[Owasp-cambridge] Joint OWASP & BCS Cybercrime Forensics SIG “Incident Response Day” 2017 - Provisional Agenda

Neil.Breden at uk.fujitsu.com Neil.Breden at uk.fujitsu.com
Fri Jan 6 07:21:55 UTC 2017

Hello Adrian,

I hope you had a good Christmas and New Year.

Do you have any objections if I share these details with Chapter Members and Colleagues within Fujitsu?

Kind Regards

Enterprise & Cyber Security
22 Baker Street, London, W1U 3BW.

Tel: +44 (0) 843 36 50151 or Internally 744 50151
Mob: +44 (0) 7917230462
Email: neil.breden at uk.fujitsu.com<mailto:neil.breden at uk.fujitsu.com>
Web: uk.fujitsu.com<http://uk.fujitsu.com/>
[youtube-icon.gif]<http://www.youtube.com/user/fujitsuUK>[Facebook-icon.gif]<http://www.facebook.com/fujitsuuk> [twitter-icon.gif] <http://twitter.com/#!/fujitsu_uk>  [linkedin-icon.gif] <http://www.linkedin.com/company/fujitsu-uk-and-ireland>  [blogger.png] <http://blog.uk.fujitsu.com/>  [google-plus-icon.gif] <https://plus.google.com/103287532874520008913/>
Fujitsu is proud to partner with Action for Children<http://www.actionforchildren.org.uk/>
I-CIO<http://www.i-cio.com/>: Global Intelligence for the CIO. Fujitsu’s online resource for ICT leaders
Reshaping ICT, Reshaping Business in partnership with FT.com<http://reshaping-ict.ft.com/>
P Please consider the environment - do you really need to print this email?

From: owasp-cambridge-bounces+neil.breden=uk.fujitsu.com at lists.owasp.org [mailto:owasp-cambridge-bounces+neil.breden=uk.fujitsu.com at lists.owasp.org] On Behalf Of Adrian Winckles
Sent: 22 December 2016 10:13
To: owasp-cambridge <owasp-cambridge at lists.owasp.org>
Subject: [Owasp-cambridge] Joint OWASP & BCS Cybercrime Forensics SIG “Incident Response Day” 2017 - Provisional Agenda

Dear All

Sorry for the delay but please find details below for OWASP Cambridge's first joint   first "themed" day event of the year

“Incident Response" Day @ Anglia Ruskin University, Cambridge on Thursday 19th January 2017 9:30 - 5 pm

This is the first provisional agenda which will be updated further when we have the speaker bios and abstracts

Look forward to seeing you there

Have a great Christmas


Adrian Winckles MSc BEng CEng CITP MBCS
Course Leader  in Information Security and Forensic Computing
(OWASP Cambridge Chapter Leader
(UK Cyber Security Forum - Cambridge Cluster Chair)
(BCS Cybercrime Forensics Vice Chair)
Anglia Ruskin University
East Road

Tel No: 0845 196 2440/01223 698440

Email: Adrian.Winckles at Anglia.ac.uk<mailto:Adrian.Winckles at Anglia.ac.uk> or Adrian.Winckles at owasp.org<mailto:Adrian.Winckles at owasp.org>

Twitter:  @botflowking

Joint OWASP & BCS Cybercrime Forensics SIG “Incident Response Day” 2017
Thursday 19th January 2017 9:30– 17:00, Lord Ashcroft Building (LAB026), Anglia Ruskin University, Cambridge.
Hosted by the Department of Computing & Technology, Anglia Ruskin University, British Computer Society (BCS) Cybercrime Forensics Special Internet Group and OWASP (Open Web Application Security Project) Cambridge Chapter
It looks increasingly likely that 2016 is going to be “Year of the Data Breach” with more and more organisation’s than ever before becoming part of the self-fulfilling prophecy, “there are two types of organization, those who know they’ve been breached and those who don’t”….
So what happens if despite your best efforts your defenses are ineffective and you suffer a data breach.  Your organization needs to know how to handle the breach either internally and externally, who to inform and who to call.
What is needed is “incident response”, an organized approach to addressing and managing the aftermath of a security breach or attack (also known as an incident). The goal is to handle the situation in a way that limits damage and reduces recovery time and costs.
OWASP (Open Web Application Security Project is a 501(c)(3) not-for-profit worldwide charitable organization focused on improving the security of application software. Their mission is to make application security visible, so that people and organizations can make informed decisions about true application security risks.
The British Computer Society (BCS) Cybercrime Forensics Special Interest Group (SIG) promotes Cybercrime Forensics and the use of Cybercrime Forensics; of relevance to computing professionals, lawyers, law enforcement officers, academics and those interested in the use of Cybercrime Forensics and the need to address cybercrime for the benefit of those groups and of the wider public.
The Department of Computing & Technology at Anglia Ruskin University is enhancing its curricula and capabilities in information security following its successful BSc(Hons) Information Security and Forensic Computing pathway. Establishing a joint professional networking group with OWASP concentrating on aspects of computing and application security is a key part of this enhancement.
Speaker Biographies
Peter Yapp -  Deputy Director Incident Management for the National Cyber Security Centre (NCSC).

