Security Day - November 2-3, 2022
Last updated on December 6, 2022No organization is immune to attack. Organizations must ensure they are prepared to respond to, and prevent and detect incidents to better contain the damage and mitigate further risk to the organization.
The November, 2022 Security Day event - Cyber Alert: This is Not a Test - discussed how organizations can best handle incident response.
Security Day presentations and workshops provided government and private sector perspectives, and outlined overall best practices for:
- responding to security incidents,
- identifying the structure, roles and responsibilities, types of common incidents, and
- strategies to prepare, identify, contain, eradicate, recover from security incidents, as well as learn from security incidents.
Following the presentations, on November 3, Security Day will feature three workshops, all of which will provide practical approaches to various angles of incident response.
AGENDA: SECURITY DAY: CYBER ALERT: THIS IS NOT A TEST
| NOVEMBER 2, 2022: PRESENTATIONS | ||
|
Time |
Title and Synopsis |
Presenter |
|
9-9:05 am |
Welcome to Security Day |
Host – Gary Perkins |
|
9:05-9:10 am |
Opening Remarks |
Minister of Citizens’ Services Lisa Beare |
|
9:10-9:55 am |
Incident Response: The First 24 Hours The measures an organization takes to communicate its response to its stakeholders and the public during the first 24 hours of an incident impacts its public perception and reputation. In this presentation, Matt Anthony will outline best practices organizations should implement during the first 24 hours of an incident.
|
Matt Anthony, Vice President and Chief Information Security Officer, Cyderes |
|
9:55-10:40 am |
The Cyber Conundrum – Are You Doing it All Wrong? A summary of lessons learned from the investigations of over a hundred cyber security breaches in the past few years.
|
Rob Masse, Cyber Risk Advisory Partner, Deloitte Canada |
|
10:40-10:55 am |
BREAK |
|
|
10:55 am -11:40 am |
Drifting Towards Failure: The Importance of Diversity in Incident Response If team members share similar perspectives, their similarities will result in similar ideas as to how to solve problems, including in the incident response realm. In this presentation, Phil Fodchuk will discuss how having a diversity of skillsets and perspectives on teams (not only those with tech backgrounds) supports organizations in managing the various aspects of the crisis of incident response.
|
Phil Fodchuk, National Cyber Threat Management Leader, IBM Canada |
|
11:40 am-12:25 pm |
Incident Response - There's No Easy Button Don Costello will interview Natalie Branch, Executive Director of the Ministry of Citizens’ Services Service Management Branch, about incident response and the importance of communications, client/customer service and robust incident and continuity management processes. |
Natalie Branch, Executive Director, Service Management Branch, and Don Costello, Director, Information Security, Information Security Branch, Government of B.C. |
|
12:25-12:30 pm |
Closing Remarks |
CJ Ritchie, Associate Deputy Minister and Government Chief Information Officer, Government of B.C. |
|
​ NOVEMBER 3, 2022: WORKSHOPS |
||
| Time | Title and Synopsis | Presenter |
|
9:00-9:10 am |
Opening Remarks |
Alex MacLennan, Assistant Deputy Minister and Chief Technology Officer, Government of B.C. |
|
9:10-10:10 am |
Incident Response Cycle Organizations will be judged not only on their ability to prevent attacks, but also to detect and respond to attacks – security incidents. But what does that process look like? In this workshop, Dale Land and Gwen Lock will outline the Incident Response cycle: Preparation, Identification, Containment, Eradication, Recovery and Lessons Learned (PICERL).
|
Dale Land, Director, Cyber Intelligence and Investigations, and Gwen Lock, Manager, Security Investigations and Incident Response, Information Security Branch, Government of B.C. |
|
10:10-10:15 am |
BREAK |
|
|
10:15-11:15 am |
Business Continuity and Incident Response Business continuity is an organization’s ability to maintain its critical services and respond fast and effectively to an unplanned interruption. In this presentation, Business Continuity Manager Tally Singh will provide an overview of the business continuity program he manages and how it links to the Operations Centre's within the Office of the Chief Information Officer and Emergency Management B.C. during a catastrophic event. He will focus on best practices that organizations can implement to support their clients and stakeholders in navigating and managing an incident, and ensure that business functions run as smoothly as possible. |
Tally Singh, Manager, Business Continuity, Service Management Branch, Government of B.C. |
|
11:15-11:20 am |
BREAK |
|
|
11:20 am-12:20 pm |
Goot riddance! Detection, DFIR, and Triage Analysis of a Pervasive Initial Access Framework In this workshop, Quinn Hatherly will discuss techniques for detecting, analyzing, and responding to Gootloader, a pervasive initial access and malware delivery framework. |
Quinn Hatherly, Senior Security Specialist, Information Security Branch, Government of B.C. |
November 2, 2022: Presentations
Security Day: Introduction
Incident Response: The First 24 Hours
The Cyber Conundrum – Are You Doing it All Wrong?
Drifting Towards Failure: The Importance of Diversity in Incident Response
Incident Response - There's No Easy Button
Security Day: Closing
November 3, 2022: Workshops
Security Day: Introduction
Workshop: Incident Response Cycle
Workshop: Business Continuity and Incident Response
Workshop: Goot riddance! Detection, DFIR, and Triage Analysis of a Pervasive Initial Access Framework