Decision-making aids for cyber insurance

As an open source method, Lego® Serious Play® (LSP) offers "thinking with your hands", creates a shared experience, a vivid basis for discussion and, above all, a shared commitment to the selected issue. In principle, the LEGO® Serious Play® method is suitable for understanding complex problems and then developing suitable approaches to solving them. With the help of LEGO® bricks, unconscious experience and knowledge potentials are uncovered, which are ideal prerequisites for innovation developments. LEGO® Serious Play® is a structured process that builds on itself.
Participants build a model, which first acquires meaning through storytelling. Subsequently, the model is deepened and reflected upon through questions. This leads to a sustainable and common understanding. Interpersonal aspects fade into the background, as the discussion is about the model and not about the person.

Marcus Beyer has more than 18 years of experience as a communicator, change manager, moderator, social engineer and consultant in the field of IT and information security. Internal (project) communication with a focus on information security, IT and/or BCM processes is his métier, security awareness his mission. He is responsible for the entire topic of security awareness at Swisscom (Switzerland) AG and actively promotes the change process towards a stable and sustainable security culture in the company. He is a member of the advisory board at Hoxhunt, on the board of the Swiss Internet Security Alliance (SISA) and is host of the “SecurityAwarenessInsider” podcast.

This is a journey inside the mind of an ethical hacker's response to a ransomware incident that brought a business to a full stop, and discovering the evidence left behind to uncover their attack path and the techniques used. Malicious attackers look for the cheapest, fastest, stealthiest way to achieve their goals. Windows endpoints provide many opportunities to gain entry to IT environments and access sensitive information. This session will show the attacker's techniques used and how they went from zero to full domain admin compromise that resulted in a nasty ransomware incident.

The participants learn:

• How attackers gained access to a system
• Established staging
• What tools were used
• What commands were executed
• How the ransomware was delivered
• How AD elevation was achieved

Joseph Carson, Chief Security Scientist & Advisory CISO at Delinea, is an award-winning cybersecurity professional and ethical hacker with more than 25 years’ experience in enterprise security specialising in blockchain, endpoint security, network security, application security & virtualisation, access controls and privileged account management. Joe is a Certified Information Systems Security Professional (CISSP), active member of the cybersecurity community frequently speaking at cybersecurity conferences globally, often being quoted and contributing to global cybersecurity publications.

In this workshop, the following topics will be covered:

• Sharing experiences of tried and failed forensics concepts
• First-aiders for occupational security is self-evident, why not for IT?
• First aider principle quickly explained: what must be included?
• Use of authorities and investigators
• Content of an emergency plan / Simple first implementations
• Crisis team or going it alone?
• When is the right time to involve an IT forensic expert?
• Legal issues (no legal advice in terms of the German Legal Services Act - RDG)

Two IT forensic experts from NRW have extensive experience in the investigation, analysis and presentation of data from cybercrime offences. Marcel Schäfer and Volker Wassermann are also IT experts, have been cooperating for several years and advise customers on strategic IT decisions. They train employees of IT departments in the topics of awareness and IT forensic readiness. Both are also regularly involved in the working groups of the eco Association, as well as the Information Security CG of networker.nrw with their existing expertise. Both have the goal of preparing companies and their IT departments for incidents and emergencies, but they also help today in numerous cases where it is often already too late. Reconstruction of facts, attack scenarios and clean-up work are daily business. Likewise, both are active as external data protection officers and use this expertise to handle data from incidents in a legally compliant manner.