This channel features live and recorded webcast presentations by leading experts in the field of information security. From Application, Computer, Network and Internet Security to Access Control Management, Data Privacy and other hot topics, you will walk away with practical advice for your strategic and tactical information security initiatives. The latest trends and best practice advice from the leading experts http://www.brighttalk.com/channel/288 Wed, 11 Jul 2012 18:00:00 +0000 With over 5 Billion mobile devices presently in use, mobile applications enable new threats and attacks which introduce significant risk. The biggest risks are data loss through an exploit or from devices being lost or stolen. Are your mobile applications susceptible to common software vulnerabilities? Do you know what critical data is being stored on these devices and backed up in the cloud? Is your sensitive data protected if a device is lost or stolen? Join David as he explains how to be proactive by examining your mobile applications, provisioned devices and their footprints. As Aspect Security’s Global Practice Manager of Mobile Application Security Services, Dave has first-hand expertise in helping clients in the financial and retail sectors with their mobile security programs. David is an OWASP Mobile Top 10 Project Contributor. http://www.brighttalk.com/webcast/288/46571 David Lindner, Global Practice Manager – Mobile Application Security Services, Aspect Security, Inc. http://www.brighttalk.com/webcast/288/46571 mobile security application security mobile http://www.brighttalk.com/service/channel/channel/288/communication/46571/calendar/ics Wed, 11 Jul 2012 16:00:00 +0000 Best practices to secure and separate the personal from the corporate on mobile devices. The Bring Your Own Device (BYOD) trend has brought added challenges to the enterprise. As more employees connect to the corporate network with their personal devices, complexities emerge around data and management. When it comes to BYOD it is increasingly clear that there is a need for separation of the personal from the professional. IT administrators need a strategy on how to control policy, management, and data removal in isolation on personal devices. Organizations are turning to mobile virtualization to solve this issue. Join us on July 11th to discover the best practices on how to secure and separate the personal from corporate on mobile devices through mobile virtualization. Panel: Benjamin Robbins, Principal, Palador Inc Ben Goodman, Lead Evangelist, VMware Horizon Nick Turner, VP Biz Dev, Enterproid Carl Nerup, VP of Business Development, OK Labs http://www.brighttalk.com/webcast/288/46835 Benjamin Robbins, Palador Inc; Ben Goodman, VMware Horizon; Nick Turner, Enterproid; Carl Nerup, OK Labs http://www.brighttalk.com/webcast/288/46835 BYODConsumerization of IT security virtualization http://www.brighttalk.com/service/channel/channel/288/communication/46835/calendar/ics Thu, 21 Jun 2012 19:00:00 +0000 Just when you thought your company was getting a handle on phishing and malware attacks via regular email and media, powerful new mobile devices and web 2.0 apps are providing new attack vectors for cybercriminals. Social engineering via social networks and mobile devices is an emerging frontline for IT security. Putting appropriate security policies and controls in place to mitigate these threats will give your organization an edge over less diligent competitors. Join Stephen Cobb, Security Evangelist at ESET for a walkthrough of the characteristics that make social networks and mobile devices dangerous and what you and your organization can do to gain control of your network. http://www.brighttalk.com/webcast/288/46837 Stephen Cobb, Security Evangelist, ESET http://www.brighttalk.com/webcast/288/46837 web 2.0 Facebook social network web threat http://www.brighttalk.com/service/channel/channel/288/communication/46837/calendar/ics Thu, 21 Jun 2012 17:00:00 +0000 No one delivers more Web content than Akamai, and as a result nobody sees more Web attacks. The threat landscape has evolved with the rise of chaotic actors and the migration of criminal elements into their slipstream. This talk will look at Web security trends and detail the different categories of attackers, their motivations, and their methods as well as strategies for mitigating these threats. http://www.brighttalk.com/webcast/288/47225 Mike Smith, Senior Security Evangelist, Akamai Technologies http://www.brighttalk.com/webcast/288/47225 cloud cloud security cloud computing security http://www.brighttalk.com/service/channel/channel/288/communication/47225/calendar/ics Thu, 21 Jun 2012 16:00:00 +0000 In today’s cyber world, it’s no longer a matter of “if” a data breach will occur, but “when.” Organizations around the world, from the local corner store to the global enterprise, all need to understand current data security risks in order to mitigate them. The Trustwave 2012 Global Security Report identifies the top threats encountered by businesses over the past year. Based on an analysis of Trustwave data sources, including more than 300 incident investigations, 2,000 penetration tests conducted by Trustwave SpiderLabs, and 2 million network and application vulnerability scans, the report provides a roadmap for any organization that needs to improve and update their information security strategy. The Trustwave 2012 Global Security Report highlights top data security risk areas, offering predictions on future targets based on analysis and perceived trends. By learning from others’ data vulnerabilities, and applying tactical and strategic change outlined in this report, any organization will be better able to reduce data threats and loss. http://www.brighttalk.com/webcast/288/45041 Nicholas J. Percoco, Senior Vice President and Head of SpiderLabs, Trustwave http://www.brighttalk.com/webcast/288/45041 data breach security risk threat application http://www.brighttalk.com/service/channel/channel/288/communication/45041/calendar/ics Thu, 21 Jun 2012 15:00:00 +0000 Social networks from Facebook to LinkedIn are posing serious security threats to organizations. Malicious links and compromised social media APIs are a few of the risks emerging from both user behavior and flaws in application software. Creating a holistic Web 2.0 strategy that incorporates acceptable use policies, user education, and Next Generation Firewalls is vital to protecting your organization from what is becoming a major threat vector. Join Daniel Ayoub of SonicWALL as he explores optimal practices for securing your business from social network threats. http://www.brighttalk.com/webcast/288/46577 Daniel Ayoub, CISSP, CISA, Manager, Product Marketing, SonicWALL http://www.brighttalk.com/webcast/288/46577 web 2.0 Facebook social network web threat http://www.brighttalk.com/service/channel/channel/288/communication/46577/calendar/ics Thu, 21 Jun 2012 14:00:00 +0000 2012 will see organisations and their employees exposing more information online than ever before, be that through social media or through the technologies used by an organisation. They may perceive this information to be benign, however many have unintentionally and unknowingly exposed themselves to compromise by a cyber attack or may have leaked damaging or confidential information. Hackers are increasingly researching their target organisations and their employees before making focused, targeted attacks. This presentation examines how companies' digital shadows are growing, and puts forward steps organisations can adopt to help get this information sprawl under control. James Chappell is CTO for managed security service firm, Digital Shadows. James, builds on a technical infosec consulting career of 12 years looking at the security of large private sector and government organisations. During this time he became fascinated by the growth of crime and fraud in computer networks, with a particular focus on effective ways of measuring of managing the big picture of information security for large public and private sector organisations. http://www.brighttalk.com/webcast/288/47991 James Chappell, Chief Technology Officer, Digital Shadows http://www.brighttalk.com/webcast/288/47991 cyber crime cyber attack IT threats http://www.brighttalk.com/service/channel/channel/288/communication/47991/calendar/ics Wed, 20 Jun 2012 21:00:00 +0000 Protecting your organization’s intellectual property has never been more difficult. Threats are on the rise and becoming increasingly sophisticated. Cybercrime is now the tool of choice for organized criminals and the payoff is astounding. At $386 billion, it’s now approaching the total value for global drug trafficking. With over 70,000 new threats emerging every day, the focus of IT security has shifted. Firewalls, IDS, and Anti-Virus solutions are no longer enough to protect your organization from today’s advanced threats. Join us to learn about: - the dangers of application vulnerabilities - the dangers of poisoned links - the dangers of human users - how you can protect your network http://www.brighttalk.com/webcast/288/47301 Samantha Shah, Product Marketing Manager, Faronics http://www.brighttalk.com/webcast/288/47301 malware application security security network http://www.brighttalk.com/service/channel/channel/288/communication/47301/calendar/ics Wed, 20 Jun 2012 17:00:00 +0000 Phish or no phish? That’s the question that employees—and executives in particular—have been asking themselves more frequently. They’ve heard about how high profile organizations and even government agencies have fallen prey to attacks that stemmed from seemingly harmless emails. Has the door been left wide open? Join Websense on June 20th as we provide guidance on how you can recognize advanced threats and protect yourself from them. Attendees will gain practical insights into: · Recent Email Phishing Schemes · Telltale Signs of Advanced Targeted Attacks · Best Practice Principles to Educate Users · Technology Capabilities to Minimize Risk of Compromise http://www.brighttalk.com/webcast/288/47143 Jason Woo, Product Marketing Manager, Websense http://www.brighttalk.com/webcast/288/47143 phishing threats email APT email phishing http://www.brighttalk.com/service/channel/channel/288/communication/47143/calendar/ics Wed, 20 Jun 2012 13:00:00 +0000 Malware analysts spend a lot of time analyzing code and looking for indicators of compromise from advanced persistent threats and even for the most seasoned analysts the volume of analysis can be prohibitive. In today's environment malware analysts need to leverage automated tools to power through large volumes of sample code and quickly receive valuable threat summaries. Letting the computers do the work allows the analyst to quickly identify files of greatest concern, and focus on remediating especially pernicious attacks. Malicious behavior can now be viewed right down to the kernel level, giving a complete picture of how your network was targeted by a specific cyber threat. Join Thomas Quinlan as he explores integrating automated threat assessment processes and defining indicators that identify specific threats to your system. http://www.brighttalk.com/webcast/288/48053 Thomas J. Quinlan, Malware Researcher http://www.brighttalk.com/webcast/288/48053 malware advanced persistent threats APT security http://www.brighttalk.com/service/channel/channel/288/communication/48053/calendar/ics Tue, 19 Jun 2012 17:00:00 +0000 As new regulations (HITECH) arise, and existing ones introduce more stringent requirements (HIPAA, PCI), compliance remains an ongoing challenge for many organizations. Because manual compliance controls introduce expense and increase risk, Identity and Access Management (IAM) provides an excellent foundation on which to implement automated controls for continuous compliance. This webcast will provide a maturity model for compliance controls, and highlight critical capabilities for identity-related compliance in enterprise and cloud environments. http://www.brighttalk.com/webcast/288/46267 Sumner Blount, Sr. Principal, CA Technologies Security Business Unit http://www.brighttalk.com/webcast/288/46267 compliance cloud enterprise http://www.brighttalk.com/service/channel/channel/288/communication/46267/calendar/ics Thu, 31 May 2012 17:00:00 +0000 Bring Your Own Device (BYOD) is a disruptive trend in IT and security management. Organizations are seeking to enable personal mobile device use at the workplace without compromising security. This timely webcast covers the fundamentals, policies and technologies that can enable fluid yet policy-based control for users and their smartphones and tablets to access network resources and sensitive information. Topics include: risk assessment, policy design, NAC, MDM, how to tier services. http://www.brighttalk.com/webcast/288/47703 Join Dale Tesch, director at Integralis and Gil Friedrich, vice president of technology at ForeScout Technoligies http://www.brighttalk.com/webcast/288/47703 BYOD mobile security network access http://www.brighttalk.com/service/channel/channel/288/communication/47703/calendar/ics Thu, 24 May 2012 19:00:00 +0000 As the demand for cloud computing continues to grow, security remains the largest barrier to greater cloud adoption. We’re making some headway – with cloud providers offering better processes for managing security and the industry developing better methods for assessing them. Yet there are some real limitations presented by cloud computing on our ability to implement and manage controls. To be able to trust the cloud(s), IT security professionals have to understand the differences between what they can control and what they can’t. This webinar will explore these questions and also begin to turn the conversation toward how we can position IT to harness the cloud itself to exercise greater control. http://www.brighttalk.com/webcast/288/46513 Josh Corman, Director, Information Security, Akamai Technologies; David Etue, VP Corporate Development Strategy, SafeNet, Inc http://www.brighttalk.com/webcast/288/46513 cloud security cloud computing infrastructure http://www.brighttalk.com/service/channel/channel/288/communication/46513/calendar/ics Thu, 24 May 2012 18:00:00 +0000 Enterprises are increasingly turning to cloud services as an integral part of fulfilling their mobile strategy. Cloud services offer stability, scale and function beyond the capabilities of many organizations’ on-premise infrastructure. But relying on the public cloud has many IT administrators wondering - is it secure enough for my corporate data? Join Benjamin Robbins May 24 to learn best practices for building your mobile app ecosystem securely using public cloud services. Learn what security features are must-haves and how to identify vendors that comply. We’ll also discuss how to assure security policies can be managed and enforced for your anytime, anywhere workforce. http://www.brighttalk.com/webcast/288/47259 Benjamin Robbins, Principal of Palador Inc http://www.brighttalk.com/webcast/288/47259 mobile cloud security application security apps http://www.brighttalk.com/service/channel/channel/288/communication/47259/calendar/ics Thu, 24 May 2012 17:00:00 +0000 Organizations are adopting cloud services at a very fast pace, driven by the cost effectiveness, speed/time to market and better performance and availability cloud adoption provides. However the security of data and access in the cloud is still a major cause for concern. Even if the organization is comfortable with a cloud service provider’s security posture, they are often surprised to find they are ultimately responsible for securing their own data. Fortunately security event and information management (SIEM) solutions are able to extend information and access controls to cloud in addition to physical and virtual environments. This webinar will dive into the various options available to organizations to help them ensure a secure cloud services environment. http://www.brighttalk.com/webcast/288/46909 Marc Blackmer, Senior Product Marketing Manager, Solutions at HP Enterprise Security http://www.brighttalk.com/webcast/288/46909 SIEM Cloud cloud security security http://www.brighttalk.com/service/channel/channel/288/communication/46909/calendar/ics Thu, 24 May 2012 16:00:00 +0000 Are your cloud concerns valid? This panel will focus on identifying the major perceived barriers to business adoption of cloud computing from the perspectives of security, compliance, privacy and policy. The goal is to separate founded and unfounded concerns and help IT security professionals and C-level executives make educated cloud decisions for their business. Panelists: John Howie, COO, Cloud Security Alliance Pravin Kothari, Founder and CEO, CipherCloud Derek Brink, Vice President and Research Fellow, IT Security and IT GRC, Aberdeen Group (moderator) Thomas Stamulis, Manager, East and Central US, Global Strategic Services at Terremark, A Verizon Company Adam Swidler, Sr. Product Marketing Manager, Google http://www.brighttalk.com/webcast/288/46277 John Howie, CSA, Pravin Kothari, CipherCloud; Derek Brink, Aberdeen; Thomas Stamulis, Terremark; Adam Swidler, Google http://www.brighttalk.com/webcast/288/46277 cloud cloud security cloud computing security http://www.brighttalk.com/service/channel/channel/288/communication/46277/calendar/ics Thu, 24 May 2012 15:00:00 +0000 For security experts, cloud computing presents a new set of urgent questions and challenges that need to be answered as their organizations begin to demand the ROI that comes with moving to the cloud. Cloud infrastructures pose security challenges that are fundamentally different than physical risks. Join Dave Asprey, VP of Cloud Security at Trend Micro, as he covers the top 5 points for maintaining security and privacy as workloads transition to the cloud. •Identify security challenges that can limit virtualization and cloud adoption; •Transform your data center with security designed for virtualization and the cloud; •Learn best practices to help you achieve 99% virtualization; and •Empower your servers and desktops to better combat the current and merging threats. http://www.brighttalk.com/webcast/288/46043 Dave Asprey, VP of Cloud Security, Trend Micro http://www.brighttalk.com/webcast/288/46043 cloud security privacy virtualization http://www.brighttalk.com/service/channel/channel/288/communication/46043/calendar/ics Thu, 24 May 2012 14:00:00 +0000 The business benefits of moving to the cloud are quite compelling, however, with those benefits come concerns. The most significant challenge facing companies that are either moving to the cloud as a consumer or as a service provider is ensuring the security of the services that are provided. The Cloud Security Alliance (CSA) was formed to help ease this challenge. The CSA’s guidance is adopted as the defacto standard for accessing the security of cloud providers across the software security market. While this guidance has helped greatly, there is still the very challenging question of creating a standard set of questions for organizations to ask a provider in order to understand how they have implemented the CSA guidance. This is where the Consensus Assessments Initiative Questionnaire (CAI) comes into play. The questionnaire is a CSA-developed tool for both consumers and providers of cloud services to use as common criteria for determining cloud security. This hands-on and prescriptive web seminar will review both the CSA guidance and how the CAI can be used in day-to-day business to help companies assess cloud providers. Attendees will walk away with a firm grasp on the questions to ask or to be prepared to answer- whichever side of the cloud equation they are on. http://www.brighttalk.com/webcast/288/47867 Dennis Hurst – Founding Member, Cloud Security Alliance http://www.brighttalk.com/webcast/288/47867 cloud cloud security security CSA http://www.brighttalk.com/service/channel/channel/288/communication/47867/calendar/ics Wed, 23 May 2012 20:00:00 +0000 Whether you are taking advantage of cloud-based commercial applications or moving your own custom application to a cloud infrastructure, your organization is facing new challenges with user access governance and compliance. This presentation will cover the steps you'll need to take both contractually and operationally to ensure that user access of your cloud-based applications is as secure and compliant as your data-center applications. The content will focus on: - Key contract terms you need to be able govern user access - What architectural components are critical to your user access governance - What about cloud-based Identity & Access Management services? - Operational talks required to support user access governance - How user access governance is evolving to meet cloud compliance http://www.brighttalk.com/webcast/288/45911 Alan Norquist, CEO & Founder, Veriphyr, Inc. http://www.brighttalk.com/webcast/288/45911 cloud compliance governance applications http://www.brighttalk.com/service/channel/channel/288/communication/45911/calendar/ics Wed, 23 May 2012 19:00:00 +0000 No matter what part of your infrastructure is in the cloud, security is crucial. Unfortunately, many unique and innovative cloud services have ignored or been indifferent to their customer’s security requirements. How can you select a cloud vendor that provides you with the services you need without compromising security? In this interactive webinar, Dave Meltzer, nCircle’s VP of Engineering and cloud security pioneer, will discuss: •Why security is a challenge for cloud vendors •Tools to assess the six basic security building blocks every cloud vendor should have in place •Practical recommendations for working securely with cloud vendors You’ll leave the webinar with an online questionnaire that will help you build a blueprint of prospective vendors’ security practices, and practical recommendations on how to accurately assess cloud vendor security risk. http://www.brighttalk.com/webcast/288/46639 David Meltzer, Vice President of Engineering, nCircle; John Howie, COO, Cloud Security Alliance http://www.brighttalk.com/webcast/288/46639 cloud cloud security cloud computing security http://www.brighttalk.com/service/channel/channel/288/communication/46639/calendar/ics Wed, 23 May 2012 18:00:00 +0000 In this uncertain economy, the benefits of cloud computing are significant: the economies of scale, the potential cost savings, fast deployment and easy scalability. So, what's holding up adoption beyond inertia? According to the Goldman Sachs Equity Research Report of 2011, 70% of the CIOs surveyed express major concerns about data privacy in the cloud. Specific concerns include data privacy and breach notification, loss of governance, regulatory compliance and data sovereignty. How should organizations manage these challenges while leveraging the proven benefits of cloud computing? In this webcast, you'll learn about: • New threats that can impact your sensitive data in the cloud • Impact of cloud migration to regulatory and compliance requirements • 5 steps to overcome these challenges while providing your business a competitive edge. http://www.brighttalk.com/webcast/288/46121 Varun Badhwar, Vice President of Product Strategy, CipherCloud http://www.brighttalk.com/webcast/288/46121 compliance cloud cloud computing security data http://www.brighttalk.com/service/channel/channel/288/communication/46121/calendar/ics Wed, 23 May 2012 17:00:00 +0000 Using cloud computing is like climbing a mountain – the higher you go the harder it is to climb. Moving mundane tasks to the cloud is easy, but for security centric applications the move is harder to make and for those involving regulated data the day may never come. That’s a shame because it’s in just these areas where the strongest economic incentives for moving to the cloud lie. The question is, who is best placed to establish the appropriate security in order to make this particular mountain easier to climb? Should cloud users plan on a “Bring Your Own Security” approach where they assume that the cloud is essentially an untrusted environment where they must wrap their own security around their applications and data, or should cloud providers be responsible for providing appropriate protection as part of a trusted cloud platform where users can feel safe and do what they do best – build applications? This presentation will address the tradeoffs as well as provide practical guidance regarding data protection approaches in a cloud environment. http://www.brighttalk.com/webcast/288/44961 Richard Moulds, Vice President Product Management and Strategy, Thales e-Security http://www.brighttalk.com/webcast/288/44961 Cloud Security Data Protection Encryption http://www.brighttalk.com/service/channel/channel/288/communication/44961/calendar/ics Wed, 23 May 2012 16:00:00 +0000 Join industry leaders representing the top IT security publications, alliances and organizations as they discuss best practices for securing your data in private, hybrid and public environments. Panelists: Peter Judge, UK Editor, Tech Week Europe (moderator) Daniele Catteddu, Managing Director EMEA, Cloud Security Alliance David Mortman, Chief Security Architect, enStratus JD Sherry, Director - Public Sector IT Security Solutions, Trend Micro Jeff Williams, CEO, Aspect Security http://www.brighttalk.com/webcast/288/46455 Peter Judge, Tech Week; Daniele Catteddu, CSA; David Mortman, enStratus; JD Sherry, Trend Micro, Jeff Williams, Aspect Sec. http://www.brighttalk.com/webcast/288/46455 cloud cloud security cloud computing security http://www.brighttalk.com/service/channel/channel/288/communication/46455/calendar/ics Wed, 23 May 2012 14:00:00 +0000 A general discussion of cryptographic issues related to cloud security. The main focus will be cryptographic algorithms for use in the cloud and key exchange protocols. The differences between cloud cryptographic needs and standard server/workstation/network encryption will be addressed. Specifically discussed will be the application of existing protocols (RSA, IPSEC, hard drive encryption, and more) for confidentiality. The importance of maintaining the integrity of data through the use of digital signatures and certificates for authentication. And the need for secure key escrow. http://www.brighttalk.com/webcast/288/44187 Chuck Easttom, Independent Computer & Network Security Professional http://www.brighttalk.com/webcast/288/44187 Data Privacy Cloud Security cryptography http://www.brighttalk.com/service/channel/channel/288/communication/44187/calendar/ics Wed, 23 May 2012 12:00:00 +0000 With more than 20 years Financial Services experience, I have successfully directed many large change programmes, & been instrumental in the launch of new products/ services (e.g. Mortgages, Debit and Credit Cards, Investments, General Insurance, Business Banking) as well as managing Process Reengineering consultancy teams. Currently Head of Payment Security at Barclaycard, I am responsible for security compliance of circa 100,000 customers and their third parties. Our sustained dedication resulted in my team scooping up two awards at the Feb. 2012 Merchant Payments Ecosystem conference (MPE, formerly ECAF) for "Data Security" & "Merchants". In April 2011, my team won the Information Security Team of the Year award from SC Magazine & I was inducted to the Infosecurity Europe Hall of Fame. Other awards include the 2010 European Card Acquiring Forum (ECAF) award for Data Security (PCI DSS) and in October 2010, I was voted number 4 of the top 10 most influential people in infosec in the UK by SC Magazine and ISC2. In addition, I have been on the PCI Security Standards Council Board of Advisors since 2009. Past achievements included: •Managed the programme to launch of streamlined straight through Mortgage Process Platform for Abbey for Intermediaries. Achieved in 10 months. •Managed the programme to centralise Mortgage Underwriting from a network of 700 branches to one centralised area. Achieved in 9 months. •Managed the programme to support the insourcing of the Abbey credit card from MBNA and implementation of the new Santander platform. Also managed the migration of the existing debit card to the new Santander platform. •Other programmes in my portfolio included all people/ process & technology aspects of the following: Investments, Business Banking, General Insurance, International & Domestic Payments. http://www.brighttalk.com/webcast/288/44923 Neira Jones, Head of Payment Security, Barclaycard http://www.brighttalk.com/webcast/288/44923 Cloud Computing Cloud Security IT Security http://www.brighttalk.com/service/channel/channel/288/communication/44923/calendar/ics Wed, 23 May 2012 11:00:00 +0000 The cloud and mobile are changing our societies in phenomenal ways. The increased usage of smartphones, tablets, and cloud computing is presenting organizations with new business opportunities and challenges. Companies worldwide in every industry are finding that they can expose new and existing data as Application Programming Interfaces (APIs) to open up new markets and penetrate deeper into existing ones. At the same time that orgranizations are changing the way that they expose data, they are also having to rethink how they are securing it. The old method of hiding it away behind a network firewall is no longer sufficient. Figuring out the best way to secure Cloud APIs can be difficult. To shorten the learning curve and help you begin taking advantage of APIs, Travis Spencer, Senior Technical Architect from Ping Identity's CTO office, will present the state of API security, recommend best practices, and give advice on how to securely launch and run Cloud APIs. These will help you quickly take advantage of the new possibilities while simultaneously managing the associated risks. Your presenter: Travis Spencer is a Senior Technical Architect reporting to Ping Identity’s CTO. He has over a decade of application development experience which includes the design of large-scale service-oriented and federated systems. His experience federating SaaS offerings with some of the world’s largest financial institutions coupled with his low-level understanding of federation protocols (e.g., SAML, WS-Trust, and WS-Federation) has allowed him to help numerous companies successful begin using cloud computing. His knowledge of OpenID and OAuth also provides him with a unique perspective on the relationship between enterprise- and consumer-grade digital identity management. http://www.brighttalk.com/webcast/288/47289 Travis Spencer, Senior Technical Architect, Ping Indentity http://www.brighttalk.com/webcast/288/47289 Identity Cloud Cloud security Travis Spencer http://www.brighttalk.com/service/channel/channel/288/communication/47289/calendar/ics Wed, 23 May 2012 08:00:00 +0000 I am a Director in the “Infomation Technology Management” Department within PricewaterhouseCoopers since 1998. Prior I moved through positions with Texas Instruments, Alcatel and Esso. In January 1989 I joined Coopers & Lybrand as a consultant. After gradually building up experience by serving international clients, I now take on a role of “Security & Technology” Director in Belgium. I specialise in security technology and cryptography. I also have a keen interest in security management and architecture, RBAC, Java, .NET, smartcards, Linux and wireless technologies. I carried out assignments with regard to security for many leading organisations, mostly in but not limited to Europe. I carried out numerous International assignments in an Internet context for organisations across various industries as well as for government. Within PriceWaterhouseCoopers, I am a global ‘Subject Matter Expert’ with regard to Emerging Technology. For more info see my homepage at 'www.marcsel.eu'. Specialties Security Management Security Technology Smart Cards Security Organisation http://www.brighttalk.com/webcast/288/43483 Marc Sel, Director of Enterprise Advisory Services - Information Protection, PwC http://www.brighttalk.com/webcast/288/43483 Cloud Security IT Security Cloud Computing http://www.brighttalk.com/service/channel/channel/288/communication/43483/calendar/ics Tue, 22 May 2012 20:00:00 +0000 For individuals tasked with ensuring their organizations are PCI complaint, challenges are ever present. The delicate balance of achieving PCI Compliance while ensuring there is no disturbance in day to day operations of a security program is what separates experts from practitioners. This web seminar will give attendees the expert’s guide to reviewing PCI requirements for secure application development and will detail how HP helps partners not only meet these requirements but to also solidify the future of a security program by securing applications from the inside out. http://www.brighttalk.com/webcast/288/46893 Rick Dunnam, Principal Consultant, Application Security HP http://www.brighttalk.com/webcast/288/46893 PCI compliance PCI compliance SDLC application http://www.brighttalk.com/service/channel/channel/288/communication/46893/calendar/ics Tue, 22 May 2012 19:00:00 +0000 For many organizations, the process of evolving their vulnerability management, compliance and reporting initiatives into a functional enterprise GRC program has been a complex endeavor. As security and risk management efforts have begun to address technology, process, and policy needs, the organization finds their corporate infrastructure is evolving beyond the data center to include cloud computing resources. To effectively grow and adapt with modern infrastructural requirements, organizations must now ensure they have the capabilities to assess, monitor and implement controls across private, public or hybrid clouds. This session will examine the fundamental considerations when implementing a GRC program in an organization that is considering or already leveraging cloud computing resources. Chris Farrow will discuss the various cloud delivery models as well as the technological and organizational considerations for each that must be taken into account in the planning and implementation stages of an enterprise GRC program. http://www.brighttalk.com/webcast/288/46117 Christopher Farrow, Director - Product Management, Qualys http://www.brighttalk.com/webcast/288/46117 cloud cloud computing GRC compliance http://www.brighttalk.com/service/channel/channel/288/communication/46117/calendar/ics Tue, 22 May 2012 17:00:00 +0000 Information security has undergone a sea change in the past 10 years. Compliance mandates in the form of industry standards and Federal rules like NERC, FFIEC, HIPAA/HITECH and PCI-DSS are the new normal. To stay in compliance, IT teams need to be able to keep up with updates and changes to existing mandates and be prepared for new ones. To maximize efficiency, manage risk and reduce potential violations due to compliance failure, organizations need to implement tools that apply and support multiple facets across different compliance specifications. Network Access Control (NAC) supports a number of critical security and protection functions across multiple compliance mandates. Led by IANS faculty advisor Diana Kelly of SecurityCurve, this session will examine NAC and its support of compliance frameworks and mandates. Using ForeScout CounterACT as an example, attendees will discover: - How NAC works - Key NAC functions that apply to compliance processes and specifications, and - How NAC specifically maps to top commercial, regulatory and federal mandates. http://www.brighttalk.com/webcast/288/46377 Diana Kelly, IANS Faculty Advisor and Founder of SecurityCurve http://www.brighttalk.com/webcast/288/46377 network access control compliance NAC HIPAA PCI http://www.brighttalk.com/service/channel/channel/288/communication/46377/calendar/ics Tue, 22 May 2012 15:00:00 +0000 Organizations often approach regulatory compliance with one-off projects, deploying a set of controls for each regulation. This approach to enterprise-wide management of compliance can become expensive and difficult to sustain, let alone develop and expand to meet growing demands. This presentation will address how a centralized system coupled with an IT governance framework may be used to achieve multiple compliance regulations and manage them efficiently with a consolidated view across an entire organization. http://www.brighttalk.com/webcast/288/46907 Marc Blackmer, Senior Product Marketing Manager, Solutions at HP Enterprise Security http://www.brighttalk.com/webcast/288/46907 compliance enterprise regulation governance GRC http://www.brighttalk.com/service/channel/channel/288/communication/46907/calendar/ics Tue, 22 May 2012 13:00:00 +0000 Compliance and information security have had a tumultuous relationship. Sometimes they get along; sometimes they don't. Organizations often combine them under the CISO, but provide dotted line reporting elsewhere for compliance. Compliance might partner with internal audit or have its own C-level position. All of this variation isn't really necessary. Compliance and Risk Management can be successfully combined under the practice of Security Performance Management. During this webinar we will discuss how: •Compliance behaves like more traditional information security threat. •Compliance can be managed similarly to other information security programs. •Security Performance Management provides a framework for comprehensive compliance and risk management across the enterprise. http://www.brighttalk.com/webcast/288/46645 Tim Erlin, Director, Product Management, nCircle http://www.brighttalk.com/webcast/288/46645 compliance risk management security CISO http://www.brighttalk.com/service/channel/channel/288/communication/46645/calendar/ics Wed, 16 May 2012 12:00:00 +0000 Edward Haletky provides Virtualization, Virtualization Security, Network Security, Secure Coding Consulting and Courseware as well as Linux Security and Application Development. * Author of "VMware Virtual Infrastructure Security: Securing the Virtual Environment" and "VMWare ESX Server in the Enterprise: Planning and Securing Virtualization Servers", published December 2007, Copyright 2008 Pearson Education. * Guru and moderator for and participant in the VMware Community Forums. * Moderator for the Virtualization Security Podcast held every other week on thursday. * Analyst and Managing Director for The Virtualization Practice, LLC. * Participant in the VMware VMTN Communities Roundtable Podcast held every wednesday. * Blogs about Virtualization on his own Blog, Blue Gears, as well as for the Virtualization Practice and TechTarget. * Writer for various online and physical magazines. Specialties * Virtualization Security * VMware Virtual Infrastructure * Network Security * Secure Coding * Linux Security * Linux Application Development http://www.brighttalk.com/webcast/288/43937 Edward Haletky, Cloud Analyst, The Virtualization Practice http://www.brighttalk.com/webcast/288/43937 cloud computing cloud security private cloud Wed, 02 May 2012 16:00:00 +0000 Enterprise organizations have been under security attacks for the past decade, but security events in 2011 have created a ripple effect that will be felt for years to come and will actually start to shift the way we view security. This webcast will highlight the latest threat trends and risks from the new 2011 Cyber Risk Report from HP Enterprise Security and will cover: • Why a decline in vulnerabilities disclosed may lead to a false sense of security • How changing attack motivations are increasing security risks • What the biggest risks to the enterprise were in 2011 http://www.brighttalk.com/webcast/288/45803 Jason Jones, Advanced Security Intelligence, HP DVLabs & Adam Hils, Sr. Product Manager, HP Fortify http://www.brighttalk.com/webcast/288/45803 cyber threats security intelligence HP Tue, 01 May 2012 17:00:00 +0000 At this year's San Francisco BSides conference, BrightTALK gathered together thought leaders in the fields of IT security and GRC to get their perspectives on the challenges and opportunities facing their communities and industries in 2012. After a series of enlightening interviews we've decided to bring the thought leaders back for an in-depth discussion. Join us for what will be a lively conversation among the top minds in their fields on cloud security, BYOD, PCI compliance and the GRC challenges that apply across them all. The Panel: Ron Ross, Computer Scientist, NIST Fellow (moderator) Anton Chuvakin, Research Director, Gartner Andrea Hoy, Director - International Board, ISSA International Dr. Said Tabet, Chair of GRC-XML Project, OCEG http://www.brighttalk.com/webcast/288/46539 Ronald Ross, NIST; Anton Chuvakin, Gartner; Andrea Hoy, ISSA; Dr. Said Tabet, OCEG http://www.brighttalk.com/webcast/288/46539 PCI compliance BYOD cloud security Thu, 05 Apr 2012 19:00:00 +0000 Headlines about compromised enterprises seem to be a weekly occurrence lately, if not daily. Whether data leakage incidents are driven by the likes of botnets, malware, viruses, etc., or non-malicious insiders, organizations’ bottom line and reputations are being severely affected. From published internal emails to entire customer lists, intellectual property theft is often the result of a simple security program oversight. This webinar has been designed to help companies better comprehend the scope of data leakage and IP theft and, more importantly, how you can glean better security intelligence by: · Considering the focus areas your company needs to encompass in your security program, from devices to education · Understanding what use cases to look for and which Primary Data Sources to gather and monitor to gain the most visibility into the security and threats both internal and external · Reviewing best practices for handling SIEM events and reducing Mean Time to Resolution (MTTR) for any detected breaches http://www.brighttalk.com/webcast/288/45045 Luke LeBoeuf, Principal Security Consultant, HP Enterprise Security http://www.brighttalk.com/webcast/288/45045 data leaks botnets malware security SIEM Thu, 05 Apr 2012 18:00:00 +0000 In its fifth annual study on best practices in data loss prevention (DLP), Aberdeen analyzed and compared the results from more than 600 organizations which have adopted one of four distinct approaches to the operational use of DLP technologies. The best approach, in terms of balancing enterprise risk and reward, is like the ideal referee in sports: one that makes good calls and enforces the rules regarding safety and fair play, but generally doesn't get in the way of the people playing the game. http://www.brighttalk.com/webcast/288/44621 Derek E. Brink, Vice President and Research Fellow for IT Security, Aberdeen Group http://www.brighttalk.com/webcast/288/44621 data loss prevention DLP risk enterprise Thu, 05 Apr 2012 17:00:00 +0000 CIOs don’t need to be convinced about data loss protection. Compliance, financial implications, brand reputation are all factors that drive this need. The real problem is that people are afraid of failure and wasting time, money, resources. They've heard about the operational nightmares, the complexity and failed deployments over the last several years. In addition, RSA and Symantec both had data stolen publically, implying the integrity of the solutions’ value is uncertain. During this interactive session attendees will receive valuable insight on how security works and learn the secret of understanding and communicating risk. Equipped with this knowledge, Andrew will provide a practical and measurable framework for managing risk to information assets using Data Loss Prevention. What attendees will learn: Guiding Principles of Security and Risk Management Data Breach Trends from the Last 6 Years DLP Methodology and Execution Strategy Success Factors in Addressing the Web DLP Challenge http://www.brighttalk.com/webcast/288/43381 Andrew Forgie, CISSP Websense Director of Product Marketing – Data Security http://www.brighttalk.com/webcast/288/43381 DLP Data Loss Prevention Risk Management Thu, 05 Apr 2012 16:00:00 +0000 Data Loss Prevention (DLP) is a computer security term referring to systems that enable organizations to reduce the corporate risk of the unintentional disclosure of confidential information. Data-loss prevention of stored data typically involves a Data Security Software installed on your computer to prevent unauthorized access to the data stored on your hard drive and USB/External drives. These systems identify, monitor, and protect confidential data while in use (e.g. endpoint actions), in motion (e.g. network actions), and at rest (e.g. data storage) through deep content inspection, contextual security analysis of transaction (attributes of originator, data object, medium, timing, recipient/destination and so on) and with a centralized management framework. The purpose of this talk is to provide an overview of DLP tools/software and why it is generally ineffective in preventing data loss. Organizations need to establish best practices in addition to (possibly?) deploying DLP to reduce risk of data loss. This talk will include a discussion of these best practices. http://www.brighttalk.com/webcast/288/45167 Edward Ray, CISO/CTO, MMICMAN, LLC http://www.brighttalk.com/webcast/288/45167 DLP Data Loss Prevention security data Thu, 05 Apr 2012 15:00:00 +0000 In other industries Data Loss Prevention (DLP) is about protecting sensitive data like intellectual property and meeting compliance requirements. In healthcare, where according to a Ponemon report breaches have grown over 32%, DLP can deliver compelling business value by enabling practices to embrace Electronic Healthcare Records (EHRs) and Health Information Exchange (HIE) securely. This webinar will explore the security potential in Healthcare IT and how effective risk-based controls can help with DLP implementation. http://www.brighttalk.com/webcast/288/44415 Kim Singletary, Director, McAfee and David Houlding, Healthcare Privacy & Security Lead Architect, Intel http://www.brighttalk.com/webcast/288/44415 data loss healthcare security health EHR HIE Thu, 05 Apr 2012 14:00:00 +0000 Cloud computing is the current IT buzzword of choice, and many organizations are contemplating making use of it. But what is it and happens to data protection when you surrender your data to the cloud? How do you comply with the provisions of the UK Data Protection Act 1998. What can go wrong and what are the consequences? Join this webinar, with Ibrahim Hasan of Act Now Training, to find out. http://www.brighttalk.com/webcast/288/42867 Ibrahim Hasan, Director and Solicitor, Act Now Training LTD http://www.brighttalk.com/webcast/288/42867 Cloud Security Cloud Computing IT Security Thu, 05 Apr 2012 13:00:00 +0000 Mobile application security is an increasingly hot topic, particularly in healthcare. As more providers integrate apps into their care delivery practices, the safety and security of information, particularly patient data, of is foremost significance. As the bring your own device trend and growing tablet trends are changing how IT administrators control access to applications on the network, it’s critical for your organization to review how apps—and devices—are deployed throughout your enterprise, what happens if a device is lost or a provider leaves your employment. It’s time to ask, “Are My Apps Secure?” http://www.brighttalk.com/webcast/288/43253 Ben Chodor, CEO, Happtique http://www.brighttalk.com/webcast/288/43253 healthcare application security mobile Thu, 05 Apr 2012 10:00:00 +0000 I would like to concentrate on types of identity theft (both individual and corporate) and major risks emanating from social networks. I will look at some of these risks and identify possible solutions to help protect you, your personal information and your company data. Boris Agranovich: Entrepreneurial business leader with 25+ years of global experience in Financial Services, IT and Consulting . Worked in West & East Europe, Middle East, Asia Pacific. Advised executive teams on effective risk management strategies.These range from regulatory requirements such as Basel II to strategic risk propositions such as defining and setting risk appetite, embedding risk management through the organisation. Founder of the world's premier community for Risk Managers. We help people in the risk area to be connected and the main customers are marketing managers who want to create a greater visibility for their products and services among their prospects with much better results even if they are small and don’t have large media and PR budgets. http://www.brighttalk.com/webcast/288/44769 Boris Agranovich, Founder and Principal Consultant, GlobalRisk Community http://www.brighttalk.com/webcast/288/44769 data loss identity theft data leakage Thu, 05 Apr 2012 08:00:00 +0000 Data loss prevention (DLP) tools have gone from being a cool toy to a minimum requirement, expected by clients and regulators. With 2011 providing very high profile data breeches such as RSA (ironically a major DLP vendor), Sony, etc DLP is more important than ever. Implementing DLP is not a simple project however, requiring a tricky mix of process, people and technology. There are many prioritization decisions that can make the project sink or swim. This talk focuses on case studies and lessons learnt to help your DLP project succeed. http://www.brighttalk.com/webcast/288/42651 Rakkhi Samarasekera, Security Architect, RSSC http://www.brighttalk.com/webcast/288/42651 data loss data loss prevention IT security Thu, 29 Mar 2012 18:00:00 +0000 With an increasingly mobile workforce, companies are faced with the challenge of solving for the growing mobility costs and needs of their organization. In this 60-minute webinar, Frank Sickinger, T-Mobile’s Vice President for MNC and Government Sales, will discuss the ever-changing wireless mobility landscape and the key considerations for enterprises operating globally – important information as you look to proactively build a cost-effective and successful international mobility program. http://www.brighttalk.com/webcast/288/44117 Frank Sickinger, T-Mobile’s Vice President for MNC and Government Sales http://www.brighttalk.com/webcast/288/44117 wireless mobility enterprise Wed, 21 Mar 2012 17:00:00 +0000 Your File Integrity Monitoring (FIM) solution has been taking it easy. Doing the bare minimum to meet PCI Requirement 11.5. Like a prima donna that just shows its face and expects to be applauded. Nobody in IT security gets to do that, so why should FIM? Learn how it can do a lot more to improve security. Put it to work as a host intrusion detection system (HIDS) that catches the bad guys well beyond point-of-sale systems and in-scope assets. http://www.brighttalk.com/webcast/288/43967 Michael Thelander and Alex Cox, Tripwire http://www.brighttalk.com/webcast/288/43967 PCI Compliance IT Security Risk Data HIDS Thu, 15 Mar 2012 21:00:00 +0000 If today’s headlines about compromised enterprises are any indication, an insider data breach can cost a single organization as much as tens of millions of dollars. Another significant financial impact to an organization is the remediation cost that follows breach detection. This highly relevant Webinar that has been designed to help companies better understand the scope of insider threats and glean best practices for monitoring and containing breaches. You will learn: · The sources of insider threats, both careless employee behavior or malicious actions, and how to recognize them in your organization. · Best practices for monitoring high-risk users and anomalous behavior to identify possible breaches before they become large scale. · Reporting metrics to monitor the business threats and ensuring incident response processes are in place to quickly remediate any breach. http://www.brighttalk.com/webcast/288/43161 Morris Hicks - Senior Director, Services Engineering – HP Enterprise Security http://www.brighttalk.com/webcast/288/43161 Security Risk Breach Threat Incident Data Thu, 15 Mar 2012 20:00:00 +0000 Social engineering is the ultimate art of manipulating people. Millions of dollars are lost from businesses every year due to employees in avertedly divulging confidential Information. In the session we will examine how social engineering is used, who is using it and best practices for preventing it. http://www.brighttalk.com/webcast/288/42903 Daniel Ayoub, CISSP, Product Marketing Manager, SonicWALL http://www.brighttalk.com/webcast/288/42903 Threat Risk IT Breach Security Data Thu, 15 Mar 2012 19:00:00 +0000 Learn how to use software to streamline: - Threat determination in requirements, code, architecture, data, policy non-conformance - Misuse cases - Remediating controls - Threat remediation prioritization http://www.brighttalk.com/webcast/288/42161 Jeff Goldenberg, Security & Fraud Prevention Architect, AsTech Consulting http://www.brighttalk.com/webcast/288/42161 SDLC Threat Modeling Management Thu, 15 Mar 2012 18:00:00 +0000 Security attackers are constantly upgrading their techniques to make network attacks more difficult to detect with traditional measures. The security checks required to detect all of these attacks can overload your security products, but ignoring them can significantly decrease your network bandwidth. Reputation services enhance the security of traditional network security products by blocking access to areas of the Internet that compromised and delivering attacks on unsuspecting users. This provides a number of benefits to the organization including cutting down the amount of malicious traffic that must be inspected by the network device and cutting down on unnecessary traffic that is clogging bandwidth and slowing application usage. This presentation will highlight the security and network benefits of reputation services and the elements for finding the best solution. http://www.brighttalk.com/webcast/288/42313 Pat Hill, Product Manager for DVLabs http://www.brighttalk.com/webcast/288/42313 Network Security Attack Bandwidth Internet Thu, 15 Mar 2012 17:00:00 +0000 Social networks like Facebook and Twitter pose the biggest threat to your network. But, as security professionals, we often pay more attention to interesting, flashy, and complex attack vectors - such as high-end APT attacks targeting nuclear facilities - than we do mundane, everyday attacks. However, in the past, mundane attacks, like emails with nasty attachments, accounted for the majority of actual breaches. So what's the mundane "malicious email attachment" of 2011? Two words-- Facebook links. Today, it's clear that the web is the most dangerous place on the Internet, and social networks are the front lines of the web battle. While the security community theorizes about the potential damage from a global cyberwar, most businesses still don't do a good job of defending against basic social network and web threats, largely because they lack the necessary security controls. In this webinar WatchGuard's Director of Security Strategy and CISSP, Corey Nachreiner, will describe why social networks will pose the biggest threat to your network for years to come. You'll learn attributes that make social networks like Facebook especially dangerous; how attackers leverage Web 2.0 applications to infiltrate your networks, and how real-world attackers target social networks today with attacks ranging from cyberbullying to drive-by download delivery. More importantly, Nachreiner will suggest some practical network defenses and controls that will give you back the reins to your network. http://www.brighttalk.com/webcast/288/41613 Corey Nachreiner, CISSP, Director of Security Strategy, WatchGuard Technologies, Inc. http://www.brighttalk.com/webcast/288/41613 web 2.0 Facebook social network web threat Thu, 15 Mar 2012 17:00:00 +0000 It’s been a long time coming: businesses really care about the organization’s state of security. But to make it relevant to business executives, they need up-leveled views of raw security data that don’t require a deep understanding of IT and security. Tripwire CTO Dwayne Melancon explains three keys to making that possible. http://www.brighttalk.com/webcast/288/42497 Tripwire CTO, Dwayne Melancon http://www.brighttalk.com/webcast/288/42497 IT Security Risk Data VIA Thu, 15 Mar 2012 16:00:00 +0000 Consumerization of IT and BYOD represent an opportunity and a challenge for businesses. At the crux of the issue is the tension between enterprise IT professionals who are tasked with establishing and enforcing policies and end-users who care about mobility and freedom anytime, anywhere. This webinar will explore how establishing the right BYOD policy can help a company embrace the consumerization of IT while keeping their enterprise secure. Derek Brink, VP, Aberdeen Group; Patrick Wheeler, Sr. Marketing Manager Endpoint Security, Trend Micro: Mary Siero, CEO, Innovative IT LLC; Benjamin Robbins, Principal, Palador http://www.brighttalk.com/webcast/288/42773 Derek Brink, Aberdeen Group; Patrick Wheeler, Trend Micro: Mary Siero, Innovative IT LLC; Benjamin Robbins, Palador http://www.brighttalk.com/webcast/288/42773 BYOD Consumerization of IT security policy Thu, 15 Mar 2012 15:00:00 +0000 Employees and end customers are demanding 24 x 7 access to information, solutions and tools. The end result is a myriad of approaches to BYOD/BYOC from prohibition to de facto agreement to embracing the devices as a useful productivity tool. This session will cover: • Top security risks associated with mobile devices and platforms • Malware trends and drivers • Embracing mobile strategies into your security architecture and infrastructure • Mitigating risks on both personal devices and organizational devices – 5 key tools http://www.brighttalk.com/webcast/288/43635 Rik Ferguson, Senior Security Advisor http://www.brighttalk.com/webcast/288/43635 BYOD BYOC mobile device risk malware security Thu, 15 Mar 2012 15:00:00 +0000 Analysing Successful Malware and APT Attacks http://www.brighttalk.com/webcast/288/45685 Eleanor Dallaway, Bob Tarzey & James Todd http://www.brighttalk.com/webcast/288/45685 FireEye Infosecurity Malware Thu, 15 Mar 2012 13:00:00 +0000 With 2% to 8% of enterprise PCs are infected with malware at any given time, 80% of data stolen coming from servers within enterprises, incident analysis shows that traditional protection tools such as anti-virus offer even more dismal protection when faced with low-volume targeted attacks. Gartner recommends Application Control and Whitelisting as "foundational" to protect endpoints, ensuring that only authorized software can run, rendering the APT useless and ensuring you never get malware again. Success requires a simple, adaptive approach that follows the 4 key components of Trust, Detect, Protect and Measure to allow you to: · Understand the trust of all software in your enterprise · Identify high risk files and users · Stop Advanced Persistent Threats · Measure your ongoing risk and compliance posture http://www.brighttalk.com/webcast/288/42499 Ian Lee, Director of Product Marketing, Bit9 http://www.brighttalk.com/webcast/288/42499 Application APT Data Threat Attack Trust Wed, 14 Mar 2012 21:00:00 +0000 This presentation gives you insight and awareness related to the crisis of identity and resource theft by hackers and miscreants that use our open systems and culture against us everyday. They are using more and more stealthy means to compromise systems and do more harm that we’ve ever imagined.  