Before joining the NCSC, Peter was Deputy Director Operations for CERT-UK. Prior to CERT-UK, Peter was the Information Security Advisor for Brecon Group and before that the Managing Director for Accenture’s global Computer Incident Response Team (CIRT) running a team of 50 based at five locations around the world. While there, he set up a cyber threat intelligence team and inputted into technical, policy and training initiatives. He also contributed to the maintenance of the largest ISO27001 certification in the world.
Prior to Accenture, Peter was head of Forensics and information security consulting at Control Risks in London. Peter devised and delivered information security awareness training courses for Oil and Gas clients around the world, specialised briefings on the threat of state sponsored espionage and a computer forensics training course for CISSPs. Peter reviewed and revised information security policy documents. He carried out IS Security (and ISO27001) reviews and gap analyses (and risk assessments) for the finance and manufacturing sectors. Peter carried out numerous computer investigations into fraud, abuse and misuse.
Before joining Control Risks in 1998, Peter was a Senior Investigation officer in the National Investigation Service of H.M. Customs & Excise. During this time he represented H.M. Customs & Excise at national and international conferences and seminars, speaking at Interpol on computer crime. He was a member of the British Home Office delegation to the G8 sub group on High Tech crime. Peter trained overseas agencies around the world.
Steve Shepperd MBE – Senior Forensic Consultant – 7Safe/PA Consulting
Steve leads the 7Safe Cyber Security Incident Response offering.  Steve has extensive experience in conducting and directing forensic and hi-tech investigations having been involved in the discipline since the late the 1990’s. Steve has worked within the Civil Service, law enforcement and private industry, latterly employed as a cyber security specialist for a government intelligence agency prior to joining PA Consulting. Steve has been involved as a team member and team leader in myriad digital investigations ranging from civil to criminal and national security level incidents. Steve is also the lead developer and course manager for the Certified Malware Investigator course, the Certified Data Acquisition Technician course and is the author of our new Cyber Network Investigations course.
Tony Drewitt, Head of Consultancy – IT Governance
Tony leads IT Governance’s consultancy team. He works with clients to help them implement and comply with international standards such as ISO 27001 and ISO 22301 as well as other compliance frameworks such as the NHS Information Governance Toolkit and the UK Gambling Commission’s technical security standard.
He has helped one of the first companies in the UK to achieve full certification under BS25999-2 (now ISO22301) and is currently delivering a number of ISO27001 ISMS projects for companies in the UK and overseas. He is also a leading business continuity author of ITGP titles A Manager’s Guide to ISO22301; ISO 22301: A Pocket Guide, and Everything You want to Know about Business Continuity.
Tony is a full member of BCI and is a certified Lead Implementer and Lead Auditor for ISO 27001 and ISO 22301. He also holds CRISC, CISMP and ITIL Foundation certificates.
Presentation Abstracts
“Malware Red Alert: the first 24 hours”  - Steve Shepherd MBE, 7Safe/PA Consulting
It’s Friday at 19:30. You are the acting manager of your organisation’s Security Operations Centre. You are working the graveyard shift with a colleague when …
Your SIEM alerts you to what may be the presence of a Trojan in your system. But before you have a chance to respond, you receive an email from a hacker making demands.
The threat is that highly-confidential information has been stolen from your financial database. If the hacker does not receive £2 million by midnight on Sunday, they will put this data on the web just before your firm’s annual financial report, due for release on Monday, is published. Their motive: to cause panic among investors by undermining the credibility of your growth and profit forecasts with data that the hacker claims they have found in emails and report documents.
What do you do next to thwart the attack, contain the incident and prevent, or at least minimise, damage to your brand name and reputation in the markets?

