Filip Nowak, MBA

Together with the research partner Blazej Boczula, the authors presented two possible strategic scenarios and visions of future security. The existing security is a "security "of technology, where technology is designed to defend technology. This first vision is catastrophic in nature and is self-destructive. It is supported by automation, orchestration, autonomous systems and artificial intelligence. On the other hand, there is a optimistic vision, where we - as humanity - start solving… Voir plus

Together with the research partner Blazej Boczula, the authors presented two possible strategic scenarios and visions of future security. The existing security is a "security "of technology, where technology is designed to defend technology. This first vision is catastrophic in nature and is self-destructive. It is supported by automation, orchestration, autonomous systems and artificial intelligence. On the other hand, there is a optimistic vision, where we - as humanity - start solving problems not puzzles. The presentation goes through number of domains like economy, technology, security, IS&A, human factors, management, military and ethos. Both authors represent the interdisciplinary approach. The discussion ends with the sentence; "Now you know, and knowing is half the battle". The lecture was presented in a form of discussion between authors. Voir moins

The author introduced the problems of security monitoring, incident response and concept of centralized security management. The lecture was divided into three parts: a brief history of security, technical deck and non-technical deck, where the author provided number of recommendations for security leaders and management principles. In presentation the connection between security and economy was shown and discussed. During a lecture students have been ask for ideas on how to protect and defend… Voir plus

The author introduced the problems of security monitoring, incident response and concept of centralized security management. The lecture was divided into three parts: a brief history of security, technical deck and non-technical deck, where the author provided number of recommendations for security leaders and management principles. In presentation the connection between security and economy was shown and discussed. During a lecture students have been ask for ideas on how to protect and defend against every day threats like a diseases, leaking taps as well as those critical ones like insiders, corrupted power plant or plane crashes. Voir moins

This introductory lecture for Computer Science students on University of Technology started with argument, that IS&A is not a problem of technology. The lecturer explained the interdisciplinary nature of security and it's definition and understanding. The main part of the presentation focused on the CND missions and SOC/SIC role. The author presented the CJA methodology, facts and current state of the art in the security industry. Later, the author explained why the prevention always fails and… Voir plus

This introductory lecture for Computer Science students on University of Technology started with argument, that IS&A is not a problem of technology. The lecturer explained the interdisciplinary nature of security and it's definition and understanding. The main part of the presentation focused on the CND missions and SOC/SIC role. The author presented the CJA methodology, facts and current state of the art in the security industry. Later, the author explained why the prevention always fails and why modern defenses lose. The lecture ended with a short note about security domain conferences and future perspectives. Voir moins

The lecture was designed to introduce the subject of Information Security (IS) and Information Assurance (IA) to Computer Science students. The lecturer presented the "short history of security" going through understanding of this domain, the interdisciplinary approach and examples. As an introductory presentation, the author described trends in IS&A, current problems and relations to other domains. Through the presentation the lecturer showed security cases studies, essential practices… Voir plus

The lecture was designed to introduce the subject of Information Security (IS) and Information Assurance (IA) to Computer Science students. The lecturer presented the "short history of security" going through understanding of this domain, the interdisciplinary approach and examples. As an introductory presentation, the author described trends in IS&A, current problems and relations to other domains. Through the presentation the lecturer showed security cases studies, essential practices, current approaches to intrusion detection, monitoring and forensics. The presentation ended with Q&A session, where the author presented his view and suggestions regarding secure code programming and industry itself. Voir moins

Security operations is subject to constraints, limitations and constant task reprioritization. This is especially true when developing Security Operations Center (SOC), shifting between initial levels of maturity and finding out what really slows down the effectiveness of the primary objectives. There is a common belief, that the technology and the “new version of software” will solve all such issues once and for all, closing the dilemma between security capabilities and processing power. The… Voir plus

Security operations is subject to constraints, limitations and constant task reprioritization. This is especially true when developing Security Operations Center (SOC), shifting between initial levels of maturity and finding out what really slows down the effectiveness of the primary objectives. There is a common belief, that the technology and the “new version of software” will solve all such issues once and for all, closing the dilemma between security capabilities and processing power. The next generation of a security appliance may address some types of new emerging threats and defense methodology appears to be a game changer. Some believe that having a team of talented SOC analysts operating under a defined process may be the force multiplier, while others try to research the perfect detection rule to catch the targeted attacks. Like the name ‘security operations center’ or more broadly ‘central control room operations’ suggests, these operations units suffer from ‘operations’’ diseases. The question remains: are we operational, and good enough in operations? Voir moins