This is a great opportunity to understand the economies and infrastructure that exist for these “badguys” and to turn the information they steal into cash.  You’ll see example after example of cases where the misuse of systems and information turns into money for people usually thousands of miles away.  You no longer need a gun to rob a bank, nor do you even need to be in the same country to steal from a bank or an individual. http://www.brighttalk.com/webcast/288/43719 Ian Dawson, Director of Security Operations, MainNerve, Inc. http://www.brighttalk.com/webcast/288/43719 hackers cyber crime Wed, 14 Mar 2012 19:00:00 +0000 Despite the hype of malicious hackers, APT, etc, the insider threat is the most costly to organizations. Insiders can cause loss either through malicious or malignant actions, and again, the losses from malignant actions far outweigh the losses from malicious actions. The panel will address the most common underlying vulnerabilities that enable the losses incurred due to insider actions, both malignant and malicious, as well as discuss lessons learned and best practices in attempting to mitigate such losses. EC-Council CISO Summit Panel Session Moderator: Ira Winkler, CISSP, Chief Security Strategist for Codenomicon, and President of the Internet Security Advisors Group Panelists: -Eric McKim, Senior Vice President of Cybersecurity and Chief Information Security Officer (CISO) for Business Integra -Steven Fox, Security Architecture & Engineering Advisor at U.S. Department of the Treasury -Rick Moy, President & CEO at NSS Labs, Inc. -Anthony Meholic, Chief Information Security Officer – Republic Bank -Joe McCray, Founder & CEO at Strategic Security, LLC http://www.brighttalk.com/webcast/288/41387 Ira Winkler, Eric McKim, Steven Fox, Rick Moy, Anthony Meholic, Joe McCray http://www.brighttalk.com/webcast/288/41387 threat management insider APT hacker Wed, 14 Mar 2012 18:00:00 +0000 - What are advanced adversaries targeting? - What are the most commonly exploited vulnerabilities? - Which threats do organizations need to focus on? - Where should organizations focus their security spending? What is the value statement and why is it important? Featured Speakers: - Jared Pfost, CEO, Third Defense Inc. (Chair) - Aaron Sheridan, Sr. Systems Security Engineer, FireEye - Steven F. Fox, CISSP, QSA, Security Architecture and Engineering Advisor, U.S. Department of Treasury http://www.brighttalk.com/webcast/288/42335 Jared Pfost, Third Defense (Chair); Aaron Sheridan, FireEye; Steven F. Fox; U.S. Dept. of Treasury http://www.brighttalk.com/webcast/288/42335 hacker threat advanced persistent threat security Wed, 14 Mar 2012 17:00:00 +0000 With the APT attacks in 2011, we have seen cyber criminals penetrate networks seemingly at will. This has been possible because of zero-day, targeted APT attacks utilizing sophisticated malware that infiltrates over multiple stages and multiple vectors like Web and Email. In this webcast Aaron will discuss the cycle of cyber insecurity and provide key criteria as security professionals investigate next-generation threat protection, including: 1. Real-time defenses beyond signatures 2. Dynamic analysis of all phases of the attack lifecycle 3. Inbound and outbound filtering across protocols 4. Accurate, low false positive rates 5. Global intelligence to protect the local network http://www.brighttalk.com/webcast/288/41383 Aaron Sheridan, Sr. Systems Security Engineer http://www.brighttalk.com/webcast/288/41383 advanced threat APT malware exploit zero-day Wed, 14 Mar 2012 16:00:00 +0000 There’s only one surefire way to prevent SQL injection, the #1 most frequent and damaging application security attack: verify that your code does not have SQL injection vulnerabilities. SQL injection allows hackers to steal or modify everything in your database. Code review is the most effective analysis technique for finding SQL injection flaws, and it also pinpoints exactly where the flaw is located, making it much easier and faster to remediate. If your organization is still solely focused on application penetration testing, you are wasting your time and putting your organization at risk. Join Dave Wichers and learn about the simple genius of performing application code review to efficiently identify vulnerabilities in your applications. http://www.brighttalk.com/webcast/288/43027 Dave Wichers, COO and Cofounder, Aspect Security and OWASP Board Member http://www.brighttalk.com/webcast/288/43027 application security vulnerability Wed, 14 Mar 2012 14:00:00 +0000 Organised cybercrime is a serious issue for private organisations and government agencies alike. As new technologies emerge, so do new ways to exploit them. Cybercriminals have shifted the way they target organisations, abandoning large-scale, generalised attacks, such as phishing, in favour of more targeted, lucrative techniques with bigger payoffs. Because targeted cybercrime is so profitable, perpetrators are highly motivated to find new ways to gather sensitive data for illicit monetary gain or to give a competitive leg up to governments or companies. In the last several months M86 Security Labs has seen a surge in targeted attacks against organisations for a variety of reasons - whether they are after customer information, intellectual property or simply to monitor a particular email address. This session reviews the methods and tactics used in these recent attacks. We then look at how and why these attacks are successful, even against world leading IT Security organisations, to identify any potential holes in your organisation’s security architecture. What delegates will learn at this session: • The two different types of attack methods used to hit intended target organisations • Email and Web methods that have been used to successfully steal information from organisations • The role of social engineering for targeting and manipulating individuals • Recent examples of targeted attacks to illustrate common vulnerabilities. Bradley is responsible for Technical Strategy at M86 Security and primary spokesperson for the company on aspects related to the evolution of the technical and strategic product direction beyond the immediate roadmap. In this role he evaluates new technologies and products that could enhance or extend the core M86 product line. Bradley also serves as the primary spokesperson on all topics relevant to the M86 Security Labs. http://www.brighttalk.com/webcast/288/42251 Bradley Anstis, VP Technical Strategy, M86 Security http://www.brighttalk.com/webcast/288/42251 Targeted Attacks Threat Management IT Threats Wed, 14 Mar 2012 13:00:00 +0000 Talk to any real hacker and he will tell you that unsecured modems are a "sure thing". Modems were the first point of access for hackers 30 years ago - and today they are just as dependable. Why is this backdoor to systems still overlooked to this day? This presentation analyzes the real threats and potential vulnerabilites associated with modems in todays computer room. Richard Hollis is a professional CRISC, CISM, and PCI DSS QSA with over 25 years of international information security risk management experience. Expertise: * PCI Qualified Security Assessor (QSA) * Certified Risk Information Systems Control (CRISC) * Certified Information Security Manager (CISM) * Threat Assessment & Risk Management * Security Policies & Procedures * Compliance Management * Security Architecture Design * Security Vulnerability Assessment * Security Penetration Testing * Wifi Security Principles & Practices * Cloud Security Compliance Mapping * Business Continuity Planning * Insider Threat & Data Leakage http://www.brighttalk.com/webcast/288/40749 Richard Hollis, CEO, Orthus Information Risk Management http://www.brighttalk.com/webcast/288/40749 Risk Management Information Security Wed, 14 Mar 2012 12:00:00 +0000 The webcast will take the attendee on a journey through the threat landscape taking in sights such as the latest activity on Trojans and viruses, how the bad guys are stealing intellectual property through the use of malware, the future of cyber warfare and how hacktivism has changed the threat landscape for the foreseeable future. Key themes covered in the session: • Gain insight into the threats facing your organisation • An analysis of threat intelligence gathered from the coalface that will illustrate evolutions and revolutions in the cyber landscape • What has Dell SecureWorks observed across its client base in 2011, and what 'new' behaviours have been identified? • Inferences, conclusions, and the road ahead: what are the qualitative outcomes of our findings and how can these help inform your strategy for 2011 Dell SecureWorks processes more than 20 billion security events across thousands of networks around the globe on a daily basis, leveraging the Counter Threat Unit (CTU) research team who perform in-depth analysis of emerging threats and vulnerabilities. This global visibility and unmatched expertise enables early warnings and actionable security intelligence to customers to protect against threats and vulnerabilities before they impact their organisation. Lee Lawson is the Solutions Architect for Security and Risk Consulting Services at Dell SecureWorks EMEA. In this role he is in charge of envisioning and creating combinations of new and existing services to solve the most unique and difficult customer problems. with a deep knowledge of the subject having led complex and challenging projects for customers in all industries. Lee often speaks at information security related events for the public and industry insiders and is considered a thought leader in threat landscape. http://www.brighttalk.com/webcast/288/42301 Lee Lawson, Head Security Architect, Dell SecureWorks http://www.brighttalk.com/webcast/288/42301 Hacktivism Cyber threats Cyber warfare Wed, 14 Mar 2012 11:00:00 +0000 Do you know why huskies run together, in harness, in front of a sledge? They run together because they like running together. And just as huskies enjoy running together, humans gossip because they like gossiping together. It it is in the make-up of the creature: huskies are sociable running animals; humans are sociable gossiping animals. Neither we nor the huskies can change those core characteristics of our natures. This presentation will highlight some of the dangers introduced by social networking, including a fascinating case study, and what we can do to minimise the threats without trying to change our basic nature. Who is Peter Wood? - Worked in computers & electronics since 1969 - Founded First Base in 1989 (one of the first ethical hacking firms) - CEO First Base Technologies LLP - Social engineer & penetration tester Conference speaker and security "expert" - Chair of Advisory Board at CSA UK & Ireland - Vice Chair of BCS Information Risk Management and Audit Group - Director UK/Europe Global Institute for Cyber Security + Research - Member of ISACA London Security Advisory Group - Corporate Executive Programme Expert - FBCS, CITP, CISSP, MIEEE, M.Inst.ISP Registered BCS Security - Consultant Member of ACM, ISACA, ISSA, Mensa http://www.brighttalk.com/webcast/288/41319 Peter Wood, Chief Executive Officer, First Base Technologies LLP http://www.brighttalk.com/webcast/288/41319 Social networking Threat Management Thu, 08 Mar 2012 21:00:00 +0000 Historically, software security vendors and enterprise teams have been divided into two camps: The Crusaders, who embrace the 'true religion' of source code analysis as the holy grail and believe that they can achieve nirvana with solving problems completely at the code level; and the Pragmatists, who believe that the Crusaders are unrealistic idealists, and that dynamic analysis of staged web applications is the only practical way of addressing real, attackable vulnerabilities. The reality is that both camps are correct when placed within an overarching Software Security Assurance (SSA) framework. SSA creates a programmatic enterprise application security approach that incorporates both the source code Crusaders and the dynamic Pragmatists. This presentation will describe how the Crusaders and Pragmatists, placed within the SSA discipline, can work together to reinforce each other and bolster the entire security program’s ultimate goal – securing the enterprise. http://www.brighttalk.com/webcast/288/42901 Adam Hils, Senior Product Manager, HP Enterprise Security (Fortify) http://www.brighttalk.com/webcast/288/42901 software security SDLC application vulnerabilities Thu, 08 Mar 2012 21:00:00 +0000 The third installment of the “Securing Your Applications” Web Seminar Series by Derek Brink, covers Mobile Applications. Security concerns and the execution of strategy are among the key concerns for organizations’ tasked with securing mobile applications. This video delves into the details surrounding these issues and presents relevant research to help you better understand the risks associated with mobile security and its potential impact on your organization. http://www.brighttalk.com/webcast/288/43443 Derek Brink, Vice President and Research Fellow – Aberdeen Group http://www.brighttalk.com/webcast/288/43443 mobile applications BYOD Software security Thu, 08 Mar 2012 20:00:00 +0000 Join HP Enterprise Security Products experts Tom Reilly, VP and GM and Alan Kessler, VP Product Strategy and Development, as they discuss the current state of the security market and explore the future. Key takeaways for participants include: 1. How to create a proactive security posture to meet the changing security landscape. 2. What HP is doing in terms of delivering solutions and products that enhance existing products to address the threat landscape enterprises face today. 3. A quick view into how HP has already leveraged ‘better together’ in our products. http://www.brighttalk.com/webcast/288/43341 Tom Reilly and Alan Kessler http://www.brighttalk.com/webcast/288/43341 application Security HP Enterprise Security Thu, 08 Mar 2012 19:00:00 +0000 External penetration testing of Internet facing applications provides a valuable but limited perspective. Source code assessment, either manual or automated, delivers a more comprehensive understanding of vulnerabilities. The most efficient discovery methodology will combine the best of both these approaches. We discuss a method for performing hybrid assessments in which the results of some level of source code analysis drives the penetration testing process. This will maximize Return on Security Investment. http://www.brighttalk.com/webcast/288/42213 Jonathan Davis, Security Consultant, AsTech Consulting http://www.brighttalk.com/webcast/288/42213 application security pentesting threat Thu, 08 Mar 2012 18:05:00 +0000 As applications become more prevalent in today's world, there's an increasing threat of attacks targeting web-based and mobile applications. Often times, quick fixes are added to the applications or additional components are introduced to minimize the impact of these vulnerabilities, but these are no longer scalable approaches as applications are getting more sophisticated, providing even great integration, functionality and requiring ease of use. It is more important than ever to implement application security from the ground up as part of the software development lifecycle by ensuring there are sound policies at the base of every development project and proper procedures and processes are in place for the design, inception, development, testing and implementation of applications. Kris Philipsen will discuss the essential controls necessary to ensure an effective application security strategy is being followed and how these essential controls improve the overall security of the application. http://www.brighttalk.com/webcast/288/43165 Kris Philipsen, CISSP, CCSP, CCNP, Regional Manager, EMEA for Global Strategic Services, Verizon http://www.brighttalk.com/webcast/288/43165 application security mobile vulnerabilities threat Thu, 08 Mar 2012 17:00:00 +0000 Mobile devices and the risk posed by vulnerabilities in the software that runs them are proliferating. This talk scrutinizes challenges faced in securing mobile apps and contrasts them with legacy software security initiatives. We discuss how outsourcing confounds security efforts, how the mobile app lifecycle can make risk a hot potato, and a variety of other challenges organizations face as users demand ever increasing mobile capabilities. http://www.brighttalk.com/webcast/288/42437 Jacob West - Director of Software Security Research, HP http://www.brighttalk.com/webcast/288/42437 mobile mobility application security Fri, 02 Mar 2012 18:15:00 +0000 Join as VMware shares cross-industry best practices for monitoring the SAP application stack while providing 5 nine’s of availability with built-in Fault Tolerance and full SAP Disaster Recovery plans. http://www.brighttalk.com/webcast/288/43345 Andre Kemp - SAP Principal, VMware http://www.brighttalk.com/webcast/288/43345 virtualization SAP BusinessCritical Applications Tue, 21 Feb 2012 19:00:00 +0000 How do you top 2011 for the hacks at HBGary, RSA, Sony, Epsilon, Comodo, DigiNotar, the never-ending hactivism by Anonymous, the discovery of DuQu – Son of Stuxnet, and the rise of Android malware? You start out 2012 by casually scanning QR-Code’s, by not addressing the explosive growth of BYOD, by still relying on clearly outdated, ineffective, obsolete defenses and by foolishly thinking that your company is to small to be a target… This presentation discuses the current malware and hacking trends as we move in to 2012 and how our defenses must be adjusted to counter the evolving threat landscape. http://www.brighttalk.com/webcast/288/40653 Paul Henry, Security & Forensics Analyst http://www.brighttalk.com/webcast/288/40653 malware information threat hack BYOD Thu, 09 Feb 2012 17:00:00 +0000 Cloud is growing into the most efficient and flexible means of computing, but with the transformative technology come myriad security questions. This panel webinar brings together some of the leading minds in cloud security for a high-level look at the validity of the most serious concerns and provides a look at how you can reap the benefits of cloud without sacrificing the security of your company's precious data. Key topics of discussion will include: - The evolution of the cloud threat landscape - Concerns with public, private and hybrid cloud environments - Security and service provider vendor approaches to cloud security - Successful and unsuccessful end-user approaches to cloud security Attendees are also encouraged to submit their own questions to the panel during the live webinar. Panelists include: Tim Crawford, Strategic Advisor and Data Center Pulse Board Member Jim Reavis, Executive Director, Cloud Security Alliance Steve Riley, Technical Leader, Riverbed Technology Ward Spangenberg, Director of Security Services, Zynga http://www.brighttalk.com/webcast/288/39635 Jim Reavis, Cloud Security Alliance; Steve Riley, Riverbed; Tim Crawford, Data Center Pulse; Ward Spangenberg, Zynga http://www.brighttalk.com/webcast/288/39635 cloud security cloud computing security GRC CSA Wed, 08 Feb 2012 20:00:00 +0000 Security for cloud web applications has become a marketing tool for many security companies. In this webinar we aim to outline what the real threats to cloud based infrastructure are, how you can identify them, and what steps to take next. Andre Gironda is a Senior Application Security Engineer for HP/Fortify. Andre has taught cloud penetration testing and threat modeling at multiple conferences around the US. http://www.brighttalk.com/webcast/288/41419 Andre Gironda, Sr. Application Security Engineer, HP Fortify http://www.brighttalk.com/webcast/288/41419 Web Application Threat Security Cloud Wed, 08 Feb 2012 18:00:00 +0000 Today’s ever-evolving Web and age of advanced persistent threats are spelling an end to static defenses focused on inbound known threats. In addition, surging trends such as consumer apps and cloud computing, social networking, plus mobility are redefining the perimeter and making real-time contextual defenses a requirement. Join Websense on February 8th as we discuss Contextual Defenses for Web 2.0 and offer guidance for how you can protect today’s empowered users from advanced malware while containing data theft. This webinar will discuss key requirements for defenses in the modern day including: · Inline real-time contextual defenses providing composite assessments · HTTPS/SSL traffic inspection at various levels depending on context · User and destination awareness by security zone, category, app or specific site http://www.brighttalk.com/webcast/288/40997 Tom Clare, Senior Director of Product Marketing at Websense http://www.brighttalk.com/webcast/288/40997 Security Application Defense Web Threats Wed, 08 Feb 2012 17:00:00 +0000 Social engineering is the art of creating social illusions that result in the sharing of sensitive information or physical access to secured areas. This webinar will review the psychological framework that informs a social engineer's reconnaissance, pretext formulation, and social exploit activities. A case study will illustrate the use of the Social Engineer's Toolkit, Maltego, and Google Hacking to collect information that contributed to a successful engagement. Attendees will learn to identify social illusions and respond to protect their personal and professional data. They will also learn how to frustrate the efforts of social engineers. http://www.brighttalk.com/webcast/288/40479 Steven F. Fox, CISSP, QSA, Security Architecture and Engineering Advisor, U.S. Department of Treasury http://www.brighttalk.com/webcast/288/40479 social engineering threat hacking Wed, 08 Feb 2012 15:00:00 +0000 Data leakage via the web is an increasing concern for organisations. Whether it's via social media platforms such as Facebook, Twitter and YouTube or from employees using personal web mail accounts, ensuring confidential data does not leave your business is becoming more challenging. Join Clearswift's Web Gateway Product Manager, Mark Maciw, for some best practice advice on how you can keep your data and brand reputation safe. During the session, Mark will cover: - The biggest areas of risk for losing data via the World Wide Web - Designing effective acceptable usage policies to minimise risk - How these policies can be implemented in reality http://www.brighttalk.com/webcast/288/42011 Mark Maciw, Global Product Manager, Clearswift http://www.brighttalk.com/webcast/288/42011 Data leakage Information security Web 2.0 Wed, 08 Feb 2012 13:00:00 +0000 2012 already promises to be one of technology law's busiest year with the rise of cloud computing, the increasing importance of mobile life and the introduction this week of the European Union's new privacy agenda. Jonathan Armstrong, one of the legal experts in this field will take a global view of the challenges we face. http://www.brighttalk.com/webcast/288/41559 Jonathan Armstrong, Lawyer, Duane Morris LLP, Author of Managing Risk: Technology & Communications http://www.brighttalk.com/webcast/288/41559 Cloud computing Privacy agenda Wed, 08 Feb 2012 12:00:00 +0000 Safer Internet Day 2012 - Intellect http://www.brighttalk.com/webcast/288/41749 Raj Sivalingam, Associate Director of Telecoms and Spectrum, Intellect; Colin Batten, Head of Internet and Media, Intellect http://www.brighttalk.com/webcast/288/41749 Information SecurityWeb 2.0 Security IT Threat Wed, 08 Feb 2012 11:00:00 +0000 The problem of phishing is now a well-established user-facing threat, and poses a real risk to both the individuals and organisations that find themselves targeted. Unfortunately, while the threat is now well-recognized in concept, it continues to evolve in practice and can still represent a significant challenge for users to avoid. Indeed, while examples of fairly generic scams can still be found, they are accompanied by more focused attacks that can target users using more specific information. In this context, there is a clear potential for Web 2.0 to increase the risk. Not only have services such as social networks become popular targets for general phishing, they have also enabled users to expose more data, which may in turn permit more tailored attacks against them. Moreover, thanks to Web 2.0 (and beyond), users are more regularly familiar with providing and sharing their personal information online, and so must become sufficiently aware of the contexts in which they can safely release it. Against this backdrop, the presentation looks at the nature of the phishing threat, and considers how to safeguard users through appropriate technology and awareness raising. http://www.brighttalk.com/webcast/288/39365 Steven Furnell, Head of School, School of Computing and Mathematics (Faculty of Science and Technology), Plymouth University http://www.brighttalk.com/webcast/288/39365 Phishing Threat Scams Targeted Attacks Wed, 08 Feb 2012 09:00:00 +0000 Data protection, identification, anti-virus intrusion protection and authentification are complex, but well understood, issues in the physical IT world. The increasing use of smart phones and tablets and Cloud services in business are putting them back on the agenda, with new threats added to old. We will look through the FUD to try to identify a priority to address in the new virtualised, Cloud-centric world. http://www.brighttalk.com/webcast/288/40169 Martin Hingley, ITC Market Analyst and President, IT Candor Limited http://www.brighttalk.com/webcast/288/40169 data protection IT security Thu, 26 Jan 2012 13:00:00 +0000 In this webinar, Gartner Analyst, John Pescatore, and FireEye CEO, Ashar Aziz discuss how advanced targeted attacks are bypassing traditional defenses, the impact on business and what companies must do to protect their critical assets. Gain insight into recent cyber-attacks, why traditional defenses failed, and how some companies are protecting themselves from targeted APTs. http://www.brighttalk.com/webcast/288/41551 John Pescatore, VP Distinguished Analyst, Gartner; Ashar Aziz, Founder, CEO & CTO, FireEye http://www.brighttalk.com/webcast/288/41551 Gartner APT threat exploit zero-day Tue, 24 Jan 2012 18:00:00 +0000 The concept of auditable privileged access is critical to assessing, prioritizing and mitigating business risk. Learn how Cyber-Ark works with McAfee to deliver a complete solution for securing, controlling, auditing and continuously monitoring all privileged access across your network. --Monitor and alert in real-time any privileged access to your most critical and sensitive data assets --Isolate, control, record and audit all privileged access to servers, databases, virtualized domains and critical network devices --Achieve compliance and capture detailed privileged forensic audit trail while increasing your information security posture http://www.brighttalk.com/webcast/288/40123 McAfee and Cyber-Ark http://www.brighttalk.com/webcast/288/40123 McAfee Cyber-Ark Security Connections Thu, 19 Jan 2012 21:00:00 +0000 This panel discussion will demystify outsourcing and its impact on information security. Panelists will discuss: -Requirements to consider before outsourcing -How to monitor the outsourcing company's performance -Case studies: successes and failures -Recent industry changes that may impact outsource management, including SAS70 and PCI changes Jeff Tutton, President, Global Security & Compliance at Intersec Worldwide (Chair) Todd Bell, Executive IT Security Advisor at ConnectTech, LLC Inno Eroraha, Founder and Chief Executive Officer at NetSecurity Corporation Chris Oglesby, Senior Vice President at Knowledge Consulting Group Edward Ray, Chief Information Security Officer at MMICMAN, LLC http://www.brighttalk.com/webcast/288/39925 Jeff Tutton (Chair), Todd Bell, Inno Eroraha, Chris Oglesby, Edward Ray http://www.brighttalk.com/webcast/288/39925 utsourcing risk information security SAS70 pci Thu, 19 Jan 2012 13:00:00 +0000 Social media as a powerful communications platform: managing the risk and opportunities in your business and discussing the need for strategies and policies in dealing with social media issues. In this presentation we will talk about: - The widespread private use by employees and how many businesses embraced social media in their communications - Current social media compliance policies with case studies - Potential security risks, phishing scams, malware attacks - Protection of (fair use of) intellectual property: The need to address the protection of intellectual property in policies and procedures of the proper business use of social media - The regulatory requirements on the use of social media following the distinction in legal cultures and difference in compliance framework http://www.brighttalk.com/webcast/288/39881 Boris Agranovich, Founder, GlobalRisk Community http://www.brighttalk.com/webcast/288/39881 IT Security Social Media Risks Thu, 12 Jan 2012 17:00:00 +0000 Data breaches are reaching epidemic proportions. According to the 2011 Verizon Report, there were more breaches in 2010 than the previous three years the study was conducted. The report also revealed that a whopping 79 percent of organizations were not fully compliant with the Payment Card Industry Data Security Standard (PCI DSS), despite validation a year earlier. To combat this growing trend, many businesses are turning to tokenization and encryption to increase data security and reduce the challenge of PCI DSS compliance. This discussion will take a closer look at the state of the industry, provide a technological overview of tokenization and encryption, cite specific case studies and explain how to use tokenization and encryption as a one-two punch. http://www.brighttalk.com/webcast/288/39923 Dave Faoro, VeriFone, VP, Chief Payment Security Officer & SPVA Chairman, End-to-End Encryption Technical Working Group http://www.brighttalk.com/webcast/288/39923 encryption tokenization Thu, 12 Jan 2012 15:00:00 +0000 This talk will cover the use of digital certificates, their structure, and distribution. The X.509 standard, Certificate Authorities, and PGP certificates will all be discussed. Also the use of certificates will be covered including for web sites, VPN’s, and digitally signing email. Certificate security and known exploits will be briefly mentioned. Chuck Easttom has 17+ years of experience in IT and 10 years teaching/training. Author of 13 computer science books including three on computer security. Holds 7 provisional patents (all computer related) and 28 industry certifications including CISSP, ISSAP, CEH, CHFI, and more. He has created the advanced cryptography course for the EC Council and was a subject matter expert involved in the creation of three of CompTIAs certification tests, including Security+. He can be reached through his website www.ChuckEasttom.com http://www.brighttalk.com/webcast/288/39759 Chuck Easttom, Independent Computer & Network Security Professional http://www.brighttalk.com/webcast/288/39759 Digital Certificates Certificate Security Thu, 12 Jan 2012 13:00:00 +0000 In this talk we will discuss the role that data encryption plays on a computer hard-drive and in particular the impact that this has on the ability to perform computer forensics. http://www.brighttalk.com/webcast/288/40499 Andrew Blyth, Head of Information Security Research Group, University of Glamorgan http://www.brighttalk.com/webcast/288/40499 Data Encryption Computer Forensics Thu, 12 Jan 2012 11:00:00 +0000 The European Commission is further adapting its position and policy with regard to eSignatures and their applications. The eSignature Directive is up for a change, and regulation may be introduced with regard to eIdentification and eAuthentication. This can be assumed to have a significant impact on the usage of eIAS, both in the EU Member States and beyond. This talk will give a summary of the current state. http://www.brighttalk.com/webcast/288/38949 Marc Sel, Director, PwC (Enterprise Advisory Services, Information Protection) http://www.brighttalk.com/webcast/288/38949 Electronic Identification Authentication Wed, 11 Jan 2012 19:00:00 +0000 Virtualization in some ways has become a stepping stone for organizations to move into the cloud.This panel would discuss how companies take their business to the next level from virtualization to the cloud. What are the challenges to be expected and what factors need to be taken into consideration? What about security? Is cloud computing the next logical step? How can the two technologies work together to reap the benefits of each? http://www.brighttalk.com/webcast/288/39705 Jeff James, Penton Media (moderator); Jeanne Morain, Flexera Software; Kong Yang, Dell http://www.brighttalk.com/webcast/288/39705 virtualization cloud panel Thu, 08 Dec 2011 19:00:00 +0000 An agile data center shouldn't mean compromised service, but new technology adoption isn't an easy process. First you need to develop a strategy, then you need to make a business case, then you need to roll out a smooth implementation and finally you need to layer security, compliance and management considerations into your stack. Cloud and hybrid data center technologies are hitting the mainstream with the majority of IT leaders rating cloud to be a priority over the next two years. This panel of experts will take you through the pros, cons and key questions for those who are evaluating cloud and getting started with their datacenter transformations. Key topics will include data storage, security, consolidation and integration and deployment techniques. http://www.brighttalk.com/webcast/288/38647 Billy Cox, Director Cloud Strategy, Intel; Sanjeet Singh, Dell; Steven O'Donnell, S1NED (moderator) http://www.brighttalk.com/webcast/288/38647 cloud computing hybrid cloud storage security Thu, 08 Dec 2011 18:00:00 +0000 Cloud computing has become a necessary business infrastructure component with most organizations leveraging at least one cloud computing service today. However, many organizations are rightly hesitant about moving their critical information assets or services to both private and public cloud environments. What’s needed is a way to be assured of the overall integrity of the infrastructure, privacy of data and compliance to key requirements. This session discusses essential security configuration and operational strategies needed for broader adoption of cloud computing http://www.brighttalk.com/webcast/288/38385 Greg Brown, VP, Product Marketing, Network Security. McAfee, An Intel Company http://www.brighttalk.com/webcast/288/38385 Cloud Compute Infrastructure IT Data Security Thu, 08 Dec 2011 16:00:00 +0000 In its research on application security, Aberdeen found that companies leverage three distinct strategies to address the security threats and vulnerabilities that are latent in their currently deployed portfolios of application software: Find and Fix, Defend and Defer, and Secure at the Source. Taking all factors into consideration, should the primary means of achieving secure applications be inspection, additional layers of protection, or prevention? The answers to these questions are one part context, one part business judgment, and one part philosophy. This webcast summarizes Aberdeen's analysis of current users of each approach to provide additional insights into the benefits and tradeoffs of these three high-level strategies for securing Internet-facing enterprise applications. http://www.brighttalk.com/webcast/288/38855 Derek Brink, Vice President and Research Fellow, Aberdeen Group & Angel Oberoi, Senior Marketing Programs Manager, Cenzic http://www.brighttalk.com/webcast/288/38855 application security threat vulnerabilities Thu, 08 Dec 2011 13:00:00 +0000 It used to be that security in the data center was a matter of keeping the doors locked but that has all changed. Developments such as virtualisation, private and public clouds have increased the number of risks that need to be addressed. http://www.brighttalk.com/webcast/288/38525 Moderator: Peter Judge, eWEEK; Michalis Grigoratos, HP; Bob Plumridge, SNIA; Kevin Wharram, ISACA http://www.brighttalk.com/webcast/288/38525 data centre security data center storage Wed, 07 Dec 2011 21:00:00 +0000 In this presentation, Kevin Cardwell will discuss the importance of developing robust ingress and egress filtering to mitigate the threat of sophisticated malware. Kevin will discuss the steps you need to take to defend from the majority of the known attacks and show the need and importance for analyzing your system's live memory. The presentation will conclude with the importance of adding hardware based protection to your defenses. http://www.brighttalk.com/webcast/288/39349 Kevin Cardwell, Consultant http://www.brighttalk.com/webcast/288/39349 threat malware information security Wed, 07 Dec 2011 20:00:00 +0000 Organized crime has shifted to the digital underworld. As a result a host of new techniques have appeared that are designed to steal data, money and wreak havoc. Millions of businesses worldwide are currently exposed to these new and sophisticate threats. In this session we will take a look at some of the most dangerous Botnets, Zero Day Threats and Phishing. We look at the anatomy of these threats, give real-world examples of how they are being used and give you tips on how best to defend yourself. http://www.brighttalk.com/webcast/288/38475 Daniel Ayoub, Product Marketing, SonicWALL http://www.brighttalk.com/webcast/288/38475 Threat Phish Botnet Security Hacker Crime Wed, 07 Dec 2011 19:00:00 +0000 According to Google, Android was designed to give mobile developers "an excellent software platform for everyday users" on which to build rich applications for the growing mobile device market. The power and flexibility of the Android platform are undeniable, but where does it leave developers when it comes to security? In this talk we discuss seven of the most interesting code--level security mistakes we've seen developers make in Android applications. We cover common errors ranging from the promiscuous or incorrect use of Android permissions to lax input validation that enables a host of exploits, such as query string injection. We discuss the root cause of each vulnerability, describe how attackers might exploit it, and share the results of our research applying static analysis to identify the issue. Specifically, we will show our successes and failures using static analysis to identify each type of vulnerability in real-world Android applications. http://www.brighttalk.com/webcast/288/37865 Katrina O'Neil, Security Research Group, HP Enterprise Security Products http://www.brighttalk.com/webcast/288/37865 Hack Threat Android Google HP Application Security Wed, 07 Dec 2011 18:00:00 +0000 With the deluge of new mobile smartphones like Android, iPhone, and others hitting the streets, there are thousands of new attack vectors against a company's IT infrastructure that create potential security nightmares. When users download apps by the droves and then want to connect to core critical infrastructure, how should IT handle it? While there is a drive for increased off-hours and/or offsite productivity using mobiles, can we stomach the changes that are coming, and can our organizations remain (or become) secure? http://www.brighttalk.com/webcast/288/38501 Cameron Camp, ESET http://www.brighttalk.com/webcast/288/38501 threat detection virus ESET proactive protection Wed, 07 Dec 2011 17:00:00 +0000 Global information security landscape: recapping on the major security breaches of 2011 to prepare for a safer and smarter 2012. http://www.brighttalk.com/webcast/288/37895 Jay Bavisi, President, EC-Council http://www.brighttalk.com/webcast/288/37895 cyber security threat breach security Wed, 07 Dec 2011 16:00:00 +0000 Enterprise Cloud Computing: Changing Threats and Evolving Security http://www.brighttalk.com/webcast/288/38779 David Perry, Global Dir. of Education & Jon Clay, Sr. Marketing Mgr Technology, Trend Micro http://www.brighttalk.com/webcast/288/38779 Cloud Threat Security Wed, 07 Dec 2011 15:00:00 +0000 A string of serious security breaches this year has caused many to believe that hackers are raising their game, and using far more sophisticated techniques to penetrate corporate systems. Victims speak of advanced persistent threats (APTs) that are increasingly hard to defend against. But some observers regard the term APT merely as a smokescreen to conceal a lack of basic security, and argue that if companies focus on getting the basics right, they will be immune to all but the most determined attacker. http://www.brighttalk.com/webcast/288/37947 Ron Condon, SearchSecurity.co.UK, Warwick Ashford, ComputerWeekly.com; Vladimir Jirasek, WorldPay, David Perry, Trend Micro http://www.brighttalk.com/webcast/288/37947 hacker threat APT advanced persistent threat Wed, 07 Dec 2011 13:00:00 +0000 Getting real-time visibility on the latest security threats is paramount for organisations to avoid costly blows and brand reputational damage. Tune into this webcast as Dell SecureWorks discuss the following key topics: · The evolution of security monitoring and where we are today · How to effectively detect and react instantly to emerging security threats · Examples gleaned from the coalface where effective monitoring may have made a significant difference http://www.brighttalk.com/webcast/288/39013 Lee Lawson, Solutions Architect, Dell SecureWorks http://www.brighttalk.com/webcast/288/39013 Security threats Security monitoring Wed, 07 Dec 2011 11:00:00 +0000 This webinar will take a look at the classification of cyber criminals in 2011/12 and what we really mean by the term advanced persistent threat (APT). Using recent cases of systems exploitation we will examine the motives, methods and possible defences against the most common threats to IT today. http://www.brighttalk.com/webcast/288/38871 Campbell Murray, Director, TigerScheme Ltd http://www.brighttalk.com/webcast/288/38871 IT threats cyber criminals Wed, 07 Dec 2011 10:00:00 +0000 Security threats from inside an organisation are hardly a new phenomenon whether they are internal IT staff or internal users. However the threat to an organisation is increased exponentially when the access to sensitive information is through administrative, shared or privileged accounts. These represent the most powerful IT users in an organisation, often providing wide-ranging access to any system, application or database within the enterprise. This session will include: - Presenting global research around risks associated with privileged account misuse - Investigating real work examples of the exploitation of privileged accounts - Suggesting key actions the enterprise must address to properly control and secure the information on your network http://www.brighttalk.com/webcast/288/38889 Mark Fullbrook, Director, UK&I, Cyber-Ark Software & Yuval Moss, Director of Professional Services, UK&I, Cyber-Ark Software http://www.brighttalk.com/webcast/288/38889 Security threats Privileged accounts IT users Thu, 01 Dec 2011 21:00:00 +0000 The PCI Security Standards Council introduced 136 changes between version 1.2.1 and 2.0 of the PCI Data Security Standard. This presentation will help you understand what changes your organization needs to make in order to maintain compliance. http://www.brighttalk.com/webcast/288/37723 Jerod Brennen, Principal Security Consultant, Jacadis http://www.brighttalk.com/webcast/288/37723 PCI Compliance Thu, 01 Dec 2011 18:00:00 +0000 Can PCI Compliance be Harmful to Your Security Initiative? Understand and Navigate Compliance in the Real World: PCI Compliance is necessary, but can it be harmful to your security? Does the prescriptive nature of the PCI regulations make enterprises spend money on controls that might be handled in a different way? Could this also cost the enterprise in capital and operational dollars that might be spent elsewhere? PCI Council General Manager Bob Russo's has defined PCI Compliance as a structured "blend...[of] specificity and high-level concepts" that allows "stakeholders the opportunity and flexibility to work with Qualified Security Assessors (QSAs) to determine appropriate security controls within their environment that meet the intent of the PCI standards." The question is how do you define and create the right structured blend for your organization? This webinar will help you to understand the difference between meeting a regulation and executing on a well-defined and successful Software Security Assurance program. Attendees will gain an understanding of common pitfalls in navigating the compliance focused enterprise and walk away with directives on how to create a secure environment while maintaining compliance. http://www.brighttalk.com/webcast/288/37985 Ken Swain – Engagement Manager and Senior Security Engineer, HP http://www.brighttalk.com/webcast/288/37985 PCI Compliance Security Enterprise Thu, 01 Dec 2011 17:00:00 +0000 The presentation will share some ideas on maintaining PCI DSS compliance despite constant business and technology changes. http://www.brighttalk.com/webcast/288/37997 Anton Chuvakin, Research Director, Gartner http://www.brighttalk.com/webcast/288/37997 PCI Compliance Thu, 01 Dec 2011 15:00:00 +0000 This global discussion will answer: -How do you safely and securely implement mobile payments while staying PCI DSS compliant? -How do you ensure that the cardholder data that is transferred or stored is secured? -How are mobile operators addressing PCI DSS compliance globally? http://www.brighttalk.com/webcast/288/38713 Mike Dahn, PwC (Moderator); David Froud, Trustwave; Marc Massar, VeriFone http://www.brighttalk.com/webcast/288/38713 PCI Compliance PCI DSS compliance Thu, 01 Dec 2011 13:00:00 +0000 PCI is about compliance, right? Surprisingly the answer is no, it was designed to reduce the risk to cardholder data loss, nothing more. Compliance was the means to get organisation moving towards a secure posture where little previously existed. It worked, PCI has introduced the culture shift necessary to accept what was the inevitable next step; integration of the PCI controls into what's actually most important, staying in business securely. This webinar will attempt to show where PCI was, where it is now, and where it will go based on current trends. More importantly, it will show you where PCI fits into an overarching Governance programme that can provide a true ROI to businesses of any type. http://www.brighttalk.com/webcast/288/37047 David Froud, Director of Delivery EMEA, Trustwave http://www.brighttalk.com/webcast/288/37047 PCI Compliance PCI Security IT Governance Thu, 01 Dec 2011 12:00:00 +0000 PCI compliance has become a business requirement for any company involved in the processing of credit card information. It requires strong security controls over all systems and applications that process or store cardholder information. The PCI Council released new Guidelines for Virtual Environments on June 2011 that include new requirements for PCI compliance. These new requirements require security capabilities not mandated by the original PCI Guidelines. In this session we will review the new requirements and see how CA Security solutions may help customer complying those new challenges. Guy Balzam has over 12 years of experience in IT and Information Security both as a developper and consumer of IS products. In his past roles Guy specialized in enterprise security, managed the ELAL airlines IT security unit and led their PCI certification process. With his vast knowledge of identity and access management Guy is now a Principal Product Manager of leading security products for CA Technologies. Eric Chiu is CEO and co-founder of HyTrust, Inc. (http://www.hytrust.com/), a virtualization security company based in Mountain View, CA. He brings significant executive experience in high tech management and finance to this role. Previously serving as Vice President of Sales and Business Development at Cemaphore Systems, a leader in disaster recovery for Microsoft Exchange, Chiu built these departments from the ground up, consistently delivering significant quarter-over-quarter revenue growth and putting in place key OEM partnerships. Before that, he led Business Development at MailFrontier until its successful acquisition by SonicWALL. Formerly a Venture Capitalist for Brentwood (now Redpoint) and Pinnacle, he also served in the M&A Group for Robertson, Stephens and Company. Chiu holds a BS in Materials Science and Engineering from UC Berkeley. http://www.brighttalk.com/webcast/288/38767 Guy Balzam, Principal Product Manager, CA Technologies; Eric Chiu, Founder and President, HyTrust http://www.brighttalk.com/webcast/288/38767 PCI Compliance Desktop Virtualization pci Thu, 10 Nov 2011 16:00:00 +0000 The boundaries between work and life have blurred and users expect consistent access to corporate services from wherever they are, on any device and at any time. This is driving IT to look at new technologies to better support the business, users and their own organizations. The result is often a combination of multiple devices and a mix of delivery platforms, and it creates a growing challenge for IT to deliver and support a consistent and secure user experience. Join guest analyst Rachel Chalmers of The 451 Group in an interactive session led by Jeff Wettlaufer, RES Software Sr. Global Director of Product Marketing. They will discuss desktop trends faced by IT and solutions available to address these new demands and enable context aware hybrid desktops and automated service portfolios. Rachel will provide findings and recommendations based on the latest 451 research surrounding desktop virtualization technologies. Attendees will learn: * How IT can better navigate today's hybrid desktop environments by introducing centrally controlled and flexible workspaces to provide users consistency across devices and delivery platforms. * The importance of understanding context beyond user name and enabling their workspace to react to that context with dynamic services. * The benefits of simplified and centralized automation portfolios to help implement, administer and support new desktop technologies. * How workspace and automation management solutions can improve future OS migrations and infrastructure changes with minimal disruption to users. http://www.brighttalk.com/webcast/288/38043 Rachel Chalmers, Research Director, The 451 Group; Jeff Wettlaufer, Sr. Director of Global Product Marketing, RES Software http://www.brighttalk.com/webcast/288/38043 Desktop Virtualization mobile virtual desktop Thu, 10 Nov 2011 15:00:00 +0000 Everyone says to virtualize your desktops and you will be more secure, but is that really the case, we will look into the concept around 'more secure' with why this could be and most likely is not the case. Can it be more secure, perhaps, is it? The reality is a bit less than people realize and could open the door to more risk. Edward Haletky provides Virtualization, Virtualization Security, Network Security, Secure Coding Consulting and Courseware as well as Linux Security and Application Development. * Author of "VMware Virtual Infrastructure Security: Securing the Virtual Environment" and "VMWare ESX Server in the Enterprise: Planning and Securing Virtualization Servers", published December 2007, Copyright 2008 Pearson Education. * Guru and moderator for and participant in the VMware Community Forums. * Moderator for the Virtualization Security Podcast held every other week on thursday. * Analyst and Managing Director for The Virtualization Practice, LLC. * Participant in the VMware VMTN Communities Roundtable Podcast held every wednesday. * Blogs about Virtualization on his own Blog, Blue Gears, as well as for the Virtualization Practice and TechTarget. * Writer for various online and physical magazines. Specialties * Virtualization Security * VMware Virtual Infrastructure * Network Security * Secure Coding * Linux Security * Linux Application Development http://www.brighttalk.com/webcast/288/36965 Edward Haletky, Managing Director, The Virtualization Practice http://www.brighttalk.com/webcast/288/36965 desktop virtualization virtualization security Wed, 09 Nov 2011 21:00:00 +0000 In today's economy, budgets for data security can be scarce. In most companies, security is considered to be a cost center into which you can pour a lot of money yet still be considered "insecure". However, security and privacy techniques can be turned around to show businesses how much money is being saved by avoiding breaches or incidents, improving workers’ productivity and potentially avoiding lawsuits. In this presentation, Alex Holden, Director of Enterprise Security at Cyopsis, will discuss innovative ways to leverage security and privacy to show businesses return on their investments and justify additional necessary security expenditures. http://www.brighttalk.com/webcast/288/36587 Alex Holden, Director of Enterprise Security, Cyopsis http://www.brighttalk.com/webcast/288/36587 information security cyber data cyber security Wed, 09 Nov 2011 20:00:00 +0000 The issue of application security continues to dominate headlines, and with an ever changing security landscape organizations are tasked with not only preventing attacks similar to those seen in the news but also to protect against future evolved attacks. This webinar will review the year's high profile hacks and pinpoint where companies were tripped up by the small cracks in their Software Security programs. Attendees will walk away with actionable knowledge of advanced persistent threats, how to identify their company's security posture and what remediation efforts can help fill in those holes. http://www.brighttalk.com/webcast/288/37537 Joel Parish, Senior Security Consultant, HP ESP http://www.brighttalk.com/webcast/288/37537 Threat Cyber Security Application HP Wed, 09 Nov 2011 19:00:00 +0000 It has long been recognized that there exists an urgent need to improve security education and that the security community needs to begin educating a broader audience than just those who work in technology. The primary method for educating the general public about cyber security has been to construct top-ten security lists, which often communicate a false sense of security to its readers as it implies all that is necessary to achieve security is to follow a list of broad steps. This presentation will address the issue of computer security literacy and will demonstrate by example how to teach a couple relevant security topics in the context of tasks many people perform everyday. The talk will also provide a case study looking at Iowa State University's efforts to provide security literacy. http://www.brighttalk.com/webcast/288/36833 Doug Jacobson, Director, Iowa State University Information Assurance Center http://www.brighttalk.com/webcast/288/36833 Cyber Security Wed, 09 Nov 2011 18:00:00 +0000 K-12 schools, colleges, students and administrators are facing an increasing number of complex cyber-security threats, which can lead to negative educational, financial and legal outcomes. Education IT professionals must deliver greater security without compromising learning, instruction and collaboration and without exceeding limited budgets. This technical webinar will help IT professionals in the education sector learn how to implement secure learning and collaboration, by utilizing "Trusted Hardware" in data center servers, in the cloud and in client devices; specifically, how to create a secure "Root of Trust" across the entire education computing In this webinar you will learn: - Which types of security-enhanced hardware are already in the field - in the classroom, in the homes and backpacks of students, and in the offices and data centers of administrators - How activating these untapped security capabilities through utilization of specific, complementary software components, can reduce a wide variety of risks and costs related to both data security and IT asset security and recovery - How hardware policies and software components can work together to reduce risk - What Intel's recent merger with McAfee means for your network security http://www.brighttalk.com/webcast/288/36835 John Skinner, Director of Secure Enterprise and Cloud Initiative, Intel Americas Inc. http://www.brighttalk.com/webcast/288/36835 Cyber Security Education School IT Server Cloud Wed, 09 Nov 2011 17:00:00 +0000 And the results are in. Charged with developing recommendations to accelerate the adoption of cloud technologies in the U.S. Government and commercial space, the Commission on the Leadership Opportunity in U.S. Deployment of the Cloud (CLOUD2) has completed its 3-month study - identifying potential barriers, recommending actionable solutions, and outlining the keys to successfully transitioning to the Cloud. Please join us on Wednesday November 9th with Wyatt Starnes, CLOUD2 Commissioner and Vice President Advanced Concepts at Harris Corporation, at Jim Ganthier, Vice President ISS Marketing at HP as they present CLOUD2 Presidential Commission - Critical Recommendations for Using Cloud Computing to Make Your Business More Competitive. We will review the Commission's findings and discuss how the Harris Trusted Enterprise Cloud, built on HP Converged Infrastructure, builds upon its recommendations. Plus, all attendees will receive our CLOUD2 Checklist. We look forward to seeing you there. http://www.brighttalk.com/webcast/288/35079 Wyatt Starnes, VP Advanced Concepts, Harris Corporation, Jim Ganthier, VP ISS Marketing, Hewlett-Packard and Mike Vizard http://www.brighttalk.com/webcast/288/35079 Federal Enterprise Cloud Commission CLOUD2 Wed, 09 Nov 2011 17:00:00 +0000 In the past two years we have seen a paradigmatic shift on nature of the cyber threats industry is facing. We are now well beyond the days of hackers, breaches and perimeter defense. Today the sort of ultra sophisticated, multi dimensional attacks that were confined to governments and the Defense Industrial Base just a few years ago are in evidence far more broadly. The attackers we need to be concerned with are not script kiddies "hacktavists" (although they are still around) Our greater concern is with well organized, well funded, very sophisticated and probably stated supported attackers who will compromise any system they target. This does not mean we have no defense, but rather that we need to rethink defense both at an enterprise and government level. Some enterprises, and some policy makers are realizing this advanced threat will require a new more incentive based approach to cyber defense, however some are unfortunately clinging to outdated models that could do more harm than good. This webinar will examine all these topics. http://www.brighttalk.com/webcast/288/37657 Larry Clinton, President & CEO, Internet Security Alliance http://www.brighttalk.com/webcast/288/37657 cyber security Wed, 09 Nov 2011 16:00:00 +0000 Many organizations are now migrating to Next-Generation Firewall (NGFW) solutions to improve security, consolidate functionality and ensure compliance. In this session we will examine the cyber security challenges faced by real world companies and how they used Next-Generation Firewall solutions to solve them. You will also hear live from The Spence Group Services, a distributed enterprise with 56 retail outlets - about how they used a Next-Generation Firewall solution to simplify and improve security while getting PCI Compliant. http://www.brighttalk.com/webcast/288/37541 Patrick Sweeney, VP of Product Management at SonicWALL Jack Klosterman, Director of IT at Spence Group Services http://www.brighttalk.com/webcast/288/37541 Firewall Threat PCI Compliant Deploy Security Wed, 09 Nov 2011 15:00:00 +0000 Security folks need a seat at the Cloud and Virtualization table for architecture and design, how do you get that seat? Security is not about ROI so to speak nor is it about compliance, but it is about protecting the data. Can you achieve security by meeting the minimum requirements of compliance. How can you get the most out of your security environment with very little cost. Reuse, Recycle, Rethink http://www.brighttalk.com/webcast/288/37691 Edward Haletky, Managing Director, The Virtualization Practice http://www.brighttalk.com/webcast/288/37691 Cloud Security Virtualization Security Wed, 09 Nov 2011 13:00:00 +0000 This presentation will describe ways to tackle the insider threat.  