The State of IT Security and GRC in 2012

Big data has the potential to unlock data analytics to a whole new level. With more data comes more targeted predictive analytics, marketing, security measure and more. However, as you collect more data, especially about people, privacy becomes an issue. How much data about one person is too much data? Where do we draw the line between good business practices and invasion of privacy?

Attend this webinar as this panel of experts discover where that line lands and which questions should you and should you not be asking from big data.

In order to properly understand the mobile malware threat, it is not sufficient to understand platform particulars (such as limitations of battery power and computing power) or to understand software, hardware and firmware approaches designed to complicate corruption of devices. It is also important to understand the motivations of the malware authors.

At the same time as we benefit from understanding attackers, we also benefit from seeing the problem from the perspective of the potential victim. Since mobile devices are commonly always on and many types of malware depend on a user action (such as accessing an email), we can conclude that this change of access patterns has the potential of substantially increasing the propagation rate, including during the normally very slow ramp-up phase.

Having created a clear understanding of the threat, and its likely future trends, we are ready to consider what features need protection. By breaking free from the traditional expectation of defending against malware and instead considering the rational motivations of typical fraudsters, we can identify what routines and information repositories are most likely to be targeted by malware and focus our attention on how to improve our protection of these.

Another objective of relevance is to consider ways to align control to the access of such critical resources with liability -- in other words, to allow relying parties to make security assessments of devices before granting access to resources they control. If done successfully, it will reduce the need for typical consumers to take control of the security of their devices -- a very important goal to reach given that typical consumers are not good judges of what constitutes safe behavior.

In this post-PC era, people work from outside the office on smart phones, tablets and laptops. They use unsecured Wi-Fi at airports, coffee shops and hotels. And the rise of cloud-based applications has enabled employees to access critical data without connecting back to headquarters through a VPN. As the lines between when, where and how work gets done continue to blur, and IT continues to lose visibility and control, security risks increase. Yet, despite the rapidly shifting technological landscape, exploding device diversity, and the rising work-anywhere culture, security solutions still focus on how to secure corporate networks. This session will discuss how businesses can leverage the cloud to seamlessly deliver security to users, wherever they choose to work.

Today’s MDM solutions are effective at lost device and malicious app protection, ensuring passwords are used and separating and securing both personal and corporate information on the same device – but what about protecting against apps with shady privacy practices? For instance, apps whose developers monetize through imbedded advertising engines which pay based on the amount of user data collected. Or, apps which insecurely store, access and/or transmit user data. How can IT admins protect against the choices users are making when installing 3rd party apps? From a security perspective, this area needs to be addressed before corporate and personal data is compromised. As a result, a mobile application reputation service for Android and iOS platforms is required to specifically address the issues of shady apps. By analyzing dozens of key metrics, app reputation analysis greatly assists in the decision making process when it comes to a user installing a new app. By being able to immediately alert the user to the potential security risks, or poor security practices, it provides an informed opportunity for them to compare the app against other similar, yet more secure, apps.

Smart phones and portable devices are overtaking PCs and laptops
as the primary gateway for users accessing the Internet and web-based
applications. However, this fragmented ecosystem poses treacherous
challenges to app developers like banks and financial institutions, even as it provides extremely lucrative hunting grounds for hackers.

This talk examines current market trends for mobile apps, explains major classes of threats and hacks faced by mobile apps, and suggests mitigation strategies.

The mobile enterprise challenges are mounting: enabling users simple and secure access to the network, ensuring applications run smoothly, and building sufficient capacity to handle unpredictable usage and future growth. A superior level of Wi-Fi design is now required—something shown lacking by a recent Gartner report: “By 2015, 80% of newly installed wireless networks will be obsolete because of a lack of proper planning.” A clear indication of the problem is that a typical wireless user is provisioned with less than 5% of the bandwidth of a typical wired user. Wi-Fi Optimization includes designing for: the user, device, application, spectrum and capacity. This session will examine critical design components to ensure predictable performance, even under heavy loads.