During a lecture prepared for postgraduate studies "Cyber Security Management" at the University of Economics the author introduced the problems of security monitoring, incident response and concept of centralized security management. The lecture was divided into three parts: a brief history of security, technical deck and non-technical deck, where the author provided number of recommendations for security leaders and management principles. In presentation the connection between security and… Voir plus

During a lecture prepared for postgraduate studies "Cyber Security Management" at the University of Economics the author introduced the problems of security monitoring, incident response and concept of centralized security management. The lecture was divided into three parts: a brief history of security, technical deck and non-technical deck, where the author provided number of recommendations for security leaders and management principles. In presentation the connection between security and economy was shown and discussed. During a lecture students have been ask for ideas on how to protect and defend against every day threats like a diseases, leaking taps as well as those critical ones like insiders, corrupted power plant or plane crashes. Voir moins

The evolutionary approach to IT security seems to be the most natural and efficient way to resist cyber-attacks. The Red Queen Effect describes the relationship between the attacker and the defender – the never-ending story of cyber battles, but can we minimize the ‘mean time to identify’ and respond on time to any security intrusion? Integrated solutions, collaboration, and ‘shiny toys’ are still not enough – presented SIEM-based incident response methodology and intrusion life-cycle can bring… Voir plus

The evolutionary approach to IT security seems to be the most natural and efficient way to resist cyber-attacks. The Red Queen Effect describes the relationship between the attacker and the defender – the never-ending story of cyber battles, but can we minimize the ‘mean time to identify’ and respond on time to any security intrusion? Integrated solutions, collaboration, and ‘shiny toys’ are still not enough – presented SIEM-based incident response methodology and intrusion life-cycle can bring relief to any computer security incident handler, and help those, who struggle with SIEM deployment and incident response process. Having seen the intrusion chain’s feedback loop and framework itself, it is time to combine known practices and use them in the corporation environments to create a more active and defensive security posture. Voir moins

The article presentes methods and concepts, how to understand SIEM, what does threat hunting mean and how to implement security rules. Author describes the most important definitions, processes, technology and examples. Full scenario from detection, investigation and tuning phases is presented. Qradar’s SIEM and Fireeye have been shown, shortly discussing main features and capabilities. In the end – author shares news from SIEM’s technology world. Threat hunting process seems to be a great… Voir plus

The article presentes methods and concepts, how to understand SIEM, what does threat hunting mean and how to implement security rules. Author describes the most important definitions, processes, technology and examples. Full scenario from detection, investigation and tuning phases is presented. Qradar’s SIEM and Fireeye have been shown, shortly discussing main features and capabilities. In the end – author shares news from SIEM’s technology world. Threat hunting process seems to be a great approach for early stages of SIEM deployment (tuning phase), supports threat detection also at the earliest stages of attack (compromise-chain) and gives methodology for proactive monitoring. Voir moins

The author presented a project titled "The Incident Edge", showing findings and conclusions after conducting own research into security event and incident analysis. The output - methodology - provides holistic view on security posture, gives visibility over security events tracking, intrusion progression and dynamics of defended environment. Organization that is using systematic and formalized methodology is able to find dependencies between events, decrease mean-time-to-detect and use… Voir plus

The author presented a project titled "The Incident Edge", showing findings and conclusions after conducting own research into security event and incident analysis. The output - methodology - provides holistic view on security posture, gives visibility over security events tracking, intrusion progression and dynamics of defended environment. Organization that is using systematic and formalized methodology is able to find dependencies between events, decrease mean-time-to-detect and use historical knowledge. During research, the author used retrospective and 'as it goes' analysis to reconstruct and track targeted attacks, blue teaming, smash-and-grab like breaches, malware outbreaks and hundreds of other events. New concept of the 'event horizon' was introduced as well as multiple recommendations for incident investigation. Voir moins