For the smarter organisations this presents an opportunity in harder times to quickly and significantly reduce their exposure through straightforward and relatively inexpensive initiatives.     - People want to be more secure – there is an enormous willingness amongst workforces to follow good practice. How can we harness and channel their support? - Dealing with breaches of trust rather than breaches of security. - Getting their attention – moving employees from being unaware to being committed to information protection, using real-life stories and subject matter that people are concerned about. - Measurement – “if you’re not measuring, you’re only practising”. - Case study and proposed model for an effective security communications programme. http://www.brighttalk.com/webcast/288/37041 Martin Smith MBE, Chairman & Founder, The Security Company (International) Limited http://www.brighttalk.com/webcast/288/37041 IT Threats IT Security Cyber Security Wed, 09 Nov 2011 12:00:00 +0000 The webcast will take the attendee on a journey through the threat landscape taking in sights such as the latest activity on Trojans and viruses, how the bad guys are stealing intellectual property through the use of malware, how they broke into RSA and prevented Iran getting the nuclear bomb. We will also touch on the future of cyber warfare and how hacktivism has changed the threatscape, finishing off with rounding up the usual suspects. Lee Lawson, head of the Security Testing and Response teams for EMEA will discuss the cyber threats currently facing organisations in the UK and across the globe. Lee will touch on some recent high-profile examples and also evaluate the future of cyber warfare describing how hacktivism has changed the threat landscape for the foreseeable future. Key themes covered in the session: •Gain insight into the threats facing your organisation •An analysis of threat intelligence gathered from the coalface that will illustrate evolutions and revolutions in the cyber landscape •What has Dell SecureWorks observed across its client base in 2010, and what 'new' behaviours have been identified? •Inferences, conclusions, and the road ahead: what are the qualitative outcomes of our findings and how can these help inform your strategy for 2011 http://www.brighttalk.com/webcast/288/37923 Lee Lawson, Solutions Architect, Dell SecureWorks http://www.brighttalk.com/webcast/288/37923 IT Threats IT Security Cyber Security Wed, 09 Nov 2011 11:00:00 +0000 Synopsis: * What is an identity? * Cyberspace: What about it? * Personal Identity: Your most valuable asset? * Identity in the Cyberspace * Keeping your identity secured in cyberspace http://www.brighttalk.com/webcast/288/37393 Tolu Aladejebi, CISA, CISSP http://www.brighttalk.com/webcast/288/37393 Identity Theft Cyber Security IT Threats IT Wed, 09 Nov 2011 09:00:00 +0000 Vladimir is experienced security professional with big focus on applying sensible and pragmatic security controls and models to support business objectives. He has performed variety of IT and Information security roles in large FTSE organisations. These roles have included: Enterprise Security architecture using best practice architecture frameworks Information security, risk and compliance management Managing internal security consultancy Managing security operations team Providing security consultancy to various projects Vladimir has delivered successful security projects that helped with PCI DSS compliance, securing mobile operators infrastructure, formalising security involvement in development projects and providing consistent and relevant security metrics to key stakeholders. Additionally he is active in UK and international security community, notably Common Assurance Maturity Model (www.common-assurance.com) where he leads development of IT Services control framework. He is participating in OpenGroup's Security Forum project to integrate SABSA model to TOGAF in order to strengthen security in TOGAF ADM. http://www.brighttalk.com/webcast/288/36607 Vladimir Jirasek, Senior Enterprise Security Architect, Nokia http://www.brighttalk.com/webcast/288/36607 Enterprise Security Cyber Security IT Security Tue, 08 Nov 2011 17:00:00 +0000 The world of network security threats has changed radically and chances are your firewall is not providing the security you need. This 40 minute webinar reveals what has changed and how you can easily make the switch to a Next-Generation firewall. Customers who have traded-up to SonicWALL will share their challenges and perspectives on making the switch from Cisco, Check Point and others. http://www.brighttalk.com/webcast/288/36545 Scott Grebe, SonicWALL & Eoghan Bacon, VP, Systems, BTMU Capital Corporation http://www.brighttalk.com/webcast/288/36545 SonicWALL firewall security Wed, 02 Nov 2011 15:00:00 +0000 Security, loss of control and new compliance issues are among some of the reasons why enterprises are hesitant to move their data and applications to cloud-based architectures; but are these inhibitors legitimate or overblown? Michael Santarcangelo and Josh Corman will share their thoughts on the different inhibitors to the cloud and share their expertise on how to approach cloud adoption and how to take advantage of the unique benefits of the cloud. -Michael Santarcangelo, The Security Catalyst -Josh Corman, Director, Security Intelligence at Akamai Technologies http://www.brighttalk.com/webcast/288/35667 Josh Corman & Michael Santarcangelo http://www.brighttalk.com/webcast/288/35667 cloud security SaaS PaaS Thu, 27 Oct 2011 19:00:00 +0000 Incident Response starts with, "What's your plan?" Does it focus on your Cloud environment? How will you detect, notify, isolate, and contain cloud-based incidents? We focus on developing/ramping-up cloud-specific IRPs. "The Cloud." Where small and large organizations are going and have gone. You want to be in the cloud, but how do you protect it? Incident Response starts with detection. How do you detect what or who is in your cloud? If an incident occurred, would you know? We present a strategic approach to improving IR awareness and detection to meet the cloud's elevated demands. We will help you analyze your IR requirements across the IaaS, SaaS and PaaS platforms, and discuss how to talk with your vendor, risks to management, and IR containment, recovery, and evaluation test procedures. http://www.brighttalk.com/webcast/288/36621 Erika Voss, CGI & James Hewitt, CGI http://www.brighttalk.com/webcast/288/36621 compliance GRC security cloud incident Thu, 27 Oct 2011 18:00:00 +0000 Many organizations have embraced, or are considering, the benefits of cloud computing – speed, flexibility, increased expertise, shared workload, reduced costs, etc. The benefits are many – but so are the risks. What are the threats to cloud security? Which parties assume responsibility for securing the environment? What about the data? Which type of cloud deployment offers superior security benefits? This presentation examines cloud computing from a security and compliance perspective. Global information security standards and prevalent regulations focus on maintaining the confidentiality of data, leaving technology responsible for it processing to the discretion of the affected organizations. Most of these documents were written prior to general availability and adoption of cloud computing as a business model; none currently contain cloud-specific requirements. A regulated organization must therefore balance technological momentum with regulatory inertia. Is it realistically possible for forward-looking technologies to be retro-fitted for aging compliance requirements? How have global standards such as the Payment Card Industry Data Security Standard (PCI DSS), for example, kept pace with emerging technologies and business practices? http://www.brighttalk.com/webcast/288/35875 Marne Gordon, Regulatory Analyst, IBM Corporate Security Strategy http://www.brighttalk.com/webcast/288/35875 cloud computing IBM PCI security compliance Thu, 13 Oct 2011 20:00:00 +0000 Critics have likened cloud computing to flying in an airplane, in that loss of service could be catastrophic to an organization that trusts its data in the cloud. For those who have chosen the cloud computing route for their business, this session will liken cloud implementation to buying a car. Just as a new car purchase requires research and preparation to get the highest quality product at the best price, organizations should do their homework to ensure effective cloud service that delivers high availability and good performance. The session will start by examining the most common concerns expressed by enterprises when making decisions around cloud computing, including possible downtime and loss of data control. With the risks carefully delineated, we will then outline the steps to the most effective cloud solution possible such as prioritizing services by tiers, establishing recovery time objectives (RTOs) and recovery point objectives (RPOs), and the important questions to ask regarding data handling and how to negotiate favorable SLAs. Speaker Bio: Kevin Rowney is a data loss prevention visionary who joined Symantec in 2007 as part of the Vontu acquisition, a company which he founded. He currently oversees MegaTrends and Breach Response at Symantec and is focused on helping customers address breach incidents and identifying risks of future breaches. He also drives MegaTrends thought leadership at Symantec, covering Moblity, Cloud and Virtualization. For the past 14 years, Rowney served in a variety of security roles at software startups in Silicon Valley. At Vontu, Rowney conceived the original value proposition, designed the system architecture and wrote the patent-pending search algorithms used in their award-winning product. http://www.brighttalk.com/webcast/288/34561 Kevin Rowney, Senior Director, Breach Response and MegaTrends, Symantec Corporation http://www.brighttalk.com/webcast/288/34561 managing cloud services Thu, 13 Oct 2011 19:00:00 +0000 An increasingly mobile workforce, the move to the cloud, and the proliferation of mobile devices used by employees are blurring the boundaries of the traditional network security perimeter. Organizations are deploying core business applications and sensitive resources across a greater number of web-based, cloud-based and on-premise servers and are having difficulty implementing and managing consistent, unified access policies to corporate resources. This webinar will discuss how organizations can pursue a consistent authentication policy across the board by extending enterprise identities to the cloud, facilitate IT administration through automatic provisioning of cloud users and significantly improve convenience for employees with SSO. http://www.brighttalk.com/webcast/288/35211 Andrew Young, SafeNet http://www.brighttalk.com/webcast/288/35211 managing cloud services Thu, 13 Oct 2011 15:00:00 +0000 Gartner research conducted in 2011 revealed that just over 50% of respondents cited 'Security of Service' as their primary concern when implementing a cloud solution. Industry experts - Mike Small (Fellow Analyst, Kuppinger Cole + Partner), Martin Hingley (ICT Research Analyst, ITCandor Limited) and Len Padilla (Senior Director of Technology, NTT Europe) - will discuss the principles of Confidentiality, Integrity and Availability and how they can and should be applied to the plans of any business looking to move their hosting solution onto a cloud platform. http://www.brighttalk.com/webcast/288/34767 Len Padilla, NTT Europe; Mike Small, Kuppinger Cole, Martin Hingley, ITCandor http://www.brighttalk.com/webcast/288/34767 IT GRC Cloud GRC IT Governance Compliance Wed, 12 Oct 2011 21:00:00 +0000 There is a time and place for everything, and choices are made easier when you understand what you’re trying to accomplish, especially with nascent application security programs. Cloud-based security-as-a-service offers a flexible, affordable and quick way to jumpstart application security testing, but you have to begin such a journey with an end in mind. This session will talk about the advantages of using cloud-based security-as-a-service in such a way that you can build the foundations for a successful software security assurance program that builds a positive security culture and makes lasting, systemic changes to the way you develop secure software. http://www.brighttalk.com/webcast/288/35737 Jason Schmitt - Sr. Product Marketing Manager, Application Security HP http://www.brighttalk.com/webcast/288/35737 Cloud Application Security Security-as-a-Service Wed, 12 Oct 2011 20:00:00 +0000 It used to be that software vendors sold native applications that would run on a single environment, sheltered by firewalls and anti-virus software, leaving data on a local drive. Today’s SaaS applications have made every application a Web application and thus made their customers’ once internal applications external ones. Ultimately, the increased risk of cyber attack has made security objectives a business target just like sales goals. This interactive session will discuss real-world examples of companies aligning security and business goals while transitioning to the cloud and how they tackled long-standing issues to develop a continuous security culture. Attendees will learn how Web applications have become the primary attack target of a cloud-based organization with a thorough look at statistics on recent hackings. They will also learn how the movement towards cloud computing has reduced, even erased, effectiveness of the network security layer from a technical standpoint and what risks insecure applications on the cloud pose to themselves and other companies. Additionally, listeners will gain an understanding of how fix and remediate these key risks though secure coding practices. http://www.brighttalk.com/webcast/288/34971 Jim Manico, VP Security Architecture, WhiteHat Security http://www.brighttalk.com/webcast/288/34971 cloud security Wed, 12 Oct 2011 19:00:00 +0000 With the rise of large-scale botnets, Distributed Denial of Service (DDoS) is making a resurgence, both in frequency and sophistication of attack. With our 84,000+ server, globally distributed network, Akamai Technologies is in a unique position to observe and defend against these attacks. Drawing on our real-world experiences in defending customers against attack, Akamai will cover DDoS attacker techniques, Akamai's defense strategies, and lessons learned for effectively responding to this threat. YOU WILL: - Learn trends in attacker targets, tactics, and techniques - See current DDoS attack examples - Gain insight into recommended defense strategies, including instrumentation and monitoring, traffic redirects, and Akamai's DDoS defense architecture. http://www.brighttalk.com/webcast/288/35573 Michael Smith, Security Evangelist & John Buten, Senior Manager Enterprise Marketing, Akamai http://www.brighttalk.com/webcast/288/35573 Cloud DDoS Monitor Attack Network Security Wed, 12 Oct 2011 18:00:00 +0000 The rapid growth and adoption of cloud computing leads to sometimes confusing situations where security remains an afterthought. At a time when everyone is expected to do more with less, the difference between success and failure hinges upon the ability to communicate effectively. In fact, many people now realize the ability to communicate the value of security, and of their efforts, is the difference between career success and failure. Join Michael Santarcangelo (of The Security Catalyst) to share his five-step “Catalyst Communication Framework” used to effectively communicate the value of cloud security and learn how to: •communicate and standardize the definition of cloud security •convey the value behind security-minded actions to gain the budget and support •encourage others to consider the security of their actions No tricks, tips or gimmicks; Michael breaks down how to assess, distill and communicate the value of cloud security, effectively. http://www.brighttalk.com/webcast/288/34463 Michael Santarcangelo, The Security Catalyst http://www.brighttalk.com/webcast/288/34463 cloud security Wed, 12 Oct 2011 17:00:00 +0000 "Privacy in Public: How Organizations are Securely Managing Sensitive Assets in the Cloud" While a lot is being written about ensuring security in cloud environments, precious little is coming from the organizations and practitioners that have successfully met this challenge in the real world. This webcast will detail specific scenarios of successful cloud deployments, revealing best practices & strategies for how organizations should migrate sensitive assets to the cloud, while establishing and sustaining the requisite levels of security, privacy, and trust. http://www.brighttalk.com/webcast/288/35209 Betty Liang, SafeNet http://www.brighttalk.com/webcast/288/35209 cloud security Wed, 12 Oct 2011 16:00:00 +0000 Google Apps is one of the fastest growing cloud computing applications. Over 3 million businesses store their critical data in Google Apps and thousands more sign up every day. Are they crazy? Or have they embraced the inevitable? This session will detail how the Google addresses the various security and privacy concerns organizations have when moving to the Google Cloud. Come to this session to learn more about the physical and logical security features of Google Apps and decide for yourself if your data would be safer in Google’s cloud. http://www.brighttalk.com/webcast/288/34599 Eran Feigenbaum, Director of Security, Google Enterprise http://www.brighttalk.com/webcast/288/34599 cloud security Wed, 12 Oct 2011 13:00:00 +0000 For many Enterprises and Service Providers one of the first steps towards deploying cloud infrastructure has been the addition of virtualization into their data centers. Virtualization raises a new set of security threats and additional challenges for security monitoring. Securing the cloud must also include securing access to the cloud and this session will also talk about the challenges introduced by the widespread adoption of mobile devices as business tools, and how both mobility and virtualization impact the traditional security perimeters. Georgina is a Business Development Director for Data Center and Cloud at Juniper Networks. Coming from a systems engineering background, Georgina has worked for 18 years with Service Providers on the deployment of IP, MPLS, Security and Cloud Assurance Solutions. http://www.brighttalk.com/webcast/288/35847 Georgina Schaefer, Cloud/DC Business Development Director, Juniper Networks http://www.brighttalk.com/webcast/288/35847 Cloud Computing Cloud Security IT Security Wed, 12 Oct 2011 12:00:00 +0000 Virtualisation has been one of the most exciting innovations to take off in the IT sphere of the last decade. Virtualising vast swathes of your infrastructure can deliver substantial savings in terms of hardware, power cooling and most importantly, valuable data centre space. Virtualisation has also led to to the rise of cloud computing as a viable proposition. But virtualisation can also cause massive headaches when trying to secure your newly virtualised environment. Suddenly, traditional designs for segmentation, endpoint defence, and traffic inspection no longer work. Traditional architectures have gaping security holes when applied to virtualised environments. In this Dell SecureWorks webcast, Neil Anderson, a Principal Consultant from the Infrastructure Protection & Mobility team, will discuss:where the problem exists when trying to secure the virtual environmental, common pitfalls for organisations and advice to combat these issues: -Roadblocks to securing the virtual environmental -Experience from the coalface: Common pitfalls -Expert advice on how to secure the virtual environment As a member of the infrastructure protection and mobility team, Neil Anderson provides consultancy and pre-sales support for network security projects across the UK. Neil is responsible for the design, specification, architecture and implementation of network security solutions across the range of services offered by the infrastructure protection and mobility team. As a qualified CLAS consultant, Neil also provides network security consultancy services for clients to achieve compliance with Government standards and industry best-practice http://www.brighttalk.com/webcast/288/36035 Neil Anderson, Principal Consultant, Dell SecureWorks http://www.brighttalk.com/webcast/288/36035 Cloud Security virualization cloud Wed, 12 Oct 2011 11:00:00 +0000 As the adoption of cloud computing and consumerisation of IT continues to accelerate, many IT organisations are forced to revisit their traditional security models in order to address the new risks being introduced. This session explores the impact of cloud computing and consumerisation of IT on security and how these emerging trends are reshaping the evolution of identity & access management (IAM), information protection, and compliance-related technologies and architectures. In this session, we’ll look at: •Understanding the various cloud security approaches – security to the cloud, for the cloud and from the cloud – and the key challenges facing them •Security considerations for embracing cloud computing, consumerisation of IT and social computing •The growing trend towards context- and content-aware IAM and the key role it plays in bridging the traditionally separate identity management and information protection silos Speaker Biography Shirief Nosseir is EMEA product marketing director of security management solutions at CA Technologies. With 25 years in the software industry, Shirief’s experience ranges across the fields of security management, service and infrastructure management, application lifecycle management and business intelligence. This allows him to have insightful understanding of how to assist enterprises in developing business-oriented architectures, while melding traditionally disparate technologies into whole solutions. Shirief is a regular speaker at conferences and educational events and presents frequently on the impact of emerging trends and technologies on enterprise security architectures. Speaker details: Shirief Nosseir CA Technologies (www.ca.com) EMEA Product Marketing Director, Security Management, CA Technologies http://www.brighttalk.com/webcast/288/36019 Shirief Nosseir, EMEA Product Marketing Director, Security Management, CA Technologies http://www.brighttalk.com/webcast/288/36019 IT Security Cloud Security Consumerization Wed, 12 Oct 2011 10:00:00 +0000 In recent years, we have been inundated with all sorts of information relating to “the cloud”. Various school of thoughts on definitions of the cloud and several debates on differences between cloud services, managed hosting etc. Despite these debate there is one thing the various schools of thought have in common: Risks As the inevitable adoption of cloud services continue to grow, it is important to ensure best practice approach is taken to embrace an area that has not only been in existence for a long time but here to stay. This webinar focuses less on the technology offerings available but rather best practice approach to managing risks relating to cloud services adoption .It provides high level information on addressing the fears of the known (security, availability, trust and performance) and how best to maximize its benefits without increasing exposure to risks Benedict Olaoya is the Director of Security Awareness for Cloud Security Alliance UK & Ireland Chapter. He has several years of experience in the information Security, Risk, Governance and Compliance industry and has held various roles providing consultancy services both in the public and private sector. He is also currently a domain lead in a global initiative for providing a framework to attest Information assurance maturity for third party providers/supplier called Common Assurance Maturity Model (CAMM). http://www.brighttalk.com/webcast/288/35889 Benedict Olaoya, Director of Security Awareness, UK & Ireland Chapter, CSA http://www.brighttalk.com/webcast/288/35889 Cloud Security IT Risk Cloud Risk IT Security Wed, 12 Oct 2011 09:00:00 +0000 Cloud computing is fundamentally shifting the enterprise network from fixed, data-centric, server technologies to a flexible, application-driven, dispersed network that aligns more closely to business needs. Today, the adoption of cloud computing is enabling companies around the world to be successful despite their size and existing technology infrastructure. In this presentation, Travis Spencer, a Sr. Technical Architect in Ping's CTO office, will review lessons learned from the hundreds of Ping Identity customers who have implemented cloud identity strategies. Travis Spencer is a Senior Technical Architect reporting to Ping Identity's CTO. He has over a decade of application development experience which includes the design of large-scale service-oriented and federated systems. His experience federating SaaS offerings with some of the world's largest financial institutions coupled with his low-level understanding of federation protocols (e.g., SAML, WS-Trust, and WS-Federation) has allowed him to help numerous companies successful begin using cloud computing. His knowledge of OpenID and OAuth also provides him with a unique perspective on the relationship between enterprise- and consumer-grade digital identity management. http://www.brighttalk.com/webcast/288/35603 Travis Spencer, Senior Technical Architect, Ping Identity http://www.brighttalk.com/webcast/288/35603 Cloud Computing Cloud Adoption IT Security Tue, 11 Oct 2011 19:00:00 +0000 For many organizations, moving to the cloud is all about scalability. However, if your organization is migrating sensitive or regulated data to the cloud, security is a critical requirement—and a significant potential roadblock. Quite simply, the security mechanisms employed can undermine, or even negate, the cloud’s scalability benefits. This webcast will explore effective strategies for optimally deploying data protection solutions-specifically encryption and key management- in cloud environments, so you can realize both maximum scalability and security. In addition, the webcast will discuss how, by leveraging open standards, you can centrally manage all encryption keys and policies, both in the cloud and in other environments, so you can optimize administrative efficiency. http://www.brighttalk.com/webcast/288/35207 Saikat Saha, SafeNet http://www.brighttalk.com/webcast/288/35207 cloud infrastructure Thu, 22 Sep 2011 17:00:00 +0000 Today, it is clear a new wave of organized, state sponsored, espionage is targeting commercial and federal information systems with continuous long term attacks. Most vendor countermeasures are promoting anti-malware AV & simplistic IP level firewall solutions to protect client or endpoint computer systems with access to the network. This focus has proven largely ineffective as adversaries typically test against major AV packages prior to launching attacks resulting in high client infection rates. This puts more emphasis on application level security to protect information- even after client infection has occurred. In this technical webinar, independent federal security expert Gunnar Peterson explores how a Security Gateway, deployed at the network edge can deliver deeper inspection of XML based web service traffic for advanced APT threat identification, attribution, and proactive monitoring. http://www.brighttalk.com/webcast/288/35215 Blake Dournaee, Gunnar Peterson, Jeff Goldberg and Robert Richardson http://www.brighttalk.com/webcast/288/35215 Intel threats anti-malware security Thu, 22 Sep 2011 16:00:00 +0000 Please, join us for a very informative webinar on September 22nd, with Brian Kingbeil, SVP of Savvis and Nick Van Der Zweep, Director, Bus. Strategy, Industry-standard Servers & Software at HP to learn how Cloud Computing can truly become your strategic weapon for success. In this one hour session, you will learn what Cloud delivers and the hype around it. Topics covered will range from: -Eradicate excess costs from IT operations -Scale up or down in a volatile business environment -Pay as you go -Reap all the advantages of outsourcing while retaining control -Optimize server utilization We will also dispel the following myths of Cloud Computing: -Cloud is not enterprise ready -Cloud is not secure -Cloud performance is not optimum -Cloud is not reliable -Cloud does not allow enough control Dip your feet in the water with a migration roadmap that addresses cost, resource, security, and compliance challenges. http://www.brighttalk.com/webcast/288/34081 Brian Kingbeil, SVP, Hosting, Savvis & Nick van der Zweep, Director, Bus. Strategy, Industry-standard Servers & Software, HP http://www.brighttalk.com/webcast/288/34081 Enterprise Cloud Compute IT Server Enterprise Wed, 21 Sep 2011 12:00:00 +0000 Cloud services, especially multi-tenancy ones, offer users significant savings over traditional IT operations, while modernizing internal application provision through virtualization helps to keep organizations agile and productive. The UK is a progressive IT country, where new ideas are adopted quickly yet it is still important to remain cautious regarding new directions. In this cloud service webinar, Martin will size the current adoption levels of Cloud services and private Cloud building in the UK, giving examples of advanced users and innovative approaches. He will discuss the challenges of sharing, data jurisdiction and trust, while outlining the comparative advantages of different types of public and private Cloud adoption. He will share ITCandor’s market forecasts and outlook for the UK market. Martin Hingley is a veteran industry analyst who heads up the independent research company ITCandor. He is a consultant, frequent blogger at and speaker. ITCandor sizes the ITC market on a quarterly basis, addressing themes such as Cloud Computing, Corporate Client Refresh and Corporate and Social Responsibility. It also helps users develop strategies to make the most of technology changes. http://www.brighttalk.com/webcast/288/33911 Martin Hingley, Industry Analayst, ITCandor http://www.brighttalk.com/webcast/288/33911 Cloud Cloud Services webinar Virtualization Thu, 15 Sep 2011 20:00:00 +0000 Vulnerabilities are everywhere. Knowing where they are is useful—but know which one will be exploited is much more useful. Security professionals need to focus on real threats plaguing today’s practitioners and provide up-to-date statistics on actual attack data. Where can they get such data? Imperva’s Hacker Intelligence Initiative analyzes hacker attack data on a regular, detailed basis and helps answer: What are the most commonly exploited vulnerabilities? What are the trending topics hackers are discussing? Where should practitioners focus their Web security controls? The talk will discuss each of these questions separately and provide data collected from: •Imperva honey pots which track and record live attack traffic •Monitored discussions on hacker forums •Analyses of hacker technologies and innovations http://www.brighttalk.com/webcast/288/33551 Noa Bar Yosef, Senior Security Strategist, Imperva http://www.brighttalk.com/webcast/288/33551 Threat Management Summit Thu, 15 Sep 2011 19:00:00 +0000 Are you thinking about deploying data loss prevention (DLP), but not sure where to start? Join this webcast to learn how you can achieve quick wins and reduce your data loss risk. You’ll hear best practices from an InfoSec veteran who has had success with DLP. During this webcast, attendees will learn: • Security Trends Driving DLP Projects • Key DLP Requirements • How DLP Works • The True Life Story of DTE Energy’s DLP Program http://www.brighttalk.com/webcast/288/33485 Joseph O’Laughlin, Product Marketing Manager, Symantec and John Townsend, Manager, Information Protection & Security, DTE http://www.brighttalk.com/webcast/288/33485 Data loss prevention DLP best practices Thu, 15 Sep 2011 18:00:00 +0000 Clean, nice, positive, polite, unobtrusive, under-the-radar security has not worked. The recent flood of successful hacks illustrates security's abysmal failure to hit the target. Large enterprise organizations and government agencies are getting hacked with the same frequency as drink orders at "dollar you call 'er" specials at your local watering hole. When we look at the score, the promise of secure data from PCI compliance, ISO2700x, a slew of state privacy laws, and a plethora of spending on security technology has failed to deliver. In this talk, the presenter discusses what has led to security professionals not only missing the bullseye but missing the target all together and what must be done to zero back in. Go ahead, chug some courage and strap on your boots. It’s time to get serious about effective security. http://www.brighttalk.com/webcast/288/33739 J.J. Thompson, CEO, Rook Consulting http://www.brighttalk.com/webcast/288/33739 Threat Management cybercrime e-Discovery Thu, 15 Sep 2011 17:00:00 +0000 Despite investing heavily in their security defenses many organizations are still finding their systems regularly compromised. The problem these organizations face is they are focusing too much on the defensive controls at their network perimeter in the false belief that this makes it difficult for their systems to be compromised. However, time and time again we see that once the perimeter controls fail attackers have easy access to the organization's sensitive assets. This presentation will provide attendees with a practical guide on how to secure their corporate assets by implementing a multi-layered approach to security incorporating the key cornerstones of people, process and technology. With this multi-layered approach should one security layer fail the other layers can compensate and continue to secure key organizational assets. Today's threat landscape and attacks are constantly evolving and it is essential that organizations ensure their security controls evolve to counter these threats. The attendee will be shown how to take a risk based approach to develop multiple security layers to deal with the current threat landscape and how to ensure each layer can compensate for another should there be a compromise. Relying on one layer of security at the perimeter is no longer an option, developing adaptive security controls at various layers is essential to securing systems in today's environment. http://www.brighttalk.com/webcast/288/33835 Brian Honan, Principal Consultant http://www.brighttalk.com/webcast/288/33835 Adaptive Security Controls Threat Network Thu, 15 Sep 2011 16:00:00 +0000 Devices have been attached to the telephone network for years. Typically, we think of these devices in terms of modems, faxes, or TTY systems. Now, there is a growing shift in the nature of the devices that are accessible over the telephone network. Today, A-GPS tracking devices, 3G Security Cameras, Urban Traffic Control systems, SCADA sensors, Home Control and Automation systems, and even vehicles are now telephony enabled. These systems often receive control messages over the telephone network in the form of text messages (SMS) or GPRS data. These messages can trigger actions such as firmware updates, Are You There requests, or even solicitations for data. As a result, it is imperative for mobile researchers to understand how these systems can be detected by attackers on the global telephone network, then potentially abused. These systems are increasingly capable of affecting the physical world around us. Additionally, devices attached to the phone network cannot be easily compartmentalized or firewalled from potential abusers the same way that IP enabled systems can. Therefore, understanding the threat models associated with these devices and the telephone network will allow mobile researchers and embedded engineers to correctly implement security solutions that minimize a device's exposure to threat actors. Empirical evidence will be presented that demonstrates creative and successful ways to classify potential devices amongst millions of phone numbers worldwide. Once properly classified, devices can be interacted with in simple and efficient ways that will be revealed by the speaker. Simple scripts and software will be released that exemplify these techniques with real world examples, but are designed in a pluggable fashion that allows mobile researchers to develop their own device profiles and methods for interaction. http://www.brighttalk.com/webcast/288/33565 Don Bailey, Security Consultant, iSEC Partners http://www.brighttalk.com/webcast/288/33565 Threat Management Summit Thu, 15 Sep 2011 15:00:00 +0000 Data Breaches and Advanced Persistent Threats continue to be a major concern for organizations and as hackers get more sophisticated, companies need tools that identify stealthy attacks sooner and deliver improved visibility of threat intelligence across their network and devices. In this session, Trend Micro will help you understand how these attacks are performed and new solutions to combat these threats and improve your security intelligence and management. http://www.brighttalk.com/webcast/288/33643 Jon Clay, Sr. Marketing Manager, Core Technology, Trend Micro http://www.brighttalk.com/webcast/288/33643 virtualization management Thu, 15 Sep 2011 14:00:00 +0000 Criminals, competitors, and nation-states have all discovered the value of hacking from the inside. Even your own employees plan to take your sensitive data when they leave. Is it any surprise then that insider threats have increased, as have avenues to profit from selling sensitive information? It’s time to understand what motivates insiders and what you can do to protect your sensitive business data. Join us as we discuss how to: •Understand what motivates insiders •Assess your organization's data security posture •Apply practical, real-life steps for securing databases, files, and Web applications Raphael has done pioneering work championing the importance of unstructured data governance and educating organizations on data protection and security. Prior to joining Imperva, Raphael held senior positions at Varonis, Cisco, Check Point, Echelon and Network General. Additionally, Reich was a software engineer at Digital Equipment Corporation. He has over twenty years of business experience and holds a bachelors degree in computer science from UC Santa Cruz and an MBA from UCLA. http://www.brighttalk.com/webcast/288/32891 Raphael Reich, Director of Product Marketing, Imperva http://www.brighttalk.com/webcast/288/32891 IT SecurityApplication SecurityIT Monitoring Thu, 15 Sep 2011 10:00:00 +0000 Too often the solution to a perceived security problem is to throw technology at it. Firewalls, DLP, NAC, IDS are just a few of the very expensive paperweights sitting on IT Manager's desks. PCI especially has increased IT spend on a whole slew of technologies, most of which can only provide benefit when fully understood, integrated into existing processes. The cost of these solutions often outweighs the value of the data itself. Technology does not equal security, only a 'ground up' security culture does. It's time to go back to basics and put business's needs first. http://www.brighttalk.com/webcast/288/34031 David Froud, Director of Delivery EMEA, Trustwave http://www.brighttalk.com/webcast/288/34031 PCI Security IT Security Threat Management Wed, 14 Sep 2011 21:00:00 +0000 In the highly security connected environments that run business today learn how AV-Test (an independent IT security testing firm) scored Blue Coat, Cisco, Websense and McAfee for three distinct gateway malware test cases. Highest overall scores and individual scores will be discussed including results for real-time dynamic zero-day threat protection and hidden malware detection for malicious executables and files. Now more than ever it's important to make security decisions that protect but also help organizations optimize their security. http://www.brighttalk.com/webcast/288/34689 McAfee, Tim Roddy (Sr. Dir. Web and Email Security) http://www.brighttalk.com/webcast/288/34689 Web Gateway Security McAfee anti-malware Wed, 14 Sep 2011 19:00:00 +0000 The emergence of IT trends such as Web 2.0 and mobility present a challenging balancing act for K-12 school districts across the nation. While social media and “Anytime, Anywhere Learning” clearly enrich the learning experience, these developments present IT administrators with an ever-growing list of educational and administrative demands on their network. New bandwidth–hungry Web 2.0 applications and social media sites are overwhelming networks and first-generation firewalls are failing to stop the invasion of application-based threats. Clearly, K-12 IT administrators need to find a better way to manage bandwidth and security on the new application-centric network. Join this webinar to learn from leading security experts on how to use next-generation firewalls to provide robust bandwidth management and prioritization of application traffic for VoIP, video conferencing and social media resources. http://www.brighttalk.com/webcast/288/33837 Ross Ellicott, Brick Township Public Schools; Matthew Dieckman, SonicWALL; Moderated by Mike Vizard, IT Analyst & Editor http://www.brighttalk.com/webcast/288/33837 Security Network IT Mobility Threat Wed, 14 Sep 2011 18:00:00 +0000 Companies of all types and individuals now conduct business and live significant parts of their lives online. While the Internet provides tremendous commercial and personal opportunities, it also poses a number of risks and can create significant liabilities. Learn about these risks and liabilities and how to stay safe online. This session will cover a variety of important Internet issues, including intellectual property, privacy, security, marketing, advertising, Cybercrime, jurisdiction, electronic discovery, and winning disputes. http://www.brighttalk.com/webcast/288/31993 Eric Sinrod, Partner, Duane Morris http://www.brighttalk.com/webcast/288/31993 Threat Management cybercrime e-Discovery Wed, 14 Sep 2011 17:00:00 +0000 As part of the Threat Management Summit ESET along with Frost & Sullivan will discuss Real-time Threat Detection. Frost & Sullivan: Making the Case for Endpoint Security The headline grabbing attacks against firms like RSA, Epsilon, Lockheed Martin, and others have brought a great deal of attention to data protection and tools to protect the data itself. As many organizations look at moving data and services to the cloud, organizations are focusing their energies on securing cloud based services. Unfortunately, focus on the endpoint seems to be waning, leaving a large hole in many organization's defense. Rob Ayoub, CISSP and Research Director for Frost & Sullivan's Information Security Practice will discuss why protecting the endpoint is still critical in today's changing threat landscape. The endpoint is still the last connection to the end user and without adequate protections against the latest threats, corporate data is still at risk, even with safeguards in place. ESET: The Best Defense is a Good Offense With the pace of emerging threats, it’s not good enough to know about the last attack to hit your company, you have to be prepared for the next, with always-on, self-learning, adaptive technology leading your security stance. http://www.brighttalk.com/webcast/288/32579 Frost & Sullivan Analyst along with ESET Researcher http://www.brighttalk.com/webcast/288/32579 threat detection virus ESET real-time proactive Wed, 14 Sep 2011 16:00:00 +0000 One of the biggest concerns for enterprises considering public cloud services is the notion that they are inherently unsecure. Many cloud implementations treat security as an afterthought - layering it on top of the virtualization server. A more secure solution is a "multi-layer approach", a series of security layers that begin at the base of the network and protect an organization’s assets to the service layer. In this session, John Rowell, CTO of OpSource, joins Intel to discuss the best practices for securing the cloud, comparing and contrasting various approaches for providing edge-to-edge security. http://www.brighttalk.com/webcast/288/33869 John Rowell, CTO of OpSource & Paul Sathis, Director of Cloud Computing Americas at Intel http://www.brighttalk.com/webcast/288/33869 Cloud Security Control Virtualize Network OpSource Wed, 14 Sep 2011 15:00:00 +0000 HTML5 is the latest buzzword in web development and hailed as the technology that will revolutionize the web. More than any other upcoming technology, security executives and practitioners need to be aware of it and its security implication. The presentation will start with an overview of HTML5, its importance to web and mobile application development and its adoption status. Based on this overview, the presentation will explore the security implications of HTML5 use for application development and present examples of new HTML5 threats such as client side SQL injection and cross origin attacks. The presentation will conclude with a discussion on securing HTML5 application in development and in production using secure development life-cycle management tools and recommend practical steps to bootstrap this security effort. http://www.brighttalk.com/webcast/288/33497 Ofer Shezaf, Head of HP Web Application Security Research Group http://www.brighttalk.com/webcast/288/33497 Threat Management Summit Wed, 14 Sep 2011 14:00:00 +0000 The threat landscape is escalating, and the nature of vulnerabilities and threats is changing. If your strategy has been to assume that your organization is immune, you may want to consider the latest evidence to adapt. At a blended business/technical level, this panel will discuss: • Techniques currently being used by attackers • Emerging vulnerabilities and threats • Strategies and solutions currently available • Examples of effective and cost-efficient tools Panelists: Derek E. Brink, Vice President & Research Fellow, Aberdeen Group (Moderator) Michael Stute, CTO, Global DataGuard Dwayne Melancon, Head of Products and Product Strategy, Tripwire Gary Golomb, Sr. Research and Development Engineer, RSA NetWitness http://www.brighttalk.com/webcast/288/33245 Derek E. Brink, Aberdeen Group; Michael Stute, Global DataGuard; Dwayne Melancon, Tripwire; Gary Golomb, RSA NetWitness http://www.brighttalk.com/webcast/288/33245 Threat Management Summit Wed, 14 Sep 2011 13:00:00 +0000 In today’s business world, the questions you ask IT suppliers of all types are essentially similar. What changes with Security-as-a-Service are the answers you get, and more importantly, the answers you need. In this session, we will look at the main evaluation areas, how to interpret responses, and the emphasis and weighting factors. Speakers: Andrew Wild, CSO of Qualys Inc. Jerome Saiz, Editor-in-Chief at SecurityVibes Frédéric Jésupret, Security and Risk Manager at Allianz Global Assistance http://www.brighttalk.com/webcast/288/33763 Andrew Wild, Qualys Inc.; Jerome Saiz, SecurityVibes; Frédéric Jésupret, Allianz Global Assistance http://www.brighttalk.com/webcast/288/33763 SaaS Security IT Security Threat Management Wed, 14 Sep 2011 10:00:00 +0000 Current approaches to IT security are based too much on guesswork and unproven “best practices”. We measure some threats but can’t be sure we are covering all the main threats or are measuring the right things. We assess software vulnerabilities but we know that these give us only part of the picture. We look to “best practices” to maximise our protection but have no way of knowing how effective these practices really are. And we do not know