(ISC)2 Security Congress 2012 – An Insider’s Look

More and more organizations are exploring the ramifications of Big Data on their enterprises. Deployments of Smart Meters to better manage the electric grid, Industrial Control Systems (ICS) across a variety of sectors, and the promise of always on and always connected systems are pushing organizations to gather more data than previously imagined. What are the implications from a privacy and intellectual property perspective and how can we as security professionals provide a level of control and risk management over the coming wave of The Internet of Things? Join (ISC)2 and Capella University on May 23, 2013 at 1:00pm Eastern for a discussion on these important concerns.

Face it, BYOD is already here, at least in parts of your enterprise. But, it is probably not the right solution for every part of the organization. By spreading the right message to the right people, you can slow this trend enough to identify who should, and who should not be connecting personal devices to the corporate network. Join IBM Software Group and (ISC)2 on April 18, 2013 at 1:00pm Eastern as we take a look at key factors in identifying off-limits employee groups and how to include Human Resources (policy), Legal (contracts), Finance (billing) and IT (purchasing) to craft a much more robust risk picture from which your stakeholders can make an informed decision about this strategy.

Digital security is the new battleground and cyber criminals are focused on stealing corporate and government secrets for financial and strategic gain. With increasing internal and external attacks and stronger regulatory compliance enforcement, investing in data security is a top priority for organizations; yet, significant gaps still exist at the very core - the databases that house the crown jewels. Join (ISC)2 and Oracle on Apr 4, 2013 for the conclusion of our Security Briefings series as we summarize implementing an effective database security strategy by using administrative controls that can help organizations discover where sensitive data resides and who has privileged access to this data.

In May of 2010, CA and The Ponemon Institute released a survey in North America and Europe on the security of cloud applications, infrastructure and platforms. Almost 3 years have passed from that initial study and CA and Ponemon have decided to revisit the topic. What¹s changed in 3 years? Are the concerns the same or have they evolved? Have security threats changed to meet this new computing model? Have solutions kept pace? Are more standards in place? Join (ISC)2 along with CA, The Ponemon Institute and Cloud Security Alliance on March 21, 2013 for a discussion on the latest survey findings and what the industry thinks about cloud security issues.

The collaboration and sharing of information made possible by social media has enabled a new class of social engineering attacks, greatly increasing the risks posed by insiders for most organizations. Consider that LinkedIn searches for "Database Administrator" and "System Administrator" return over one million potential targets. In fact, stolen credentials were involved in 84% of the attacks that have resulted in over one billion records stolen from database servers. Join (ISC)2 and Oracle on February 21, 2013 for Part 2 of our Security Briefings series as we focus on database security and the preventive controls that can be used to mitigate the risks posed by insiders and attackers exploiting legitimate access to data and database infrastructure by adopting a defense-in-depth strategy.

With modern enterprises generating hundreds of millions of log events per day, how is today's practitioner supposed to make sense of this deluge and distill from it actionable intelligence? To date, legacy SIEM implementations have relied on vast numbers of rules and correlation logic to separate the signal from the noise. With ever increasing data volumes this becomes a model that is difficult to scale.

To identify stealthy attacks, stop attacks before they become breaches and improve security defenses, organizations need stronger context, advanced analytics and dynamic access to data. Join us on February 14, 2013 at 1pm Eastern where (ISC)2 and McAfee & DynTek explore how SIEM implementations need to evolve to fight the increased sophistication of attacks and derive meaning from the ever growing masses of security data.

Part 1: 60 Seconds to Infiltrate, Months to Discover
According to leading industry reports, 98% of breached data originates from unsecured database servers and nearly half are compromised in less than a minute! Almost all victims are not aware of a breach until a third party notifies them and nearly all breaches could have been avoided through the use of basic controls. Join (ISC)2 and Oracle on January 31, 2013 for Part 1 of our next Security Briefings series that will focus on database security and the detective, preventive, and administrative controls that can be put in place to mitigate the risk to your databases. There's no turning back the clock on stolen data, but you can put in place controls to ensure your organization won't be the next headline.

Just about every company is conducting commerce over the internet. Because of this, compliance with the Payment Card Industry Data Security Standard 2.0 (PCI DSS) has become a concern all the way to the boardroom. Yet, as we know from on-going headlines, data breaches are still happening. And on top of that, new threats and technologies are being introduced every day. What can your organization do to streamline the process, mitigate the problem and protect your company and your customers from data breach? Join (ISC)2 and Voltage Security along with FishNet Security on January 24, 2013 for our first ThinkTank Roundtable of the New Year as we discuss PCI and solutions to this important multi-faceted issue of payment security in a changing world.

