity. GRC is a way for organizations to meet compliance, manage risk, and provide internal governance. It is not a singular solution, but rather an overall strategy. It allows an organization to be more aware, more aligned, and more agile.
It may be helpful to have cybersecurity experience or background but not required. Attendees will learn what GRC is, why GRC matters, & how the GRC mindset can be applied to IT.
Get an update on the Interop Initiative including new infrastructure services and capabilities, and plans for the coming year. Learn about the new tools and approaches that are coming online, and how they impact data access and integration.
Learn how to respond to a ransomware threat proactively, ideally to prevent an attack, or to have the resources to recover if one occurs. Looking beyond the infamous components of an extortion attack – data encryption and demands for ransom – this will cover the most common methods for gaining access, use of lateral movement and privilege escalation, and how an attacker uses fear to increase the chance of getting payment. I will focus on prevention, ideally to stop the attacker from gain access by following best practices in IT security. Logging and monitoring can detect an attack before data is encrypted, although that may not prevent data exfiltration. Effective backup strategy, having backups offline and keeping them long enough that there will be a backup from before the initial compromise, is essential to recovery.
The last 15 minutes of the session “IT Policy Bootcamp” on Thursday, June 3rd, 11:00 am – 12:00 pm will be dedicated to Q&A from this flash talk.
Description
Those who watch this session will be provided with updates on current IT Policies in development at UW-Madison and upcoming policies for AY2021-2022. Attendees will also be provided with contact information if they wish to request additional information or are interested in participating on current or upcoming policy initiatives.
Basic knowledge of campus IT Policies beneficial, but not required.
This presentation discusses the Qualys Container Security scanner GitLab integration. DevOps is quickly changing the way that organizations build and deploy web applications such as Docker containers. With container technology, build workflow needs rapid release cycles and continuous deployment. By integrating automated security testing into the development tool chain workflows, developers can identify security issues associated with containers early in their build process. We will discuss the scripts and source code for tools to provide access to the Qualys container vulnerability scanning system through GitLab CI/CD jobs. This integration into a GitLab project allows developers to trigger a Docker container image scan pipeline on the image of their choosing. Any vulnerabilities found will be posted as a GitLab issue in the project from which it is executed. This integration uses a pre-configured VM for the GitLab runner that obtains access to what it needs via AWS IAM roles. This allows any developer with a project on the same GitLab instance to incorporate the Qualys scanner job by including a GitLab CI/CD template in their own gitlab-ci.yml file without having to set up access to the Qualys API for themselves. At the end of the presentation, participants will be able to learn about the architecture, scripts and source code, sample reports as well as setup instruction documentation and on-going improvements.
The architecture, scripts and source code, sample reports as well as benefit of container scanning, setup instruction documentation, and on-going improvements.