how much of each control is good enough. Indeed, we don’t know how to assess “good enough” let alone what we have to do to achieve it. This is a symptom of the fact that IT security has, since its inception, been conducted as a craft rather than as a science. What we need is a different approach that would give us more reliable, cost effective and assured protection against cyber threats. This we can get if we start to think about IT security as a science rather than just as a craft. In this talk I will sketch out what a scientific approach to IT security would look like and show what steps people could take to move in this direction. Many of these steps are useful things that would provide valuable benefits today even without people having to commit to a wholesale change in their security approach. This is an evolution, not a revolution. http://www.brighttalk.com/webcast/288/33243 Dr. John Leach, Director and Principal Consultant, John Leach Information Security Ltd, www.jlis.co.uk http://www.brighttalk.com/webcast/288/33243 Threat Management Summit Wed, 14 Sep 2011 09:00:00 +0000 This Dell SecureWorks webcast will cover the following key topics: • Down the rabbit hole: we're going to show you how the threat landscape is really changing. • Ghosts in the machine: what Dell SecureWorks observed across it's client base in 2010, and what 'new' behaviours have been identified? • When outliers become trends: a quantitative analysis of threat intelligence gathered from the coalface that will illustrate evolutions and revolutions in the cyber landscape • Inferences, conclusions, and the road ahead: what are the qualitative outcomes of our findings and how can these help inform your strategy for 2011 Don has worked in IT for 18 years, starting with the ground-breaking Edinburgh University spin-off, Vision Group. After a successful flotation and subsequent acquisition by STMicroelectronics, Don became responsible for security architecture and operations for this $8billion enterprise. At dns Don was instrumental in the construction of identity management practice and the evolution of the MSS service portfolio. Since SecureWorks’ acquisition of dns, Don has brought Dell SecureWorks’ threat intelligence and security messages to European clients. http://www.brighttalk.com/webcast/288/33795 Don Smith, VP Engineering & Technology EMEA, Dell SecureWorks http://www.brighttalk.com/webcast/288/33795 Malware Protection IT Security IT Threats Tue, 13 Sep 2011 14:00:00 +0000 Delivering services in cloud based environments allows IT to provide new levels of availability and performance based on the scalability and elasticity of the cloud. However, to realize these benefits of cloud computing new levels of monitoring and management are needed. This session will show how in-depth monitoring data coupled with real-time predictive analytics and automation can enable you to deliver the benefits of cloud computing to your organization. Learn how to evolve your service management capabilities to get the maximum return from your investment in cloud computing, increase customer satisfaction and improve business results. http://www.brighttalk.com/webcast/288/33125 Richard Mayo, IBM Market Manager Cloud Computing http://www.brighttalk.com/webcast/288/33125 cloud computing cloud services Tue, 23 Aug 2011 17:00:00 +0000 The combination of complex threats and the explosion of security data is driving large organizations to look beyond traditional SIEM technologies to address their requirements for collecting, retaining, and analyzing large amounts of security event data. Find out how SenSage addresses very sophisticated use-cases with a highly scalable SIEM and log management solution that is integrated with McAfee's security management platform. In this session, we will cover: •The top challenges associated with managing security event data •Example use cases in large enterprises and government agencies •Best practices for advanced security information management http://www.brighttalk.com/webcast/288/31093 McAfee and SenSage http://www.brighttalk.com/webcast/288/31093 SenSage Log management Security Connections Thu, 18 Aug 2011 19:00:00 +0000 IT organizations have been asking about support for Opal-compliant self-encrypting drives for quite awhile now. Opal-compliant hardware availability is slowly trickling out to the purchasing public. The question then becomes, “It’s here! What do I do next?” Join us for this informative session on hardware-based encryption as we’ll talk about managing these new hardware based encrypted drives, as well as your existing software based encrypted drives. We’ll discuss the advantages and disadvantages of self-encrypting drives vs. the standard non-encrypting drives. We’ll also discuss deployments and management of self decrypting drives, and managing these hybrid encryption environments. http://www.brighttalk.com/webcast/288/32409 Kelvin Kwan, Product Marketing Manager http://www.brighttalk.com/webcast/288/32409 Encryption Data Security Tue, 16 Aug 2011 17:30:00 +0000 IT is forced with securing consumer-oriented devices which are accessing corporate email, networks, and 3rd party applications. This end-user panel will provide you with a look at how some of the top IT shops are dealing with this urgent issue and how you can leverage their best practices at your own organization. Moderator Chenxi Wang of Forrester will provide an overview of the trends she is seeing from both a practitioner and solution perspective, and will lead the end-user panel in a discussion of various strategies to successfully implement, manage, monitor and secure enterprise mobility. Attend live for the opportunity to ask your own questions, or feel free to tune in afterward on demand. Panelists: - Chenxi Wang, Ph.D., Vice President, Principal Analyst, Forrester Research (moderator) - Anil Karmel, Solutions Architect, Los Alamos National Laboratory - Terrell Herzig, Information Security Officer, University of Alabama Medical Center http://www.brighttalk.com/webcast/288/32657 Chenxi Wang, Forrester; Anil Karmel, Los Alamos Nat'l Lab; Terrell Herzig, UA Medical Center http://www.brighttalk.com/webcast/288/32657 mobile security Fri, 12 Aug 2011 16:00:00 +0000 No matter how you define "the Cloud," it's a disruptive delivery model when it comes to application security. Not only are the foundational layers dislodged, but the operational and support models need to change as well. This talk will cover how application security has become vital to the provider as well as the consumer, how security standards are evolving, and how a topological crisis is coming for network-based application security products. http://www.brighttalk.com/webcast/288/31793 Wendy Nather, Senior Analyst, The 451 Group http://www.brighttalk.com/webcast/288/31793 application security Thu, 11 Aug 2011 20:00:00 +0000 We’re struggling to defend against existing application security threats - how can we possibly defend against tomorrow’s new attacks? In this talk, Rohit Sethi of SD Elements outlines a process for inventorying applications to include relevant features and requirements, allowing organizations to quickly discover which applications are vulnerable to a new threat when it emerges. Furthermore, he discusses how to prevent the threat from occurring in new applications by adding it to a standardized security requirements gating process. http://www.brighttalk.com/webcast/288/30855 Rohit Sethi, VP Product Development, SD Elements http://www.brighttalk.com/webcast/288/30855 Application Security and Monitoring Summit Thu, 11 Aug 2011 19:00:00 +0000 Despite the positive commentary surrounding the benefits of cloud computing, businesses have frequently cited security, availability, trust and performance as their major concerns towards cloud computing investment. Attend this seminar to learn about new capabilities from Intel and Expedient that address these barriers, including: •How Expedient’s cloud solutions leverage Intel technology to deliver high availability and performance at compelling price points. •Comprehend how Expedient has built-in security components and is allowing easy auditing of their cloud services. •Understand how Expedient is working with Intel to take advantage of recent advances in hardware and software to build a foundation for trust, security, and compliance in their cloud solutions. http://www.brighttalk.com/webcast/288/32739 Alex Rodriguez, VP Systems Engineering & Product Development, Expedient & Raejeanne Skillern, Director Cloud Marketing, Intel http://www.brighttalk.com/webcast/288/32739 Cloud Security Intel Expedient Public Thu, 11 Aug 2011 17:00:00 +0000 Over the years, two key techniques have emerged as the most effective for finding security vulnerabilities in software: Dynamic Application Security Testing (DAST) and Static Application Security Testing (SAST). While DAST and SAST each possess unique strengths, the "Holy Grail" of security testing is thought to be "hybrid" – a technique that combines and correlates the results from both testing methods, maximizing the advantages of each. Until recently, however, a critical element has been missing from first generation hybrid solutions: information about the inner workings and behavior of applications undergoing DAST and SAST analysis. This web seminar will introduce you to the next generation of hybrid security analysis – what it is, how it works, and the benefits it offers. It will also address (and dispel) the claims against hybrid, and leave you with a clear understanding of how the new generation of hybrid will enable organizations to resolve their most critical software security issues faster and more cost-effectively than any other available analysis technology. http://www.brighttalk.com/webcast/288/30165 Brian Chess, Ph.D. – Founder and Chief Scientist - HP Fortify http://www.brighttalk.com/webcast/288/30165 application Security hybrid analysis DAST Thu, 11 Aug 2011 17:00:00 +0000 Cloud computing presents significant value to organizations. However, the downside is that few organizations wish to trust third-parties with their corporate data. To address this, Vordel enables organizations to safely connect from the Enterprise to Cloud based services without undermining their underlying corporate security policies. With Vordel, organizations can enforce security and privacy policies on their Cloud usage, monitor service quality, and control cloud service usage. This is especially important since Cloud services are paid for. Using core Enterprise Security Infrastructure Vordel simplifies the task of securing application integrations from the Enterprise to the Cloud. Whether it is single sign-on to Cloud services, federated identity with partners, or to reinforce RESTful API security, Vordel connects applications safely across multiple domains. Don’t rely on Cloud service providers’ security and operational integrity, and the often questionable SAS 70 certification. Use Vordel to maintain security and control in your hands. Bio: Mark is responsible for overseeing Vordel's technical development roadmap. He is a contributing member of the Cloud Security Alliance, and has a degree in Mathematics and Psychology, and graduate qualifications in neural network programming from Oxford University. Mark is the author of Web Services Security, published by McGraw-Hill. http://www.brighttalk.com/webcast/288/33165 Mark O'Neill, CTO, Vordel http://www.brighttalk.com/webcast/288/33165 SOA IT Security Enterprise Architecture” Cloud Thu, 11 Aug 2011 10:00:00 +0000 Enterprises today have never had such a great choice when it comes to their backup strategy. Depending on budget, performance and availability requirements, enterprises are increasingly looking to mix and match different backup technologies and techniques to meet their disaster recovery objectives. But by doing so, are they able to control their costs and reduce the complexity of their backup environment? http://www.brighttalk.com/webcast/288/32091 Tim Nolte, IM Product Marketing Manager, HP http://www.brighttalk.com/webcast/288/32091 cloud backup strategy BCDR Recovery Wed, 10 Aug 2011 16:00:00 +0000 Our increasing reliance upon mobile computing has introduced many new security risks. These devices and applications know where we are, who we were there with, and what we were doing. They know what we've bought. We also use them to make phone calls, take pictures, and even video conferencing. To the bad guys, access to this information can be very valuable. In this presentation, we will discuss the new risks and security challenges with mobile computing. We will discuss the security maturity of both the applications and the underlying platforms themselves. The panel members will also talk about currently emerging areas of risk going forward. Finally, they will wrap things up by presenting solutions to solve today's security challenges. http://www.brighttalk.com/webcast/288/32119 Jack Mannino, nVisium and OWASP; Zach Lanier, Intrepidus Group; Ryan English, HP Security Services; Nathan McCauley, Square http://www.brighttalk.com/webcast/288/32119 application security Wed, 10 Aug 2011 13:00:00 +0000 Smartphone and mobile devices are taking over the world. There are roughly 5.3 billion mobile subscribers, which equates to 77 percent of the world population. In addition, the widespread deployment of these devices within enterprises is on the rise and managing the complexity of the mobile ecosystem is a growing IT challenge. How do companies prioritize the management and security of their mobile infrastructure to address the increasing use of employee devices in the workplace? This session will discuss how IT departments, from global Fortune 1000 organizations to small businesses, can successfully deploy, manage and secure their growing catalogue of enterprise mobile across Apple iOS and Android smartphones and tablets. Attendees will also learn how to link applications for deployment to specific device groups, roles or users; roll out and manage a self-service portal where device users can select and install apps; and develop policies that can restrict access within the app catalogue at the individual user level or by any IT-defined groups. Strategies and best practices on achieving and maintaining internal and external compliance within enterprise app catalogues as well as tracking and reporting on app downloads, usage, updates and more will also be discussed. Participants will learn: •How to streamline and automate the deployment and management of and secure enterprise mobile app catalogue; •How to deliver the right apps to the right device user(s), based on their job function and device type; and •What best practices must be in place to achieve and maintain compliance within an enterprise app catalogue. http://www.brighttalk.com/webcast/288/32113 Kevin Keith, Director, Business Development, AirWatch http://www.brighttalk.com/webcast/288/32113 application security Wed, 10 Aug 2011 11:00:00 +0000 As companies grow to recognise the threat posed by insecure web and mobile applications to their security posture – through recent incidents of ‘hacktivism’ and data breach, application security programs designed to eliminate risk earlier in the development lifecycle, or to mitigate 3rd party risk have grown in importance. This session will examine the common threats and flaws in web and mobile applications, look at the different testing methodologies deployed to identify and remediate, and share findings from Veracode’s analysis of current state of software security based on real-world data. Attendees will learn how the development of an Application Risk Management (ARM) program can assist in improving their internal development cycles through the adoption of an SDLC approach, or the introduction of a 3rd-party scanning program to assess risks in their supply chain. Speaker Bio: Jason has been part of the information security industry for over 15 years, working in the fields of email security, encryption, public key infrastructure and authentication. As EMEA Solutions Architect at Veracode he manages technical and future development of their cloud-based application risk management platform across Europe. Prior to Veracode, Jason has held senior technical roles at Cisco, Ironport and Clearswift. Jason has also participated in a number of industry associations, involved in research and speaking at groups including the Open Web Application Security Project (OWASP), the Cloud Security Alliance (CSA), the Information, MAAWG (Messaging Anti Abuse Working group), Systems Security Association (ISSA). Jason holds a BSc in Information Systems from Edith Cowan University, Western Australia. http://www.brighttalk.com/webcast/288/32203 Jason Steer, EMEA Solutions Architect, Veracode http://www.brighttalk.com/webcast/288/32203 Mobile Security Web Security IT Security Wed, 10 Aug 2011 10:00:00 +0000 Mobile devices such as tablets and smart phones are improving productivity, collaboration and efficiency, but their rapid growth also presents serious security risks to organisations. If a mobile device is stolen, hacked or lost, there is a risk that sensitive data will be lost as well. And the threats are not only confined to data loss. Malware in the form of Trojans, viruses and worms and unauthorised network access attacks are also growing risks. How can you reduce these risks? Are security technologies and services keeping up with the changes in the mobile IT environment? Which are most effective? Paul Pearston, a Senior Security Engineer at Dell SecureWorks, will discuss the most serious security threats to mobile devices and will recommend specific approaches for securing the mobile organisation during this 30-minute complimentary webcast. Topics covered on this webcast include: • The evolving landscape of the mobile enterprise • Security threats in the mobile enterprise • Risk management and compliance considerations • Approaches for securing IT-issued and employee preferred mobile devices Paul is a highly experienced Security Architect with over fifteen years’ experience designing, implementing and auditing all forms of security solutions and services ranging from identity and access management through to governance, risk and compliance. The design and delivery of network security controls and event monitoring solutions for large scale environments is an area Paul has considerable expertise in. http://www.brighttalk.com/webcast/288/32547 Paul Pearston, Cisco CCIE (Security), CESG Listed Advisor (CLAS) and PCI QSA http://www.brighttalk.com/webcast/288/32547 Mobile Security IT Security IT Monitoring Wed, 10 Aug 2011 09:00:00 +0000 Join Bloor’s Senior Analyst for Security, Fran Howarth, and Jon Parkes, Vice President, Pre-Sales, McAfee EMEA to learn: - the role that application whitelisting plays in defending networks against attack through a focus on two key areas—controlling what applications are allowed to run and preventing any unauthorised applications (including malware) from executing - how to protect systems on the network from configuration changes and mistakes that can allow serious vulnerabilities to be exploited. Fran Howarth specialises in the field of security, primarily information security, but with a keen interest in physical security and how the two are converging. Fran’s other main areas of interest are new delivery models, such as cloud computing, information governance, web, network and application security, identity and access management, and encryption. For more than 20 years, Fran has worked in an advisory capacity as an analyst, consultant and writer. She writes regularly for a number of publications, including Silicon, Computer Weekly, Computer Reseller News, IT-Analysis and Computing Magazine. Fran is also a regular contributor to Security Management Practices of the Faulkner Information Services division of InfoToday. Jon Parkes is responsible for all technical sales operations and solution architects for McAfee in EMEA – helping customers to realise solutions to meet their security and business needs, in an optimal way that balances cost of ownership with security posture. Like other IT functions, the security market is maturing, going through consolidation reflecting customers’ desire for trusted partnership with fewer suppliers. Jon’s twenty-year career has been built around global Enterprise consulting and software, working with some of the world’s largest businesses in many industry sectors, including telecommunications, utilities, financial services and Government, holding regional management positions in both EMEA and Asia Pacific. http://www.brighttalk.com/webcast/288/32519 Fran Howarth, Senior Analyst, Security, Bloor Research; Jon Parkes, Vice President, Pre-Sales EMEA, McAfee http://www.brighttalk.com/webcast/288/32519 Application Security IT Security Monitoring Wed, 10 Aug 2011 08:00:00 +0000 More and more organizations are being hacked through their web applications, and many by attack vectors that are over 10 years old, why? Because the organization failed to understand what the application actually did and how. Forget web pen testing, many people don't know or even care what data is manipulated in their application or how, for these sites, compromise is not just likely, it is inevitable. Based upon our experiences as web application testers and incident responders, we will look at the web security building blocks and simple checks on web applications that can stop you being an attackers next-notch on the bedpost. This is a security presentation aimed at web developers and mangers. IT Security staff can attend to, any many will nod in agreement at the advice offered; however, they are invited to observe the manner in which the problem and solution will be conveyed. This technical stuff for the non technical attendee! http://www.brighttalk.com/webcast/288/32141 Steve Armstrong, SANS Certified Instructor & Technical Security Director, Logically Secure http://www.brighttalk.com/webcast/288/32141 Security Application Monitoring IT Security Tue, 09 Aug 2011 20:00:00 +0000 IVR (Telephony) , Web and Security implications on business and its direct implication on customer services, retaining customers and cloud. http://www.brighttalk.com/webcast/288/31879 Syed Rehan Ahmed, Tech Lead, ParagonCore http://www.brighttalk.com/webcast/288/31879 Cloud security risk application monitoring Thu, 04 Aug 2011 14:00:00 +0000 Major data breaches are happening at an ever accelerating rate. How do you best protect your organization and its data? In this panel, major email vendors will discuss security measures that are being taken to avoid breaches and to offer the best protection of corporate emails for its users. The discussion will include different methods that are being used to monitor and control the security of emails that are in transition and archived, new developments that are being implemented to ensure the highest level of security for sensitive personal and corporate data, and tools and technologies that are being used to protect data such as encryption, anti-virus/anti-spam protection, email archiving, e-Discovery and etc. Join us for a discussion on the enterprise solutions of the vendors and examples of how their security features work in a corporate environment. Speakers: Josh Aberant, Director of Privacy, Marketo (Moderator) Adam Swidler, Sr. Manager, Google Quinn Jalli, SVP of Digital Marketing Services, Epsilon Jon Dybik, Sr. Product Manager, Zimbra Server and Administration, VMware http://www.brighttalk.com/webcast/288/32059 Josh Aberant, Marketo; Adam Swidler, Google; Quinn Jalli, Epsilon; Jon Dybik, VMware Zimbra http://www.brighttalk.com/webcast/288/32059 Email Security and Compliance Thu, 14 Jul 2011 13:00:00 +0000 Mobile devices are quickly becoming more powerful and feature-rich blurring the line between phones, tablets and computers. With so many new devices popping up and the demands that users are putting on IT to use the device of their choice, securing devices from malware and data loss across all platforms (iOS, Android, Windows) has created a new security challenge. Join Chris Pace with Sophos to learn about the security challenges surrounding mobile devices. He’ll discuss these key topics and more: • The mobile security threat landscape • New demands imposed on IT to support devices • Tips for protecting mobile devices http://www.brighttalk.com/webcast/288/30815 Chris Pace, Product Marketing Manager, Sophos http://www.brighttalk.com/webcast/288/30815 Mobile Security Threat Malware IT Support Wed, 13 Jul 2011 22:00:00 +0000 Enterprises are going Mobile. These new mobile endpoints include many different operating system (including iOS and Android) as well as multiple form factors (smartphones and tablets). And enterprises are connecting these new devices to enterprise applications including email. Enterprises realize that they must protect the devices, the data on these devices, and access to the corporate network, just like they protect laptops and desktops today, so they maintain compliance with corporate policies. This presentation will focus on the elements of the mobile stack necessary to enable mobile deployments to scale and ensure compliance with corporate policies. http://www.brighttalk.com/webcast/288/31913 David Goldschlag, VP Mobile, McAfee http://www.brighttalk.com/webcast/288/31913 mobile security Wed, 13 Jul 2011 21:00:00 +0000 With mobile computing set to overtake traditional forms as soon as 2015, the mobile space is exciting for good reason. But the challenges to security in this new environment are every bit as real as the opportunities. Between the device, the network and the server components, attackers have plenty of surface area to choose from, and those looking to deploy mobile applications securely need to take a complete approach to their defenses. This web seminar will identify and offer best practices for how organizations can adapt to the new landscape and proactively secure their applications. http://www.brighttalk.com/webcast/288/31157 Daniel Miessler; Principal Security Consultant, HP Application Security http://www.brighttalk.com/webcast/288/31157 Mobile Compute Risk Security Network Application Wed, 13 Jul 2011 20:00:00 +0000 Mobile devices are quickly becoming the most commonly used computing device. For the first time, sales of Post-PC tablets and smartphones have surpassed those of traditional laptop and desktop PCs. But, depending on who is doing the talking, devices like the iPad are either the best aid to productivity since the invention of the wheel, or the First Horseman of the impending apocalypse. Perimeter E-Security CTO, Andrew Jaquith will help you learn more about: 1) Cutting through the fear, uncertainty and doubt (FUD) surrounding the Post-PC devices 2) What you really need to worry about with mobile devices 3) What distractions you can safely ignore 4) 5 essential security controls every company needs to protect their Post PC devices, regardless of size or industry 5) Q&A with Andrew http://www.brighttalk.com/webcast/288/31033 Andrew Jaquith, CTO, Perimeter E-Security http://www.brighttalk.com/webcast/288/31033 mobile security Wed, 13 Jul 2011 18:00:00 +0000 IT is forced with securing consumer-oriented devices which are accessing corporate email, networks, and 3rd party applications. This end-user panel will provide you with a look at how some of the top IT shops are dealing with this urgent issue and how you can leverage their best practices at your own organization. Moderator Chenxi Wang of Forrester will provide an overview of the trends she is seeing from both a practitioner and solution perspective, and will lead the end-user panel in a discussion of various strategies to successfully implement, manage, monitor and secure enterprise mobility. Attend live for the opportunity to ask your own questions, or feel free to tune in afterward on demand. Panelists: - Chenxi Wang, Ph.D., Vice President, Principal Analyst, Forrester Research (moderator) - Anil Karmel, Solutions Architect, Los Alamos National Laboratory - Terrell Herzig, Information Security Officer, University of Alabama Medical Center http://www.brighttalk.com/webcast/288/29381 Chenxi Wang, Forrester; Anil Karmel, Los Alamos Nat'l Lab; Terrell Herzig, UA Medical Center http://www.brighttalk.com/webcast/288/29381 mobile security Wed, 13 Jul 2011 16:00:00 +0000 Economic pressures and the consumerization of IT have led many companies to embrace smartphones purchased by employees for mixed business and personal use. But the regulatory, financial, and competitive consequences of data breach continue to grow, forcing employers to look for more pragmatic ways to ensure the safety of sensitive data on employee-liable devices, on far larger scales. In this presentation, we consider practical limitations and technical gaps that employers must address to reap the benefits of employee-liable smartphones without escalating risk and how mobile device management can help. http://www.brighttalk.com/webcast/288/29483 Lisa Phifer, President, Core Competence Inc. http://www.brighttalk.com/webcast/288/29483 mobile security Wed, 13 Jul 2011 14:00:00 +0000 With the increasingly consumerized workplace, enterprise decision makers are only growing more challenged with how to cost effectively and securely manage devices and access in the workplace. The productivity gains and strategic opportunities are real. Join us for a discussion about how managed mobility helps enterprises to succeed, and how needs vary by SMB versus large enterprise. http://www.brighttalk.com/webcast/288/31227 Denise Lund, Senior Analyst, Enterprise Mobility, Yankee Group http://www.brighttalk.com/webcast/288/31227 mobile security Wed, 13 Jul 2011 13:00:00 +0000 The growth of mobile devices is changing the landscape for enterprise authentication. A September 2010 Forrester Research Inc. report highlighted that 48% of organizations interviewed by Forrester across the globe will be spending on mobilizing enterprise applications in 2010*. As mobile devices are used increasingly to access corporate networks, enterprise authentication strategies must consider how users can strongly authenticate to the network with these devices. Proactive organizations have the best interests of their employees, staff and resources top of mind. And it's critical to authenticate the identities that are granted sensitive access to networks, facilities, devices and more. Whether required by internal policy, industry mandates or government regulations, certain safeguards are needed to secure access points in enterprise environments. In this session Entrust will help organizations evaluate the many options and opportunities made possible by the ubiquity of mobile devices in the enterprise. http://www.brighttalk.com/webcast/288/31517 David Mahdi, Entrust, Product Manager http://www.brighttalk.com/webcast/288/31517 Mobile Device Security Authentication Application Wed, 13 Jul 2011 10:00:00 +0000 In-application payments are being touted as the next big thing, enabling mobile application developers to generate new revenue. This is one use case in the broader area of mobile payments, which has been a fertile ground for standards activities and technology innovations for many years, but despite being heralded by pundits and trialled in many forms has never taken off in a big way. This presentation will consider whether we are now reaching the tipping point, and whether current deployments are properly considering the security needs of end users at one end and the required mobile platform technology at the other. Craig has over 20 years experience in the field of information security, in consumer, business, government and defence sectors. He has worked at all levels of product creation, from strategy through requirements management, architecture and design, down to low-level implementation. Craig brings a broad perspective of the context in which security technologies are deployed, considering economic and social factors to ensure that security measures are effective as well as correctly implemented. He is also an accomplished communicator, able to brief executives at board level, to present or review technical designs, and to explain security to users. http://www.brighttalk.com/webcast/288/27943 Craig Heath, Director, Franklin Heath http://www.brighttalk.com/webcast/288/27943 Mobile Payments Infosec Security Mobile Wed, 13 Jul 2011 08:00:00 +0000 Vladimir is experienced security professional with big focus on applying sensible and pragmatic security controls and models to support business objectives. He has performed variety of IT and Information security roles in large FTSE organisations. These roles have included: Enterprise Security architecture using best practice architecture frameworks Information security, risk and compliance management Managing internal security consultancy Managing security operations team Providing security consultancy to various projects Vladimir has delivered successful security projects that helped with PCI DSS compliance, securing mobile operators infrastructure, formalising security involvement in development projects and providing consistent and relevant security metrics to key stakeholders. Additionally he is active in UK and international security community, notably Common Assurance Maturity Model (www.common-assurance.com) where he leads development of IT Services control framework. He is participating in OpenGroup's Security Forum project to integrate SABSA model to TOGAF in order to strengthen security in TOGAF ADM. http://www.brighttalk.com/webcast/288/27855 Vladimir Jirasek, Senior Enterprise Security Architect, Nokia http://www.brighttalk.com/webcast/288/27855 Mobile Security Nokia Mon, 20 Jun 2011 09:00:00 +0000 Cloud computing is the current IT buzzword of choice, and many organizations are contemplating making use of it. But what is it and happens to data protection when you surrender your data to the cloud? How do you comply with the provisions of the UK Data Protection Act 1998. What can go wrong and what are the consequences? Join this webinar, with Ibrahim Hasan of Act Now Training, to find out. http://www.brighttalk.com/webcast/288/26829 Ibrahim Hasan, Director and Solicitor, Act Now Training LTD http://www.brighttalk.com/webcast/288/26829 Information security Cloud Data Protection Fri, 17 Jun 2011 10:00:00 +0000 Enterprises today have never had such a great choice when it comes to their backup strategy. Depending on budget, performance and availability requirements, enterprises are increasingly looking to mix and match different backup technologies and techniques to meet their disaster recovery objectives. But by doing so, are they able to control their costs and reduce the complexity of their backup environment? According to Gartner: •By 2013, at least 20% of organisations will have changed their primary backup vendor over cost, complexity and/or capability. •By 2013, more than 50% of midsize organisations and more than 75% of large enterprises will implement tiered recovery architectures Join this BrightTALK™ Webcast from Hewlett-Packard as we share tips on how to reduce the complexity of backup environments, the pro’s and con’s of tiered recovery architectures and how to achieve “one touch” disaster recovery for your organisation. http://www.brighttalk.com/webcast/288/30433 Tim Nolte, IM Product Marketing Manager, HP http://www.brighttalk.com/webcast/288/30433 cloud backup strategy BCDR Recovery Thu, 16 Jun 2011 20:00:00 +0000 The presentation will discuss audit considerations in a cloud computing environment. Technology professionals can learn what to expect from their auditors, and auditors can learn what areas to review in a cloud environment. http://www.brighttalk.com/webcast/288/29527 Jason Wood, Assistant Professor, Jack Welch Management Institute & Chancellor University, and President of WoodCPA Plus P.C. http://www.brighttalk.com/webcast/288/29527 cloud security Thu, 16 Jun 2011 18:00:00 +0000 Clearly not all virtualization is the same. Different Clouds have assembled their own flavors that range from “full emulation” to “bare metal.” From his popular Black Hat presentation, IOActive’s Joshua Pennell will discuss the approaches from the most popular virtualization technologies for how the virtual machine will function and how the virtual hardware that is exposed can be used. These approaches have security implications for companies that are leveraging these cloud architectures for ubiquitous storage and access of their sensitive data and applications. Josh will discuss the virtualization technologies, the security trade-offs of each, and what the past security failures will mean to enterprises looking to invest their data to the cloud. http://www.brighttalk.com/webcast/288/30749 Joshua Pennell, Founder and President, IOActive, Inc. http://www.brighttalk.com/webcast/288/30749 cloud security Thu, 16 Jun 2011 15:00:00 +0000 Security is a key concern in cloud today. Security solutions are often sold on the basis of fear—how to stop malicious hackers. And there is value in this, for the threats are often real. But in today’s competitive world, one must also focus on how technology allows growth and innovation while also meeting security requirements. Attendees will learn how Intel is enhancing platforms with new security capabilities and enabling a broad ecosystem of solutions that allow companies to embrace virtualization and cloud without compromising security, thus gaining more efficiency, control and functional compliance. http://www.brighttalk.com/webcast/288/30129 Iddo Kadim, Director of Data Center Virtualization Technologies, Intel http://www.brighttalk.com/webcast/288/30129 cloud security Thu, 16 Jun 2011 14:00:00 +0000 Cloud vendors promise powerful resources at an attractive price and this has led many enterprises to consider migrating data and applications to cloud based architectures. Vendors also promise increased overall security thanks to the economies of scale which allow them to employ staff and technologies that offer greater security than a typical enterprise could justify. Yet many remain skeptical of the cloud when it comes to trusting a third party with precious data. At the same time, multi-tenant architectures housing data from multiple sources make clouds attractive targets for attackers. Combine this with the relative infancy of the platforms, running applications developed for entirely new architectures and this has raised many questions about cloud security. A panel of experts will discuss their own experiences and debate whether or not the cloud truly can be secure. Panelists: Michael Sutton, VP of Security Research, Zscaler (moderator) Randy Barr, CISO, ServiceSource Eran Feigenbaum, Director of Security, Google Apps Matt Broda, Senior Security Strategist, Microsoft http://www.brighttalk.com/webcast/288/29537 Michael Sutton, Zscaler; Randy Barr, ServiceSource; Eran Feigenbaum, Google Apps; Matt Broda, Microsoft http://www.brighttalk.com/webcast/288/29537 cloud security Thu, 16 Jun 2011 12:00:00 +0000 All you ever wanted to know about the legal risks of cloud computing, but were too afraid to ask. In this webcast acclaimed technology lawyer Jonathan Armstrong gives a quick rundown of the legal issues of cloud computing including the latest news on regulatory developments in Europe and the Americas. Jonathan also discusses the UK regulator's checklist for cloud vendors and purchasers, data privacy issues and the need for flexibility and portability in legal agreements. http://www.brighttalk.com/webcast/288/29379 Jonathan Armstrong, Technology Lawyer Partner, Duane Morris LLP http://www.brighttalk.com/webcast/288/29379 Cloud Risk Information SecurityData Protection Thu, 16 Jun 2011 10:00:00 +0000 Examining the issues facing small to medium enterprises when choosing a cloud service provider. This presentation will give an overview of what areas and questions the SME procurer should consider to make an informed decision about adopting new cloud services. http://www.brighttalk.com/webcast/288/29061 Emma Webb-Hobson, Information Assurance Consultant, QinetiQ http://www.brighttalk.com/webcast/288/29061 Cloud Risk Information Security Cyber Security Thu, 16 Jun 2011 08:00:00 +0000 The introduction of computing and data services in a virtualized and service provider context exposes the customer's information to a new set of threats and vulnerabilities. This session provides an introduction to those threats and what techniques are available to mitigate the threats. http://www.brighttalk.com/webcast/288/25178 Glyn Bowden, SNIA & Storage Infrastructure Architect http://www.brighttalk.com/webcast/288/25178 Cloud storage virtualization security Thu, 02 Jun 2011 16:00:00 +0000 The pace that technology is changing at today brings its own risks and challenges. Companies will always be faced with the challenge of increasing profits and growing their business while reducing costs. Organizations often use third-parties to outsource different components of their business to "trusted" partners at a reduced price. As security professionals, we must assist our organizations as they adapt their business models to include "outsiders" and consider ways to reduce risk while not being that group that is always accused of saying "No". Remember, outsourcing today is not just off-shore call centers or development shops, but it is also includes considering opportunities to move internal software and hardware into virtual environments known as "The Cloud". http://www.brighttalk.com/webcast/288/28153 Jeramy Cooper-Leavitt, Director of Compliance, Orbitz World Wide http://www.brighttalk.com/webcast/288/28153 Information security GRC Thu, 02 Jun 2011 14:00:00 +0000 Good news: Enterprises are finally making progress toward breaking down the IT silos and forging a view of IT-related risk that crosses those IT silos. Slowly but surely, network security, availability, access security, recovery, change, release, often physical security and occasionally even project management are being viewed together – to see their interrelationships and balance improvements. Bad news: The struggle is far less advanced in connecting a view of IT-related risk to business operations. In enterprises that are increasingly dependent on IT, the failure to take an end-to-end business operations view of risk boarders on tragic. Of the several challenges faced by both operational and IT professionals, a significant hurdle has been the lack of a shared risk management process that integrates operational risk to the business (products, process, frauds, continuity and such) with IT related risk. This has made it difficult to put the puzzle pieces together, understand relationships and even share terminology. Worse, this has all been complicated by confusion over whether risk management is being used to drive business performance or just a compliance exercise. Join in this webinar to understand the latest approaches and tools to integrate IT and operational risk to improve business performance. This session draws on lessons learned across industries and countries, with special emphasis on helping financial companies implement meet their pressing business and regulatory needs. http://www.brighttalk.com/webcast/288/28183 Brian Barnier, Principal, ValueBridge Advisors http://www.brighttalk.com/webcast/288/28183 IT Risk GRC Thu, 02 Jun 2011 11:00:00 +0000 The emerging trends in network security threats are leading towards the need for pro-active Intrusion Prevention Systems, and further away from traditional perimeter security architectures. As prevention capabilities improve, IPS technologies are proving an important addition to defence in depth security architectures. As attacks move from the network layer to higher layers of the stack, deep packet inspection and pro-active network defence is becoming more important as threats bypass traditional perimeter firewalls. While these devices are quickly becoming integral parts of the security infrastructure in many enterprises, rolling one out for the first time can be an intimidating experience. The following areas will be covered in this webcast: •The benefits of deploying IPS & IDS •Challenges and considerations when Implementing IPS & IDS •Features to look for when selecting a device •The deployment methodology http://www.brighttalk.com/webcast/288/29635 Neil Anderson http://www.brighttalk.com/webcast/288/29635 IPS IDS security secureworks prevention Fri, 27 May 2011 10:00:00 +0000 Why are information security issues so persistent? Why does it feel like we win small battles, yet the war keeps escalating? After 20 odd years of serious fighting we need to ask, what does the next 20 look like? Join Erik Petersen, Vice President of Security and Risk Consulting at Dell SecureWorks as he discusses micro and macro-economic theory to grapple with the core questions of “why”. •Why is information security so hard? •Why is the outlook so depressing? •Why didn’t we make better security decisions along the way? In this discussion we aren’t going to tell you how to magically fix the problem of security…but we will explain your suffering. Erik Petersen is the Vice President of Security and Risk Consulting at Dell SecureWorks. He is a risk management and IT control expert who has led teams and built professional consulting practices that specialise in applying sound risk management and information security best practices for organisations seeking to manage their business risks. http://www.brighttalk.com/webcast/288/29013 Erik Petersen http://www.brighttalk.com/webcast/288/29013 managed security cybercrime economic information Tue, 24 May 2011 13:00:00 +0000 You create it and store it. You manage it and retrieve it. You buy it and sell it. Information is the fuel that drives your business: it’s one of your greatest assets. But it can also be a liability. Having a records management solution in place, that spans electronic records and emails as well as physical records helps all organizations to not only reduce the risks they are exposed to, but to improve staff productivity while managing their records consistently and efficiently. Why does this matter? Well, not least because of the frequency with which poor information management and bad record-keeping practices are cited by regulators such as the FSA in the prosecution of their member firms. And not only that but the Information Commissioner now has the power to fine any business up to £500,000 in relation to poor information management practices – and the fines have already begun. Having a consistent, relevant and compliant records and information management infrastructure can not only mitigate these risks but also help improve process quality, increase efficiency and recognize significant cost savings at an operational level. But with real concerns on how to seamlessly (and consistently) integrate data from multiple sources and how to ensure that this data is integrated and embedded into business process, organizations are often confused as to how they can move towards an infrastructure-led approach to managing all corporate information. Attend this Webinar and you will hear: • How to plan and implement an RM solution that spans physical and electronic records • The steps to take to ensure a solution that has the ability to provide consistent, organization-wide RM • How other organizations have embraced RM to provide real business benefits http://www.brighttalk.com/webcast/288/26229 Bridget Charles, Information Management, HP & Josef Elliott, Managing Director, Oyster IMS http://www.brighttalk.com/webcast/288/26229 Records Management BCDR GRC Compliance Mon, 16 May 2011 10:00:00 +0000 This webcast builds further on the basic cryptographic overview provided in the preceeding Brighttalk webcast "An overview of modern encryption". It introduces some of the more advanced cryptographic concepts related to anonymity and privacy as based on anonymous credentials and selective disclosure. It then evaluates the encryption requirements for social network applications, and illustrate how some of these more advanced cryptoconcepts can be applied. http://www.brighttalk.com/webcast/288/27467 Marc Sel, PwC Enterprise Advisory Services, Director of Information Protection http://www.brighttalk.com/webcast/288/27467 Encryption Social Media Thu, 05 May 2011 21:00:00 +0000 Security practitioners today are confronted with a large complex threat surface of exposure of confidential information: data theft on laptops, information copied to USB devices, stored on smartphones, posted on blogs, burned to CDs and DVDs and sent via IM and e-mail. The consequences for loss of this data are quite severe including regulatory fines/sanctions, brand damage and customer attrition. The WikiLeaks scenario we hear so much about in the press represents a further escalation in the risks and consequences of breach of sensitive data. The results of the latest U.S. Cost of a Data Breach from the Ponemon Institute indicate that malicious attacks are more prevalent than in years past and they’re the most expensive form of breach event. Malicious attacks come from both outside and inside the organization, ranging from data-stealing malware to social engineering. Malicious insiders with intent to misuse information are most often white collar criminals, terminated employees and corporate espionage aspirants. Well-meaning insiders who walk out the door with corporate data on a USB drive do so for mostly legitimate reasons like working from home or for an off-site meeting. These insiders seem to think either that company security policies are a hindrance to their jobs or that they can get away with it as long as they’re careful. These insiders, however well-intentioned, make it easier for hackers and malicious insiders to get their hands on confidential data and leak it. It’s easy to see how the dual priorities of a worker-friendly environment and the need to share information quickly could lead to a data loss scenario. This session will explore these risks, as well as how to protect your sensitive data by implementing multi-level security practices such as encryption, device control, data loss prevention, protection against advanced persistent threats and broader information protection best practices. http://www.brighttalk.com/webcast/288/28393 Tim Matthews, Senior Director Product Marketing, Symantec http://www.brighttalk.com/webcast/288/28393 Security Data Network Threat Breach Hack Leak Thu, 05 May 2011 20:00:00 +0000 Epic Battle: Compliance vs. Security Panelists: Dr. Anton Chuvakin, Principal, Security Warrior Consulting (moderator) Rebecca Herold, Principal, Rebecca Herold & Associates Boris Segalis, Partner, Information Law Group Josh Corman, Research Director, The 451 Group http://www.brighttalk.com/webcast/288/27461 Anton Chuvakin, Rebecca Herold; Boris Segalis;Josh Corman http://www.brighttalk.com/webcast/288/27461 Information security data encryption Thu, 05 May 2011 18:00:00 +0000 There has been a lot of talking about social media, but very little realism. While assuming we can (or should) prevent the use of social media is naive, we've also underestimated the ways in which social media enables adversaries to compromise our corporate secrets and intellectual property. This panel will introduce some realism into the discussion, move us beyond lamenting the things we can't do, and focus us on the things we can. Moderator: Josh Corman, Research Director, The 451 Group Panelists: Daniel Peck, Research Scientist, Barracuda Networks Bradley Anstis, VP Technical Strategy, M86 Security Tom Eston, Senior Security Consultant, SecureState http://www.brighttalk.com/webcast/288/27619 Josh Corman, The 451 Group; Bradley Anstis, M86 Security; Daniel Peck, Barracuda Networks; Tom Eston, SecureState http://www.brighttalk.com/webcast/288/27619 Information security data encryption Thu, 05 May 2011 17:00:00 +0000 Unencrypted WiFi networks are distressingly common in the real world, and attackers can sniff the traffic of any user on those networks. Last year this problem got headlines with the release of the Firesheep attack tool which made it easy to take over other users’ sessions on Facebook and other sites on such networks. Many sites began to increase use of SSL/TLS to protect their users, but some are still only partially protected and some still leave their users wide open to attack. http://www.brighttalk.com/webcast/288/28385 Larry Seltzer, Security Analyst http://www.brighttalk.com/webcast/288/28385 Data Security Encrypt WiFi Network SSL Thu, 05 May 2011 16:00:00 +0000 In this webcast, you will learn about how to protect corporate assets using data encryption. We will share with you advances coming out of research and development labs, the impact mobile and virtualization will have on data protection, and the role of compliance in dictating the need for stronger encryption. Sandra Gittlen, Editor at SLG Publishing (moderator); Winn Schwartau, Chairman at Mobile Active Defense; Steve Orrin, Director of Security Solutions at Intel; Phil Hochmuth, Program Manager of Security Products at IDC http://www.brighttalk.com/webcast/288/26797 Sandra Gittlen, SLG Publishing; Winn Schwartau, Mobile Active Defense; Steve Orrin, Intel; Phil Hochmouth, IDC http://www.brighttalk.com/webcast/288/26797 Encryption Asset Protection Data Protection Thu, 05 May 2011 14:00:00 +0000 Encryption is a very effective tool for protecting data. Like many things, too much of a good thing may not always be good. This session will address many of the effective uses of encryption, many uses where encryption is not appropriate and what other techniques you may need to employ in order to protect your data. http://www.brighttalk.com/webcast/288/27779 Jeff Reich, Director of Operations, Institute for Cyber Security, UTSA http://www.brighttalk.com/webcast/288/27779 data encryption cyber security Thu, 05 May 2011 13:00:00 +0000 Encryption & Tokenisation: Friend or Foe? Intriguing topic brought to you by one of the security industry’s leading experts on both encryption and tokenisation – Gary Palgon, CISSP. Known for his entertaining presentations, you won’t want to miss his take on these two technologies. You may even be surprised at his answer to: Encryption & Tokenisation: Friend or Foe? http://www.brighttalk.com/webcast/288/26227 Gary Palgon, VP Product Management, nuBridges http://www.brighttalk.com/webcast/288/26227 Encryption Tokenisation Data Protection Thu, 05 May 2011 12:00:00 +0000 This course is an overview of modern cryptography algorithms and will describe asymmetric algorithms such as DES, 3DES, AES, and Blowfish as well as asymmetric algorithms such as RSA, Diffie-Hellman, and Elliptic Curve. Chuck Easttom is the author of 11 computer science books including 2 computer security textbooks used at universities around the globe and translated into several languages. He also holds a host of IT certifications including MCP, MCSA, MCSE, MCAD, MCTS (Windows 7, Windows Server 2008, SQL Server 2008, and Visual Studio 2010), MCITP (Windows 7 and SQL Server 2008), MCDBA, MCT, A+, Network+, Linux+,iNet+, Server+, CEH, CHFI, ECSA, CEI, and CISSP. He currently has 7 provisional patents, all related to computer science and 4 related to computer security. One of those patents regards a new method of steganography, another regards a new approach to detecting spyware, and yet another involves the invention of a new, more stable file system. He is also the inventor of a method for quantifying network security that is being taught at several universities, and most recently has developed a new approach to creating ghost drives. He has taught various security related courses for several years and has over 10 years of teaching experience. He is also a frequent consultant on various computer related court cases including both criminal and