For twenty years Peter Wood and his team at First Base Technologies have conducted network penetration tests for some of the largest organisations in the UK. These tests have revealed that most networks suffer the same vulnerabilities, most of which could be negated by understanding how and why attacks take place. In this presentation he discusses these vulnerabilities, illustrated by real-world examples, and suggests ways in which your exposure to attack can be minimised

From increasing productivity to reducing operational costs, it's time for companies to look at how they be more effective with BYOD. Join Marco Nielsen, VP of Services at Enterprise Mobile, as he shares how to optimize your BYOD strategy and execution, how to make the most of your existing management solutions and how to address security challenges that have arisen from a much more diverse mobile device and application landscape.

Bring Your Own Device (BYOD) policies have led to the consumerization of IT in the enterprise that delights business users, but creates security challenges for IT departments.
This panel discussion will discuss the security challenges that personal smartphones and tablets can bring to organizations. It will also examine what can be done to strengthen the security posture of a company with a BYOD policy. Topics that will be discussed include:

Malware, rooted devices, & remediation
Policies & policy enforcement
Mobile Device Management (MDM)
Digital containers for enterprise data
BYOD security best practices

The widespread cloud adoption and the DevOps movement are unifying parts of the organization that has never worked together before: Development, IT Operations, Infosec and Service Management. Together, they’re achieving outcomes that we’ve never seen before: hundreds or even thousands of deploys per day, with unparalleled uptime and security. This panel will discuss how DevOps discuss how all these various stakeholders are required to help the business win.

Panel:

Gene Kim, Author, "The Phoenix Project: A Novel About IT, DevOps, and Helping Your Business Win” (Moderator);
Nick Galbreath, VP Engineering IPONWEB;
Jez Humble, Author, “Continuous Delivery,” ThoughtWorks Studios;
John Willis, Chief Security Architect, enStratius

Businesses around the world are observing a constant increase in the amount of employees bringing their own devices to work. The trend has become significant that the term "BYOD" can no longer be ignored by corporations.

Up until now, businesses debating their BYOD policy have focused on three key aspects: flexibility, convenience and productivity. However, new research goes much further than these simple needs. As we live in a constantly connected world, scientists are discovering distinctive addiction patterns in the brains of device users. There is now evidence that preventing someone from using their device can increase levels of stress and nervousness.

With such strong connections between people and devices, it is impossible to try and resist the BYOD trend. If you can't fight it, how will you secure it?

Employees are bringing their own tablets, smartphones, personal computing devices – and their expectations of how they want to perform their jobs, to work. But, whether the employee or enterprise bought the phone, with shared-use devices the fundamental requirements are the same – keep business data secure, and personal data private.

This webinar will present an application architecture for mobile that’s built around the identity of the employee. The architecture will consider the employee’s role and authorization rights to access business apps and data, while also ensuring personal data is not accessible by the enterprise. Questions covered include:

Why is BYOD an identity problem?
What BYOD factors must be balanced?
What identity standards can help address BYOD?

A 2012 global survey reported that 88% of consumers use a personal mobile device for work. This year, Gartner has gone further, predicting that 50% of employers will stop providing devices by 2017, requiring employees to bring their own. If a bring your own device (BYOD) programme doesn’t already exist in your organisation, you need to start thinking now of the risks and if and how they can be managed. This webinar will discuss the continuing BYOD and mobile device in the workplace trend and offer an information-centric approach to assessing and managing the associated risks. It will provide insight and guidance on the implementation of BYOD programmes and in particular, discuss how to:

· Take a risk-based approach to implementing BYOD projects

· Identify the risks and threats posed by employee-owned devices connecting to the organisation’s systems

- Conduct analysis of the business impacts that BYOD incidents could present

· Assess the organisation’s vulnerabilities to those threats

· Adopt and learn from BYOD leading practices

The audience for this webinar is Chief Information Officers (CIOs), Chief Information Security Officers (CISOs), executives responsible for BYOD programmes, their direct reports, and all others participating in committees or working groups responsible for managing BYOD programmes.