Security incidents, both potential and actual, occur on a frequent basis. It is therefore important to accurately categorize incidents and prioritise the most severe. Evaluation is based on the impact that the data breach may have on business operations, the potential reputational risk and the time and cost of resources engaged in recovery.
Of critical importance is the effective gathering of key information about the attack in real time. Focusing on quick fixes should be avoided. It is important to clearly document all information collected/actions performed for subsequent analysis in a post incident review/lessons learned session. A clear plan must be established, including timeframes and ownership, to implement any required changes that will mitigate future risk.
Steve Shepherd MBE describes for the business audience a series of real life scenarios that will serve as a warning to Board members and SOC managers alike, as he shares his thoughts on how to apply the CREST Three-Phase CSIR model and invites the audience to role play with him in responding to this incident.
If you think that you understand incident response procedures from a ‘people, process and technology’ standpoint, be prepared to challenge what you deem to be fact during Steve’s practical talk and demonstration. The emphasis will be on knowledge transfer - and why software tools are never the whole answer.
“Cyber resilience and Incident Response” Tony Drewitt, Head of Consultancy, IT Governance
Tony will introduce today’s cyber threat environment and what it means in terms of security incidents.  Cyber assurance techniques will be examined from 4 different perspectives, the conventional theme’s:-

•      People,

•      Processes and

•      Technology
but also examining Digital versus Physical security dimensions.
The talk will conclude with a discussion on cyber resilience versus incident response and if incident response is a necessity, what structure should it take.

Provisional Agenda
09:30 – 10:00 Registration & Refreshments (LAB026)
10:00 – 10:15 Welcome from the OWASP Cambridge Chapter Leader, Adrian Winckles, Course Leader in Information Security & Forensic Computing, Anglia Ruskin University
10:45 – 11:30 “National Cyber Security Centre’s Incident Response Strategy” – Peter Yapp – Deputy Director – Incident Management – National Cyber Security Centre (NCSC)
11:30 – 12:15 “Malware Red Alert: the first 24 hours” - Steve Shepherd MBE, 7Safe/PA Consulting
12:15 – 13:00 “Cyber resilience and Incident Response” Tony Drewitt, Head of Consultancy, IT Governance
13:00 – 13:45 Lunch & Networking (LAB006)
13:45 – 14:30 Chris Dye, Glasswall TBD
14:30 – 15:15 Dr Jules Disso – Nettitude TBD
15:15 – 15:45 Refreshments (LAB006)
15:45 – 16:15 Benn Morris - 3B Data Security LLP TBD
16:15 – 16:45 Canterbury Christchurch University Speaker TBD
16:45 - 17: 00 Session Wrap Up & Close

To register for this free event, please register online at
 The meeting will be held in the Lord Ashcroft Building, Room LAB026 (Breakout Room LAB006 for networking & refreshments).
Please enter through the Helmore Building and ask at reception.

Anglia Ruskin University

Cambridge Campus

East Road



Please note that there is no parking on campus.
Get further information on travelling to the university.
http://www.anglia.ac.uk/ruskin/en/home/your_university/anglia_ruskin_campuses/ca mbridge_campus/find_cambridge.html<http://www.anglia.ac.uk/ruskin/en/home/your_university/anglia_ruskin_campuses/ca%20mbridge_campus/find_cambridge.html>

Unless otherwise stated, this email has been sent from Fujitsu Services Limited (registered in England No 96056); Fujitsu EMEA PLC (registered in England No 2216100) both with registered offices at: 22 Baker Street, London W1U 3BW;  PFU (EMEA) Limited, (registered in England No 1578652) and Fujitsu Laboratories of Europe Limited (registered in England No. 4153469) both with registered offices at: Hayes Park Central, Hayes End Road, Hayes, Middlesex, UB4 8FE. 
This email is only for the use of its intended recipient. Its contents are subject to a duty of confidence and may be privileged. Fujitsu does not guarantee that this email has not been intercepted and amended or that it is virus-free.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-cambridge/attachments/20170106/b072ff09/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.gif
Type: image/gif
Size: 2182 bytes
Desc: image001.gif
URL: <http://lists.owasp.org/pipermail/owasp-cambridge/attachments/20170106/b072ff09/attachment-0005.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.gif
Type: image/gif
Size: 1456 bytes
Desc: image002.gif
URL: <http://lists.owasp.org/pipermail/owasp-cambridge/attachments/20170106/b072ff09/attachment-0006.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image003.gif
Type: image/gif
Size: 1758 bytes
Desc: image003.gif
URL: <http://lists.owasp.org/pipermail/owasp-cambridge/attachments/20170106/b072ff09/attachment-0007.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image004.gif
Type: image/gif
Size: 2462 bytes
Desc: image004.gif
URL: <http://lists.owasp.org/pipermail/owasp-cambridge/attachments/20170106/b072ff09/attachment-0008.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image005.png
Type: image/png
Size: 1422 bytes
Desc: image005.png
URL: <http://lists.owasp.org/pipermail/owasp-cambridge/attachments/20170106/b072ff09/attachment-0001.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image006.gif
Type: image/gif
Size: 2289 bytes
Desc: image006.gif
URL: <http://lists.owasp.org/pipermail/owasp-cambridge/attachments/20170106/b072ff09/attachment-0009.gif>

More information about the Owasp-cambridge mailing list