patent cases. While Mr. Easttom has a broad range of security expertise, his passion has always been cryptography http://www.brighttalk.com/webcast/288/27837 Chuck Easttom, Computer Scientist, Author, and Educator http://www.brighttalk.com/webcast/288/27837 'Data Encryption' Cryptography 'Network Security Thu, 05 May 2011 09:00:00 +0000 Traditional IT Security systems are not addressing the new dymanics and demands of more agile business models where instant access to data, data sharing across B2B models where web, mobile, cloud and SaaS models are the norm. Why are traditional IT Security systems failing in these new more agile buisiness models against the cyber data theft challenges evidenced in every day news stories? Just because you are encrypting and tokenising data it does not mean your data is safe from attack! Why.. ? Hear why traditional encryption, tokenisation and IT security approches alone are failing in the protection of data . Hear why Voltage believe there is a need for a step change requirement for an enterprise wide data centric security architecture as part of your overall IT security strategy. http://www.brighttalk.com/webcast/288/28347 Ravi Pather, VP EMEA for Voltage Security; Wasim Ahmad, Worldwide VP of Marketing for Voltage Security http://www.brighttalk.com/webcast/288/28347 Encryption Data Security Tokenisation FPE IBE Wed, 20 Apr 2011 22:30:00 +0000 Starting from scratch: Identifying the important steps necessary to establish and maintain a compliance program when none currently exists. Building a comprehensive compliance program from the ground up. http://www.brighttalk.com/webcast/288/28057 Teresa Soria Chapter Vice President ISSA-Sacramento Valley http://www.brighttalk.com/webcast/288/28057 network security ISSA Thu, 14 Apr 2011 22:00:00 +0000 One important element of cybersecurity, is people—both defenders and attackers— engaged in a contest playing out on a field of information systems and technology. Just as in any contest of this kind, success lies in identifying talent and continually developing and conditioning teams of professionals to be competitive. The identification and development of competence is no easy task. We will discuss both challenges and new approaches to attract and grow professionals with a demonstrated level of hands-on competence, performance, and intuition. http://www.brighttalk.com/webcast/288/26609 Michael Assante, President & CEO National Board of Information Security Examiners (NBISE) http://www.brighttalk.com/webcast/288/26609 network security NBISE cybersecurity Thu, 14 Apr 2011 20:00:00 +0000 Starting from scratch: Identifying the important steps necessary to establish and maintain a compliance program when none currently exists. Building a comprehensive compliance program from the ground up. http://www.brighttalk.com/webcast/288/26221 Teresa Soria, ISSA Sacramento Chapter http://www.brighttalk.com/webcast/288/26221 Information security ISSA Thu, 14 Apr 2011 18:00:00 +0000 This is something that has been percolating for some time and might be ready soon. The idea is that IT wants to have strong authentication and access control for users and users want to access their stuff anywhere, any time. These two worlds can come together, but there has to be stuff in place—both process and product—to make it happen. It’s not exactly a pipe dream, but not simple either. http://www.brighttalk.com/webcast/288/26151 Mike Fratto, Editor, Network Computing http://www.brighttalk.com/webcast/288/26151 Identity Network Security Authentication Thu, 14 Apr 2011 17:00:00 +0000 Securing a network necessarily means controlling what connects to it and what it connects to. But your users don't want to hear that - they just want to be able to use social networking and listen to music off the Internet and hook up that new gadget they bought. Some businesses can get away with hard and fast rules about the business network - It's only for business, not for non-business functions at all. But in others IT has to walk a line allowing some personal computing on the business computers, smartphones and network, while still keeping it secure. What can you do to keep it as safe anyway? Larry Seltzer has been analyzing and testing computer hardware and software for over 20 years. He is the author of 3 books and over 1000 articles on technology. For the last 7 years he has focused on security matters and writes for a variety of technology industry publications. http://www.brighttalk.com/webcast/288/26855 Larry Seltzer, Security Analyst http://www.brighttalk.com/webcast/288/26855 network secure business social network IT Thu, 14 Apr 2011 16:00:00 +0000 Cybercrime is making headlines but merely adding more controls to the network will not help. Forrester Research has developed a new trust model called "Zero Trust" that gets to the real problem facing InfoSec professionals today - a broken trust model. This presentation ties that research into the state of cybercrime right now and illustrates it with the Albert Gonzalez prosecution. While there remain significant issues on the edges of the network that must continue to be addressed, once a hacker has penetrated a network – such as Gonzalez die with many large companies – they have free reign to wreck havoc inside. There must be a deep integration between vulnerability management, network security, and visibility initiatives if we have any hope of being effective cybercrime fighters. http://www.brighttalk.com/webcast/288/25572 John Kindervag, Sr. Analyst, Security & Risk Management, Forrester Research http://www.brighttalk.com/webcast/288/25572 'cybercrime' 'info security' 'network security' Thu, 14 Apr 2011 14:00:00 +0000 IT managers everywhere feel overwhelmed with the rising tide of security threats they have to deal with in the face of an increasing regulatory burden. It is not surprising then that they tend to overlook one particular area of IT security, which is the privileged access that they grant to themselves and/or their colleagues in order to do their jobs. http://www.brighttalk.com/webcast/288/25939 Bob Tarzey, Analyst & Director, Quocirca http://www.brighttalk.com/webcast/288/25939 IT Security user management threat managment Thu, 14 Apr 2011 12:00:00 +0000 Simon founded Network Integration in 2005 with the aim to help all sizes of companies access secure network, storage and voice technology solutions that in the past have only been available to the largest corporate organisations. Today Simon manages the overall technical strategy of Network Integration balancing technical focus with commercial agility. In this webcast he will discuss: How has network security evolved since 1996? What is the threat landscape 15 years later? Why is your firewall legacy today? What does a Next Generation Firewall do? How to choose a Next Generation Firewall http://www.brighttalk.com/webcast/288/25643 Simon Richardson, Founder & Managing Partner, Network Integration http://www.brighttalk.com/webcast/288/25643 Firewalls Network Security Hays Thu, 14 Apr 2011 10:00:00 +0000 TBC http://www.brighttalk.com/webcast/288/25282 Marco Ermini, Network Security Manager, Vodafone http://www.brighttalk.com/webcast/288/25282 PCI IT Security Network Security Wed, 16 Mar 2011 20:00:00 +0000 Studies have shown that enterprises see security as the biggest reason not to adopt utility computing—and the biggest reason to use it. Attend this panel to hear as these experts debate this issue and see who will prevail. Panelists: Joe Knape, Security Expert Mark Kadrich, Principal Enterprise Security Architect at Kaiser Permanente IT & President at ISSA Silicon Valley Chapter Moderator: Brian Barnier, Value Bridge Advisors http://www.brighttalk.com/webcast/288/25871 Joe Knape, Security Expert & Mark Kadrich, Kaiser Permanente; moderated by Brian Barnier, Value Bridge Advisors http://www.brighttalk.com/webcast/288/25871 Cloud ComputingWeb Security Wed, 16 Mar 2011 19:00:00 +0000 In 2010, we again saw the volume and sophistication of malware dramatically increase over the year before. Today, more than 1.6 million new malware signatures are identified each month and the volume of zero-day attacks continues to rise. Script kiddies have been replaced by cyber criminal syndicates looking to steal personal information and intellectual property for financial gain. Join security and forensics expert, Paul Henry, to learn about the latest malware trends and more importantly, practical steps you can take to better protect your organization from evolving threats. In this live webcast, he’ll examine: • The unending arms race with financially motivated “bad guys” • Evolving paths into your network including social media and removable devices • Why traditional defenses are not effective • How to ensure an effective depth-in-defense security strategy that includes application whitelisting http://www.brighttalk.com/webcast/288/26409 Paul Henry http://www.brighttalk.com/webcast/288/26409 endpoint security malware application whitelisting Wed, 16 Mar 2011 18:00:00 +0000 The domain name system (DNS) translates domain names into IP addresses and provides the foundational starting point for how humans interact with machines and services on the Internet and throughout the cloud. However, if that translation goes awry or is tampered with in the cloud, attack windows are exposed. Securing DNS (with extensions like DNSSEC) and managing the routes that cloud traffic takes can increase cloud security and help close the attack windows. Agenda: Getting to the Right Place - Routing and DNS in the Cloud What’s in a Name? DNS - The problem of trust: When DNS goes bad - Increasing DNS trust What the Path Matters: Routing - Shortest path may not be safest - Increasing routing security http://www.brighttalk.com/webcast/288/24475 Diana Kelley; SecurityCurve, Co-Founder and Partner http://www.brighttalk.com/webcast/288/24475 DNS SEC Security IT Wed, 16 Mar 2011 17:00:00 +0000 Join an expert panel of OWASP leaders as they discuss new web application threats and give their insights on ways to secure them for your business. http://www.brighttalk.com/webcast/288/24582 Dennis Groves, Founder of OWASP; Sebastien Giora, OWASP ; Justin Clarke, OWASP; David Campbell, OWASP; Derek Brink, Aberdeen http://www.brighttalk.com/webcast/288/24582 OWASP InfoSec Application Security AppSec Wed, 16 Mar 2011 16:00:00 +0000 A blanket ban on accessing social media networks is no longer viewed as an effective strategy, yet how can you safely leverage these networks and defend against the latest malware? Sites like LinkedIn™, Twitter™ and Facebook™ have radically altered our perceptions of how companies can engage with their customers, partners and public. Over 50% of Global Fortune 100 companies have already flocked to these sites for a multitude of intentions. Join Dave Meizlik, Director of Product Marketing and Communications for security leader, Websense, to learn how you can safely enable use of the social Web. http://www.brighttalk.com/webcast/288/25629 David Meizlik, Director of Product Marketing and Communications, Websense http://www.brighttalk.com/webcast/288/25629 Security IT Web Social Media Wed, 16 Mar 2011 15:00:00 +0000 New technologies used in Web 2.0 applications have increased the volume and complexity of network traffic internal to organizations and at Internet gateways. More than ever, it’s important for businesses to deploy new methods of monitoring and controlling these Internet-based applications in order to discover and mitigate hidden security threats. Allowing employees to access Web 2.0 applications has made enforcing data security policies a far more complex problem. Patrick Bedwell, Vice-President of Product Marketing will introduce the security solution that provides complete content protection, including application detection, monitoring and control that is needed to discover threats embedded in Internet-based application traffic, and to protect against data loss resulting from inappropriate use of social media applications. http://www.brighttalk.com/webcast/288/24580 Patrick Bedwell, Vice-President of Product Marketing, Fortinet http://www.brighttalk.com/webcast/288/24580 IT security Web 2.0 Privacy Social media Wed, 16 Mar 2011 13:00:00 +0000 Join leading experts in authentication as they critically evaluate if single sign on makes convenience sense or risky business. Panelists: Mary Ruddy; Interim Executive Director, Information Card Foundation & Chief Steward, Identity Commons Peter Cummings, Co-founder of IdM Specialist Group; Steven Furnell, Head of School of Computing, Plymouth University http://www.brighttalk.com/webcast/288/24570 Peter Cummings, IdM Specialist Group; Steven Furnell, Plymouth University; Mary Ruddy, Information Card Foundation http://www.brighttalk.com/webcast/288/24570 Identity Authentication Security Mon, 14 Mar 2011 17:00:00 +0000 Behavioral targeting is at the center of debate for consumer privacy. Does the industry require governmental regulation or can it be trusted to police itself? Is it possible for regulations to keep pace with innovation? Are online tracking technologies too sophisticated for the average consumer, or should people take more responsibility for their actions online? At what point do today’s digital marketing techniques cross the line from effective to creepy? http://www.brighttalk.com/webcast/288/24735 Daniel Castro, ITIF.org; Mike Spinney, Ponemon Institute & Eric Goldman of High Tech Law Inst. http://www.brighttalk.com/webcast/288/24735 Privacy IT Security Wed, 02 Mar 2011 19:00:00 +0000 The CIA is very important to America and confidentiality, integrity, and availability are very important to information security. Confidentiality is keeping privileged information private amongst only those individuals who have the clearance and need to know for that information or data. Integrity refers to keeping the data intact without unauthorized modification, and availability refers to ensuring data is accessible whenever the customer needs to access the data. These are the pillars of the security, and while they seem simplistic sometimes we need to remind ourselves of these all-important pillars even as technology continues to advance. http://www.brighttalk.com/webcast/288/24938 James Satterlee, Information Security Expert http://www.brighttalk.com/webcast/288/24938 Security IT CIA Wed, 23 Feb 2011 21:00:00 +0000 There are many different types of available cloud computing services, each offering to provide similar business benefits. However, from a lawyer's point of view, each individual cloud service has its own unique profile that presents potential benefits and risks reaching across many different areas of the law. This uniqueness creates the potential for legal complications that could undermine or eliminate the intended business result that motivated the move to the cloud in the first instance. To help manage these concerns, this webinar will provide a framework for conducting a proper cloud computing-related legal due diligence investigation, supporting the identification of legal risks and rewards and the strategic selection of particular cloud services. http://www.brighttalk.com/webcast/288/24408 Nolan Goldberg; Senior IP & Technology Counsel, Proskauer Rose LLP http://www.brighttalk.com/webcast/288/24408 Cloud Computing IT Legal Risks Wed, 23 Feb 2011 17:00:00 +0000 "Don't bloat the hypervisor" is the rallying cry for some security professionals worried about system virtualization security. Worried that access to APIs for security needs could end up making the same mistake with hypervisors that was made earlier with operating systems - bloat. And the larger a system is, whether it is the code base for a hypervisor or an operating system, the more difficult it is to secure. Other security professionals say that the lack of security capabilities inherent in hypervisors limits necessary tasks, such as forensics. This group argues that introspection capabilities are critical for actually securing virtualization. This presentation will examine both sides of the introspection debate, and what the possible implications of it are for information security practitioners trying to secure virtualized environments. http://www.brighttalk.com/webcast/288/24370 Tim Mather, Consultant & Board Member of Cloud Security Alliance (CSA) http://www.brighttalk.com/webcast/288/24370 IT Security Ops Wed, 23 Feb 2011 16:00:00 +0000 From Payment Card Industry (PCI) Compliance to ensuring compliance with health information regulations and the Social Security Privacy Act, governments and businesses face a myriad of legal and policy compliance requirements. These requirements must be addressed with carefully-built solutions in virtualized environments. This session will offer a case study of how Michigan was able to achieve PCI compliance as well as comply with many other legal mandates in our centralized technology infrastructure. We moved from 40 data-centers to 3 while still addressing audit issues and overcoming numerous enterprise architecture challenges. Dan Lohrmann will share some of the challenges faced as well as the solutions implemented which can help others achieve compliance in virtualized server environments. http://www.brighttalk.com/webcast/288/24878 Dan Lohrmann; Chief Technology Officer, State of Michigan http://www.brighttalk.com/webcast/288/24878 Virtualization Security PCI Compliance Wed, 23 Feb 2011 13:00:00 +0000 * Generel risk assessment * Recommendations to secure virtualized envrionment * Security for cloud deployments http://www.brighttalk.com/webcast/288/24914 Andreas Weiss, Director of Eurocloud Germany http://www.brighttalk.com/webcast/288/24914 Server domain virtualization cloud Wed, 23 Feb 2011 09:00:00 +0000 Kevin is an experienced IT security and business professional with an in-depth understanding of technical IT matters coupled with strong business acumen gained over 18 years. Skilled in delivering completed projects and managing customer relationships. Kevin will deliver an in-depth presentation on Virtualization and Private Cloud Security. http://www.brighttalk.com/webcast/288/24181 Kevin Wharram, Virtualization Security, FSA & ISACA http://www.brighttalk.com/webcast/288/24181 Virtualization Cloud security Thu, 13 Jan 2011 20:00:00 +0000 A 20 year veteran in technology marketing, Steven is passionate about delivering compelling, high value technology messages to markets that are underserved through the status quo. His background in software technologies spanning storage, security, ERP and web-based content has fueled triple digit annual growth rates for several VC-backed emerging technology companies including WQuinn, AXENT, iCode and Jobfox. Steven holds a BS in Communications from Syracuse University’s Newhouse School as well as an MBA and a Master of International Management from University of Maryland University College. http://www.brighttalk.com/webcast/288/24879 Steven Toole; CMO, AppAssure Software http://www.brighttalk.com/webcast/288/24879 BCDR Recovery Cloud backup virtualization Thu, 13 Jan 2011 19:00:00 +0000 Most companies are so focused on data backup that they often forget “why” they are backing up their data in the first place. Data protection (backup, snapshots, replication, CDP, etc.) is just a means to an end. The end being the ability to restore, recover, and access data that is lost because of human errors, machine errors, malware, or natural disasters. Because of the infrequency of data restores and recoverability, most companies have little experience restoring and recovering data. Since restores and recoveries are always urgent, it is logical to assume that most organizations frequently test their ability to restore and recovery, especially their procedures for a disaster recovery. That is an incorrect assumption. Case in point, recent Information week’s Business Continuity (BC) Disaster Recovery (DR) survey revealed that approximately 38% of the respondents did not provide a real restore and recovery test at all; 36% ran through a representative failover test just once a year or less and updated their documentation; and 26% ran through a thorough failover test at least once a year or more, following all procedures, reviewed what went right, what went wrong, improved their process, and updated all documentation appropriately. IT protects the data 365 times a year. Attend this presentation to learn why the Cloud provides the most efficient and optimal medium to backup and recover your data and why now is the perfect time to invest in a Cloud Backup and Recovery (BUR) solution. This presentation will review the Cloud Backup market reality, typical errors made with Cloud Backup and future challenges SNIA sees for Cloud Backup and Recovery. http://www.brighttalk.com/webcast/288/24389 Ashar Baig; Chairman of Cloud Backup & Recovery SIG, SNIA http://www.brighttalk.com/webcast/288/24389 Backup Malware Data Protection Thu, 13 Jan 2011 18:00:00 +0000 Individuals are sometimes thrust into the world of Oz (Continuity Planning) with little or no background in the area. Through their journey in Oz, they stumble upon resources and find frequent barriers to success. Some of the most daunting tasks Continuity Planners face are designing and implementing EOCs, TRCs, and BRCs. Can you succeed without the great and powerful Oz? http://www.brighttalk.com/webcast/288/24444 Javier Carrillo, Lead Continuity Planner/Project Manager, Office of Technology Services, California Technology Agency http://www.brighttalk.com/webcast/288/24444 Business Continuity Recovery Continuity EOC Thu, 13 Jan 2011 17:00:00 +0000 An organization’s resiliency is directly related to the effectiveness of its continuity capability. An organization’s continuity capability—its ability to perform its essential functions continuously—rests upon key components and pillars, which are in turn built on the foundation of continuity planning and program management. These pillars are Leadership, Staff, Communications, and Facilities. The Federal Continuity Directive (FCD) 1 provides direction to the Federal executive branch for developing continuity plans and programs. Continuity planning facilitates the performance of executive branch essential functions during all-hazards emergencies or other situations that may disrupt normal operations. FCD2 provides further guidance and direction to Federal executive branch departments and agencies for identification of their Mission Essential Functions (MEFs) and potential Primary Mission Essential Functions (PMEFs). It also includes guidance on the processes for conducting a Business Process Analysis (BPA) and Business Impact Analysis (BIA) for each of the potential PMEFs that assist in identifying essential function relationships and inter-dependencies, time sensitivities, threat and vulnerability analysis, and mitigation strategies that impact and support the PMEFs. http://www.brighttalk.com/webcast/288/24190 Shankar Swaroop, Director of BCDR, NEXCOM http://www.brighttalk.com/webcast/288/24190 BCDR IT Continuity FCD Thu, 13 Jan 2011 15:00:00 +0000 Google Message Continuity is an email continuity solution that allows businesses running an on-premise email system to continuously synchronize their email accounts with a Google cloud service in real-time. David McLeman, Director of Ancoris, will talk around the opportunities this offers businesses to maximise email up-time and minimise disruptions to the operations of their business. http://www.brighttalk.com/webcast/288/24819 David McLeman, Director of Ancoris; Rob Gray, Google Enterprise Regional Marketing Manager http://www.brighttalk.com/webcast/288/24819 Google Apps; Thu, 13 Jan 2011 14:00:00 +0000 What is the perception of BCDR & cloud backup - are they useless you test them? http://www.brighttalk.com/webcast/288/24012 Paul Rivett, Operations Director, CNet Training http://www.brighttalk.com/webcast/288/24012 BCDR Cloud Backup Thu, 13 Jan 2011 11:00:00 +0000 Ibrahim Hasan is a recognised expert on data protection, freedom of information and surveillance law. He was previously Principal Solicitor at Calderdale Council and has worked for Bradford Council and Nottinghamshire County Council. He has also held positions as an associate with the Institute of Public Finance and as a non executive director of an NHS Trust. Ibrahim is now a full time trainer and writer on information law issues and a consultant with IBA Solicitors. Ibrahim is very much in demand as a presenter at courses and conferences throughout the UK. He has conducted training sessions for many national organisations as well as local authorities and the NHS. His high profile clients include the Olympic Delivery Authority, the House of Commons, the Scottish Executive, General Medical Council, the Independent Police Complaints Commission, Birmingham City Council and various other local and central government organisations. Ibrahim has travelled to China to train young Chinese and Hong Kong lawyers on behalf of the Law Society and the Bar Council. Ibrahim’s articles have appeared in many professional journals including the Local Government Chronicle, Benefits Magazine, IRRV Insight Magazine and Solicitors Journal. He sits on the editorial board for an international journal on freedom of Information entitled “Open Government” and is a member of the European Information Managers Group (EURIM). Ibrahim contributed to the privacy law aspects of a book entitled “Spy TV – Just who is the digital revolution overthrowing?” which won a Big Brother Award from Privacy International. Ibrahim currently writes the Freedom of Information Update column in the Law Society Gazette and is a guest lecturer on the University of Northumbria’s LLM in Information Rights Law. He also produces the UK’s only Freedom of Information podcast and runs the Act Now helplines on Surveillance Law and Freedom of Information. http://www.brighttalk.com/webcast/288/23907 Ibrahim Hasan, Board, EURIM & CEO, Act Now Training http://www.brighttalk.com/webcast/288/23907 Cloud Backup Legal Risks Thu, 13 Jan 2011 09:00:00 +0000 Join Vicki Gavin, Head of Business Continuity as she explores the emerging challenges in 2011 for business resilience in the supply and industry chain. Vicki Gavin is currently the Head of Business Continuity at The Economist and her past roles have included: Director at CIE Consulting, Head of Business Continuity & Business Risk at Barclaycard and Head of Recovery Planning & Crisis Management at Barclays Bank. http://www.brighttalk.com/webcast/288/23868 Vicki Gavin, Head of Business Continuity, The Economist Group http://www.brighttalk.com/webcast/288/23868 Business Continuity Recovery BCDR Tue, 14 Dec 2010 11:00:00 +0000 Justin Clarke is an information security consultant with years of experience in assessing the security of networks, web applications and wireless infrastructures for large financial, retail, technology and government clients in the United Kingdom, the United States and New Zealand. Justin is the the technical editor and lead author of “SQL Injection Attacks and Defense” (Syngress 2009), co-author of "Network Security Tools: Writing, Hacking, and Modifying Security Tools" (O’Reilly 2005), a contributing author to "Network Security Assessment: Know Your Network, 2nd Edition" (O’Reilly 2007), as well as a speaker at a number of conferences and events on security topics, including Black Hat USA, EuSecWest, OSCON, ISACA, RSA, SANS, OWASP, and the British Computer Society. He is the author of the open source SQLBrute blind SQL injection testing tool, and is the Chapter Leader for the London chapter of OWASP as well as a member of the OWASP Global Connections Committee. http://www.brighttalk.com/webcast/288/23833 Justin Clarke, London Chapter Leader, OWASP http://www.brighttalk.com/webcast/288/23833 Mobile Security Application Security Endpoint Tue, 07 Dec 2010 19:00:00 +0000 Companies today operate in a world that requires borderless security, where the trend toward anywhere, anytime access to information has significantly changed the current business environment. An increasingly mobile workforce, cloud computing and social networking all pose significant threats to information security programs. The “outsiders” are now “insiders” – people and organizations outside the traditional borders of the corporate environment may now have a role in achieving information security objectives. But at the same time, they can pose risks to protecting company data. Leading organizations view information security, including business continuity and resiliency systems, as part of an ongoing strategy that is vital to operations and competiveness. This presentation, supported with data from Ernst & Young’s recently released 13th Annual Global Information Survey, examines how organizations need to adapt and address their information security needs and protect data in the face of continually changing technology. http://www.brighttalk.com/webcast/288/24345 Jose Granado; Ernst & Young LLP, Principal and Americas practice leader for Information Security Services http://www.brighttalk.com/webcast/288/24345 Endpoint Social mobile Tue, 07 Dec 2010 18:00:00 +0000 As technology starts playing a bigger role in the workplace, the amount of endpoints at risk to attacks are increasing; many of which IT pros don’t even consider as potential risks. This presentation looks at examples of endpoints that IT pros might not realize are open to attack and will point out new methods hackers are using. Watch this presentation to help you consider additional possible points of attack throughout your entire infrastructure. http://www.brighttalk.com/webcast/288/24388 Jeff Debrosse; Senior Security Evangelist, ESET http://www.brighttalk.com/webcast/288/24388 IT Tue, 07 Dec 2010 17:00:00 +0000 Endpoint Security Management: Trust but Verify http://www.brighttalk.com/webcast/288/24159 Jason Stradley; BT Global Services, US&C Security Practice Lead http://www.brighttalk.com/webcast/288/24159 Endpoint IT Security Tue, 07 Dec 2010 16:00:00 +0000 Worries of 2011 – What to look out for and how to tackle them http://www.brighttalk.com/webcast/288/23706 Derek Brink, Vice President & Research Fellow, Aberdeen Group http://www.brighttalk.com/webcast/288/23706 IT Security Research Tue, 07 Dec 2010 15:00:00 +0000 Join Ward Spangenberg, Director of Security at Zynga Game Network; Becky Pinkard of SANS Institute and Dave Asprey of VP Cloud Security, Trend Micro as they critically evaluate if vendors are doing enough to prevent the threats from hackers in the cloud. http://www.brighttalk.com/webcast/288/23208 Ward Spangenberg, Director, Zynga Game Network; Dave Asprey, Trend Micro Becky Pinkard, The SANS Institute http://www.brighttalk.com/webcast/288/23208 Hackers Threats Threat Management Clouds Tue, 07 Dec 2010 13:00:00 +0000 Fashion accessory, personal entertainment device, social network portal and business tool. People keep their smartphones with them 24 hours a day and expect to use them in all contexts of their life, both business and personal. The different security architectures of today's smartphones may be targeted at one or other of those environments, but can security policy be managed in such a way that both personal privacy and enterprise security needs are satisfied? Craig Heath is Chief Security Technologist at the Symbian Foundation. He has been working in IT security since 1988, first at The Santa Cruz Operation as security architect for SCO UNIX, then at Lutris Technologies as security architect for their Java Enterprise application server. He joined Symbian Software Limited in 2002, working in product management and strategy, and joined the new open source Symbian Foundation in 2009. Craig is lead author of "Symbian OS Platform Security" published by Wiley, co-author of The Open Group "Technical Guide to Security Design Patterns" and lead author of The Open Group "Guide to Digital Rights Management". http://www.brighttalk.com/webcast/288/23761 Craig Heath, Chief Security Technologist, Symbian Foundation http://www.brighttalk.com/webcast/288/23761 Mobile Security GSM Symbian Tue, 07 Dec 2010 12:00:00 +0000 Alwyn is an experienced professional with 15 years of experience in the IT business. He has held previous positions with Pointsec Mobile Technologies, Royal London Insurance, EDS and the UK Armed Forces. A change in roles this year has allowed Alwyn to concentrate on the technical development of Check Point's channel and technical partners. He started with Pointsec when the company's UK office opened in 2001 and took a central role in a number of large-scale deployments of the firm's full disk encryption technology which was then in its early adopters phase. With considerable experience with IT security and operational support issues, Alwyn is well placed to work with customers in making their large-scale data security projects a reality. http://www.brighttalk.com/webcast/288/24266 Alwyn Nash, Endpoint Technical Director Check Point Software Technologies; Meint Dijkstra, Computerlinks http://www.brighttalk.com/webcast/288/24266 Endpoint security IT security Tue, 07 Dec 2010 09:00:00 +0000 In IT the term end point is broad, covering everything from servers at a fixed location inside the firewall to smartphones that may move from one side of the globe to another in a matter of hours. End points can also be virtual and/or hosted by third parties makes things more complex still. There is no single answer to how end points should be secured, it depends on the type of device, the person (or people) using it and the nature of the transactions it is expected to be used for. This presentation will look at the different options for securing end points, from mobile malware protection to next generation firewalls, and discuss what is appropriate when and where. http://www.brighttalk.com/webcast/288/23986 Bob Tarzey, Analyst & Director, Quocirca http://www.brighttalk.com/webcast/288/23986 Endpoint Security Fri, 05 Nov 2010 17:30:00 +0000 Join this cutting-edge presentation on Rugged Software (and how it can secure your Web applications) presented by the 451 Group and Cenzic. Renowned speaker and Research Director of the 451 Group, Joshua Corman, and Mandeep Khera, Cenzic CMO provide insights on Rugged Software and how you can enhance your Web security posture using Rugged software, including: •Defining Rugged Software (a new way of writing software in a secure way) •The Rugged Software creed / manifesto •How to get involved in Rugged Software communities •An informative Q&A session! Be sure to listen to this section of the webinar and hear some of the commonly asked questions and how Joshua answers them http://www.brighttalk.com/webcast/288/23796 Joshua Corman; Research Director, 451 Group & Mandeep Khera; CMO, Cenzic http://www.brighttalk.com/webcast/288/23796 Apps Software IT Security Fri, 05 Nov 2010 13:00:00 +0000 In a study of more than 160 organizations, Aberdeen found that respondents annually spend an average total of $2,150,000 in IT Security-related activities: $870,000 invested in their IT Security initiatives, plus an additional $1,280,000 in costs related to IT Security incidents that were not avoided in spite of these investments. This works out to approximately $220 per employee per year, or roughly 0.2% of annual revenue – less than many companies spend on complimentary tea and coffee. But how have some companies successfully optimized the balance between their annual investments in IT Security initiatives, and the additional financial impact of IT Security-related costs not avoided – the very essence of a risk-based approach? http://www.brighttalk.com/webcast/288/23908 Derek Brink, Vice President & Research Fellow, Aberdeen Group http://www.brighttalk.com/webcast/288/23908 threat Management Aberdeen Thu, 04 Nov 2010 22:00:00 +0000 From Model Employee to Insider Threat: Models to Mitigate Insider Threats and Risks http://www.brighttalk.com/webcast/288/23798 Ryan Kalember; Director of Product Marketing, ArcSight http://www.brighttalk.com/webcast/288/23798 Threat IT Security Thu, 04 Nov 2010 20:00:00 +0000 What's threatening information security in 2011? Tom Brennan, CEO of Proactive Risk Inc. will share the top threats to watch out for in 2011 and what you can do to prevent them. Application, Network, Malware, Wireless, Physical, Forensics - not to be missed insight from the trenches of critical infrastructure In accordance with the Federal Financial Institutions Examination Council (FFIEC), Proactive Risk provides information assurance services for to satisfy requirements of the Federal Reserve System (FRB), the Federal Deposit Insurance Corporation (FDIC), the National Credit Union Administration (NCUA), the Office of the Comptroller of the Currency (OCC), and the Office of Thrift Supervision (OTS) http://www.brighttalk.com/webcast/288/23293 Tom Brennan, Global Board Member at OWASP & Founder/CEO at PROACTIVE RISK INC. http://www.brighttalk.com/webcast/288/23293 Application Network Malware Wireless Physical Thu, 04 Nov 2010 19:00:00 +0000 This webcast, ‘Spoofing Server to Server Communication: How You Can Prevent It’, is a must for IT Professionals. It discusses new advances in attacks that exploit weaknesses of generic SSL to compromise server to server communication. Such incidents can be ruinous to a company because of the potential exposure of critical data. http://www.brighttalk.com/webcast/288/23449 Larry Seltzer, Security Analyst http://www.brighttalk.com/webcast/288/23449 SSL IT Security Servers Thu, 04 Nov 2010 18:00:00 +0000 Modern threats, including Advanced Persistent Threat (APT) and insider threats, operate on an entirely different plane of sophistication than your run-of-the-mill malware and mass market threats. The normal economic models do not apply to these types of threats. In this talk, we will look at some of the newest APTs and answer the question: ‘Why should I care about APT?” You will learn techniques to spot APTs, methods to circumvent the attack, and strategies via which to defend against APTs. http://www.brighttalk.com/webcast/288/23269 John Kindervag; Senior Analyst, Forrester Research http://www.brighttalk.com/webcast/288/23269 IT Security malware Insider Threat Thu, 04 Nov 2010 17:00:00 +0000 Today, attackers are going to unprecedented lengths to avoid detection for as long as possible. These threats have evolved to take advantage of numerous blind-spots in our existing security infrastructure. This presentation looks at these hidden threat vectors and how they can be fixed with next-generation firewalls. http://www.brighttalk.com/webcast/288/23154 Wade Williamson; Palo Alto Networks, Sr. Product Marketing Manager http://www.brighttalk.com/webcast/288/23154 IT Security Firewalls Thu, 04 Nov 2010 16:00:00 +0000 This session will provide an overview of some of the threats and vulnerabilities that exist in current and proposed smart grid deployments and potential solutions, including discussion of some case studies. It will begin by providing an architectural overview of what is considered to be the modern smart grid including discussions of AMI, Distribution Automation, and Substation Automation. This will include concerns about residential meters that are exposed to physical tampering as well as attacks from inside the home through the Home Area Network (HAN) and the Neighborhood Area Network (NAN). The speaker will discuss potential challenges with wireless mesh architecture and the trust relationships that are assumed up the chain back to the utility’s head end. This presentation will also cover the reliance on service providers such as telecommunications companies and hosting providers and how that may present unacceptable security risks if not properly mitigated. The speaker will draw his experience in this area including component testing in the lab and in production environments. http://www.brighttalk.com/webcast/288/23104 Gib Sorebo; SAIC, Chief Cybersecurity Technologist http://www.brighttalk.com/webcast/288/23104 Security Network Protection Thu, 04 Nov 2010 14:00:00 +0000 ThreatNet 2011 : Never in the field of internet conflict was so much impact caused by so few to so many. Internet threats are getting ever more complex and sophisticated and protecting against them with reduced budgets, susceptible users and more mobile devices is a greater challenge than ever before. Find out in this informative session why these threats continue to affect users, what new techniques the attackers are using and new ways to combat against them as we head towards 2011. With 25 years in the IT Sector and over 7 of them specialising in security (with 5 in SaaS Security), Ian has been with Webroot over 3 years. Starting as a Systems Programmer at IBM in the mainframe environment, he has held senior positions in both large and smaller organisations including Senior Vice President for EMEA at CA and Managing Director of several UK companies. Ian has been keynote speaker at many events and has introduced and trained a large number of UK resellers in SaaS Security as well as bringing the technology to many major UK brand name companies. Ian now sits on the Board of Eurocloud and is a contributor to the Cloud Industry Forum (CIF). Ian was awarded the independent AllBusiness Sales AllStar Award in March 2010. http://www.brighttalk.com/webcast/288/23628 Ian Moyse, EMEA Channel Director, Webroot http://www.brighttalk.com/webcast/288/23628 Threat Management Webroot Fri, 08 Oct 2010 08:00:00 +0000 Les technologies d'authentification forte dans les applications web: comment les intégrer ? L'état de l'art 2010 sur les technologies d'authentification forte Les approches pour l'intégration avec vos applications Web http://www.brighttalk.com/webcast/288/22708 Sylvain Maret, Authentication Evangelist & Swiss Chapter Leader, OpenID http://www.brighttalk.com/webcast/288/22708 Authentication Identity & Access Management Thu, 07 Oct 2010 19:00:00 +0000 Long the bailiwick of large enterprises and involving huge infrastructure overlays, authentication is entering a new era. Simple to deploy, use, and maintain solutions are gaining traction as the value of user communities, cloud services, and accounts increase. Cloud based authentication mechanisms, open source, and proprietary, are getting more attention. VMWare acquires TriCipher and CA acquires Arcot while startups launch phone based authentication solutions that are changing the face of the industry. Attend this webcast to get up to speed on industry trends, the threats that drive them, and market dynamics. http://www.brighttalk.com/webcast/288/22856 Richard Stiennon; IT-Harvest, Chief Research Analyst http://www.brighttalk.com/webcast/288/22856 Authentication Cloud Innovation Thu, 07 Oct 2010 18:00:00 +0000 The Internet today is an irreplaceable facet of our lives that continues to evolve and grow. From the early days of using email to communicate with colleagues and friends, to social networks that harbor countless amounts of personal information about us all, to online banking and commerce being a part of our everyday lives, the World Wide Web has become a preferred standard for how consumers want to transact. Because of this, it becomes increasingly more important to ensure that you are talking to a trusted, legitimate company, and not an imposter trying to take you for the proverbial ride. We are all familiar with the gold padlock showing us that a site is secure, but what does that lock icon really mean? What else can we do as online businesses to ensure visitors to our sites that we’re the good guys? http://www.brighttalk.com/webcast/288/23237 Ryan White; Symantec, Product Marketing http://www.brighttalk.com/webcast/288/23237 Authentication IT Security Thu, 07 Oct 2010 17:00:00 +0000 Selecting the Appropriate Authentication Solution for Your Users, Business and Budget Passwords; Hardware, Software, SMS One-time Password Tokens; Risk-based Authentication…Which solution is appropriate for your organization? With so many authentication choices to evaluate, so many business needs, objectives and regulatory guidelines to factor in, making a decision on the most appropriate strong authentication technology for your organization is not an easy task. Through real-world examples we will provide a framework to help you evaluate and select the most appropriate authentication solution for your business based on: • The value of the information being protected, • The strength of user authentication to apply, • The needs of the end user population, • The realities of your budget If you are evaluating a strong authentication solution, this presentation will help you make a decision that not only protects - but accelerates - your business http://www.brighttalk.com/webcast/288/22635 Rachael Stockton; RSA The Security Division of EMC, Principal Product Marketing Manager http://www.brighttalk.com/webcast/288/22635 ROI Methodology Authentication Solution Thu, 07 Oct 2010 16:00:00 +0000 A discussion around the pragmatic approaches in identity and access management in everyday life, and their inevitable intersection with identity assurance. The session will illustrate, via real life example, what identity assurance trade off are often made, whether by design or by accident in various cases, and provide guidance on how they could be assessed from an identity assurance perspective that helps balance risk mitigation and cost. http://www.brighttalk.com/webcast/288/23042 Frank Villavicencio, EVP, Identropy & Chair of Kantara Initiative's Identity Assurance Work Group http://www.brighttalk.com/webcast/288/23042 IAM Identity assurance Risk mitigation Thu, 07 Oct 2010 15:00:00 +0000 Within the last decade, we’ve seen a of number changes to the way we bank, furthermore the rate of data consumption has increased immensely, not mentioning the sharing mechanisms associated with web 2.0 technologies delivered in a mobile operating system. How is authentication and security adapting to meet the needs of the consumer and address these changes in behaviour? Engage live to ask real time questions and take part in the live audience polls to shape the direction of the discussion. http://www.brighttalk.com/webcast/288/23152 Paul Rivett, CNet Training; Joni Brennan, Kantara Initiative, Mohammed Joueid, ActivIdentity; Richard Stiennon, IT-Harvest http://www.brighttalk.com/webcast/288/23152 Authentication Identity & Access Management Thu, 07 Oct 2010 12:00:00 +0000 Join this panel session moderated by Ron Condon of SearchSecurity. Ron Condon has been writing about developments in the IT industry for more than 30 years. In that time, he has charted the evolution from big mainframes, to minicomputers and PCs in the 1980s, and the rise of the Internet over the last decade or so. He has edited daily, weekly and monthly publications, and has written for national and regional newspapers, in Europe and the US. In recent years he has taken a strong interest in information security and is a former Editor-in-chief of SC Magazine. http://www.brighttalk.com/webcast/288/23177 Ron Condon, UK Bureau Chief, TechTarget; Bob Tarzey, Director, Quocirca; Guy Bunker, Jericho Forum http://www.brighttalk.com/webcast/288/23177 Spam Authentication Phishing Hoax Thu, 07 Oct 2010 10:00:00 +0000 Meeting new demands for user authentication User authentication represents one of the most familiar aspects of security, and has progressively increased in importance alongside the volume (and value) of data and services that we seek to protect. This presentation looks at the current state of user authentication, and considers the changes in both technology and user expectations that may be fuelling a need for new approaches. An examination of the dominance of traditional password-based methods leads into consideration of alternative approaches above this baseline (including the option to utilise other forms of secret, or to go beyond secrets altogether and into the realms of tokens or biometrics). However, while other technologies certainly exist, there is a potential that operational factors and practical constraints will still lead us back to password-style approaches in the foreseeable future. http://www.brighttalk.com/webcast/288/22362 Steven Furnell, Head of School of Computing, Plymouth University http://www.brighttalk.com/webcast/288/22362 Authentication Thu, 07 Oct 2010 08:00:00 +0000 How to integrate authentication technologies in a Web Application PKI Based Authentication OTP Based Authentication Biometry SAML, OpenID Authentication and Web SSO http://www.brighttalk.com/webcast/288/22707 Sylvain Maret, Authentication Evangelist & Swiss Chapter Leader, OpenID http://www.brighttalk.com/webcast/288/22707 Identity & Access Management authentication infose Fri, 10 Sep 2010 13:00:00 +0000 TBC http://www.brighttalk.com/webcast/288/21844 Emma Webb-Hobson, KTN Digital Systems http://www.brighttalk.com/webcast/288/21844 DLP Data Loss Prevention Cloud InfoSec Thu, 09 Sep 2010 21:00:00 +0000 There is a lot of discussion about online back-up and recovery for Small and Mid-sized enterprises. An increasing number of vendors have started offering online and cloud based services in this space and as is normally the case there is the accompanying cloud-based hype to deal with. SMEs generally do not have spare resources and many struggle to understand whether this is a viable strategy and what are the associated risks and benefits. Moving from a premise based solution to a storage-as-a-service model brings with it a set of associated issues such as security, guaranteed service levels, security, shared tenancy, and long-term pricing – which are seen by many in the industry as significant barriers that need to be addressed before these services become mainstream. The session will help address these questions - and for organizations who may want to trial these services, it will provide a checklist on how they could go about assessing the different offerings, what evaluation criteria to use, and what additional features to watch out for. http://www.brighttalk.com/webcast/288/22662 Bharat Thakrar; BT Global Services, Head of BCM http://www.brighttalk.com/webcast/288/22662 BCI Cloud based services Thu, 09 Sep 2010 20:00:00 +0000 Digital identities started to "move into the cloud" in the last decade, delivering on use cases such as cross-domain single sign-on and attribute-based authorization. With the rise of consumer identity providers and cloud-based software development, we face new opportunities and threats. This session will review the state of the art in technical and policy initiatives that are contributing to make secure, privacy-sensitive identity in the cloud a reality. http://www.brighttalk.com/webcast/288/22150 Eve Maler, PayPal, Identity Evangelist http://www.brighttalk.com/webcast/288/22150 Identity cloud SGML xmlgrrl Thu, 09 Sep 2010 18:00:00 +0000 Underpinned by both technology and economic disruptions, cloud computing is a sustainable, long-term IT paradigm that will fundamentally change the way business customers and individual users engage with technology providers. At the moment, most customers are confused by the overused “cloud” term and are concerned over the risks of cloud computing. In fact, security is the number one impediment to cloud adoption today. Due to these security concerns, many organizations avoid leveraging cloud resources where highly sensitive data is involved, where rigorous compliance requirements apply, or for business critical applications. Yet business proceeds full speed ahead while the risks of cloud remain real and unmet. This session will explore the broad scope of concerns related to security of the cloud and provide security and risk guidelines for cloud computing. As to how adopting organization should organize and address concerns over data security, compliance, auditability, and other specific features needed to bring assurance to cloud adoption. http://www.brighttalk.com/webcast/288/22108 Jonathan Penn; Forrester Research, Vice President http://www.brighttalk.com/webcast/288/22108 Cloud Security Risk Thu, 09 Sep 2010 16:00:00 +0000 The number one question on peoples' minds is: Can I be PCI Compliant in the Cloud? Organizations are planning millions of dollars on migrating to a variety of public/private cloud combination's and the lingering question is how compliance will impact these plans. The information in the public domain is rather sketchy on how PCI compliance will impact a migration to the cloud. This presentation will cover the various implementation of cloud computing including: Platform, Infrastructure, and Application as a service models. A key component of PCI DSS compliance is the relationship with third parties and as such we will also discuss the variance of compliance with public and private clouds. http://www.brighttalk.com/webcast/288/22208 Michael Dahn, PCI Compliance Analyst http://www.brighttalk.com/webcast/288/22208 PCI PCI DSS Compliance Cloud Thu, 09 Sep 2010 15:00:00 +0000 Panelists: Nils Puhlmann, Co-Founder, Cloud Security Alliance (CSA) Richard Soley, CEO, Object Management Group (OMG) David Fatscher, ICT Sector Development Manager, British Standards Institution (BSI) Moderated by: Paul Rivett, CNet Training http://www.brighttalk.com/webcast/288/22003 Nils Puhlmann, CSA;David Fatscher, British Standards Institution; Richard Soley, OMG; Moderated by Paul Rivett, CNet Training http://www.brighttalk.com/webcast/288/22003 cloud security Standards infosec Thu, 09 Sep 2010 14:00:00 +0000 As a live attendee, you will take part in 4 compelling votes, giving you the ability to shape the direction of this expert discussion. Does the cloud change web application security? Does the CSA, Jericho, ENISA provide sufficient guidelines? Does the cloud make compliance more difficult? View live to take part and hear the results of the audeince vote. Ron Condon Ron Condon has been writing about developments in the IT industry for more than 30 years. In that time, he has charted the evolution from big mainframes, to minicomputers and PCs in the 1980s, and the rise of the Internet over the last decade or so. He has edited daily, weekly and monthly publications, and has written for national and regional newspapers, in Europe and the US. In recent years he has taken a strong interest in information security and is a former Editor-in-chief of SC Magazine Dennis Groves is the co-founder of OWASP and a member of WASC. His contributions to OWASP include the "OWASP Guide" downloaded over 2 million times; now a reference document in the PCI DSS standard, and the de-facto standard for securing web applications. Justin Clarke is an information security consultant years of experience in assessing the security of networks, web applications, and wireless infrastructures for large financial, retail, technology and government clients in the United Kingdom, the United States and New Zealand. Sukanta Chakravorty is currently a Cloud Researcher at ISG & RHUL and has previously held senior executive roles in Incident Response Management and IT at Wipro. http://www.brighttalk.com/webcast/288/22056 Ron Condon; TechTarget; Dennis Groves, Founder, OWASP; Sukanta Chakravorty, Cloud Researcher, RHUL; Justin Clarke, OWASP http://www.brighttalk.com/webcast/288/22056 cloud security Application Security OWASP Thu, 09 Sep 2010 12:00:00 +0000 John is a 'proven' visionary in the field of Cyber Security. He is an ENISA Listed Expert Panel Member, the MD of Secure Bastion, and Professor & PhD Mentor at Nottingham Trent University. John's previous experience includes public sector work i.e. Nottingham Council, the Royal Air Force and Her Majesty's Forces. John previously was Head of OpSec at Experian and Information Security Manager at GM. http://www.brighttalk.com/webcast/288/21881 John Walker, Expert GovCloud Panel, ENISA & MD, Secure Bastion http://www.brighttalk.com/webcast/288/21881 cloud security Cyber Crime Fraud Warfare