Synopsis:
Cool technologies show up for the consumer market before they're available to the business market. Employees are either going to figure out ways around the corporate security rules, or they're going to take another job with a more trendy company. Either way, senior management is going to tell security to get out of the way. It might even be the CEO, who wants to get to the company's databases from his brand new iPad, driving the change. It's going to be harder and harder to say no. Peter Wood looks at what firms are doing to answer this challenge and offers some pragmatic advice

About the speaker:
Peter is a world-renowned security evangelist, speaking at conferences and seminars on ethical hacking and social engineering. He has appeared in documentaries for BBC television, provided commentary on security issues for TV and radio and written many articles on a variety of security topics.

Peter has worked in the electronics and computer industries since 1969. He has extensive experience of communications and networking, with hands-on knowledge of many large-scale systems. He founded First Base Technologies in 1989, providing information security consultancy and security testing to commercial and government clients. Peter has hands-on technical involvement in the firm on a daily basis, working in penetration testing, social engineering and awareness.

Synopsis:
Whether or not your business is at high risk of an attack, appropriate action must be taken in the event of a data breach. The procedure must ensure that the business is not compromised while still preserving necessary forensic evidence.
There are currently no data breach notification regulations in force - but if there were, how would your business fair with them? Is your business using best practices before it has to comply?
This session will explore some of the best practices to follow in dealing with breaches before EU Data Protection Regulations require data breach notification and response to data subjects in the event of a breach.

About the speaker:
Sarb Sembhi is a Principal Security Consultant with “Incoming Thought”, a security consultancy. Sarb is a regular speaker at Information Security Conferences around the world, including at CxO Summits, Gartner Summits, InfoSec Europe, RSA Europe, HITB, BCS, ISACA, IIPSec, IT Directors Forum.
Sarb is also the immediate past President of ISACA (London Chapter), Chair of the ISACA Region 3 Government and Regulatory Agencies Sub-committee, a member of ISSA Advisory Board, Eurim, Infosecurity Magazine Editorial Board, Infosecurity Advisory Council 2009, and an individual member of the Parliamentary IT Committee.

In this webinar, Michi will discuss how an organization can take the requirements of their infrastructure around operational controls, compliance and security to extend and expand them into a Security Intelligence solution.

Using a use case approach, organizations can look to extend and build upon their existing systems and controls to provide real-time warnings and feedback that allows them to make informed decisions focused around their business needs. Rather than just having a "top 10 attacker" reports and dashboards, how about a system that focuses around application lines and how this impacts business is more useful.

Synopsis:
The hot topics for 2013 are still cloud security, social networking and ‘bring your own device’ (BYOD). Peter Wood explores what happens when these three trends collide and the effect on the security of a typical large organisation. Pete believes that conventional security thinking has failed to address these challenges – so how do we deal with this brave new world and what can you do to manage the risks?

About the speaker:
Peter is a world-renowned security evangelist, speaking at conferences and seminars on ethical hacking and social engineering. He has appeared in documentaries for BBC television, provided commentary on security issues for TV and radio and written many articles on a variety of security topics.

Peter has worked in the electronics and computer industries since 1969. He has extensive experience of communications and networking, with hands-on knowledge of many large-scale systems. He founded First Base Technologies in 1989, providing information security consultancy and security testing to commercial and government clients. Peter has hands-on technical involvement in the firm on a daily basis, working in penetration testing, social engineering and awareness.

Before you choose an antivirus solution it's important to understand how it goes about detecting malware in the first place. Join us as we discuss:
- Security in the News
- Modern threat categoreis and attack vectors
- Endpoint risks, infection methods, payloads
- Detection with signatures and hueristics
- Zero Day Risk
- Technologies that protect removeable storage devices
- Best Practices

Join guest speaker Chris Sherman, researcher at Forrester Research, Inc., serving security & risk professionals, and learn why a new approach is needed to protect your enterprise against advanced threats.

Attend this webcast and learn:

-Why traditional security solutions-such as antivirus-are increasingly ineffective against the relentless tide of today's advanced threats and targeted attacks
-How real-time visibility, forensics and signature-less detection on endpoints and servers are the keys to reducing your organization's threat surface
-The benefits of integrating endpoint/server security with network security for comprehensive protection