Lighting Talk - Avoiding DNS Pain
In every organisation DNS is a critical system, but it rarely gets the attention that it deserves. We rely on DNS for the smooth operation of our businesses; if your customers can’t reach your website or email you, then your business is effectively cut-off.
Organisations will keep disaster recovery plans and business continuity procedures for their corporate websites, mail servers and internal systems; but how many of these plans and procedures include DNS?
Over the past few years, attacks against DNS have been on the rise. These attacks may be direct attacks against DNS server software; but they can also come from compromised credentials or DNS zone misconfigurations such as dangling DNS entries.
In this session, I am going to walk through performing a DNS maturity assessment and how you can improve the management of DNS with tools like DNSControl.
Video
Understanding the Cyber Security Acronym Soup
Over the last several decades, international standards bodies and governments have developed an acronym soup of cyber security standards. We commonly hear: SOC ISO/IEC, PCIE, ESTI, CIS, IRAP, ISPC; but how much do we really understand the goals, purposes and impacts on these standards?
In this session, we will be diving into some of these standards, with the aim of answering two critical questions:
- What does it mean for an organisation to be compliant with these standards?
- What does it mean for consumers of IT services when a provider or vendor has these certification?
- How can consumers be confident that their IT service providers/vendors are actually following the processes outlined in these standards?
In this presentation I am going to describe the who, what, when, where and why of cyber security standards; their implications on customers, development, security and operation teams; and how they may being positive and negative change to company culture.