Thu, 09 Sep 2010 11:00:00 +0000 While the benefits of cloud computing are indeed compelling, there still remain real concerns, particularly in the areas of security, privacy and compliance. IT professionals must diligently weigh the risks against the rewards in assessing their cloud computing strategies and implementations. This presentation explores the impact of cloud computing on security strategies and how it is reshaping the evolution of identity management, information protection, and compliance-related technologies and architectures. In particular, it helps in understanding the various available approaches to cloud security – security to the cloud, for the cloud and from the cloud – and the key challenges facing them. The presentation also touches on the growing trend towards content-aware identity and access management and the key role it plays in bridging the traditionally separate identity management and information protection silos, how cloud computing is enforcing the link between security management and IT/service management disciplines, and a quick look at cloud security use cases already implemented by some of the early adopters. Shirief Nosseir is a director of security management solutions at CA Technologies. With 25 years in the software industry, Shirief’s experience ranges across the fields of security management, service and infrastructure management, application lifecycle management and business intelligence. This allows him to have insightful understanding of how to assist enterprises in developing business-oriented architectures, while melding traditionally disparate technology disciplines into whole solutions. Shirief is a regular speaker at conferences and educational events and presents frequently at the CA Cloud Academy security sessions. http://www.brighttalk.com/webcast/288/22536 Shirief Nosseir, Director, Security Management, CA Technologies http://www.brighttalk.com/webcast/288/22536 Information Security UK Cloud Security Thu, 09 Sep 2010 10:00:00 +0000 As a live attendee you will have the opportunity to take part in compelling votes which will ultimately shape the direction of the discussion. Post live questions and join the conversation and network with these information security experts. Do companies really need Cloud Identity? What's the difference between Access Management in the Cloud and Cloud IdM? Uncover the details of why companies are or are not migrating critical data into the cloud and take away the best practices of Cloud Identity. Join Peter Cummings, founder of the Identity Management Specialist Group, Shash Patel, Director, Information Risk Management & Privacy, Air Products and Anish Mohammed, London Chapter, Royal Holloway University of London Information Security Group as they dive into Identity Management in the Cloud and discuss the issues and risks involved. http://www.brighttalk.com/webcast/288/22288 Peter Cummings, IdM Specialist Group; Shash Patel, Air Products; Anish Mohammed, RHUL Information Security Group http://www.brighttalk.com/webcast/288/22288 cloud security Identity Access Management IdM Thu, 09 Sep 2010 09:00:00 +0000 Join Jamie Cowper as he examines the challenges of data security in the cloud delivery model and how to safeguard the integrity of your information across national borders. Jamie Cowper joined Symantec in June 2010 with over 12 years of experience in Information Security and Internet Messaging; working for leading companies such as Mirapoint, Critical Path and ISOCOR, Cowper has been involved in marketing a wide range of solutions and products addressing such industry problems as Data Protection, Malware, Identity Fraud and Spam. Jamie Cowper has been responsible for defining and executing Europe-wide marketing programs and acting as the lead spokesperson for Europe, Middle East and Africa. He is involved with industry bodies such as the Information Security Forum (ISF) and the Information Systems Security Association (ISSA). Mr Cowper has a BA Hons from Leeds University. http://www.brighttalk.com/webcast/288/22951 Jamie Cowper, Principal Product Marketing Manager, Symantec http://www.brighttalk.com/webcast/288/22951 Cloud Security Data Security Thu, 09 Sep 2010 07:00:00 +0000 This presentation will cover questions and provide guidelines around Data Privacy, Data Security and Compliance in addition to the technical delivery of Cloud Services. Andreas will also dive into the emerging security issues uncovered by the ENISA Cloud Computing Risk Assessment and other activities to address the concerns of the EuroCloud SaaS Audit Process and additional guidelines for supplier and customers in terms of legal and compliance issues. Andrew Weiss has been in IT for 25 years. During that time he has managed several medium-sized IT companies in various countries and led IT projects for international corporations in the field of business process and workflow management. Andreas is part of many industry steering groups with his expertise in SOA, B2B and e-commerce and currently is the director of “Group E-Business” at the German Association for the Internet Industry. In 2010, Andreas became Director of the newly established EuroCloud Deutschland and coordinates their activities for Germany within the pan European EuroCloud organization EuroCloud Germany is an Association for the German Cloud Computing Industry and represents Germany in the pan-European EuroCloud network. EuroCloud Germany promotes the adoption and addresses the issues of cloud services for the German market. EuroCloud Germany has an open dialog with the European partners of the EuroCloud network to find global solutions and to lay the groundwork for international business relations. http://www.brighttalk.com/webcast/288/22442 Andreas Weiss, Director, EuroCloud Deutschland http://www.brighttalk.com/webcast/288/22442 Cloud Security Compliance Thu, 05 Aug 2010 20:00:00 +0000 Aberdeen's fourth annual study on data loss prevention –published on June 30, 2010 – presents the challenges, strategies, best practices and year-over-year comparisons of Best-in-Class organizations in safeguarding their sensitive data using content-aware data loss prevention technologies. The presentation will show how the companies achieving top results successfully use content-aware technologies to identify sensitive data across multiple channels, and how they use a range of remediation options to enforce their established policies. In doing so, they also experienced the benefits of fewer incidents of data loss or data exposure, fewer audit deficiencies, and lower operational cost. http://www.brighttalk.com/webcast/288/21660 Derek E. Brink, CISSP; Aberdeen Group, Vice President and Research Fellow for IT Security http://www.brighttalk.com/webcast/288/21660 DLP Data loss Thu, 05 Aug 2010 17:00:00 +0000 From the DLP hype it would seem your data is leaking from every laptop, desktop, cable and application you use. In figuring out where to plug the leaks, your risk mitigation calculations are clouded by murky data, the latest incident press release and a plethora of often conflicting rules, regulations and guidelines. In this web cast we’ll start from the beginning, where data is most often created – the Endpoint – a laptop or desktop system - you will learn: * Strategies to protect Endpoint data * Considerations for protecting data that moves from the laptop or desktop * How to share protected data inside and outside your organization http://www.brighttalk.com/webcast/288/22331 Tim Matthews, Director, Product Management, Symantec http://www.brighttalk.com/webcast/288/22331 Endpoint DLP Regulations Thu, 05 Aug 2010 16:00:00 +0000 It was not too many years ago when companies thought they were secure by simply deploying a firewall or other network security related solutions. Then came other infrastructure related security solutions, followed by the application security related buzz. While all of these solutions are important and still needed today, they often miss target of what’s most important to an organization protecting the data, or intellectual property, itself. So the million dollar question is why haven’t most organizations implemented proper data-centric security solutions? In summary, implementing data-centric security solutions is no simple challenge and requires a very strong alignment with business process as well as an understanding of an information life cycle for all of the data being protected. Complex questions must be asked which most information security organizations and business units struggle to answer. Therefore, information security organizations must further align themselves with their business units and counterparts to integrate more seamlessly into business processes in order to effectively implement security throughout the data life cycle as a business enabler. This session will address these issues head-on, and it will be presented from the perspective of an enterprise security manager who has gained firsthand knowledge about the challenges of implementing data-centric security solutions, such as data loss prevention, enterprise rights management and digital watermarking, in a global organization. Attendees will be provided with solution concepts, practical experience and lessons learned from real-world experiences to help address their data-centric security challenges of today. http://www.brighttalk.com/webcast/288/21866 Jay Leek, VP of International Security, Equifax http://www.brighttalk.com/webcast/288/21866 data-centric security data loss prevention Thu, 05 Aug 2010 15:00:00 +0000 Third-party hosted security services have taken off in recent years, as has the technology of Data Loss Prevention. Soon, these two trends can be expected to converge, as DLP as a hosted service becomes more prevalent, complementing the established domains of hosted security for inbound messages and safe Web browsing. What are the advantages of DLP as a hosted service...and what are the concerns organizations should bear in mind as they weigh the outsourcing of DLP to a hosted service provider? http://www.brighttalk.com/webcast/288/21992 Scott Crawford - CISSP - CISM, Managing Research Director of Security & Risk Management; Enterprise Management Associates http://www.brighttalk.com/webcast/288/21992 DLP Web Browsing Domains Thu, 05 Aug 2010 14:00:00 +0000 Reported data breaches continue to increase year on year and regulatory requirements which aim to stem the tide of data leaks don’t seem to be preventing this ever-growing problem. We all know that we need to be protecting our organisations' confidential information from data leaks as part of the overall IT security strategy, but how much time and resources can you spare to implement a complex Data Loss Prevention (DLP) solution in your organisation? Without a DLP solution your organisation’s most confidential data is at risk of being inadvertently leaked over email, or maliciously posted to public Web sites, for example. And if leaks are already happening, you probably wouldn’t know about it. Register now for: •A step-by-step guide on how to combat threats from inside and outside your organisation •Practical advice on how deploying smart Web and Email security solutions will give you the control you need to proactively and productively exchange information without worrying about harmful data leaks. Ed Rowley has been with M86 Security since April 2007. With over ten years of extensive sales engineering and technical expertise in IT security Ed plays a pivotal role in Product Management at M86. His main role is to facilitate the inclusion of customer feedback and requirements into the product development roadmap and he is also the global product manager lead for M86’s email security solution - MailMarshal SMTP. Prior to M86, Ed held technical and sales engineering positions in Sophos, CipherTrust and Secure Computing. http://www.brighttalk.com/webcast/288/21760 Ed Rowley, Product Manager, M86 Security http://www.brighttalk.com/webcast/288/21760 DLP Simplified Data Loss Compliance Thu, 05 Aug 2010 12:00:00 +0000 How do you prevent data loss when you need to share data with other organisations? Data Leakage Prevention systems cannot help, as you know the data has to leave your organisation. The Jericho Forum has been working on such collaboration scenarios and can provide guidance on reducing your risk, as well as a vision for the future collaborative enterprise cloud. Andrew is on the management board of the Jericho Forum, which is an international information security thought-leadership group dedicated to defining ways to deliver effective IT security solutions that will match the increasing business demands for secure IT operations in our open, Internet-driven, globally networked world. Andrew is also is a member of the Executive Advisory Board of the ISSA UK chapter and Infosecurity Europe Advisory Council. Prior to this, Andrew led IBM’s European technical sales for Internet security. He is co-author of “Java Network Security”, the first book to cover secure multi-tier Java applications. He has worked with UNIX and Open Source software since 1985, and managed and ran IBM’s Scientific and Technical Computing group’s UNIX network. http://www.brighttalk.com/webcast/288/21878 Andrew Yeomans, Board, Jericho Forum & Head of Security Engineering & Architecture - International, Commerzbank AG http://www.brighttalk.com/webcast/288/21878 DLP Collaborative Data Loss Jericho Forum Thu, 05 Aug 2010 11:00:00 +0000 About the Panel: Ron Condon has been writing about developments in the IT industry for more than 30 years. In that time, he has charted the evolution from big mainframes, to minicomputers and PCs in the 1980s, and the rise of the Internet over the last decade or so. He has edited daily, weekly and monthly publications, and has written for national and regional newspapers, in Europe and the US. In recent years he has taken a strong interest in information security and is a former Editor-in-chief of SC Magazine. Dr. Guy Bunker is an Independent Security and Technology Strategy Consultant with customers across Europe and the Middle East. Guy worked at Symantec (formerly VERITAS) for more than a decade, where he was Chief Scientist and was responsible for, among other things, Symantec’s Cloud Strategy. Gareth Niblett is the Chairman of the Information Security Specialist Group for the British Computer Society which has over 3,500 members, he writes for the BCS Information Security Now Magazine and organise and speaks at numerous security events. Gareth also provides security, privacy and compliance related consultancy services through Blackarts Limited. Gareth Niblett is Chairman of the BCS Information Security Specialist Group (ISSG), a special interest group with over 3,600 members from BCS, the Chartered Institute for IT, where he is involved in a number of initiatives focused on improving security and safety. http://www.brighttalk.com/webcast/288/21882 Moderated by Ron Condon, TechTarget; Guy Bunker, Jericho Forum; Gareth Niblett, BCS http://www.brighttalk.com/webcast/288/21882 DLP Data Loss Prevention DLPaaS Thu, 05 Aug 2010 10:00:00 +0000 David is the head of the London branch of the Institute of Information Security Professionals. David has over 25 years of experience in security. He was the former Head of Group Information Security at Aviva and previously a VP and Chief Security Architect at JP Morgan Chase. He has also worked for CapGemini and ICL Defence Systems. In 2008 he formed Whimbrel Management Consulting to provide information security consulting services and advice to the financial services and other sectors. He is also an external lecturer and member of the advisory panel for the Software Engineering/ Security MSc at the University of Oxford. He is a founder and the chair of the Information Security Awareness Forum (ISAF), and also participates in a number of industry committees and is the joint deputy chair of the ISSA-UK Advisory Board and the EURIM e-Crime Working Group. He served as the chair of the Management Committee of I-4 (www.I4online.com) from 2003 to 2006. David holds an MBA from London Business School and a PhD in Applied Cryptography. He is a Fellow of the Institution of Engineering and Technology, a Chartered Engineer and holds the information security certifications CISSP and CISM and M.Inst.ISP. http://www.brighttalk.com/webcast/288/21682 Dr. David King, Founder & Chair, Information Security Awareness Forum (ISAF) http://www.brighttalk.com/webcast/288/21682 Data Loss Prevention Converged Threats InfoSec Thu, 05 Aug 2010 09:00:00 +0000 What you will learn: What regulations are increasing What you can do Lower your total cost of ownership http://www.brighttalk.com/webcast/288/22246 Richard David , Senior Sales Engineer, Proofpoint Inc http://www.brighttalk.com/webcast/288/22246 data loss prevention Infosec Proofpoint Thu, 05 Aug 2010 08:00:00 +0000 The paraphrasing of Oscar Wilde may seem apposite, but in actuality, the loss of even one set of data will look more like carelessness - and will have legal and brand ramifications. As data is moved from our direct control through to the cloud, the perception is that security issues become more complex, and that different approaches have to be taken to ensure that data does not leak anywhere along the value chain. This presentation will look at where data leak prevention and allied technologies apply in both the cloud and in on-premise solutions, and will highlight how suitable approaches can lead to a user enabled environment, rather than a "walled garden" constrained system". Clive Longbottom is Service Director for Business Processes Facilitation for Quocirca Ltd, a leader in Business and IT analysis in Europe. In this position, Clive covers the needs for companies to understand the core processes in their value chains, and the technologies that should be utilized to facilitate these processes in the most flexible and effective manner. Within his remit, Clive covers collaborative tools, workflow, business process discovery and management tools, service-based architectures and outsourcing, as well as other associated areas such as security, voice/data convergence and IT asset optimization. http://www.brighttalk.com/webcast/288/21628 Clive Longbottom, Business Processes Facilitation, Quocirca http://www.brighttalk.com/webcast/288/21628 DLP Compliance Data Loss Prevention Thu, 08 Jul 2010 20:00:00 +0000 Intrusion prevention technology is understandably focused on using network data to detect and to stop intrusions in progress. When (not if) intrusion prevention systems fail to prevent intrusions, can they provide any value to the management of an incident? Using a case study of a security incident that took an international organization offline, we will look at the IPS technology in place, the role that it played in addressing the incident, and how the incident progressed when the IPS failed to achieve its expected objectives. Lessons learned will include consideration of how to use IPS technology can better be deployed, how available data may be used to assess fast-moving situations, and how IPS technology can fit into a larger program for identifying and responding to security incidents. http://www.brighttalk.com/webcast/288/21537 C. Matthew Curtin, Interhack, Founder http://www.brighttalk.com/webcast/288/21537 IPS Incident response Security Thu, 08 Jul 2010 19:00:00 +0000 Fortinet will discuss the evolution of IPS, and how to best mitigate new and emerging threats. http://www.brighttalk.com/webcast/288/21721 Derek Manky; Fortinet, Project Manager, Cyber Security & Threat Research http://www.brighttalk.com/webcast/288/21721 IPS IDS Intrusion Prevention Thu, 08 Jul 2010 16:00:00 +0000 Before you can prevent an attack, you have to detect it. Traditional signature based IDS’s are prone to false positives and can only detect malicious traffic it has signatures for. Network anomaly detection can point out strange traffic patterns, but the source may or may not be malicious. Detecting attacks means crafting a detection strategy that maximizes detection and minimized false positives and negatives. http://www.brighttalk.com/webcast/288/21402 Mike Fratto; Network Computing, Editor http://www.brighttalk.com/webcast/288/21402 Intrusion prevention Network attacks Thu, 08 Jul 2010 14:00:00 +0000 Marco will share his experiences, and the top risks he faced when implementing IPS at Vodafone. Marco is a Senior systems/network technical architect and administrator, programmer and security expert. With a degree in Math and Computer Science, a doctorate in Philosophy, Marco has over 10 years work experience in IT, 8 of which spent as a consultant on client's sites. Marco currently holds the post of Network Security Manager for one of the largest and innovative telecommunications companies in the world - Vodafone. Amongst his responsibilities, he is in charge of the engineering and deployment of the overall NIDS/NIPS infrastructure and network vulnerability scanners and database monitoring. He is responsible for the network security of the business which than spans 14 countries within the EMEA region. http://www.brighttalk.com/webcast/288/21514 Marco Ermini: Vodafone Group Services, Network Security Manager http://www.brighttalk.com/webcast/288/21514 network security Risk IPS IDS Thu, 08 Jul 2010 13:00:00 +0000 Network IPS has tremendous potential to significantly reduce risk for all sizes of organizations. However, with that potential comes with the hazard of the technology overwhelming the already stretched security team. To avoid this pitfall Network IPS must grow up and become a key part of the InfoSec process. Doug will cover how Network IPS should be integrated into an organization’s security processes, showing: •How to effectively use IPS to defend against the ever changing threats to which networks are exposed; •How to use IDS to become a powerful tool for detecting and quickly responding to a security breach; •How to achieve both of the above without requiring an army of analysts! Doug has been an IT Security professional for over 10 years, with the last 5 focused on Network IPS. Having worked on over one hundred IDS and IPS deployments, from single unit to over 1,000 sensor deployments, he will be sharing his experiences to provide solid and pragmatic guidance on deploying Network IPS. http://www.brighttalk.com/webcast/288/21771 Doug Card, Product Line Executive EMEA, McAfee http://www.brighttalk.com/webcast/288/21771 Intrusion Prevention Thu, 08 Jul 2010 12:00:00 +0000 Securing systems against data loss is not just about bigger firewalls and better antivirus. Attacks do not always come from the outside. In fact, studies show that the greater danger comes from the inside. This is especially true for corporates. Whether we like it of not, present and past employees pose a significant threat to data security. Yet how many firms know how to react to a strike from the inside? How many know how to prevent one happening in the first place? Good security starts with awareness and builds through good practices. But even the best strongholds are vulnerable to the enemy within. This presentation will dissect the insider attack - what might prompt it, who might perpetrate it and how to guard against it. It will also explain what to do when an attack happens and give vital tips on how to handle inside computer incidents effectively. Jan Collie is a Computer Forensics specialist and Security Consultant. She is the Managing Director and Principal Investigator of The Digital Detective Ltd. Jan holds an MSc in Information Security and Computer Crime and has been accredited CEng and MBCS CITP. She trained specifially for the security industry following more than 15 years in investigations and undercover work. The majority of her clients are from the corporate and legal arena. She acts as an Expert Witness in criminal and civil litigation. http://www.brighttalk.com/webcast/288/21735 Jan Collie, Managing Director & Principal Investigator, The Digital Detective Ltd. http://www.brighttalk.com/webcast/288/21735 Insider Intrusion Forensics IPS Thu, 08 Jul 2010 10:00:00 +0000 Intrusion Prevention- are we joking? - When your business is a target, can you really prevent sponsored intrusion? - Is defence in depth just a feel-good distraction? - If they want it, then is it just a matter of time? - Elastic Computing or elastic intrusion? - So what can we do to reduce the likelihood? Mark has worked in the Engineering, Pharmaceutical, and Automotive industrial sectors since the mid 1980's both in technical and management positions. Most recently Mark held a senior position accountable for the direction of Information Security encompassing Governance, Strategy, Planning, Policy, Risk Management, and Education and Awareness. He is a serving Director on the ISACA London Chapter board, and Chairman of the ISACA Winchester Special Interest Group. Mark has appeared in print in Computer Weekly, and SC Magazine, he is a CISM item writer, a content author for the CISM Review Manual, and he has presented and shared his experience and knowledge on various special interest groups and expert panels including CSC Leading Edge Forum, Secure IT Summit, BisContinuity, CISO Interactive Panel Infosecurity Europe, and the e-Crime Congress Cloud Forum. Mark holds the ISACA CGEIT and CISM certifications, is a CISSP with (ISC)2, and is a Fellow and Chartered IT Professional of the British Computer Society. http://www.brighttalk.com/webcast/288/21510 Mark Henshaw, Director ISACA London, Chairman ISACA Winchester http://www.brighttalk.com/webcast/288/21510 Intrusion prevention IDS IPS Thu, 01 Jul 2010 10:00:00 +0000 With over 25 years of “Information and Communication Technology"-ICT experience, covering, managed services, outsourcing, security, business continuity, disaster recovery, vendor management, networking, infrastructure management, virtualization financial sector and telecom. Jorge Sebastiao brings experience, creativity, structure and innovation to ICT solutions. http://www.brighttalk.com/webcast/288/21772 Jorge Sebastiao, BD Manager Managed Service, ITS, ICT & InfoSec Guru http://www.brighttalk.com/webcast/288/21772 Cloud Business Continuity Risk Management Tue, 22 Jun 2010 13:00:00 +0000 TBC http://www.brighttalk.com/webcast/288/20216 Sebastien Gioria, French Chapter Leader, OWASP http://www.brighttalk.com/webcast/288/20216 OWASP InfoSec Application Security Tue, 22 Jun 2010 12:00:00 +0000 The OWASP Top Ten provides a powerful awareness document for web application security. The OWASP Top Ten represents a broad consensus about what the most critical web application security flaws are. Project members include a variety of security experts from around the world who have shared their expertise to produce this list. Versions of the 2007 were translated into English, French, Spanish, Japanese, Korean and Turkish and other languages. Translation efforts for the 2010 version are underway and they will be posted as they become available. We urge all companies to adopt this awareness document within their organization and start the process of ensuring that their web applications do not contain these flaws. Adopting the OWASP Top Ten is perhaps the most effective first step towards changing the software development culture within your organization into one that produces secure code. http://www.brighttalk.com/webcast/288/20215 Sebastien Gioria, French Chapter Leader, OWASP http://www.brighttalk.com/webcast/288/20215 Application Security infosec OWASP Fri, 04 Jun 2010 15:00:00 +0000 Going Beyond Checkbox Compliance: How to Make Compliance Improve Your Security In today’s highly regulated environment, many organizations address compliance as one-off projects where the goal is to ‘get the box checked’ by the auditor. This inefficient approach results in time- and resource-intensive work to pour through as many as 40,000 spreadsheets just for one compliance initiative* that provides little value back to the organization. This multiplies exponentially when dealing with multiple regulations. Achieving a level of compliance may be a requirement for your organization, but by itself is not a guarantee that your systems and sensitive data will be secure. Going beyond a checkbox compliance approach will ensure audits are passed and regulatory requirements are met, while streamlining operations, reducing IT risk and ultimately improving overall security. In this roundtable discussion with Brandon Dunlap of BrightFly, Jeff Hughes of Lumension and Marcus Giese, Regulatory Compliance Expert for RightNow, learn the keys to taking a risk-based approach and how to: •Leverage compliance initiatives as a catalyst to improving security •Identify areas of control weakness •Prioritize IT risk to focus on what matters most •Rapidly respond to those weaknesses •Improve processes and augment controls http://www.brighttalk.com/webcast/288/20877 Brandon Dunlap, BrightFly, Jeff Hughes, Lumension and Marcus Giese, RightNow http://www.brighttalk.com/webcast/288/20877 Compliance Security Thu, 03 Jun 2010 18:00:00 +0000 From "start-up" through "acquisition & development", "implementation", and "operations & maintenance" to "decommissioning", it's far too easy to lay the responsibility for the secure software life cycle at the feet of the application developers. What about all the other professionals involved in the software development life cycle (SDLC)? Question: What responsibility do the application owners, procurement officers, business unit heads, delivery personnel, senior managers, business analysts, quality assurance managers, program managers, technical architects, security specialists, and IT managers have with respect to the SDLC? Answer: They all have either a legal or fiduciary responsibility to be aware of basic secure coding principles. Don't be the one who is "made an example out of" when an application development project goes awry! http://www.brighttalk.com/webcast/288/20658 Dow A. Williamson CISSP, CSSLP; SCIPP International, Executive Director http://www.brighttalk.com/webcast/288/20658 Software Development Secure Coding Thu, 03 Jun 2010 16:00:00 +0000 Michael has extensive experience in application security, security code review and penetration assessments. He has conducted numerous security assessments for financial, enterprise and cellular customers world-wide. At Mozilla, Michael focuses on securing critical web applications used by millions of users each day. You can find his blog at: http://michael-coates.blogspot.com http://www.brighttalk.com/webcast/288/20680 Michael Coates; Mozilla, Web Security Engineer http://www.brighttalk.com/webcast/288/20680 Application Defense owasp ids Thu, 03 Jun 2010 15:00:00 +0000 The App Store model has moved beyond consumer realm to become a new service delivery platform for the enterprise. Consumers, partners, and employees are now invited to drive innovation using a variety of exposed APIs, upload mechanisms, and platform hosted tools. As Intel launched AppUp, it knew a host of security issues needed to be addressed to meet corporate security compliance regulations. From scanning uploaded content for rogue payloads, to putting in place a perimeter that could defend back-end systems from SQL injections, and countermeasures for DOS attacks….the list was extensive. In this session, learn how Intel architects offloaded security processing to a Service Gateway ensuring fast performance and a consistent user experience. Learn how this portable security architecture is well positioned for future cloud deployment plans. http://www.brighttalk.com/webcast/288/21201 Cesar Alderete, Senior Software Engineer, Intel & Girish Juneja; Director of SOA Products, Intel http://www.brighttalk.com/webcast/288/21201 App Security Thu, 03 Jun 2010 08:00:00 +0000 One of the core difficulties in ensuring your organisation’s software development process (whether in-house or outsourced) builds in an appropriate level of security is a lack of research, standards and accepted practice in this area. A multitude of approaches have been put forward by visionaries in this area, however these lack the body of empirical study needed to weed out the approaches that don't work in real practice. All is not lost though - this session discusses the emergence of two new standards in this area – OpenSAMM (Software Assurance Maturity Model), and BSI-MM (Building Security In Maturity Model), how these can be used as a framework for evaluating the current state of an organisation’s development process, planning a future state, and as sources of leading practice in this area. Examples will be drawn from work Justin has performed in this area at several large UK financial services organisations, and the lessons learnt in applying these approaches. Justin Clarke is an information security consultant years of experience in assessing the security of networks, web applications, and wireless infrastructures for large financial, retail, technology and government clients in the United Kingdom, the United States and New Zealand. Justin is the the technical editor and lead author of “SQL Injection Attacks and Defense” (Syngress 2009), co-author of "Network Security Tools: Writing, Hacking, and Modifying Security Tools" (O’Reilly 2005), a contributing author to "Network Security Assessment: Know Your Network, 2nd Edition" (O’Reilly 2007), as well as a speaker at a number of conferences and events on security topics, including Black Hat USA, EuSecWest, OSCON, ISACA, RSA, SANS, OWASP, and the British Computer Society. He is the author of the open source SQLBrute blind SQL injection testing tool, and is the Chapter Leader for the London chapter of OWASP as well as a member of the OWASP Global Connections Committee. http://www.brighttalk.com/webcast/288/20610 Justin Clarke, UK Chapter Leader, OWASP http://www.brighttalk.com/webcast/288/20610 OWASP InfoSec Application Security AppSec Wed, 26 May 2010 16:00:00 +0000 *Attend this webcast and be entered into a draw to win an Apple iPad!* Organizations increasingly find it difficult to keep up with the ever growing list of mandates governing how sensitive data is both utilized and protected by the organization. Few organizations have identified all their regulatory mandates, much less have a process for managing compliance with them. Unfortunately, a selective approach to compliance management can lead to costly penalties, valuable information loss and sometimes worse. Join us for this complimentary 1-hour live webcast, where Chris Noell, TruArx EVP of Product Management, will share his insights on how you can identify which of the close to 500 global data security and privacy regulations TruArx’ tracks apply to your business and then how you can translate this knowledge into a pragmatic, cost-effective compliance program. In this session, you will learn about: oThe importance of understanding the regulatory landscape oPotential obstacles that prevent organizations from managing compliance obligations against all requirements oHow you can quickly and cost-effectively establish a mature IT governance, risk, and compliance program http://www.brighttalk.com/webcast/288/21031 Chris Noell; TruArx EVP, Executive Vice President, Product Management http://www.brighttalk.com/webcast/288/21031 Compliance IT governance Wed, 19 May 2010 17:00:00 +0000 Join SonicWall and Forrester Research Director, Robert Whiteley to learn how 2010 will usher in a new wave of investment in mobility technologies among savvy enterprises. Robert Whiteley will discuss findings from Forrester’s extensive studies into the work habits and mobility needs of information workers, task workers and a growing class of workers – the “mobile wannabe” – who, together, are making up a larger and larger portion of your workforce. This session will explore: • Who are the mobile workers of today and what does the mobile workforce of the future hold in store for IT? • What tools, in terms of networks, devices and applications, matter to these workers • What steps can IT take today to engender and secure an environment of mobility – and therefore productivity – for these workers? About Rob Whiteley Robert serves Infrastructure & Operations professionals. Prior to joining the Infrastructure & Operations team, Robert was a research director on the security and risk team. He led Forrester's research efforts on IT security frameworks; governance, risk, and compliance (GRC); identity and access management (IAM); application security; data security; and IT infrastructure security. He also provided Forrester's coverage of specific security topics that includes network access control (NAC), network segmentation, and branch office security. About Chris Witeck: As a Director of the Product Management Team at SonicWALL, Chris Witeck drives the development road map for the all SonicWALL SSL VPN products and services. His responsibilities include defining product requirements, establishing relationships with key customers to drive those requirements, and helping to define strategic marketing partnerships. http://www.brighttalk.com/webcast/288/7185 Robert Whiteley, Rsrch Dir., Forrester; Chris Witeck, Dir Prod Mgmt, SonicWALL http://www.brighttalk.com/webcast/288/7185 Information Workers Task Workers Fri, 07 May 2010 14:15:00 +0000 TBC http://www.brighttalk.com/webcast/288/20700 Anish Mohammed, Senior Security Architect, Capgemini http://www.brighttalk.com/webcast/288/20700 IDaaS Identity Access Management IdM Thu, 06 May 2010 20:00:00 +0000 Cyber Coldwar http://www.brighttalk.com/webcast/288/20526 Dickie George; (NSA) National Security Agency, Technical Director, Information Assurance http://www.brighttalk.com/webcast/288/20526 NSA Cyber Crimes Thu, 06 May 2010 18:00:00 +0000 The Realities of Emerging Technologies for IAM http://www.brighttalk.com/webcast/288/20184 Randall Gamby; MassMutual Financial Group, Enterprise Security Architect http://www.brighttalk.com/webcast/288/20184 Emerging Technologies IAM Thu, 06 May 2010 16:00:00 +0000 Panelists: Darren Platt, CTO, Symplified Russell Dietz, CTO, SafeNet Ravi Srinivasan, Program Director, IAM, IBM Anil Saldhana, Red Hat/OASIS IDtrust http://www.brighttalk.com/webcast/288/20864 Darren Platt, Symplified; Russell Dietz, SafeNet; Ravi Srinivasan, IBM; Anil Saldhana, Red Hat/OASIS IDtrust http://www.brighttalk.com/webcast/288/20864 Cloud Computing Federated Identity IAM Thu, 06 May 2010 15:00:00 +0000 This session will describe the principal components of the Federal Identity Credentialing and Access Management (FICAM) Program, including the associated policy and operational infrastructure. FICAM includes the Federal Personal Identity Verification (PIV) Program and the Federal Public Key Infrastructure architecture. Implementation status within and external to the Federal Government will also be discussed. http://www.brighttalk.com/webcast/288/20474 David Temoshok; GSA, Director, Federal Identity Management http://www.brighttalk.com/webcast/288/20474 GSA Federal Identity Management Thu, 06 May 2010 14:00:00 +0000 The role of identity assurance frameworks within federated identity and access management systems http://www.brighttalk.com/webcast/288/20625 Joni Brennan; Kantara Initiative, Program Director http://www.brighttalk.com/webcast/288/20625 IAM Identity Assurance Thu, 06 May 2010 10:00:00 +0000 As more varied and sensitive online services emerge, the requirement to verify user identity is an increasingly common experience for an ever-widening range of participants. This presentation considers the fundamental challenge of authenticating the user and ensuring that the right person is claiming the right identity. The available options can vary considerably, depending upon the device in use (and the resulting facilities available), the requirements of the service provider, and what the user will tolerate. In many cases, users lack the facilities to support anything beyond password or PIN approaches, whereas in other circumstances it is in the interests of the service provider to make specific provision for stronger approaches. Meanwhile, some sites persist with rather basic and poorly considered approaches, which do not promote or reinforce good practice to users, or set good examples to other service providers. The upshot is that the same user can encounter fundamentally different requirements, with their identity being validated to different degrees in scenarios that often link back to the same types of access and sensitive information. http://www.brighttalk.com/webcast/288/6922 Steven Furnell, Head of School of Computing, Plymouth University http://www.brighttalk.com/webcast/288/6922 Identity Access Management Online Authentication Wed, 05 May 2010 10:00:00 +0000 Join me on the eve of the UK general election as the country goes to the polls. I will give a short 20 minute presentation on the insights of privacy, security and data privacy - post UK election. The three main parties have committed to specific policies on Privacy, Data Protection and Security. In particular, the Conservatives have promised radical reform in these areas. What changes are we likely to see once the new government is elected? TOBY STEVENS BEng(Hons) FBCS CITP MIoD is a privacy, security and identity expert and currently the Founder and Director of the Enterprise Privacy Group, a think-tank for identity-related issues, he has worked in a range of management roles across the financial services and internet sectors. He specialises in facilitating debate about the implications of managing privacy and personal information, but has also worked in security management research, Year 2000, euro implementation and broader IT project management roles. Toby sits on the Department for Transport’s Road Pricing Advisory Forum, and publishes a privacy blog for Computer Weekly. He is a Fellow of the British Computer Society, where he chairs the Information Privacy Expert Panel, sits as a referee for the RSA Conference Europe and Kantara ID Deployment of the Year awards. Toby is is also a member of the European Advisory Committee for the International Association of Privacy Professionals, and a referee for the Economic and Social Research Council. http://www.brighttalk.com/webcast/288/6621 Toby Stevens, Director, Enterprise Privacy Group http://www.brighttalk.com/webcast/288/6621 David Cameron Gordon Brown Nick Clegg infosec Fri, 09 Apr 2010 12:00:00 +0000 Marc Sel is a Director at PricewaterhouseCoopers 'Advisory Services' in Belgium, specializing in IT Performance Improvement. He joined the firm in January 1989 as a Consultant. Over time, he specialised in the field of security, both from the technical and from the organisational/management perspective. He also performed specialised in-depth reviews, assisted clients with the selection of solutions, and performed implementations. Other areas he has worked in include authorisations and access control, network security, PKI, smartcards, as well as information security organisation and policies, standards and guidelines. http://www.brighttalk.com/webcast/288/6933 Marc Sel, PwC Enterprise Advisory Services, Director of Information Protection http://www.brighttalk.com/webcast/288/6933 privacy enhancing technologies data privacy Thu, 08 Apr 2010 22:00:00 +0000 As systems become more distributed and complex, maintaining privacy of data and ensuring data integrity continue to remain challenges that software practitioners must grapple with. Developing such systems poses not only technical challenges but also demands compliance to privacy laws. Eliciting precise privacy requirements is thus an important step in building these software systems. This talk explores the use of a disciplined approach to identify privacy requirements. The SQUARE process, which was developed for security requirements engineering, is adapted for privacy, and other work in privacy requirements engineering is also highlighted. http://www.brighttalk.com/webcast/288/20337 Nancy R. Mead; Software Engineering Institute, Senior Member of the Technical Staff http://www.brighttalk.com/webcast/288/20337 Privacy Thu, 08 Apr 2010 21:00:00 +0000 Social networking platforms and services have expanded opportunities for companies to engage with consumers and resulted in the creation of new types of data about consumer behavior. Collecting and using this data without consideration of consumers’ privacy interests can result in a loss of consumer trust and confidence and can provoke unwanted attention from regulators. This presentation will address the privacy pitfalls that companies should make sure to avoid when working with social media data. http://www.brighttalk.com/webcast/288/20271 Erica Newland; Center for Democracy and Technology, Policy Analyst http://www.brighttalk.com/webcast/288/20271 Consumer Privacy Thu, 08 Apr 2010 20:00:00 +0000 The privacy and data security enforcement agenda at the Federal Trade Commission is evolving. Consent decrees are imposing stricter and more specific standards on business with respect to the collection, usage, storage, sharing and disposal of personal information. Recent changes in leadership at the FTC, and public statements from the FTC Chairman and the Director of the Bureau of Consumer Protection, suggest more aggressive privacy and data security enforcement in the coming years. And the entire paradigm of privacy protection, including its foundation of notice and choice, is under reexamination after a series of FTC Roundtables conducted in later-2009 and early-2010. For businesses under the jurisdiction of the FTC, the impact of this evolving enforcement agenda is significant. Greater attention than ever must be paid to the issue of notice and choice, as well as to the physical, technical and administrative safeguards provided for personal information, to ensure that specific statutory standards enforced by the FTC are met and that the general consumer protection standard of Section 5 is also satisfied. This presentation will trace the evolution of the FTC enforcement agenda to the present day, and will summarize the "common law" of privacy and data security that has arisen from FTC consent decrees, explaining what is now required of businesses. http://www.brighttalk.com/webcast/288/20491 Christopher Wolf, Partner, Hogan & Hartson LLP and Founder/Co-Chair, Future of Privacy Forum http://www.brighttalk.com/webcast/288/20491 FTC Enforcement Thu, 08 Apr 2010 19:00:00 +0000 Online tracking first sparked regulatory interest over a decade ago. Interest in to topic waned following the burst of the .com bubble and in the few years following it, but it's now back. The Federal Trade Commission, the Privacy Commissioner of Canada, the CNIL, the Article 29 Working Party, and data protection regulators around the world are now expressing interest in the topic. The technology now available has the capacity to provide a significant lift to advertisers and to online publishers who would otherwise have difficulty selling their advertising inventory. On the other hand, regulators and legislators are working on the proper balance between allowing room for innovation and further growth of the Internet and privacy concerns. What type of notice should consumers be given? Should consumers have to opt-in to anonymous tracking, or is opt-out sufficient? Should consumers have the rights to access their online profiles, change them, and delete them? Should different rules apply depending on the data used for targeted advertising? Should different rules apply to different types of advertising based on behavioral data? This session will address all of these issues and provide a snapshot of the lay of the regulatory land in 2010. We will also look a bit into the future and make some predictions on where regulation is likely to move as technology continues to advance. http://www.brighttalk.com/webcast/288/6885 D. Reed Freeman; Partner, Morrison & Foerster, LLP http://www.brighttalk.com/webcast/288/6885 Online Tracking BT Thu, 08 Apr 2010 18:00:00 +0000 SIEMs gained popularity quickly as a measure to deal with compliance initiatives such as PCI DSS, but have much more relevancy to your organization than as a compliance checkmark. Security operations tools should be a tool to stop or prevent threats against our data. Attend this session for tips on how to get the most from your security operations function. http://www.brighttalk.com/webcast/288/20336 Branden R. Williams; RSA, Director, Security Consulting http://www.brighttalk.com/webcast/288/20336 PCI DSS Security Ops Thu, 08 Apr 2010 17:00:00 +0000 In recent years, new internet technologies have revolutionized the way companies do business online by offering access to previously untapped markets and allowing for significant cost savings through the more efficient use of resources. But many of the advantages associated with these innovations are accompanied by privacy risks to consumers and potential legal and reputational risks for companies. Two such technologies that have captured the recent attention of legislators and regulators are behavioral advertising and cloud computing. This presentation will provide an overview of government investigations into these emerging technologies, address existing laws and regulations applicable to their use, and offer thoughts on what the coming months and years will hold for businesses looking to utilize online behavioral marketing strategies or implement cloud computing solutions. http://www.brighttalk.com/webcast/288/6884 Melinda L. McLellan, Associate, Hunton & Williams LLP http://www.brighttalk.com/webcast/288/6884 Government Online Law Privacy Control Thu, 08 Apr 2010 15:00:00 +0000 A New Model for Managing Privacy in Today’s Cloud Infrastructures http://www.brighttalk.com/webcast/288/20273 John T. Sabo; CA, Director of Global Government Relations http://www.brighttalk.com/webcast/288/20273 Privacy in Cloud Thu, 08 Apr 2010 13:00:00 +0000 Sean has over 20 years experience in the IT industry working with Mainframes (Must Software), client server (Gupta/Centura), J2EE (NetDynamics) and Messaging and Security. Initially working in technical roles he moved into technical and then sales leadership roles although he still retains an interest as to how technology works as well as how it is deployed and used. Sean joined Symantec following the acquisition of IMLogic a vendor of Instant Messaging security and archiving solutions where he headed the European Technical Sales organisation. Since joining Symantec he has held senior management roles with responsibility for archiving, storage and security solutions in Europe Middle East and Africa. Sean has a BSc in Economics from the University of Surrey in England. http://www.brighttalk.com/webcast/288/20567 Derek O'Carroll , Head of Security Business Practice EMEA, Symantec http://www.brighttalk.com/webcast/288/20567 symantec Privacy infosec Thu, 08 Apr 2010 12:00:00 +0000 Inherent in a more open information environment are potential risks that intellectual assets can be compromised to the detriment of the company and its stakeholders. These Intellectual assets contribute enormously to Air Products competitive advantage. Shash Patel will present a case study combining effective IT governance, information security management and risk mitigation strategies with the objective to protect and secure intellectual assets. You will also learn how to practically apply the framework to your business. Shash is currently Director of Intellectual Asset Protection and Data Privacy reporting to Air Products’ Chief Risk Officer. His previous role was Global Director of IT Security, Compliance and Risk Management from 2006 to 2008. Prior to that, Shash helped to establish Air Product’s IT / Business Relationship efforts leading to, in 2004, taking over leadership of the Global IT Account Management Team, comprising of business and process account managers and functional leadership of IT in International Regions and management of IT MA&D activities. In a varied career he has worked on IT related assignments within Air Products’ Plant Operations, Engineering and European Chemicals Divisions, which included 2 years in the US as a Project Manager and 4 years based in the Netherlands as a Computer Systems Manager. http://www.brighttalk.com/webcast/288/6921 Shash Patel, Director of Intellectual Asset Protection & DP, Air Products http://www.brighttalk.com/webcast/288/6921 Data Privacy IAP Security Management Thu, 08 Apr 2010 10:00:00 +0000 Hazel Grant will cover, data privacy issues in cloud computing. She will also cover enforcement issues, new powers in the UK and the planned enforcement in EU jurisdictions. Hazel is an IT lawyer, specialising in information law. She advises on data protection compliance, including data transfers (using both EU model contracts and binding corporate rules), government data sharing projects and responses to data security breaches. Additionally, Hazel advises on responses to freedom of information requests and handling appeals to decision notices. Hazel is an editor of the Encyclopedia of Data Protection and Privacy, a contributing editor (on data protection and freedom of information) for the Encyclopedia of Information Technology Law (both Sweet and Maxwell). She is rated as a leading individual for Data Protection in Chambers and Partners 2010, where she is described as: "highly respected" and "pragmatic and down-to-earth ... easy to work with, relaxed and objective” This session will look at the data protection and privacy issues that businesses are tackling in using and providing cloud services. From data location and the prohibition on data transfers, to data security and compliance with the transparency principle. Cloud services are requiring lawyers and their clients to look at data protection in a new way and find a way of ensuring compliance with obligations and principles that were set in a world prior to cloud. http://www.brighttalk.com/webcast/288/20387 Hazel Grant, Partner, Bristows http://www.brighttalk.com/webcast/288/20387 Data Privacy Cloud Computing Thu, 08 Apr 2010 08:00:00 +0000 This session will look at some of the recent changes in the regulatory landscape as well as what we can anticipate in the near future. We will try to discern any trends in these developments and discuss how a global company could respond. Boris joined Accenture in April 2007 and is Responsible for data privacy compliance in the EALA (Europe Africa and Latin America) region. His duties include helping to establish and maintain a progressive Client Data Protection Programme, advising on client and vendor contracts, carrying out privacy impact assessments on new client offerings or new internal systems, managing a network of DPOs, liaising with regulators, promoting Accenture’s BCR application, anticipating regulatory changes and making sure the business stays compliant. Before moving to Accenture, Boris spent three years at the UK regulator, the Information Commissioner, looking at the world through the eyes of the game keeper, where he advised on data privacy and freedom of information case work and liaised with other European regulators to kick start an unprecedented approvals process known as ‘Binding Corporate Rules’. His other experience includes six years in private practice as a commercial lawyer specialising in Data Privacy matters and three years in Brussels including spells as press officer of a parliamentary group, an assistant to an MEP, a paralegal at Lovell White Durrant and a stagiaire at the Internal Market Directorate General of the European Commission. http://www.brighttalk.com/webcast/288/6941 Jan-Boris Wojtan, EALA Data Privacy Lead, Accenture http://www.brighttalk.com/webcast/288/6941 Data Privacy Global Privacy infosec Accenture Wed, 31 Mar 2010 18:00:00 +0000 Maintaining payment security doesn’t require adding even more proverbial locks and bolts to