Security and risk professionals are increasingly turning to risk-based authentication as an alternative to other authentication solutions. Usability, ease of deployment, and the ability to work well on mobile devices are just some of the reasons driving the adoption of risk-based authentication in the enterprise. But even more important, rapid advances in cyber threats - from phishing to session hijacking - call for a new risk-based approach that allows for continuous learning of the environment and the user and enables authentication and access controls to be adjusted in real-time. Join (ISC2)2 and RSA on January 17, 2013 at 1:00pm Eastern for a discussion on risk, authentication and access control.

It seems that all organizations are talking about these days is "Big Data". As security professionals, we all know that there are challenges in securing it, making it appropriately accessible and classifying the growing mountains of data. How do organizations deal with these issues, as well as adding the appropriate controls for identity and access to limit the disclosure and leakage of sensitive data. Join (ISC)2 and CA Technologies on December 20, 2012 at 1pm Eastern as we present the final part of our Security Briefings series on Identity and Access Management.

Chances are it’ll happen to your organization. A large malware outbreak will hit and you’ll have to deal with the incident itself and the aftermath. Join (ISC)2 and Verisign on December 13, 2012 for our next ThinkTank Roundtable for a discussion about best practices that can be used and the new processes that can be implemented. We’ll also examine the skills that can be called into play to mitigate the damage and get the enterprise back up and running infection free.

On the surface, leveraging social or consumer identities in the business world might not seem that useful. The truth is many organizations are finding that their marketing departments are active on the social networking front and trying to leverage more information from it. Being successful in this could prove to be a huge advantage. However, these disparate identities and the information gathered needs to be secured. How can a security department best work with the marketing department to connect and protect these identities? Is there a better way to capture online customers and identities? How does security become a business enabler in a situation like this? Join (ISC)2 and CA Technologies on November 29, 2012 as we continue our Security Briefings series

The Bring Your Own Device [BYOD] trend is in full swing as the growth of
mobile devices within the enterprise explodes. How do you enable secure
data access for mobile applications? How do you deal with user
authentication? How do you allow broader adoption for enterprise
applications on user owned devices? Join (ISC)2 and CA for the next part
of our Security Briefings series on October 25, 2012 as we outline
solutions to these issues, explore different mobile security approaches,
and discuss, through case studies, how others have solved these problems.

It seems as though every node on the Internet is under attack. As security practitioners, we spend most of our time and effort layering defenses and cleaning up the aftermath of these attacks often, without any idea who might be behind them. Chances are, the bad guys you think are attacking you aren¹t the guilty parties. Join (ISC)2 and Trend Micro for a roundtable discussion on cyber attacks, advance persistent threats (APTs) and the entities out there that are targeting and attacking networks and how to defend against them.

Virtualization Challenges for Privileged Identities

(ISC)2 is excited to bring you part 3 in their Security Briefings Series, "Virtualization Challenges for Privileged Identities". These Security Briefings are a series of monthly webinars focusing on different aspects of a specific area of information security. This series allows members to gain a better understanding of a given subject by allowing us to dig deeper, uncovering hidden pitfalls and discovering the challenges inherent in considering solutions, all presented by noted subject matter experts.

On September 27, 2012 at 1pm Eastern, we will kick off Part 3 of a 6 part "Identity is the New Perimeter" series sponsored by CA Technologies. "Virtualization Challenges for Privileged Identities" will host Nimrod Vax, VP, Product Management, who will examine trends in managing access to virtual environments, how the compliance efforts are being impacted by the migration of business critical and sensitive applications into the virtual datacenter, and how protecting the entire virtualized infrastructure presents interesting problems for today's CISO.

While traditional Identity and Access Management (IAM) solutions allow
control to access to key applications and information, they do not control
what an individual does once they get the information. Soft skill efforts
such as data classifications and information protection policies are still
critical, and provide a valuable foundation of your protection strategy,
but what tactics and technologies do they require to support the rest of
your efforts? Join (ISC)2 and CA Technologies for part 2 of our Security
Briefings series on August 30th at 1pm Eastern where content expert Sumner Blount discusses with moderator Brandon Dunlap and the audience these topics and presents case studies on IAM and content control.