EC-Council | Security Channel

The webinar will cover the life cycle of a security audit from start to finish. Several areas will be discussed to include auditing of software. There will be tips on how to reduce the number of audit findings from a security and privacy perspective from the start of the SDLC (Software development life cycle). This presentation will focus on FISMA audits, but the tips can be applied to all security and privacy audits.

Companies are eager to adopt infrastructure-as-a-service services in both public providers and private datacenters because of the business agility that IaaS enables. Full IT automation, self-service provisioning, and metered usage billing helps companies accelerate the development of their products and services, and improves organizational efficiency. Unfortunately, many companies are struggling to accelerate the most important parts of their business due to the challenges of securing these highly dynamic environments. In this talk Rand Wacker, VP of Products for CloudPassage will describe the challenges of security and compliance in a truly automated cloud and critical topics that you need to be aware of when planning to adopt cloud services in either public or private environments.

In this session, we look at the issues with testing and audit. This is the base causes of why we fail to secure systems and how we can more effectively create methodologies that actually find flaws. Penetration tests and audit each have major failings, but when done correctly and with the right incentives, they can help make us more secure. When done poorly, we all suffer.

As more applications have moved to the cloud, the industry has seen a proliferation of application security issues. In 2012, several cloud service providers were breached as a direct result of application security vulnerabilities. Before you choose a cloud service provider, make sure that it answers the series of security questions created by the Cloud Security Alliance (CSA). CSA has created a checklist of industry-accepted ways to document what security controls exist in IaaS, PaaS, and SaaS offerings – creating more transparency for enterprises. The speakers will walk attendees through this blueprint, helping them to become more adept at identifying service provider security readiness. They'll also discuss some of the most common application vulnerabilities, including unencrypted passwords, SQL Injection, and those that impact poorly architected mobile apps.

New and disruptive technology is changing how we live and work. It is no longer just the infrastructure of our organization, providing tools and information with which to run our business, it has become integral to many of our products and services. The deployment of technology is the #1 way in which CEOs look to gain advantage and market share, and the CIO must be a visionary leader of the organization.

The panel will discuss how this affects IT Governance. Is it still appropriate to focus on the enterprise governance of IT as a separate but important issue? Or, should the focus shift to governance of the enterprise as a whole and whether it is taking sufficient advantage of technology? Panelists will address the issue from the perspective of an IT Governance Evangelist, an advisor to boards and CFOs, and a leading internal auditor.

As the cloud model continues to disrupt and enhance the modern enterprise IT teams are facing new challenges retaining security and control in these new environments. This panel will explore a multifaceted approach to the cloud that looks at the importance of integrating the right tech solutions and deployments while negotiating and understanding your relationship with cloud providers.

Panel:

Bill Brenner, Managing Editor, CSO Magazine (moderator)
Nataraj Nagaratnam, Ph.D., IBM Distinguished Engineer, IBM Master Inventor
Chris Farrow, Information Security Specialist, Compassion International
Jason Mendenhall, EVP Cloud, Switch

Join us as top security experts look at some of the latest security challenges and provide strategies for defense, including how to quickly implement a robust solution that provides the protection you need without impacting your network performance or reducing employee productivity. You will learn how to better protect your networks from the inside as well as the outside, with solutions that reduce work for IT and security teams.

You will learn about:
•The malware menace – latest stats and facts
•Third party industry firewall comparison results: which firewall is best for you?
•Best and easiest practices for securing end points
•How a customer implemented a solution—step-by-step
•And much more…

Cloud, virtualization, mobility, and consumerization have greatly changed how IT assets are owned and operated. Rather than focusing on loss of security control, the path forward is cultural change that finds serenity and harnesses the control we’ve kept. The Control Quotient is a model based on control and trust, allowing proper application of security controls, even in challenging environments.

Synopsis:
This webinar will define the concept of active defense or "hack back”. During his talk, David will explore the legal issues, reveal how it can be accomplished without breaching any laws, and show you how active defense will actually improve your security posture.

About the speaker:
David is a leading authority in cyber security and the law. He is a licensed attorney in NY, CT, and CO, and owner of Titan Info Security Group, a Risk Management and Cyber Security law firm. David is a retired Army JAG officer. During his 20 years in the Army he provided legal advice in computer network operations, information security and international law to the DoD and NSA and was the legal advisor for what is now CYBERCOM. He holds the CISSP & Security + certifications and has two LLM’s in International Law and in Intellectual Property law. He is a VP of his local ISSA chapter and a member of InfraGard.

In today's open and interconnected enterprise, traditional perimeters are being extended to adopt mobile, cloud, social access and information interactions. To make matters worse, many organizations face the growing risk and burden of managing multiple identity and access controls without the required security intelligence to address those challenges. They need the ability to secure identity and access across the wide variety of enterprise and internet resources from any device, any service and any source. In this session, join IBM to review the emerging needs, the next generation access and identity management solutions available today to enable secure and rapid adoption of mobile, cloud, and social transformation.