your infrastructure. In fact, you can secure your payment process – including complying with PCI-DSS standards - with less complexity and time, while adding more scalability. In the upcoming CyberSource webinar Payment Data: Don’t Store It, Don’t Handle It, you’ll see how your peers are adopting a safer, more secure approach by eliminating all contact with payment data – a strategy we call Enterprise Payment Security 2.0. In this webinar, Dave Glaser, CyberSource Vice President of Global Services and founder of CyberSource’s payment security practice, will share the three design points of Enterprise Payment Security 2.0 while Chris Pogue, Senior Security Analyst for the SpiderLabs at Trustwave, will share some real-world breach examples. You will learn the latest best practices for eliminating payment data from your systems. http://www.brighttalk.com/webcast/288/7042 Dave Glaser at CyberSource : Chris Pogue at Trustwave http://www.brighttalk.com/webcast/288/7042 PCI-DSS CyberSource Trustwave Thu, 25 Mar 2010 17:00:00 +0000 Since 2004, the Payment Card Industry has addressed the need for security awareness among personnel who protect, process, store, or transmit credit card data. Commencing in 2010, the Payment Card Industry – Data Security Standard (PCI-DSS) requires both end-users and web application developers of applications which interact with credit card data to be familiar with the latest industry best business practices regarding information security. But, is that sufficient to secure the supply chain and provide adequate software resiliency? What about all the other personnel who are involved in the software development life cycle? This presentation addresses the problem and solution for a comprehensive program for secure and resilient PCI applications. http://www.brighttalk.com/webcast/288/7083 Mark D. Rasch, JD, Co-Founder of Security IT Experts http://www.brighttalk.com/webcast/288/7083 PCI Development PCI Software Tue, 23 Mar 2010 17:00:00 +0000 As IT organizations begin to implement business critical applications in the cloud, there are serious security concerns that must be addressed. A recent Cloud Security Alliance research project, sponsored by Hewlett Packard, produced a report unveiled to the world on March 1, 2010. Join HP and the Cloud Security Alliance to learn about the Seven Deadly Sins of Cloud Security In this webcast, participants will learn about: - The seven deadly sins of cloud security - Common cloud security misconceptions - Best practices for avoiding the seven deadly sins - How HP can help you secure cloud initiatives http://www.brighttalk.com/webcast/288/6877 Jim Reavis, CSA; Archie Reed, HP; Dennis Hurst, HP http://www.brighttalk.com/webcast/288/6877 Cloud Security 7 Deadly Sins Fri, 19 Mar 2010 18:00:00 +0000 A Risk-Based Approach to PCI Compliance: This session will explore how the global marketplace and current business environment is impacting companies of all sizes through competitive and regulatory pressures. The discussion will cover how an outsourced/managed PCI solution can help companies address their compliance challenges and improve business performance. http://www.brighttalk.com/webcast/288/6993 Presenter: Jim Bibles at Qualys | Moderator: Stephen Walker at Colborn Morrison http://www.brighttalk.com/webcast/288/6993 PCI Compliance PCI Solutions Thu, 11 Mar 2010 22:00:00 +0000 Overview of Cloud Computing adoption, key security issues and the Cloud Security Alliance research roadmap http://www.brighttalk.com/webcast/288/6770 Jim Reavis; Executive Director, Cloud Security Alliance http://www.brighttalk.com/webcast/288/6770 Cloud Security Cloud Computing Thu, 11 Mar 2010 20:00:00 +0000 Virtualization technology enables IT personnel to respond to business needs more rapidly with lower cost and improved operational efficiencies. At the same time, interoperability and portability of applications are key for organizations that have purchased virtualization platforms from more than one vendor or want to take advantage of cloud service offerings. In this session we will discuss how existing DMTF standards enables workload interoperability across different virtualization technologies and enable unified management of such environments. We will also discuss DMTF's Open Cloud Standards Incubator and explain how DMTF virtualization standards can be utilized to achieve interoperability between private clouds within enterprises and hosted or public cloud providers. http://www.brighttalk.com/webcast/288/6533 Abolfazl Sirjani, Citrix Systems, VP of Microsoft Tech & Standards Strategy http://www.brighttalk.com/webcast/288/6533 Cloud Standards Virtualization Thu, 11 Mar 2010 19:00:00 +0000 Infrastructure Security: Getting to the Bottom of Compliance in the Cloud. Bret Hartman As Chief Technology Officer at RSA, the Security Division of EMC, Bret Hartman is responsible for defining the corporate security technology strategy for EMC, as implemented by the RSA division. Prior to RSA, Mr. Hartman was Chief Technology Officer, Information Security, at EMC Corporation. Mr. Hartman has over twenty-five years of experience building information security solutions for major enterprises. His expertise includes Service Oriented Architecture (SOA) and Web Services security, policy development and management, and security modeling and analysis. Mr. Hartman has spoken at dozens of security and privacy industry events and is a recognized authority on distributed systems security. Prior to EMC, Mr. Hartman was Director of Technical Services for SOA Appliances at IBM Corporation, and was also Vice President of Technology Solutions at DataPower Technology Inc. (acquired by IBM). Mr. Hartman’s previous roles include Chief Technology Officer at Quadrasis Security (Hitachi Computer Products); Vice President, e-Security Services and Chief Security Architect at Concept Five Technology; President and Co-Founder of BlackWatch Technology Inc; and Director of Information Security at Odyssey Research Associates. Mr. Hartman began his distinguished career as a U.S. Air Force officer assigned to the U.S. National Security Agency. http://www.brighttalk.com/webcast/288/6960 Bret Hartman, RSA, Chief Technology Officer http://www.brighttalk.com/webcast/288/6960 Compliance Infrastructure Security RSA Thu, 11 Mar 2010 18:00:00 +0000 Cloud Security & Privacy http://www.brighttalk.com/webcast/288/6559 Peter J Reid; HP Enterprise Services, Chief Privacy Officer http://www.brighttalk.com/webcast/288/6559 Cloud Security Cloud Privacy Thu, 11 Mar 2010 17:00:00 +0000 Adam Vincent, CTO for Layer 7 Technologies’ Public Sector Team; Scott Chasin, CTO of SaaS business, McAfee; moderated by Ward Spangenberg of the Cloud Security Alliance http://www.brighttalk.com/webcast/288/6553 Adam Vincent, Scott Chasin, moderated by Ward Spangenberg http://www.brighttalk.com/webcast/288/6553 Cloud Security CSA Thu, 11 Mar 2010 16:00:00 +0000 Cloud computing presents a lot of benefits, including cost savings. The problem is that there are always costs to the benefits, and one of those costs is security. Cloud computing provides security issues that go well beyond the traditional security processes. More important is that many vendors highlight the wrong security issues, giving companies a false sense of security. This presentation will talk about the real security issues created by cloud computing. http://www.brighttalk.com/webcast/288/6882 Ira Winkler; President, Internet Security Advisors Group http://www.brighttalk.com/webcast/288/6882 Cloud Security Cloud Computing Thu, 11 Mar 2010 15:00:00 +0000 In this webcast we'll discuss the intricacies of data monitoring in the cloud, the need for succinct policy development, buy-in and roll-out prior to cloud utilisation, the importance of understanding what kind of data is created and used by whom and where, and lastly, compliance and reporting on usage and policy deviation. Becky Pinkard has had the pleasure of working in information technology since 1996 and has been in her current role with Barclays since June 2008. Becky was recruited by Barclays to develop the global monitoring programme with the goal of supplying real-time alerting of critical security and data leakage events to the Bank’s remediation programme and in turn, providing risk information for the Threat and Vulnerability Management Lifecycle decision-making process. http://www.brighttalk.com/webcast/288/6649 Becky Pinkard, Head of Attack and Data Protection Monitoring, Barclays Bank http://www.brighttalk.com/webcast/288/6649 Cloud Barclays data monitoring policy security Thu, 11 Mar 2010 14:00:00 +0000 Roundtable discussion on the direction of secure clouds. Do you use a cloud platform today? What is your most important expectation of Cloud providers? Will further regulation help or hinder security in the Cloud? What is the greatest factor in deciding what data will be placed in the Cloud? Andrew Yeomans is Vice President of Global Information Security at Commerzbank (formerly Dresdner Kleinwort investment bank). Andrew is on the management board of the Jericho Forum, which is an international information security thought-leadership group. Andrew is also is a member of the Executive Advisory Board of the ISSA UK chapter and Infosecurity Europe Advisory Council. As Chief Security Officer (CSO) of Qualys, Randy is responsible for security, risk management and business continuity planning of the QualysGuard platform used by thousands of organisations worldwide. He will also lead the Qualys CSO Advisory Board efforts to collaborate with customers on forging and implementing security and compliance best practices. Randy has over 13 years of information technology and leadership experience. Prior to joining Qualys, he was the Information Security Officer at Yodlee responsible for insuring a high-level security posture of Yodlee's Internet based financial services. Ian Osborne is Director of the Digital Systems Knowledge Transfer Network, a Technology Strategy Board funded programme operated by a consortium led by Intellect with QinetiQ and National Physical Laboratory. The Digital Systems KTN launched in October 2009 and is initially comprised of three programmes: Cyber-Security, Location & Timing and Scalable Computing. The new KTN is working closely with Digital Communications KTN and leading industry suppliers and innovators with a brief to address the needs for promoting ICT-based innovation in private and public sector organisations. http://www.brighttalk.com/webcast/288/6536 Andrew Yeomans, Jericho Forum, Randy Barr, Qualys, Ian Osborne, Intellect UK http://www.brighttalk.com/webcast/288/6536 Cloud Security Qualys Jericho Forum Intellect Thu, 11 Mar 2010 12:00:00 +0000 In today’s information age, a company’s data is it’s most valuable asset and therefore it needs to be safeguarded against all security threats. As the cloud computing model has matured and demonstrated benefits of simplified infrastructure, reduced administration and cost savings, more and more businesses are trusting their applications and data to third parties. However, this cannot afford to come at the cost of reduced security. This presentation examines how to ensure access to your data is secure when accessed via the cloud. John is Senior Product Manager for Star’s security services. He has over 20 years’ IT experience, initially in software development and has held senior Product Management positions for the past 7 years. John joined Star from Mimecast Services where he was Director of Product Management and was previously Head of Product Management at Iron Mountain Europe. For the past 10 years he has developed and delivered Software as a Service solutions in security focused organizations that have included internet startups and large multi-national companies. http://www.brighttalk.com/webcast/288/6938 John Iball, Senior Product Manager, Star Technology Services http://www.brighttalk.com/webcast/288/6938 STAR Cloud Security InfoSec Thu, 11 Mar 2010 11:00:00 +0000 Jonathan P. Armstrong practices in the area of corporate law with a concentration in technology and compliance. Mr. Armstrong's practice includes counseling multinational companies on matters involving risk, technology and compliance across Europe. He has handled legal matters in more than 40 countries involving emerging technology, corporate governance, reputation, internal investigations, marketing, branding and global privacy policies. Mr. Armstrong has counseled a range of clients on breach prevention, mitigation and response. Mr. Armstrong is a frequent broadcaster for the BBC and other channels and recently appeared on BBC News 24 as the studio guest on the Walport Review. Mr. Armstrong is a graduate of the University of Leeds. http://www.brighttalk.com/webcast/288/6438 Jonathan Armstrong, Technology Lawyer Partner, Duane Morris LLP http://www.brighttalk.com/webcast/288/6438 Cloud security legal compliance legislation Thu, 11 Mar 2010 09:00:00 +0000 Lee Newcombe is a well-respected information assurance professional, with experience ranging from penetration testing through to the ‘softer’, more business focussed, areas such as security management and security architecture. During his career he has worked for enterprise clients across both public and private sectors including global banking giants and large HMG departments. He appears regularly in print, commenting on issues such as cloud computing, virtualisation, database security and the use of metrics within information security. He is the Capgemini UK lead for Cloud Computing Security. http://www.brighttalk.com/webcast/288/6369 Lee Newcombe, Managing Information Security Consultant, Capgemini http://www.brighttalk.com/webcast/288/6369 Cloud security lee newcomb enterprise architect Fri, 12 Feb 2010 13:00:00 +0000 John is a 'proven' visionary in the field of Cyber Security. He is a the MD of Secure Bastion and Professor & PhD Mentor at Nottingham Trent University. John's previous experience includes public sector work i.e. Nottingham Council, the Royal Air Force and Her Majesty's Forces. John previously was Head of OpSec at Experian and Information Security Manager at GM. http://www.brighttalk.com/webcast/288/6163 John Walker, Professor, School of Computing and Informatics, NTU http://www.brighttalk.com/webcast/288/6163 Data Leakage Loss Information Security Thu, 11 Feb 2010 22:00:00 +0000 Where is your confidential data? How is it being used? And how do you prevent its loss? FORTUNE 500 companies are using Data Loss Prevention (DLP) to stop data breaches and stay ahead of compliance regulations by protecting their most valuable information – including customer data and intellectual property. How? Attend this webcast to learn: • What Data Loss Prevention is, • Why it is a top priority for CISOs , and • What the key requirements are for a comprehensive solution. http://www.brighttalk.com/webcast/288/6505 Linda Park, Symantec http://www.brighttalk.com/webcast/288/6505 DLP Protection CISO Thu, 11 Feb 2010 21:00:00 +0000 Many organizations consider Data Loss Prevention to be a product, an enforcement technology. Jared Thorkelson of DLP Experts asserts that DLP enforcement technologies are just one part of what should be a PROCESS, not a singular product purchase. In this presentation he outlines key steps in the Data Loss Prevention Process that provide not only a solid foundation for data protection, but also prepare an organization to get the full benefit of a DLP enforcement technology purchase. http://www.brighttalk.com/webcast/288/6094 Jared Thorkelson; Principal, DLP Experts http://www.brighttalk.com/webcast/288/6094 DLP Foundation Thu, 11 Feb 2010 20:00:00 +0000 Many new laws require companies to report to clients, customers or data subjects when there has been a breach of a data system that contains sensitive personal information. Other laws impose a legal duty to protect this information. Still other laws create liability for permitting a system to be used for data theft or data fraud. This session will focus on the duties and responsibilities on companies and government entities to prevent data loss, on the regulatory standards that currently apply to preventing such loss, and on the ways companies can effectively -- and legally -- respond to instances of data theft, data fraud, and data loss. An effective incident response program, coupled with intrusion monitoring and employee training, is essential as part of any data loss prevention scheme. In fact, even data breach notification can mitigate damages resulting from a data breach. This session will focus on effective and compliant strategies and policies for data loss prevention and incident response. http://www.brighttalk.com/webcast/288/6277 Mark D. Rasch; Founding Partner, Secure IT Experts http://www.brighttalk.com/webcast/288/6277 Law Policy Procedure Thu, 11 Feb 2010 18:00:00 +0000 Just over three years ago, MVCI had a major breach of processes. The result of the careful evaluation process was the eventual purchase of RSA’s DLP solution. This presentation will review what was learned about the issues that arose from searching large scale data stores for high risk data. You will also discuss MVCI's strategy and current deployment progression. http://www.brighttalk.com/webcast/288/6093 Bob Samson; Director of Information Protection: Marriott Vacation Club http://www.brighttalk.com/webcast/288/6093 DLP Case Study Thu, 11 Feb 2010 15:00:00 +0000 Data Loss Prevention - Considering a Strategy http://www.brighttalk.com/webcast/288/6026 Sean Sutton, Deloitte UK Security & Privacy Team, Senior Manager http://www.brighttalk.com/webcast/288/6026 Data Loss Strategy Prevention information security Thu, 11 Feb 2010 14:00:00 +0000 This online event will discuss the top 10 myths about DLP and provide you guidance on what to look for in choosing the right DLP solution for your organization. The content is non-technical and will focus on the business, deployment and decision making aspects of DLP. Learn from experts about the critical factors that will guarantee you success in executing your DLP project. http://www.brighttalk.com/webcast/288/6719 Ashok Devata, RSA http://www.brighttalk.com/webcast/288/6719 DLP Myths Holistic Approach Thu, 11 Feb 2010 11:00:00 +0000 It is the business of the information security professional to enable the business to keep their sensitive information secure. However the first step is often the one that trips us up. Do staff really understand what is sensitive and why? Why that is their problem? Are you sure? One recent survey found that 61% of data loss was believed to be due to the action of an insider, 98% of office staff did not see corporate data and its security as their problem. This talk will endeavor to give you a bit of insight into this fundamental problem. Wendy started out as a Social Scientist and began researching information security as an antidote to the tedium of routine work. Now, much of her effort is directed at persuading businesses to move responsibility for information security from the sticky grasp of IT and onto everyone’s desk. http://www.brighttalk.com/webcast/288/6007 Wendy Goucher, Security Empowerment Consultant & Columnist http://www.brighttalk.com/webcast/288/6007 Security Information Human Error Thu, 11 Feb 2010 09:00:00 +0000 This presentation will address DLP and the various forms into which it materialises. We will briefly summarise the main reasons why DLP is needed, and where it comes from. Furthermore we will position it in the larger landscape of information protection, and briefly address the vendor space. Finally, we will discuss some best practices on how to implement DLP. Marc Sel is a Director at PricewaterhouseCoopers 'Advisory Services' in Belgium, specializing in IT Performance Improvement. He joined the firm in January 1989 as a Consultant. Over time, he specialised in the field of security, both from the technical and from the organisational/management perspective. http://www.brighttalk.com/webcast/288/6069 Marc Sel, PwC Enterprise Advisory Services, Director of Information Protection http://www.brighttalk.com/webcast/288/6069 Data Loss Prevention Best practices Thu, 28 Jan 2010 18:00:00 +0000 In today’s networked world, critical data is stolen in real time. Bots, viruses and denial of service attacks propagate at network speeds. Escalating adoption of wireless, social networking, cloud computing and virtualization technologies increases your security risk. The only effective threat mitigation strategy is an automated real time response that stops the attack and prevents the attacker from trying again. This webinar discusses effective, automated threat mitigation and IPS solutions for enterprise networks and cyber-speed threats. http://www.brighttalk.com/webcast/288/6142 Dennis Boas, Security Solutions at Enterasys Networks http://www.brighttalk.com/webcast/288/6142 threat denial wireless 'threat migation' Tue, 12 Jan 2010 23:00:00 +0000 Malware has become the primary vector of compromise within organisations. Due to this, it has become necessary for incident response teams to have the ability to perform in-house malware analysis. This presentation will discuss how malware analysis can benefit an organisation and what options are available. http://www.brighttalk.com/webcast/288/5970 Tyler Hudak; General Electric, Incident Handler http://www.brighttalk.com/webcast/288/5970 Malware Analysis Forensics Tue, 12 Jan 2010 18:00:00 +0000 In principle IDS and IPS systems are workhorse tools, but what are they like in real deployments? We'll share our experiences and thoughts on the practical application of these systems. http://www.brighttalk.com/webcast/288/5913 Stuart Wilson, CTO, Endace http://www.brighttalk.com/webcast/288/5913 IDS IPS Anomaly Detection SNORT packet capture Tue, 12 Jan 2010 16:00:00 +0000 Introduce Intrusion Prevention, how it works, and best practices for deployment. There is a right way and a wrong way to implement IPS. I want to tell you how to do it the right way so you can be successful in your alerting and incident response! http://www.brighttalk.com/webcast/288/5628 Heather Axworthy; University of Massachusetts, Lead Security Specialist http://www.brighttalk.com/webcast/288/5628 AxworthyUniversity of Mass Intrustion Prevention Tue, 12 Jan 2010 15:00:00 +0000 Insiders might threaten an organization’s information systems at any time. By interacting with a system, an insider plays games with the security mechanisms deployed to protect it. We apply game theory to model these interactions in an extensive form game that is being played repeatedly with an Intrusion Prevention System (IPS)... http://www.brighttalk.com/webcast/288/5720 Ioanna Kantzavelou, Lecturer Dept. of Informatics TEI of Athens http://www.brighttalk.com/webcast/288/5720 Intrusion Prevention Insiders Security Tue, 12 Jan 2010 13:00:00 +0000 IDS / IPS are a critical element of Managing Security for most organizations however they produce lots of evens and alerts which must be filtered, analyzed, and correlated into security incidents. The practical usage of innovative GUI leads to better incident management. The management of these incidents also includes tracking until solved preferably in an integrated structured and consistent way. Past incidents can provide a valuable knowledge base to speed up future remedies. With over 25 years of “Information and Communication Technology"-ICT experience, covering, managed services, outsourcing, security, business continuity, disaster recovery, vendor management, networking, infrastructure management, virtualization financial sector and telecom. Jorge Sebastiao brings experience, creativity, structure and innovation to ICT solutions. http://www.brighttalk.com/webcast/288/6203 Jorge Sebastiao, BD Manager Managed Services & Security Guru, ITS http://www.brighttalk.com/webcast/288/6203 Sercurity IPS IDS Visualization Tue, 12 Jan 2010 10:00:00 +0000 Marco Ermini, Network Security Manager will discuss his best practices of implementing IPS. Marco is a Senior systems/network technical architect and administrator, programmer and security expert. With a degree in Math and Computer Science, a doctorate in Philosophy, Marco has over 10 years work experience in IT, 8 of which spent as a consultant on client's sites. Marco currently holds the post of Network Security Manager for one of the largest and innovative telecommunications companies in the world - Vodafone. Amongst his responsibilities, he is in charge of the engineering and deployment of the overall NIDS/NIPS infrastructure and network vulnerability scanners and database monitoring. He is responsible for the network security of the business which than spans 14 countries within the EMEA region. http://www.brighttalk.com/webcast/288/6068 Marco Ermini, Vodafone Group Services, Network Security Manager http://www.brighttalk.com/webcast/288/6068 Network Security IPS IDS Vodafone Tue, 12 Jan 2010 09:00:00 +0000 The growth of the Intrusion Prevention Systems (IPS) market suggests the need for solutions that can automatically respond to attacks. This session will discuss the role of Intrusion Prevention Systems, their relationship with Intrusion Detection (IDS) solutions, their advantages and limitations. Finally, it provides a review of existing IPS products and considers future developments in the area. Dr Maria Papadaki is a lecturer in Network Security at University of Plymouth, UK. Prior to joining academia, she was working as a Security Analyst for Symantec EMEA Managed Security Services (MSS), UK. Her research interests include intrusion prevention detection and response, network security monitoring, incident prioritisation, incident handling, security usability, and security education... http://www.brighttalk.com/webcast/288/5662 Maria Papadaki, University of Plymouth, Lecturer in Network Security http://www.brighttalk.com/webcast/288/5662 intrusion prevention systems intrusion detection Tue, 12 Jan 2010 08:00:00 +0000 Network Security Monitoring: Scalability Challenges This talk is aimed at professionals and researchers with an interest in network security. It aims to highlight some of the challenges encountered when deploying security monitoring for large scale networks. Some design principles and solutions are discussed to address such challenges. While some in-depth technical coverage is necessary, the talk is designed to be accessible and participants from a range of backgrounds are welcome. Siraj A. Shaikh is a Senior Lecturer at the Department of Computing & the Digital Environment, at the Faculty of Engineering and Computing at Coventry University, UK. His research interests include information and network security, and he has published several research papers in this area. He holds a PhD in Computer Security and a MSc in Computer Networks. He is a Chartered Member of the British Computer Society (MBCS CITP), and is also a member of the IFIP TC6 Working Group 6.9 on Communication Systems for Developing Countries. Previously, he has worked for Cranfield University (UK) and the United Nations University (Macau SAR China). http://www.brighttalk.com/webcast/288/5700 Siraj Ahmed Shaikh, Coventry University, Senior Lecturer http://www.brighttalk.com/webcast/288/5700 intrusion prevention Network security Tue, 08 Dec 2009 22:00:00 +0000 Implementing a Business Driven Security Strategy http://www.brighttalk.com/webcast/288/5598 Mark Kadrich; The Security Consortium (TSC), Author and President http://www.brighttalk.com/webcast/288/5598 mark kadrich security consortium endpoint security Tue, 08 Dec 2009 21:00:00 +0000 Jason Stradley is a visionary security executive with an entrepreneurial spirit and the ability to execute against his vision. Known for strong organizational and thought leadership he combines those qualities to communicate his vision to motivate others to excellence. Jason has experience in a wide variety of security technologies such as encryption, IDS/IPs, Data Leakage prevention, Security Information and Event Management, Enterprise Threat Management and Vulnerability Management and Identity and Access Management solutions to name a few. http://www.brighttalk.com/webcast/288/5451 Jason Stradley; BT, Sr. Security Consultant http://www.brighttalk.com/webcast/288/5451 Jason Stradley Endpoint Security Tue, 08 Dec 2009 19:00:00 +0000 With data theft and breaches from cybercrime costing businesses as much as 1 trillion dollars globally, organizations face growing pressure to protect its most prized crown jewel – data. Experience has shown that a large majority of resume generating events have at their foundation complacency. Many IT professionals feel that nothing is wrong and all is well as long as they have protected their perimeters with traditional defenses and their endpoints with antivirus and firewalls. While these traditional defenses and behavioral analysis technologies have provided organizations with some confidence in their level of security over the last decade, the game has changed. The players are different. Today’s players are well-funded and motivated cyber criminals who want your data. Join Bill Aubin, Vice President Endpoint Security for Lumension, to learn more about how to avoid a resume generating event by adopting a data-centric approach. http://www.brighttalk.com/webcast/288/5831 Bill Aubin, Lumension, VP of Endpoint Security http://www.brighttalk.com/webcast/288/5831 Endpoint Security Data Leakage Bill Aubin Tue, 08 Dec 2009 17:00:00 +0000 This presentation highlights findings from recent Aberdeen Group benchmark research in the areas of endpoint security, endpoint management, and endpoint encryption. What are the top-performing companies doing differently than everyone else to improve security and sustain compliance at a lower total cost? http://www.brighttalk.com/webcast/288/5890 Derek E. Brink, VP & Research Fellow for IT Security, Aberdeen Group http://www.brighttalk.com/webcast/288/5890 Endpoint Security Encryption Derek E. Brink Tue, 08 Dec 2009 11:00:00 +0000 Prof. Steven Furnell is the head of the Centre for Security, Communications & Network Research at the University of Plymouth in the United Kingdom, and an Adjunct Professor with Edith Cowan University in Western Australia. He has been active in security-related research since 1992, with interests including security management, computer crime, user authentication and security usability. Prof. Furnell has authored over 190 papers in refereed international journals and conference proceedings, as well as a number of books.He is also the editor-in-chief of Information Management & Computer Security, and an associate editor for other journals including Computers & Security and Security & Communication Networks. Prof. Furnell is a Fellow and Branch Chair of the British Computer Society (BCS) and a Senior Member of the Institute of Electrical and Electronics Engineers (IEEE). He is also active as a UK representative in International Federation for Information Processing (IFIP) working groups relating to Information Security Management (of which he is the current chair) and Information Security Education. Further details can be found at www.plymouth.ac.uk/cscan. Protecting your network from portable devices Abstract : This presentation examines the threats posed by portable devices in the context of protecting a corporate network. It will highlight examples of the problems that organisations can face, including the challenge of managing personal devices and the impracticality of relying upon perimeter controls. It will also consider the related safeguards that may be applied, from both technical and policy perspectives. http://www.brighttalk.com/webcast/288/5079 Steven Furnell, Plymouth University, Head of School, School of Computing http://www.brighttalk.com/webcast/288/5079 Endpoint Security Steven Furnell Tue, 10 Nov 2009 22:00:00 +0000 The Obama administration and Congress have allocated significant funding toward the goal of achieving better health care operational efficiency, enhanced patient safety and better medical outcomes for patients by encouraging health care providers to embrace such technologies as Electronic Health Records (EHRs). This means that health care providers will need to ensure the privacy and integrity of EHR data against unauthorized access by implementing strong authentication techniques. This discussion will show how biometric authentication can play an important role in achieving these goals by providing a more efficient, timely and secure method to access EHRs both within the provider’s internal network environment as well as when data is shared across extranet connections with other authorized third parties. http://www.brighttalk.com/webcast/288/4945 Walter Hamilton, Sr. Consultant; Identification Technology Partners http://www.brighttalk.com/webcast/288/4945 walter hamilton authentication biometrics Tue, 10 Nov 2009 21:00:00 +0000 This presentation will address the complexity of managing identity information across three dimensions: (1) Intended use of identity information to analyze and exploit specific identity data when appropriate, or to protect access to resources; (2) Building blocks to a successful identity management solution including governance, business process, and technology requirements; and (3) Addressing the life cycle of identity information from establishment through processing through acting on that information. The presentation will then walk through a case study focusing on identity credentials, looking at questions to ask in determining requirements for identity credentials and using the framework to assess overall credential strength. http://www.brighttalk.com/webcast/288/5064 Rebecca Nielsen; Booz Allen Hamilton, Senior Associate http://www.brighttalk.com/webcast/288/5064 rebecca nielsen booz allen hamilton authentication Tue, 10 Nov 2009 20:00:00 +0000 Rapid change is standard in the information security field, but fundamental transformation is taking place in the area of identity and access management (IAM). In the Federal Government, the HSPD-12 smartcard has created a foundation for profound improvement in government IAM efforts that dramatically enhance the overall security posture. Now that employees and contractors have smartcards, what's next? Most organizations turn their attention to automating provisioning and de-provisioning of user identity in critical systems, but these are just the bookends to the user's relationship with the organization. The multiple relationships between an individual and the organization are the focus of enterprise entitlement management (EEM), which address automated solutions to provision, modify, deprovision, and track identity and entitlements throughout the user's entire lifecycle. EEM is the key to unlocking the true potential of a smartcard. This presentation examines the compelling business and security benefits of EEM and the reasons why it should be a fundamental part of your identity and access management strategy. http://www.brighttalk.com/webcast/288/5013 Dean Lindstom, Cyberstom, LLC; Principal, Strategic IT Architect http://www.brighttalk.com/webcast/288/5013 dean lindstrom cyberstrom strong authentication Tue, 10 Nov 2009 16:00:00 +0000 Role of Strong Authentication in the Identity Assurance Ecosystem http://www.brighttalk.com/webcast/288/5193 Brett McDowell; Kantara Initiative, Executive Director http://www.brighttalk.com/webcast/288/5193 Brett McDowell Kantara Initiative authentication Tue, 10 Nov 2009 15:00:00 +0000 Protection des données avec la biométrie Match-on-Card http://www.brighttalk.com/webcast/288/4608 Sylvain Maret, University of Geneva & MARET Consulting, Lecturer & CEO http://www.brighttalk.com/webcast/288/4608 Protection des données d'authentification Tue, 10 Nov 2009 14:00:00 +0000 Hundreds of public and private organisations use PKI and One Time Password (OTP) credentials to secure transactions and interactions with their employees, customers and business partners every day. These solutions work very well once the end user has completed their enrolment process and the credential has been shipped. However, the cost and complexity involved in the enrolment and issuance processes often prohibits large scale use of these solutions. This session will provide the audience with an overview of innovative ways to improve usability, significantly reduce the cost of implementation, and streamline the issuance of credentials. http://www.brighttalk.com/webcast/288/4962 Phil D'Angio, VeriSign EMEA, Head of Business Development http://www.brighttalk.com/webcast/288/4962 two factor identity protection strong PKI Wed, 07 Oct 2009 19:00:00 +0000 The Business Impact Analysis (BIA) is the cornerstone of a quality Business Continuity Planning program and is a crucial first step to identifying the mission critical business processes and applications of your organization. Additionally, it will help you identify the appropriate recovery strategies and technologies required to recover the mission critical business processes and applications of your organization in a timeframe consistent with the needs of your organization. Without a BIA study, your BCP program will lack direction and focus when it comes to protecting what is most critical to your organization in a cost effective and timely manner. This session will cover the basics of a “best practice” BIA and the steps required to successfully implement it in your organization today. http://www.brighttalk.com/webcast/288/4560 Michael Herrera, President/CEO & Patrick Potter, VP; MHA Consulting http://www.brighttalk.com/webcast/288/4560 michael herrera patrick potter MHA Consulting Tue, 06 Oct 2009 20:00:00 +0000 Disruptions to critical supply chains are soaring with the economic recession. This presentation will outline the challenges organisations are facing and how business continuity management can offer a solution for greater supply chain resilience. The presentation features new international research on best practice in applying BCM through the supply chain from over 200 organisations. http://www.brighttalk.com/webcast/288/4659 Lee Glendon, Campaigns Manager; Business Continuity Institute http://www.brighttalk.com/webcast/288/4659 Lee Glendon Business Continuity Institute Tue, 06 Oct 2009 19:00:00 +0000 Business continuity and disaster recovery planning are important elements of an enterprise preparedness program, but they are not the only elements. This presentation, by the chair of the technical committee that writes NFPA 1600 “Standard on Disaster/Emergency Management and Business Continuity Programs,” will identify the essential elements of an enterprise preparedness program. The discussion will focus on NFPA 1600’s current edition and the upcoming 2010 edition. http://www.brighttalk.com/webcast/288/4613 Donald Schmidt; Preparedness, LLC, CEO http://www.brighttalk.com/webcast/288/4613 Donald Schmidt business continuity disaster recovery Tue, 06 Oct 2009 17:00:00 +0000 Traditionally the professions of business continuity, security management and IT operations have been separate entities. This is not the most advantageous way to protect an organization. An environment in which these and other key activities are integrated into a structured framework makes better business sense. Such a framework now exists: it's called the Resiliency Management Model (RMM) and was developed by the Software Engineering Institute's CERT group at Carnegie Mellon University. Although considered a framework, RMM addresses critical issues regarding the protection and recovery of business activities from an operational risk perspective. Specifically, RMM overlays the issues of business continuity/disaster recovery, security planning and management, and IT operations and service delivery management. RMM also overlays several key standards, such as BS 25999, ISO 27001, ISO 20000, ISO 24762, DRII GAP, NFPA 1600, CMMI Ver. 1.2 and CobiT 4.1. This session provides a timely introduction to a new and critically important methodology. http://www.brighttalk.com/webcast/288/4578 Paul Kirvan, Board Member, The Business Continuity Institute http://www.brighttalk.com/webcast/288/4578 Paul Kirvan BCI Bussiness continuity disaster Tue, 06 Oct 2009 16:00:00 +0000 2010 Risk Outlook, Time to Get Back to the Basics http://www.brighttalk.com/webcast/288/4420 Kevin Burton; Burton Asset Management, Inc., CEO http://www.brighttalk.com/webcast/288/4420 Kevin Burton business continuity disaster recovery Tue, 06 Oct 2009 15:00:00 +0000 Overview of Business Continuity in Today's Environment http://www.brighttalk.com/webcast/288/4394 Alan Berman, DRI International, Executive Director http://www.brighttalk.com/webcast/288/4394 Business Continuity DRI International Tue, 06 Oct 2009 14:00:00 +0000 Colin( MBA MBCI ) has wide ranging experience were gained in over 30 years of business and in parallel 26 years as a fire officer commanding a busy part time fire station in England, where he managed disasters on almost a daily basis until his retirement from this role in 2006. This has provided him with a unique insight into the importance of Disaster and Business Continuity Management. Following the completion of his MBA in 2000 Colin became the Chief IT Risk & Continuity Specialist at Nokia. He has been responsible for all related global Business Continuity Management processes, procedures and documentation. Including a cost effective e-learning program. A Member of the Business Continuity Institute and qualified Lead Auditor for BS25999 he has presented at several European and USA Business Continuity Conferences and was a contributing author to the Business Continuity Institute "Good Practice Guide for Business Continuity Planning 2005". A published author in his own right he retains his Fire Service interest as a life President of the UK Retained Firefighters Union. http://www.brighttalk.com/webcast/288/4310 Colin Ive, Nokia, Chief Specialist IT Risk & Continuity Management http://www.brighttalk.com/webcast/288/4310 Business Continuity Disaster Planning Nokia Tue, 06 Oct 2009 12:00:00 +0000 Tim Armit is Managing Director of Clifton Risk Management. In 2005 Tim led the consultancy for the Tripartite to benchmark the UK financial sector and in 2007 has helped establish a consultancy in Spain in conjunction with the BME (Spanish Stock Exchange). He has recently specialised in testing business continuity plans and has managed tests in all sectors of industry at all levels within an organisation, delivering market-wide and regional exercises to make tests more realistic. Recently he has been challenging the scope of business continuity in light of business failures considered "out of scope" for most business continuity managers and has worked with companies in the design of their new offices to ensure risks are minimised. http://www.brighttalk.com/webcast/288/4797 Tim Armit, Managing Director, Clifton Risk Management Ltd http://www.brighttalk.com/webcast/288/4797 Business Continuity Disaster Recovery Tue, 06 Oct 2009 11:00:00 +0000 Business Continuity: Small Business http://www.brighttalk.com/webcast/288/4805 Ian Skidmore, Dudley Council, Head of Contingency & Disaster Management http://www.brighttalk.com/webcast/288/4805 Business Continuity Dudley Metropolitan Borough Tue, 06 Oct 2009 09:00:00 +0000 Bio for Paul Sudlow : A 24 year veteran of the IT industry he has spent the last 10 years focused on storage or storage networking technologies. In that time he has specialized in establishing US technology vendors in Europe including Crossroads, Nishan Systems and EqualLogic. Paul has been engaged in a consultative pre-sales and project management role for many customers across Europe and has been providing consultation around disaster recovery solutions to protect customers data for many years. Synopsis: Maintaining uptime and business continuity are crucial in today’s economic climate. With IT budgets tight, current data protection practices are under heightened scrutiny due to their relatively high cost, complexity, and potential for error. Overburdened IT staff members spend too much time maintaining the infrastructure. IT managers’ limited budgets are already spoken for due to their reliance on outside services and the burden of ongoing software and service maintenance contracts. In this webinar we will discuss how the Dell EqualLogic™ PS Series virtualized iSCSI SANs integrate advanced data and disaster protection features directly with VMware® vSphere 4 deployed on Dell PowerEdge™ servers to help reduce the cost and complexity of data protection and disaster recovery, delivering: - Building outstanding resiliency into your server and storage infrastructure - Using automation for protecting server workloads, applications and datasets - Achieving simple, cost effective disaster recovery with server and storage virtualization http://www.brighttalk.com/webcast/288/4794 Paul Sudlow, Dell, Product Marketing Senior Consultant http://www.brighttalk.com/webcast/288/4794 Business Continuity Dell Resilience Wed, 30 Sep 2009 23:00:00 +0000 As organizations explore the opportunities that cloud computing brings to their business, they are fast running up against the uncertainty of security. This webcast will focus on why cloud security is so challenging, as well as highlight areas of cloud security which IBM has been exploring in the enablement of our customers in cloud computing. In addition, speaker Kristin Lovejoy will touch on the directions in which we see cloud computing moving as it relates to security and how organizations can best adopt this new exciting technology. http://www.brighttalk.com/webcast/288/4088 Kristin Lovejoy, Director, Governance & Risk Mgmt, Corporate Security http://www.brighttalk.com/webcast/288/4088 IBM Cloud Computing Security GRC Compliance Fri, 25 Sep 2009 17:00:00 +0000 Data security obligations - federal, state, and administrative - are proliferating at an alarming rate. Two types of obligations have arisen: a variety of substantive requirements on how information must be safeguarded; and no fewer than 46 different procedural requirements associated with consumer, Attorney General, and credit bureau notification following a breach. Learn what industry leaders are doing to spot potential problems early and the respond to them, in cooperation with legal, IT, and corporate communications, and risk management departments. Also learn the most common causes or breaches, how to prevent them, and how the new FTC leadership is continuing to set policy in this area. http://www.brighttalk.com/webcast/288/4179 D. Reed Freeman & Nathan D. Taylor; Morrison & Foerster LLP http://www.brighttalk.com/webcast/288/4179 reed freeman data breach kelley drye & warren Mon, 21 Sep 2009 10:00:00 +0000 David founded GSS in 1997 having been involved in IT Security for many years prior. David has grown the company organically to offer clients information assurance through solutions and consultancy services, and today, GSS is one of the largest dedicated IT Security companies in the UK. David has worked with many organisations of all sizes, from major financial institutions to government departments, in all areas of information assurance. http://www.brighttalk.com/webcast/288/4530 David Hobson, Global Secure Systems Ltd, Managing Director http://www.brighttalk.com/webcast/288/4530 Threat Management threat Countermeasures Fri, 11 Sep 2009 17:00:00 +0000 Many people believe that email is evil, and that it should be restricted, suppressed and deleted. Others – including many users – take the opposite view and attempt to save all email forever. What’s an organization to do? This webinar will review the risks and costs of email, including litigation readiness and compliance. It will review strategies for balancing these risks with a save-it-forever mentality. Join us for what is sure to be a lively discussion! Mark Diamond is the President and CEO, Contoural, Inc. He is one of the industry thought leaders in email archiving, litigation readiness, compliance, data protection and ILM strategies and practices. As CEO of Contoural, his company helps numerous Fortune 500 companies develop and execute email and document retention policies. A frequent industry speaker, Mr. Diamond addresses how organizations can better align business requirements with IT and storage spending. An expert in the business drivers around archival and the technical strategies for implementing them, he addresses what are the emerging best practices, and outlines practical approaches for email and electronic document archival that reduce liability, lower costs and ensure compliance. Nate Fitzgerald, Product Manager Message Archiving, MX Logic A self-proclaimed “Cloud Computing connoisseur”, Nate Fitzgerald oversees the research and development of MX Logic’s complete line of cloud-based message archiving and storage solutions. Nate first turned his attention to the cloud in 2001 when he co-founded GatewayDefender, an early pioneer of managed email security services. GatewayDefender was purchased by MX Logic in 2006. In addition, Nate has extensive experience managing large, complex corporate email systems. Prior to co-founding GatewayDefender, Nate spent several years managing the email operations for Opinion Research Corporation’s entire North American division. http://www.brighttalk.com/webcast/288/4468 Contoural & MX Logic, Moderator: IT GRC Forum http://www.brighttalk.com/webcast/288/4468 eDiscovery GRC Information Security Thu, 10 Sep 2009 17:00:00 +0000 Burton Group Vice President and identity and security expert, Gerry Gebel, IBM Tivoli General Manager Al Zollar and IBM Trusted Identity Vice President Kent Blossom, will discusses how strong authentication solutions, properly designed and deployed, provide significant to help relieve identity and access pain points and compliance woes while improving security to meet new business challenges. http://www.brighttalk.com/webcast/288/3894 Al Zollar, IBM; Gerry Gebel, Burton Group; Kent Blossom, Tivoli http://www.brighttalk.com/webcast/288/3894 identity security authentication Wed, 09 Sep 2009 13:00:00 +0000 Becky Pinkard has had the pleasure of working in information technology since 1996 and has been in her current role with Barclays since June 2008. Becky was recruited by Barclays to develop the global monitoring programme with the goal of supplying real-time alerting of critical security and data leakage events to the Bank’s remediation programme and in turn, providing risk information for the Threat and Vulnerability Management Lifecycle decision-making process. She is a SANS Institute Certified Instructor and began teaching for SANS in 2001. Becky has participated as a GIAC Certified Intrusion Analyst advisory board member and on the Strategic Advisory Council for the Center for Internet Security. Becky is also a co-author of the Syngress books, ‘Nmap in the Enterprise’ and ‘Intrusion Prevention and Active Response, Deploying Network and Host IPS’. Throughout her career to date, Becky has managed global intrusion detection and data leakage monitoring deployments, designed risk assessment and firewall strategies, performed security audits and assessments, worked forensics cases, and developed security awareness training in small and large environments. http://www.brighttalk.com/webcast/288/4014 Becky Pinkard, Barclays Bank, Head of Attack and Data Monitoring http://www.brighttalk.com/webcast/288/4014 Threat Management Threat Management Lifecycle Tue, 08 Sep 2009 19:00:00 +0000 In this talk, experiences in the use of threat modeling during software development are discussed. Although there are obviously many ways to use threat modeling, this talk will discuss experiences using threat modeling during risk assessment, during security requirements engineering and as a way of helping to prioritize security requirements. The talk also discusses some of the benefits and challenges discovered along the way. http://www.brighttalk.com/webcast/288/4323 Nancy Mead; Software Engineering Institute, Sr. Member- Technical Staff http://www.brighttalk.com/webcast/288/4323 nancy mead threat software engineering institute Tue, 08 Sep 2009 18:00:00 +0000 The idea of cloud computing is not new. Viewing computing as a utility dates back to at least the invention of timesharing. One can argue that it is not a matter of whether cloud computing will become ubiquitous, because the economic forces are inescapable, but rather what we can do to improve our ability to provide users and providers of cloud computing with trust in the software services and infrastructure that make up the cloud. In this presentation we address the trustworthiness of cloud computing in terms of transparency, expectations, architecture, and vulnerabilities. Bret Michael is a Professor of Computer Science and Electrical & Computer Engineering at the Naval Postgraduate School. His research addresses the reliability, safety, and security of distributed systems. Bret serves on the government steering committee of the Information Assurance Technology Analysis Center, is Associated Editor-in-Chief of IEEE Security & Privacy magazine, is an associate editor for the IEEE Systems Journal, chairs the IEEE Technical Committee on Safety of Systems, and serves on the IEEE Computer Society’s Professional Practices Committee and the Reliability Society’s Administrative Committee. He has a PhD in Information Technology from George Mason University in 1993. Contact him at bmichael@nps.edu. http://www.brighttalk.com/webcast/288/4454 Bret Michael; Naval Postgraduate School; Professor http://www.brighttalk.com/webcast/288/4454 bret michael naval cloud threat management Tue, 08 Sep 2009 17:00:00 +0000 Concerns about trust arise as organizations contemplate using cloud computing services such as Software as a Service (SaaS) to optimize their businesses. Attend our web seminar to learn how to use SSL's encryption and authentication technology to provide protection to your business and customers if you use (or plan to engage in) cloud computing. http://www.brighttalk.com/webcast/288/4288 Jeff Barto; VeriSign, Sr. Product Manager http://www.brighttalk.com/webcast/288/4288 jeff barto verisign security cloud ssl Tue, 08 Sep 2009 16:00:00 +0000 John will provide attendees with an overview of how to confront unauthorized database access, an emerging threat within all industries and sectors. The session will include a discussion of how to create a multi-faceted database monitoring program that combines administrative and technological measures. John will explain how to conduct automated, real-time monitoring of database activity and will provide examples of specific indicators of unauthorized access. The session will include guidance on how organizations may customize the criteria used to monitor their databases and efficiently verify systems events. John will discuss how to establish an "alerting" mechanism that notifies management when specific, pre-determined events occur and provide methods to investigate these matters. This session is a must for information security professionals who are responsible for securing databases that house sensitive information. http://www.brighttalk.com/webcast/288/3999 John Moynihan; Managing Director at Minuteman Governance http://www.brighttalk.com/webcast/288/3999 Threat Management John Moynihan Minuteman Tue, 08 Sep 2009 15:00:00 +0000 "The Value of Cyber Intelligence Capabilities" will present compelling reason why organizations should be adapting their existing information security programs to leverage new sources of intelligence data that focus on exposing activities occurring within the underground economy. The cyber crime landscape has evolved into a set of highly specialized criminal products and services that are able to target specific organizations, regions, and customer profiles by using a sophisticated set of malware exploits