CISA continuing education

The cybersecurity landscape continues to evolve at a rapid pace, driven by emerging technologies, shifting attacker tactics, and changing business priorities. Join Steve Piper, CEO of CyberEdge and Editor-in-Chief of Security Buzz, as he explores five key cybersecurity predictions that are expected to significantly influence how organizations manage risk and defend against threats as 2027 approaches. Attendees will gain insight into anticipated developments across areas such as AI-driven attacks and defenses, ransomware evolution, regulatory pressures, workforce challenges, and security architecture trends. The session will focus on what these predictions mean in practical terms and how security leaders can begin preparing today to stay ahead of tomorrow’s threats and build more resilient, future-ready cybersecurity strategies.

How to design an insider risk program that respects employee trust, with concrete signal sources, escalation playbooks, and HR/Legal partnership patterns.

An auditor's perspective on building a cloud risk register, evidence collection in serverless environments, and translating cloud control gaps into board-ready language.

Three QSA panelists walk through the most-failed PCI DSS 4.0 requirements, with evidence examples that pass and ones that don't.

Detecting Malicious Activity in Large Enterprises Modern enterprises are extremely diverse and complex. Yet, security data collection, correlation, and analysis has not kept up with these complexities. It often seems like organizations collect too much without ever truly finding value in the vast amounts of data they have amassed. In this webcast, SANS author Matt Bromiley and Chronicle Security's Dr. Anton Chuvakin focus on concepts to effectively detect malicious activity within large enterprises. They will review how to bring giga-/tera-/petabytes togethers, correlating them into actionable intel by using YARA-L to craft efficient detections that can be used across these vast data sets. The webcast will help attendees answer important questions such as:In your current state, how much data are you ingesting/analyzing?How is your team writing detections? What types of metadata points are they looking for?How do you detect threats?Can you effectively scale detections across your data sets?How do you manage the lifecycle of those detections, tune them, keep them relevant, remove them when no longer relevant? Register today and be among the first to receive the associated whitepaper written by Matt Bromiley.WebinarDigital Forensics and Incident Response Presented: 10 Sep 2020 Technical Presentation View details

Empowering Incident Response via Automation Despite advances in incident response, the security community tells SANS there are plenty of things to fix. Automation is sometimes presented as the solution, but what does that mean? In a new SANS webcast and paper, we will talk about automation to empower your employees and make them more successful.While we are making noticeable advancements in some areas, such as dwell times, there's still significant room for improvement in automation. Join us to examine some of the critical issues facing incident responders today. These issues, which may vary in your organization, typically include:The inability to move from remediation/eradication to recoveryMonotonous and/or laborious processes that eat up time that could be spent dealing with incidentsLack of data enrichment to help make investigative decisionsLack of investigative tracking mechanisms to help teams "learn from the past"Register to attend this webcast and be among the first to receive the associated whitepaper written by SANS community instructor and analyst, Matt Bromiley.WebinarDigital Forensics and Incident Response Presented: 22 Mar 2019 Technical Presentation View details

Open Season on Cyberthreats: Part I- Threat Hunting 101 Expanding on the results of the 2015 SANS Incident Response Survey, the threat hunting survey explores the uses and benefits of threat hunting. Results of the survey will be presented in a two-part webcast.In Part 1 of the webcast, attendees will gain insight into:What threat hunting entailsWhat pitfalls stand in the way of attaining actionable resultsWhat organizations are discovering through threat huntingPart 2 of the webcast, held on Friday, April 15, 2016 at 1:00 p.m. Eastern, will focus on threat hunting methodologies and tools. Be among the first to receive the associated whitepaper written by threat hunting expert and SANS Analyst Eric Cole.View the associated whitepaper here.Enrich your Threat Hunting skills by attending the Threat Hunting and Incident Response Summit | New Orleans, LA | Tuesday, Apr 12-19, 2016.WebinarDigital Forensics and Incident Response Presented: 14 Apr 2016 Technical Presentation View details

The 20 Critical Controls are quick wins that allow you to rapidly improve your cybersecurity without major procedural or technical change. International cybersecurity experts developed the 20 Critical Controls to be the most effective and specific set of technical measures to counter the most common and damaging computer attacks. The controls address the root causes of these attacks to ensure your security measures are effective. This presentation will also discuss how VA Tech is implementing the 20 Critical Controls as part of its overall security strategy.WebinarCybersecurity and IT Essentials Presented: 23 May 2013 Randy Marchany Technical Presentation View details

Implement Microsoft Purview Insider Risk Management to detect, investigate, and respond to internal risks while protecting data, ensuring compliance, and maintaining employee trust.

Lessons from a 12,000-employee company's migration from ISO 27001:2013 to the 2022 controls. Includes a mapped control delta and an evidence-gathering checklist.

Plan and implement an identity governance strategy

Windows Server file servers and storage management