and anonymization systems which routinely evade present-day security controls. By introducing new sources of surveillance and intelligence data, organizations will become more effective at identifying and detecting criminal initiated activities that are focused on stealing information, moving money, and impacting the availability of key services and applications. This web cast will also provide insight into the steps that organizations can take to maximize their investment in existing security controls and generate actionable threat intelligence that can be leveraged across an organization. Rich has led multi-national teams designing, implementing, measuring and advising organizations to effectively and efficiently balance risk, technology and data management decisions with data protection risks, regulatory compliance issues, privacy and security controls. Baich is former CISO at ChoicePoint where he held enterprise-wide responsibility for information and technology security. Previously, he held leadership positions within NSA, McAfee and the FBI. In 2005, Baich authored "Winning as a CISO," a security executive leadership guidebook. http://www.brighttalk.com/webcast/288/4153 Rich Baich CISSP,CISM; Deloitte & Touche LLP; Principal http://www.brighttalk.com/webcast/288/4153 rich baich cyber intelligence deloitte & touche Tue, 08 Sep 2009 13:00:00 +0000 It’s not easy to keep an enterprise successful and secure these days. Organisations all over the world are faced with a host of challenges: an unsteady economy, growing competition, volatile global markets, shrinking budgets, and consumer uncertainty. Added to that, the growing threats that can easily outwit point solutions with a combination of web 2.0 technologies, encryption, sophisticated spam techniques and phishing attacks. John will take us through McAfee's Global Threat Management technologies which can instantly detect and block multifaceted attacks that attempt to enter your network, simplifying the process for your organisation. He will also discuss some critical requirements to consider as you look at ways to reduce costs and streamline security management processes through a consolidated network portfolio, simplified administration and centralised management via ePO. http://www.brighttalk.com/webcast/288/4336 John T. Parker: McAfee Product Line Executive http://www.brighttalk.com/webcast/288/4336 Threat Management encrytion phishing web 2.0 Tue, 08 Sep 2009 09:00:00 +0000 James garnered Extensive pre- and post-sales consulting experience while working for US-based technology companies, providing a unique blend of deep technical knowledge with broad commercial, sales, and managerial experience. He is experienced in all aspects of IT security / risk management, with a particular emphasis on e-commerce security and payment authentication systems based on the 3-D Secure protocol. Presently managing pre-sales consulting activities for IBM Internet Security Systems following the acquisition of ISS by IBM in October 2006. http://www.brighttalk.com/webcast/288/4016 James Rendell, IBM, Senior Technology Specialist http://www.brighttalk.com/webcast/288/4016 Threat Management IBM IBM X-Force Threat Reports Tue, 08 Sep 2009 08:00:00 +0000 During the last few years, there has been a significant rise in attempted and successful data breaches, focused on stealing valuable data that can be used or traded for profit. Money remained the driving force behind the growth of targeted attacks against financial institutions, enterprises and governmental agencies. Organised cybercrime groups, closely resembling both in structure and operations the notorious “CosaNostra” crime organisations, are often carrying out cyberattacks. Their organisations, their business models and their techniques are successfully copied from the real business world. This presentation will help you understand the methods and techniques of those cybercriminals and it will show you ways to efficiently protect your organization against it. http://www.brighttalk.com/webcast/288/4471 Tim Warner, Finjan Northern Europe Regional Director http://www.brighttalk.com/webcast/288/4471 Gateway Malware Web 2.0 Security Zero-Day Thu, 03 Sep 2009 10:00:00 +0000 Over the past 15 years, Peter Wood has taken part in a hundreds of penetration tests, from both inside and outside organisations. Over this period several themes have emerged - repeating problems which continue to undermine network security in the majority of organisations. Peter will discuss how to find the most common vulnerabilities in corporate networks, using real-world case studies to illustrate his talk. He will cover Windows domains, infrastructure devices and end points, sharing his experience of the configuration errors and misunderstandings that populate organisations' networks everywhere. Peter is renowned for his pragmatism, so expect a down-to-earth, no-frills presentation with plenty of practical examples and plain speaking. Leave your prejudices at home! http://www.brighttalk.com/webcast/288/4085 Peter Wood, Chief of Operations, First Base Technologies http://www.brighttalk.com/webcast/288/4085 ethical hacking blended threats Tue, 01 Sep 2009 17:00:00 +0000 As businesses expand their efforts to market to consumers through online behavioral advertising and social networking features they must be mindful of the ever changing legal pitfalls especially in an era when enforcement activity is increasing. Well established practices surrounding notice and and consumer opt-out choice are increasingly likely to be challenged by regulators. Similarly, a new Maine law is upsetting established practices that conform with the federal Children's Online Privacy Protection Act. At the same time the personal information businesses collect and hold is being subject to increasingly detailed data security regulation, which is complicated by the trend to move some applications to the "cloud." http://www.brighttalk.com/webcast/288/4099 Tim Tobin; Hogan & Hartson LLP, Attorney http://www.brighttalk.com/webcast/288/4099 Tim Tobin hogan & hartson data privacy Thu, 13 Aug 2009 22:00:00 +0000 Social media in the new Web 2.0 world has proven to be an effective new marketing tool but one that also creates some interesting privacy challenges. This presentation will give practical tips on how to avoid privacy pitfalls as you create social communities for your customers and deliver marketing messages and apps into existing social networks like Facebook, Linked In and Twitter. Susan Lyon is a privacy expert with a wealth of experience advising clients on emerging social media issues. As Of Counsel for Perkins Coie's Privacy and Data Security group, she has counseled companies from small startups to major name brand retailers, social networking sites, mobile service providers, network advertisers, and a wide variety of tech companies. http://www.brighttalk.com/webcast/288/3639 Susan L. Lyon, Of Counsel, Perkins Coie LLP http://www.brighttalk.com/webcast/288/3639 Social Media Privacy Challenges Thu, 13 Aug 2009 19:00:00 +0000 The World Wide Web is a dangerous place. As companies and government agencies have become more competent at traditional vulnerability management, politically and financially motivated attackers have refocused their efforts on softer targets such as web applications and end-user web browsers. These attacks are surprisingly simple, yet have potentially devastating impact. This presentation will focus on an emerging class of attacks which target end users rather than web applications directly. We will present clear, concise explanations of cross site scripting and man in the middle attacks, and show how they can be used to perform client-side exploitation. We will then discuss practical, vendor-neutral defenses against these attacks. CISO's and Infosec managers interested in evolving their security programs to meet the challenge posed by these new threats will find this session engaging and informative. OWASP is a non-profit organization dedicated to improving software security. As such, this presentation will be completely free of vendor bias. For more information please visit http://www.owasp.org Speaker: David W. Campbell David is a veteran security consultant who has been involved in OWASP since 2004 and has been leading the Denver chapter since 2007. http://www.brighttalk.com/webcast/288/3461 David W. Campbell; Leader; OWASP http://www.brighttalk.com/webcast/288/3461 david campbell OWASP data and privacy Thu, 13 Aug 2009 18:00:00 +0000 Code Signing and How it Helps Prevent Malware Attacks http://www.brighttalk.com/webcast/288/4009 Corey Prince, VeriSign; Product Manager- Code Signing http://www.brighttalk.com/webcast/288/4009 Corey Prince Code Signing Information Security Thu, 13 Aug 2009 17:00:00 +0000 In online privacy today, notice is king. Notice is how we deal with the conflict between the preference of Internet companies to gather as much user data as possible and the rights of users to control their information. Notice is how California sought to deal with the problem of online privacy in 2003 when it passed the Online Privacy Protection Act. Notice continues to be the lynchpin of the Federal Trade Commission's campaign to secure meaningful self-regulation of the online advertising industry. The trouble is: notice isn't working. People don't read privacy policies. Even if they did, they wouldn't understand many of them. Actual privacy practices vary so little that consumers who are dissatisfied with one company's stated practices have nowhere else to go. But it's not all bad news: many efforts are underway to improve or replace notice and some of them show serious promise. This presentation describes the history, limitations, and future of notice, including the Center for Internet and Society's own efforts to change the game. http://www.brighttalk.com/webcast/288/3650 M. Ryan Calo; Residential Fellow; Stanford Law School http://www.brighttalk.com/webcast/288/3650 ryan calo stanford Law School Thu, 13 Aug 2009 16:00:00 +0000 Since February 2005, the identities of approximately 93 million people have been exposed because of data leaks. This presentation examines details of the various thefts and makes recommendations about how to minimize the organization impact and negative consequences following a loss. http://www.brighttalk.com/webcast/288/3719 Julie Machal-Fulks; Partner at Scott & Scott LLP http://www.brighttalk.com/webcast/288/3719 Julie Machal-Fulks scott & scott data privacy Thu, 13 Aug 2009 15:00:00 +0000 Social Media: Impact and Implications for Corporate Privacy http://www.brighttalk.com/webcast/288/3619 Mike Spinney, Ponemon Institute; John Sileo, The Sileo Group http://www.brighttalk.com/webcast/288/3619 Social Media Corporate Privacy Thu, 13 Aug 2009 13:00:00 +0000 Privacy and Data Protection have risen to the top of the Information Governance agenda, yet the processes to ensure compliance and proactive risk management are poorly understood by many organisations. This problem is compounded by the explosion in Web 2.0 and cloud computing: it is becoming increasingly difficult to understand what data is under the control of an organisation, let alone where it is or how it is being used. Organisations that fail to address privacy-related issues risk regulatory punishment and media censure, and a privacy compliance strategy is now as important as any traditional security strategy. In this session Toby Stevens, Director of privacy think-tank the Enterprise Privacy Group, will share his experiences on how, why and when to conduct a Privacy Impact Assessment; what the complications are for cloud computing and Web 2.0; and what traps await organisations when they first tackle privacy problems. TOBY STEVENS BEng(Hons) FBCS CITP MIoD is an acknowledged identity, privacy and security expert with strong leadership and project management skills. Currently the Founder and Director of the Enterprise Privacy Group, a think-tank for identity-related issues, he has worked in a range of management roles across the financial services and internet sectors. He specialises in facilitating debate about the implications of managing privacy and personal information, but has also worked in security management research, Year 2000, euro implementation and broader IT project management roles. Toby sits on the Department for Transport’s Road Pricing Advisory Forum, and publishes a privacy blog for Computer Weekly. He is a Fellow of the British Computer Society, where he chairs the Information Privacy Expert Panel, and is a CLAS consultant. http://www.brighttalk.com/webcast/288/3898 Toby Stevens, Director, Enterprise Privacy Group http://www.brighttalk.com/webcast/288/3898 Information Security Privacy Impact Assessments Thu, 13 Aug 2009 10:00:00 +0000 Professional Qualification - Solicitor of the Supreme Court of England and Wales http://www.brighttalk.com/webcast/288/3668 Cameron Craig, DLA Piper, Partner - Technology and Media http://www.brighttalk.com/webcast/288/3668 data protection privacy freedom of information Thu, 13 Aug 2009 09:00:00 +0000 Edna Kusitor advises on Global Data privacy matters as part of the Data Privacy Compliance Team within Accenture. Her global remit includes countries as diverse as Argentina, the Philippines, India, China and Australia. Edna has 5 years experience in data privacy and was previously responsible for data privacy within Centrica Telecommunications Ltd. a large telecommunications provider. She is an expert in UK Data Protection Law and data privacy in relation to electronic communications. Edna holds the ISEB in data protection and has a 2.1in Law LLB. She studied the Legal Practice Course at the College of Law, London. Her previous experience includes company and commercial law matters for Nexen, a Canadian oil and gas exploration and production company. Edna also has a passion for charitable work and in addition to mentoring young adults, she currently leads one of the corporate citizenship activites for her workforce at Accenture. In the past she has acted at a trustee for a London Community Development Charity. http://www.brighttalk.com/webcast/288/4015 Edna Kusitor, Global Data Privacy Compliance Counselor, Accenture http://www.brighttalk.com/webcast/288/4015 Data and Privacy in Web 2.0 Accenture Thu, 13 Aug 2009 08:00:00 +0000 Privacy Implications of Smart Grids and the Cloud: Opportunities and Pitfalls Smart grids are in the news considering the Obama administration impetus for broadband stimulation. The starting point of Smart grids are two-way electricity meters which can be connected via telecoms networks to monitor energy consumption. Like web 2.0 which saw the Web as a platform, we are now seeing the electricity grid as a platform. But similar to Web 2.0, smart grids could also have privacy implications. This talk discusses the opportunities and pitfalls of the privacy implications of the smart grid and the Cloud. Ajit Jaokar is the founder of the London based publishing and research company futuretext (www.futuretext.com) focussed on emerging Web and Mobile technologies. His thinking is widely followed in the industry and his blog, The OpenGardensBlog (www.opengardensblog.futuretext.com), was recently rated a top 20 wireless blog worldwide and he is best known for his books Mobile Web 2.0, Social Media Marketing. Two new books ('Open Mobile' and ‘Implementing Mobile Web 2.0’) are being released in 2009. Ajit chairs Oxford University's Next generation mobile applications panel and conducts a course on Mobile Web 2.0 and LTE services at Oxford University. http://www.brighttalk.com/webcast/288/3732 Ajit Jaokar, Futuretext, Founder and Author http://www.brighttalk.com/webcast/288/3732 privacy web 2.0 Tue, 11 Aug 2009 16:00:00 +0000 As an IT team, you are experiencing increasing demands to adapt to new processes and technologies in order to achieve business goals, all the while improving and managing your risk posture. IBM provides an end to end security solution that gives you the visibility, control and automation you need to securely build a dynamic infrastructure. With IBM, you can accelerate innovation while managing risk and reducing complexity and the cost of security. This presentation will discuss the various challenges that arise when securing today's dynamic infrastructure and explain risk management strategies organizations can adopt to address these challenges. http://www.brighttalk.com/webcast/288/3890 Kristin Lovejoy, Director, Governance & Risk Management, Corporate Security http://www.brighttalk.com/webcast/288/3890 security infrastructure Tue, 28 Jul 2009 22:00:00 +0000 In the context of smaller budgets and more sophisticated security exploits, many entities are turning to out-of-band authentication (OOBA) to strengthen their Identity & Access Management strategies. This presentation will take a practical look at the different types of out-of-band authentication, the benefits of incorporating OOBA, and best practices for implementing in an existing IAM environment. http://www.brighttalk.com/webcast/288/3792 Peter Tapling, President & CEO, Authentify, Inc. http://www.brighttalk.com/webcast/288/3792 OOBA Authentication Tue, 28 Jul 2009 19:00:00 +0000 Identity Lifecycle Management is a comprehensive approach to managing user identities throughout their lifecycles. An effective identity lifecycle management approach should greatly assist corporations in improving efficiency, achieving tighter security controls, and ensuring continuous compliance. Implementing solutions in this area can be challenging if not planned effectively. This webcast addresses five fundamental steps that you can take to increase the success of your implementation. Our speaker, Paul Engelbert, VP Global Security Management Practice at CA, discusses best practices to follow—and common mistakes to avoid-- to implement an approach that achieves effective identity lifecycle management in a way that helps you simultaneously achieve scalable security management practices while delivering real business value in the first 60-90 days. The strategies outlined in this webcast are based on the experience gleaned from hundreds of wildly successful implementations. http://www.brighttalk.com/webcast/288/3563 Paul Engelbert, VP, Global Security Management Practice, CA Services http://www.brighttalk.com/webcast/288/3563 Lifecycle Management IAM Implementation Tue, 28 Jul 2009 17:00:00 +0000 Many visions, definitions, strategies and concepts on how “federation” should or would work currently abound when discussing Identity Management scenarios. The Federation for Identity and Cross-Credentialing Systems (FiXs) a not for profit Industry organization of more than 50 members/subscribers has actually built and operationalized, with the Department of Defense, one of the very first , if not the first such environment in existence today. This presentation and discussion will focus on the journey travelled over the last four years of collaborative work between the DoD and FiXs on establishing this Federation between Industry and Government. Participants will learn about the development of trust models, operating rules, policies on privacy and security, mandatory guidelines and standards, open technology solutions and the politics of making a Federation between Industry and Government actually operational. The discussion leader is Dr. Michael J. Mestrovich, President of FiXs, and one who spent nearly thirty years within the Department of Defense and Federal Government developing, implementing and operating enterprise wide systems and infrastructures for personnel, health, business and command and control systems. Over the past few years, since he retired from DoD, he has focused on innovative ways to allow Industry and Government to work together in collaborative forums in solving National infrastructure issues. http://www.brighttalk.com/webcast/288/3870 Dr. Michael J. Mestrovich, President of FiXs http://www.brighttalk.com/webcast/288/3870 Michael Mestrovich Fixs identity & access Tue, 28 Jul 2009 16:00:00 +0000 Ensuring that the right people have the right access and are doing the right things across a complex enterprise can be a daunting challenge. Where do you actually begin and how, in today’s environment, can you possibly get it funded? This presentation will help you develop an access assurance strategy and supporting business case that will enhance security, improve compliance and save money. What you will learn: -Level setting – What is access governance and how does it add value to the business. -Defining goals – Establishing business goals and timeframes. -Developing a roadmap – Creating an actionable plan that charts how to get from where you are to where you need to be within your business and technical constraints. -Developing a business case - Tips and techniques for finding the funding in today’s environment. http://www.brighttalk.com/webcast/288/3422 Chris Sullivan, Courion, Vice President of Customer Solutions http://www.brighttalk.com/webcast/288/3422 Chris sullivan courion identity and access Tue, 28 Jul 2009 14:00:00 +0000 What is it and why it is a key security foundation for SaaS and the future of the Web? Matthew Gardiner is a Director of Product Marketing at CA and is a recognized industry leader in the security management & IAM markets worldwide. He is published and interviewed regularly in leading industry media on a wide range of IAM and security-related topics. He is a member of the Liberty Alliance and the Kantara Initiative Board of Trustees. Matthew has a BSEE from the University of Pennsylvania and an SM in Management from MIT's Sloan School of Management. http://www.brighttalk.com/webcast/288/3655 Matthew Gardiner; Director of Product Marketing at CA http://www.brighttalk.com/webcast/288/3655 Matthew Gardiner CA identity & access management Tue, 28 Jul 2009 13:00:00 +0000 Making PKI and Two Factor Authentication simple and cost effective: Hundreds of public and private organisations use PKI and One Time Password (OTP) credentials to secure transactions and interactions with their employees, customers and business partners every day. These solutions work very well once the end user has completed their enrolment process and the credential has been shipped. However, the cost and complexity involved in the enrolment and issuance processes often prohibits large scale use of these solutions. This session will provide the audience with an overview of innovative ways to improve usability, significantly reduce the cost of implementation, and streamline the issuance of credentials. Phil D’Angio joined VeriSign in 2003 and is responsible for developing Authentication projects with the company’s largest customers and partners. He currently leads the development of new business relationships for VeriSign’s Authentication Services in EMEA. Phil’s recent focus has been on consumer protection initiatives based on two-factor authentication, a shared authentication network, and National Identity programs. During his time at VeriSign, Phil has worked with customers to design and deploy Identity Management and Authentication programs, leveraging VeriSign’s layered security elements including two-factor authentication, PKI, and fraud protection services. Phil has worked with customers in all of VeriSign’s key verticals including the financial industry, healthcare, energy and public sector. His experience gives him a unique perspective on the complexities and balance required for business to consider for authentication services targeted at consumers and business partners. http://www.brighttalk.com/webcast/288/3535 Phil D’Angio, VeriSign EMEA, Head of Business Development http://www.brighttalk.com/webcast/288/3535 identity & access management Tue, 28 Jul 2009 12:00:00 +0000 Fulup has over twenty years experience in the Information Systems industry. His experience ranges from general management of software development and projects to research activities. Fulup's career has always been driven by his desire to work on the leading edge of technology, management, and business development. He is motivated by a wish to achieve a smooth balance between customer engagements, technical leadership, business development, and management. Fulup summarises his professional experience under three main headings. - 1980/89 Education and Research for the French Department of Defense. - 1989/99 Business Startup and Wind River R&D Director - From 1999 International Master Architect for Sun Microsystems http://www.brighttalk.com/webcast/288/3964 Fulup Ar Foll, Sun Microsystems, Master Architect http://www.brighttalk.com/webcast/288/3964 Identity Management Tue, 28 Jul 2009 11:00:00 +0000 Trained in Economics and Social Science at London and Oxford Universities, Geoff’s business experience spans both public and private sectors unified by a focus on change management, marketing, business planning and communications. During twenty years in the public sector - in the Manpower Services Commission, the BBC, and the Post Office - his career embraced a diverse set of roles from Personal Assistant to the Chairman and Chief Executive of the Post Office to responsibility for launching the BBC’s “Audience Reaction Service”. After joining Sema Group Consulting in 1996 his roles included consultancy, account direction and he was, latterly, Director of Strategy and Government Relations. Following a period with Siemens Business Services in account direction and bid leadership, he established RPM Business Consulting in 2006. RPM stands for Research Planning and Motivation which Geoff sees as the three legs of the successful change management tripod. His clients at RPM include the leading multi-national industry names as well as some niche suppliers, with a focus on the current Transformational Government and Identity Management agendas. At Intellect, he chairs the transport Group and has sat on the Identity Management Committee since its inception - he is also a Warden of the Worshipful Company of Management Consultants. http://www.brighttalk.com/webcast/288/3919 Geoff Llewellyn, Intellect & RPM Business Consulting Ltd, Board http://www.brighttalk.com/webcast/288/3919 Identity Management Intellect UK Tue, 28 Jul 2009 10:00:00 +0000 Patrick Curry began his career as a control systems design engineer automating factories. He then spent 25 years in the Army in a wide range of technical, planning and operational roles. In the last 10 years, he has focused extensively on international secure collaboration and the sharing of sensitive information across aerospace and defence. He began the Transatlantic Secure Collaboration Programme, comprising governments and major companies, from which he focused on identity management, including the formation of the CertiPath PKI Bridge, and export controls. He has worked with a number of governments, particularly the US, and European Commission, and has been involved in the UK NIS, working for IPS and a major supplier. As ID is out of political fashion in the UK, Patrick is leading a collaborative effort to build the British Business Federation Authority to oversee the development of ID for British business so that UK companies can meet emerging regulatory and contractual requirements for federated identity. He has been awarded the OBE for his international work, and received 3 industry awards (2 in UK and one in the USA). The Future of IAM is Federated ID and Access Management, but the issues are much more than technological. The rate of change in society is disturbing, partly due to the ubiquitous shift to electronic business in a risky cyberspace where data is easily ‘lost’, and the concepts of community, relationship and trust are changing accordingly. This presentation looks at the strategic and regulatory drivers for identity itself and IAM, levels of risk and assurance, the dominating initiatives that are creating the de facto way ahead, the contribution (or not) of enabling technologies and the governance regimes that are essential for federation to work across communities of trust. It concludes with a Darwinian view of the future and some recommendations on what needs to be done for federation to work in the real world. http://www.brighttalk.com/webcast/288/3763 Patrick Curry, Clarion Identity Ltd, Director http://www.brighttalk.com/webcast/288/3763 access management Information Security Tue, 28 Jul 2009 09:00:00 +0000 Juniper offers the industry’s only high-performance adaptive threat management solutions that leverage a dynamic, cooperative product portfolio and network-wide visibility and control to increase the security and reduce total cost of ownership of delivering applications and services. This drives a sustainable competitive advantage to enterprise organizations. http://www.brighttalk.com/webcast/288/3643 Gilles Trachsel, Product and Solutions Marketing Manager, Juniper Networks EMEA http://www.brighttalk.com/webcast/288/3643 Juniper Networks Identity Access IT Security Tue, 28 Jul 2009 08:00:00 +0000 Human Factors in Information Security: Identity & Access Management Martin Smith MBE - IT Security Expert Martin Smith has had a fascinating and varied 25-year career in the world of security and is now one of Europe’s most experienced corporate and IT security practitioners. He has a rare combination of extensive professional knowledge and experience, coupled with exceptionally strong communications and management skills. He is a leader, influencer and strategic thinker with a far-reaching network at the highest levels of the computer security fraternity around the world. Martin Smith gained his degree in behavioural psychology before spending 16 years as a commissioned officer in the RAF, firstly as a pilot and then assigned to counter-espionage and counter-terrorism duties. In the late 1980s he transferred to the then emerging field of computer security and in 1990 was awarded Membership of the Most Excellent Order of the British Empire (MBE) for this pioneering work. In 1991 he left the Service to carve out a second career in the commercial sector. http://www.brighttalk.com/webcast/288/3708 Martin Smith MBE, The Security Company Limited, Chairman & Founder http://www.brighttalk.com/webcast/288/3708 identity and access management security Mon, 20 Jul 2009 18:00:00 +0000 Small businesses face complex and ever-changing challenges – not just in running their business but in protecting their data. One risk is internet threats – which increased almost three times over the past year. How does a small business stay on top of these daunting threats? And how do you have time to try to keep on top of spam, malware, phishing and other threats? Another risk is losing data -- half of the small businesses that have lost customer data never get back to business, so why is it that only half of small businesses backup their computers? Protecting information has become increasingly important to ensure your business is protected. But it can seem overwhelming. It doesn’t have to. Learn why your current protection may be putting you at risk and how you can reduce the risks so you can focus on running your business. http://www.brighttalk.com/webcast/288/3896 Etsuko Kagawa, Director, Small Business Solutions Marketing, Symantec http://www.brighttalk.com/webcast/288/3896 Data Spam Malware Phishing Small Business Security Tue, 23 Jun 2009 23:00:00 +0000 Services such as internet banking, mobile banking and merchant capture have pleased customers. However, they create risks of increased fraud, customer information disclosure and identity theft. Our session will discuss these products at a high level, go over how they change the bank’s risk profile, and discuss ways to manage and control that risk. http://www.brighttalk.com/webcast/288/3313 Corbin Del Carlo, Manager, RSM McGladrey http://www.brighttalk.com/webcast/288/3313 Corbin del Carlo Application Security RSM Tue, 23 Jun 2009 18:00:00 +0000 Mitigating Software Supply Chain Risk http://www.brighttalk.com/webcast/288/3504 Joe Jarzombek; Dir. for Software Assurance; Dept. of Homeland Security http://www.brighttalk.com/webcast/288/3504 Joe Jarzombek homeland security application Tue, 23 Jun 2009 16:00:00 +0000 The benefits of threat modeling at the design stage of software development are well-documented, yet few organizations are able to perform this analysis technique due to time constraints. Based on our experience in real world situations, Security Compass has developed a one day approach to threat modeling. Threat Modeling Express aims to take a proactive approach to security in the design and architecture of web applications. In this presentation, learn how to create a "quick and dirty" application threat model for web applications using an organization's most valuable resource: its people. http://www.brighttalk.com/webcast/288/3161 Rohit Sethi; Director of Professional Services at Security Compass http://www.brighttalk.com/webcast/288/3161 application security rohit sethi Mon, 08 Jun 2009 09:45:00 +0000 Why Secure Coding is Not Enough http://www.brighttalk.com/webcast/288/3331 John Colley, Managing Director, EMEA, (ISC)2 http://www.brighttalk.com/webcast/288/3331 infomration security Fri, 22 May 2009 16:00:00 +0000 Data Loss Prevention (DLP) doesn’t begin and end with just your data. This presentation provides insight into the multitude of Microsoft infrastructure management silos where security plays a major role in ensuring the safety of the data residing within your systems and applications. http://www.brighttalk.com/webcast/288/3058 Tom Lounsbury; Dir. of Bus. Development at STEALTHbits Technologies, Inc. http://www.brighttalk.com/webcast/288/3058 tom lounsbury stealthbits data leakage Tue, 19 May 2009 20:00:00 +0000 CCi5 is honored to present “Watching the Watchers”; this updated eye-opening presentation is primarily told from the intruder’s perspective, providing a state-of-the-union style examination of the challenges facing IT Security today. Topics covered include risk reduction, policy implementation, systems configuration and other areas of interest that should appeal to both the technical audience as well as the executive leadership.The presentation has been built to provide an understanding of both technical considerations as well as the business, fiduciary and legal responsibility within organizations. We will review several topics including business awareness to the security climate in today’s world, accountability within an organization for the actions of Information Security practices and understanding the technical and theoretical path that the intruders are taking in the future and other. http://www.brighttalk.com/webcast/288/2830 Chris Roberts; CEO of CCI5 http://www.brighttalk.com/webcast/288/2830 Chris roberts CCi5 data leakage Tue, 19 May 2009 17:00:00 +0000 Phishing attacks are online crimes that are growing rampant. There are various types and they are consistently getting more advanced. The best way to avoid yourself or your customers from falling prey is to know how these work. Join us in this webcast to learn about a variety of phising attacks and a potential solution for these online threats. http://www.brighttalk.com/webcast/288/2867 Ryan White, Product Marketing Manager for SSL at VeriSign http://www.brighttalk.com/webcast/288/2867 Verisign phishing ryan white Tue, 19 May 2009 15:00:00 +0000 Organizations across the globe are being inundated with regulatory requirements. They also have a strong need to better manage their IT systems to ensure they are operating efficiently and staying secure. Auditing is a critical component from the standpoint of regulatory compliance, and ensuring data security and privacy is a big challenge. In the focus of this presentation, we will look on how to implement a defense-in-depth strategy that can be tailored to meet the specific security risks of the database environment. http://www.brighttalk.com/webcast/288/2739 Ayad Shammout, Lead Technical DBA at Caregroup Healthcare http://www.brighttalk.com/webcast/288/2739 Ayad Shammout Data leakage Caregroup Thu, 16 Apr 2009 21:00:00 +0000 Whether you know it or not, the success or failure of your entire company rests on a tightly-woven mesh of applications that's as intricate as it is delicate. The applications our firms run govern everything from finance, to the hiring and firing of employees, to the ordering of janitorial supplies. At the end of the day, our companies don't just run applications - our companies *are* applications. But when it comes to securing what's quite literally the lifeblood of our firms - we often aren't doing as good a job as we should. No matter if we're building software for use in house, if we're selling product into the marketplace, or if we're just buying and deploying COTS - application security plays a role. This discussion will outline why application security is important, why it often doesn't get the attention it deserves, and no-nonsense strategies for effectively managing the security of applications built, sold, and used by our firms. http://www.brighttalk.com/webcast/288/2596 Ed Moyle, Founding Partner at SecurityCurve http://www.brighttalk.com/webcast/288/2596 Application Security Summit Thu, 16 Apr 2009 20:00:00 +0000 Many enterprises have application security programs to address building security into the software they develop. Designing and building applications targeted for cloud deployment introduce require additional consideration over and above current application security standards and practice. The exact nature of these application security difference depend on the type of cloud platform being targeted due to the differences in platform provided services. http://www.brighttalk.com/webcast/288/2601 Scott Matsumoto;Principal Consultant at Citigal; Cloud Security Alliance http://www.brighttalk.com/webcast/288/2601 Application Security Summit Thu, 16 Apr 2009 19:00:00 +0000 Cross-Site Request Forgery (CSRF) has been around for a long time but has only recently gained attention. CSRF continues to be an issue that is misunderstood, mishandled, and improperly ranked. Many still do not realize the depth of the problem that CSRF poses. After all, this vulnerability can be either completely devastating or totally innocuous. CSRF is not just a problem for Internet facing web applications. These attacks can be used on local networks and even the localhost. This presentation covers some of the more interesting aspects of CSRF. Attacks, risk assessment, and mitigation will all be covered. http://www.brighttalk.com/webcast/288/2201 Nathan Hamiel, Founder, Hexagon Security Group http://www.brighttalk.com/webcast/288/2201 Application Security Summit Thu, 16 Apr 2009 14:00:00 +0000 Following multiple data breaches at “PCI Compliant” organizations, there has arisen a chorus of voices who are discovering that complying with PCI does not make an organization secure. This, while not a surprise to anyone who has either looked at PCI or worked in security, is evidently news enough to begin to call into question the utility of PCI, and of complying with its dictates. Listen as Jack Danahy, Founder and CTO of Ounce Labs, discusses the ways in which the PCI Data Security Standard and PCI compliance can form an important track of a solid security strategy, can provide cautions about common pitfalls, and can engender some critical thinking needed to secure critical data. PCI compliance alone is not a security strategy, but it is certainly a useful step along the way. http://www.brighttalk.com/webcast/288/2624 Jack Danahy, Founder and CTO of Ounce Labs http://www.brighttalk.com/webcast/288/2624 Application Security Summit Information Security Mon, 26 Jan 2009 17:00:00 +0000 Douglas J. Haider is a Principal Application Engineer with Xirrus. Mr. Haider has over ten years experience in wireless networking, security, and audit. He started his career as an Intelligence Officer with the United States Air Force where he held various positions including Deputy Branch Chief at the Air Force Information Warfare Center and Chief of Intelligence Systems at a fighter wing. He has also served as a business consultant at both Protiviti and Accuvant. Mr. Haider holds a B.S. from Vanderbilt University where he majored in Physics. He also earned a M.S. from the University of LaVerne with a concentration in Business and Organizational Management. He holds over a dozen information security and wireless certifications including the CISSP, CISM, and CWNE. Douglas is a SANS Stay Sharp Instructor, a SANS Certified Mentor, and a frequent speaker on wireless technologies at industry events, professional organizations, and universities. http://www.brighttalk.com/webcast/288/1475 Douglas J. Haider, Principal Application Engineer at Xirrus http://www.brighttalk.com/webcast/288/1475 Data and Privacy Summit Tue, 16 Dec 2008 21:45:00 +0000 The Path to Protecting Your Vital Information with Chris Parkerson, Group Solutions Marketing Manager, and Evelyn de Souza, Senior Manager Risk and Compliance at McAfee http://www.brighttalk.com/webcast/288/873 Chris Parkerson and Evelyn de Souza at McAfee http://www.brighttalk.com/webcast/288/873 Data and Privacy Summit compliance risk Tue, 16 Dec 2008 20:30:00 +0000 Over 300 million records have been breached since 2005 -- more records have been breached than people that live in the United States. It is reported that 1 in 9 adults have had their personal information compromised. We face an epidemic that requires a shift in thinking and a change in behavior. Individuals hold the key to success. What would you do if you walked into your office, house or to your car to find your laptop, Blackberry and confidential documents stolen? Would your customer’s or your personal information be safe? Join Michael Santarcangelo, author of Into the Breach: Protect Your Business by Managing People, Information and Risk on a guided journey Into the Breach to reveal the real problem – a paradoxical human challenge – and how to take back control. Learn how to get results that change the way people protect information with a powerful approach any organization can implement immediately. In these uncertain times, companies can no longer afford to ignore the real problem and increased risk. Into the Breach provides the essential insights to properly address these challenges without doing more harm. The results-oriented strategy revealed lays out a path to improved protection and: • Improved revenue opportunities • The ability to maximize budgets effectively while bolstering the bottom line • A better way to manage people, information and risk http://www.brighttalk.com/webcast/288/1233 Michael Santarcangelo- Catalyst, Security Catalyst http://www.brighttalk.com/webcast/288/1233 Data and Privacy Summit Tue, 16 Dec 2008 19:00:00 +0000 Due to the unprecedented growth of unstructured data, it is getting increasingly difficult for IT Professionals to effectively manage and protect their sensitive information. This presentation reviews information management best practices to enable you to not only improve security of your sensitive data, but also provide better visibility into the information you have. http://www.brighttalk.com/webcast/288/1171 Doug Levitt, Senior Director and Jonathan Brill, Director: Abrevity http://www.brighttalk.com/webcast/288/1171 Data and Privacy Summit Tue, 16 Dec 2008 17:00:00 +0000 Managing and protecting data in the global information economy demands coordination between an organization’s privacy and infosecurity teams as well as a mutual understanding of the unique skills and expertise that each discipline brings. With the precipitous rise in reported security incidents, it is paramount now more than ever that these groups work together effectively. This session will address regulatory compliance, incident response, emerging threats and vendor management as just some of the many areas where privacy and infosecurity professionals share common goals and needs and can collaborate effectively. It will also address the notion of dual-certification as a means for ensuring consistent privacy and infosecurity education within an organization. Peter Kosmala, CIPP, is the Assistant Director of the International Association of Privacy Professionals (IAPP) the largest organization in the emerging field of privacy and data protection representing over 6,000 members from 34 nations. The mission of the IAPP is to define, promote and improve the privacy profession globally through education, networking and professional certification. The IAPP offers the Certified Information Privacy Professional (CIPP), which remains the leading professional certification in data privacy with many thousands of credential holders worldwide. http://www.brighttalk.com/webcast/288/1422 Peter Kosmala, CIPP, Assistant Director, IAPP http://www.brighttalk.com/webcast/288/1422 Data and Privacy Summit Information Security Tue, 16 Dec 2008 16:00:00 +0000 At the heart of any discussion on data and privacy is the reason for implementing procedures and controls: to prevent a crisis. A data crisis can be manifest in several ways: failed access to data, corruption of the data integrity, or a breach in the privacy and confidentiality of the data. Each of these scenarios requires an effective crisis response plan, and the details will be different for each case. The crisis response plans will be effective only to the degree that advanced preparation considers the impact of the potential failure on business units and in business terms. In this web seminar, the differences between each of these data failures will be outlined, and a detailed discussion of best practices for effective crisis response will be presented. Best practices will consider technology architecture alternatives, operational procedures and controls, and the business impact of each type of failure. http://www.brighttalk.com/webcast/288/1203 Jim Grogan, VP, Consulting Product Marketing, SunGard Availability Services LP http://www.brighttalk.com/webcast/288/1203 Data and Privacy Summit Tue, 16 Dec 2008 15:15:00 +0000 Steal This Presentation - The Problem of Data Leakage http://www.brighttalk.com/webcast/288/1317 Caroline MacDonnell, Business Development Manager, Orthus http://www.brighttalk.com/webcast/288/1317 Data and Privacy Summit Wed, 03 Dec 2008 00:30:00 +0000 While physical and logical access control convergence has been a hot topic for many years, not many organizations have deployed a single credential that can be used for both physical access (i.e. getting into the building) and logical access (e.g. network or application login). Instead, versatile authentication has been emerged as the real convergence driver: Considering the fact that many organizations have to manage identities across multiple trusted sources (e.g. employees, partners, customers, and suppliers), it is apparent that the distinction of market segments such as employer-to-employees and business-to-customer is diluting and the need for a consistent enterprise wide approach to identity assurance develops. The presentation will showcase current market trends in the identity management and identity assurance space, and then outline the implications for the selection of a versatile authentication platform as means to ensure trust to interact electronically with your employees, partners, suppliers, and customers, as well as a pathway to compliance. http://www.brighttalk.com/webcast/288/1234 Torsten George:Head of Global Marketing & Jerome Becquart:VP Products/Service http://www.brighttalk.com/webcast/288/1234 Identity and Access management summit Tue, 02 Dec 2008 23:15:00 +0000 The National Institute of Standards and Technology, NIST, calls biometrics the most definitive real-time authentication tool available today . Learn how to integrate fingerprint biometrics into your Identity Access Management system. Users can securely log-in to computers, networks, applications and web sites with the swipe of a finger. Meet regulatory requirements for two-factor authentication or eliminate passwords altogether and the overhead related to password policy and administration. http://www.brighttalk.com/webcast/288/1208 Kass Aiken, Vice President of Sales, Ceelox http://www.brighttalk.com/webcast/288/1208 Identity and Access management summit Tue, 02 Dec 2008 22:15:00 +0000 VRM, or Vendor Relationship Management, is the reciprocal of CRM or Customer Relationship Management. VRM describes a set of tools, technologies and services that help individuas and organizations manage relationships with vendors. In turn, vendors who align themselves to these tools, technologies and services will have the opportunity to build better relationships with their customers. The goal of VRM is to improve the relationship between the demand-side and the supply-side of markets by providing new and better ways for the former to relate to the latter. In a larger sense, VRM has the potential to improve markets and their mechanisms by equipping customers to be independent leaders and not just captive followers in their relationships with vendors and other parties on the supply side of the marketplace. Vendor Relationship Management is partly an outgrowth of the consumer identity and privacy areas, and partly a vision for much more. Eve Maler is a Principal Engineer at Sun Microsystems and an active contributor of SAML, the Liberty Alliance, and other identity management standards. http://www.brighttalk.com/webcast/288/1231 Eve Maler, Principal Engineer, Sun Microsystems http://www.brighttalk.com/webcast/288/1231 Identity and Access management summit Tue, 02 Dec 2008 21:00:00 +0000 Authentication, Authorization & Auditing Non-Microsoft Platforms Using Active Directory Accountability is the cornerstone of secure and compliant IT environments. Organizations that cannot definitively link individual users' access to and activity on key systems risk security breaches or audit failures. We outline best practices in identity and access management, and discusses the role Active Directory can play in centrally managing non-Windows systems and streamlining IT operations. http://www.brighttalk.com/webcast/288/1187 David McNeely, Director of Product Management, Centrify http://www.brighttalk.com/webcast/288/1187 Identity and Access Management Summit Auditing Tue, 02 Dec 2008 20:00:00 +0000 Global companies and public sector organizations alike face increased scrutiny from regulators, auditors, shareholders, and trading partners to certify the integrity of their business processes and safeguard sensitive information such as customer and employee data. To effectively respond to these needs in a sustainable manner, organizations must leverage automated solutions to identify, analyze, and continuously monitor controls that govern how critical business applications are configured, who has access to which systems, and what type of transactions are being executed. Join Oracle to learn how a comprehensive and in-depth approach to controls management can help you meet regulatory obligations, establish best practices, minimize risk and inefficiency, and streamline internal and external audits. http://www.brighttalk.com/webcast/288/1241 Das Soumya, Senior Director, Product Marketing http://www.brighttalk.com/webcast/288/1241 Identity and Access Management Summit Tue, 02 Dec 2008 19:00:00 +0000 Planning for Identity and Access Management http://www.brighttalk.com/webcast/288/1161 Russell Williams & Matthew Kotraba, Associates at Booz Allen Hamilton http://www.brighttalk.com/webcast/288/1161 Identity and Access Management Summit Tue, 02 Dec 2008 18:00:00 +0000 Privileged password management is a sub-category of an overall Identity Management effort but comprises two thirds of your identity challenge. Privileged passwords can be used by administrators and/or applications and the policies that govern their use are entirely different from end-user passwords. The number of privileged passwords residing on your network can be 2 to 3 times the number of your end-user passwords. This webinar will explain the privileged password compliance issue and an approach to solving the challenge of managing these passwords. http://www.brighttalk.com/webcast/288/884 Robert Grapes, Chief Technologist, Datacenter Solutions, Cloakware, Inc. http://www.brighttalk.com/webcast/288/884 Identity and Access Management Summit security Tue, 02 Dec 2008 17:00:00 +0000 Budgets and resources for multi-year, multi-million dollar big bang identity management initiatives are at risk given the economic uncertainties companies face heading into 2009. However, there is an alternative: small, affordable identity management projects that quickly deliver highly visible benefits. In this presentation, Mr. Donaldson will discuss strategies for implementing “recession-friendly” identity management initiatives. http://www.brighttalk.com/webcast/288/994 Mike Donaldson, VP Marketing at Ping Identity http://www.brighttalk.com/webcast/288/994 Identity and Access Management Summit Tue, 02 Dec 2008 16:00:00 +0000 Over the last decade, companies have invested in a number of products and technologies to address the operational challenges of Identity Management, such as provisioning, single sign-on, directories, and others. In recent years however, newer concerns including regulatory compliance, auditable controls, and effective risk management have given rise to a new class of solutions focused on "identity intelligence". This session will look at the critical issues that companies are facing, and the role identity intelligence plays as those companies attempt to bridge the gap between business policy and technology infrastructure, while balancing the needs of users, IT staff, the company and its stakeholders. http://www.brighttalk.com/webcast/288/967 Mark McClain, CEO and Founder, SailPoint http://www.brighttalk.com/webcast/288/967 Identity and Access Management Summit Policy Thu, 06 Nov 2008 21:00:00 +0000 On October 1, 2008 Nevada required encryption for all electronic transmissions of personal information outside of secure networks (NRS 597.970). If you do business in Nevada you are now required to protect certain private information. Some of this information needs to be protected under the Federal Rules of Civil Procedure when litigation occurs. http://www.brighttalk.com/webcast/288/1055 Ira Victor http://www.brighttalk.com/webcast/288/1055 Compliance Nevada security encryption Wed, 22 Oct 2008 23:30:00 +0000 Ira Victor continues to present: Securing customers' private information: What NRS 597.970 means http://www.brighttalk.com/webcast/288/920 Ira Victor of Data Clone Labs http://www.brighttalk.com/webcast/288/920 Data security IT information nevada Wed, 22 Oct 2008 22:15:00 +0000 On October 1, 2008 Nevada became the first state to require encryption for all electronic transmissions of personal information outside of secure networks. If you do business in Nevada and your organization possesses sensitive client data (including social security information, credit card numbers, drivers license numbers, etc), you are now required to ensure that the information does not get transmitted in the clear. The Nevada statute, NRS 597.970 is one of the first data protection laws that specifically requires personally identifiable information be encrypted. http://www.brighttalk.com/webcast/288/893 Ira Victor, Director of the Compliance Division at Data Clone Labs http://www.brighttalk.com/webcast/288/893 Data Security IT Information Wed, 22 Oct 2008 16:30:00 +0000 Mr. Victor is a dynamic data security and compliance expert. Learn the newest PCI threats you can't ignore, plus the latest legal issues in PCI-related compliance. Topics: Wireless (in)security, data loss prevention, two-factor authentication, PCI 6.6, and more. http://www.brighttalk.com/webcast/288/892 Ira Victor http://www.brighttalk.com/webcast/288/892 PCI Compliance Summit data security