Browse communities
Presenting a webinar?
Share this content

Technology Overload? Why Just Buying New Tools Is Not the Way to Better Security

Amar Singh, CISO, News International
Can you stand in front of your CEO or Board and guarantee them that all the investments they have signed off for Information Security will protect them from the APTs or Hackers or the latest Malware? Can you? Have you invested in all the best tools, software, systems & devices AND are still not really confident if they all work together to find that one piece of malware that you know may cost your company millions of dollars in reputation and fines?

Don't spend a penny (or dollar) more on any new technology until you hear Amar's take on why all the tools, systems, devices are pretty much useless unless you have, as they say, "all your ducks in a row"

Breaking the mold of the typical CISO, Amar Singh is making a mark in the global InfoSec community as a leading, innovative, and benchmark-setting Information Security C-Level Executive. Amar brings a unique fusion of pragmatism, practicality, with a healthy dose of proportionate paranoia to his work and is commanding the Information Security and assurance space with his inspiring approach to Information Security Governance, Risk & Compliance.

Amar is also known for offering cutting-edge Solutions for all aspects of IT Security & Information Assurance development, from design and planning to creation of overall infrastructure and processes. Amar is a long time CISSP (33055), holds UK Security Clearance, and has several Industry certifications including ISACA's CRISC, Management of Risk Practitioner, ITIL, Certified Ethical Hacker and many others.
Aug 9 2012
45 mins
Technology Overload? Why Just Buying New Tools Is Not the Way to Better Security
APT hackers threat solutions malware
  • Channel
  • Channel profile

EC-Council | Security Channel

Up Down
  • Big Data: Privacy Threat or Business Strategy? Sep 12 2013 2:00 pm UTC 60 mins
    Big data has the potential to unlock data analytics to a whole new level. With more data comes more targeted predictive analytics, marketing, security measure and more. However, as you collect more data, especially about people, privacy becomes an issue. How much data about one person is too much data? Where do we draw the line between good business practices and invasion of privacy?

    Attend this webinar as this panel of experts discover where that line lands and which questions should you and should you not be asking from big data.
  • Maintaining Security In an Always-On World Jul 18 2013 4:00 pm UTC 45 mins
    In this post-PC era, people work from outside the office on smart phones, tablets and laptops. They use unsecured Wi-Fi at airports, coffee shops and hotels. And the rise of cloud-based applications has enabled employees to access critical data without connecting back to headquarters through a VPN. As the lines between when, where and how work gets done continue to blur, and IT continues to lose visibility and control, security risks increase. Yet, despite the rapidly shifting technological landscape, exploding device diversity, and the rising work-anywhere culture, security solutions still focus on how to secure corporate networks. This session will discuss how businesses can leverage the cloud to seamlessly deliver security to users, wherever they choose to work.
  • Enhancing MDM's to Protect User Privacy through App Reputation Jul 17 2013 5:00 pm UTC 45 mins
    Today’s MDM solutions are effective at lost device and malicious app protection, ensuring passwords are used and separating and securing both personal and corporate information on the same device – but what about protecting against apps with shady privacy practices? For instance, apps whose developers monetize through imbedded advertising engines which pay based on the amount of user data collected. Or, apps which insecurely store, access and/or transmit user data. How can IT admins protect against the choices users are making when installing 3rd party apps? From a security perspective, this area needs to be addressed before corporate and personal data is compromised. As a result, a mobile application reputation service for Android and iOS platforms is required to specifically address the issues of shady apps. By analyzing dozens of key metrics, app reputation analysis greatly assists in the decision making process when it comes to a user installing a new app. By being able to immediately alert the user to the potential security risks, or poor security practices, it provides an informed opportunity for them to compare the app against other similar, yet more secure, apps.
  • BYOD: It's All About Protecting The Data, not the Device! Jul 17 2013 3:00 pm UTC 45 mins
    BYOD has several implications on protecting your corporate data, whether the device is managed, unmanaged, owned, controlled, or trusted. Many have been conditioned to believe that you cannot protect data on devices that you do not control, manage or own. Learn about the common misconceptions about BYOD security and what you can do to regain control over your corporate data on ANY mobile device, even without managing it.
  • The Irresistible Force of BYOD – How to Get it Running Securely Jul 16 2013 5:00 pm UTC 45 mins
    From increasing productivity to reducing operational costs, it's time for companies to look at how they be more effective with BYOD. Join Marco Nielsen, VP of Services at Enterprise Mobile, as he shares how to optimize your BYOD strategy and execution, how to make the most of your existing management solutions and how to address security challenges that have arisen from a much more diverse mobile device and application landscape.
  • Panel: Is BYOD Security An Oxymoron? Jul 16 2013 4:00 pm UTC 45 mins
    Bring Your Own Device (BYOD) policies have led to the consumerization of IT in the enterprise that delights business users, but creates security challenges for IT departments.
    This panel discussion will discuss the security challenges that personal smartphones and tablets can bring to organizations. It will also examine what can be done to strengthen the security posture of a company with a BYOD policy. Topics that will be discussed include:

    Malware, rooted devices, & remediation
    Policies & policy enforcement
    Mobile Device Management (MDM)
    Digital containers for enterprise data
    BYOD security best practices
  • To BYOD or Not to BYOD, That is the Question… Jul 16 2013 10:00 am UTC 45 mins
    A 2012 global survey reported that 88% of consumers use a personal mobile device for work. This year, Gartner has gone further, predicting that 50% of employers will stop providing devices by 2017, requiring employees to bring their own. If a bring your own device (BYOD) programme doesn’t already exist in your organisation, you need to start thinking now of the risks and if and how they can be managed. This webinar will discuss the continuing BYOD and mobile device in the workplace trend and offer an information-centric approach to assessing and managing the associated risks. It will provide insight and guidance on the implementation of BYOD programmes and in particular, discuss how to:

    · Take a risk-based approach to implementing BYOD projects

    · Identify the risks and threats posed by employee-owned devices connecting to the organisation’s systems

    - Conduct analysis of the business impacts that BYOD incidents could present

    · Assess the organisation’s vulnerabilities to those threats

    · Adopt and learn from BYOD leading practices

    The audience for this webinar is Chief Information Officers (CIOs), Chief Information Security Officers (CISOs), executives responsible for BYOD programmes, their direct reports, and all others participating in committees or working groups responsible for managing BYOD programmes.
  • The Consumerisation of Corporate IT - Stories from the Front Line Jul 16 2013 9:00 am UTC 45 mins
    Synopsis:
    Cool technologies show up for the consumer market before they're available to the business market. Employees are either going to figure out ways around the corporate security rules, or they're going to take another job with a more trendy company. Either way, senior management is going to tell security to get out of the way. It might even be the CEO, who wants to get to the company's databases from his brand new iPad, driving the change. It's going to be harder and harder to say no. Peter Wood looks at what firms are doing to answer this challenge and offers some pragmatic advice

    About the speaker:
    Peter is a world-renowned security evangelist, speaking at conferences and seminars on ethical hacking and social engineering. He has appeared in documentaries for BBC television, provided commentary on security issues for TV and radio and written many articles on a variety of security topics.

    Peter has worked in the electronics and computer industries since 1969. He has extensive experience of communications and networking, with hands-on knowledge of many large-scale systems. He founded First Base Technologies in 1989, providing information security consultancy and security testing to commercial and government clients. Peter has hands-on technical involvement in the firm on a daily basis, working in penetration testing, social engineering and awareness.
  • Are You Googling Your Clients’ Privacy Away? Jul 11 2013 6:00 pm UTC 45 mins
    This presentation addresses how various services offered by Google can become a threat to your companies’ privacy and confidentiality policies.

    It deals with Google’s capabilities to capture and aggregate information with or without user knowledge. Special attention is given to Google’s key offerings such as:

    * Google Searches
    * GMail
    * Orkut
    * Google Toolbar
    * Google Desktop
    * Android
    * Chrome Browser
    * Case Studies from around the world
  • Mobile Risk Management: Threat Mitigation for Enterprise Apps Jul 11 2013 5:00 pm UTC 45 mins
    While information security risk management is a relatively mature discipline; its tenets are almost never applied to the deployment of devices or apps in the enterprise.The technology is simply moving too fast for a formally considered “identification, assessment, and prioritization of risks, followed by a coordinated and economical application of resources.”

    Even in the absence of a formal ISO 31000 risk management program,however, there’s a lot we can do to minimize app security problems and mobile risk to the enterprise. In this webinar we’ll discuss technologies that can eliminate the need to penetration test, audit, and certify individual apps for security and safety. Instead we propose a method by which enterprises can certify a single app security approach—expediting industry compliance and audit requirements, such as HIPAA and PCI.
  • Know When To Say When – Proactive Risk Management Jul 11 2013 4:00 pm UTC 45 mins
    When is the very worst time to make a commitment? When we know the very least. How can we make sensible commitments while also reducing risks? By using Proactive Risk Management. Niel Nickolaisen developed Proactive Risk Management in order to do two things – properly and concisely profile and mitigate risk and align commitments as to what and when with risk mitigation. This method encourages iterative risk management while also satisfying stakeholders as to what must be true before the team can make a concrete commitment.
  • Best Practice or Compliance – Preparing for Data Breaches Jul 11 2013 11:00 am UTC 45 mins
    Synopsis:
    Whether or not your business is at high risk of an attack, appropriate action must be taken in the event of a data breach. The procedure must ensure that the business is not compromised while still preserving necessary forensic evidence.
    There are currently no data breach notification regulations in force - but if there were, how would your business fair with them? Is your business using best practices before it has to comply?
    This session will explore some of the best practices to follow in dealing with breaches before EU Data Protection Regulations require data breach notification and response to data subjects in the event of a breach.

    About the speaker:
    Sarb Sembhi is a Principal Security Consultant with “Incoming Thought”, a security consultancy. Sarb is a regular speaker at Information Security Conferences around the world, including at CxO Summits, Gartner Summits, InfoSec Europe, RSA Europe, HITB, BCS, ISACA, IIPSec, IT Directors Forum.
    Sarb is also the immediate past President of ISACA (London Chapter), Chair of the ISACA Region 3 Government and Regulatory Agencies Sub-committee, a member of ISSA Advisory Board, Eurim, Infosecurity Magazine Editorial Board, Infosecurity Advisory Council 2009, and an individual member of the Parliamentary IT Committee.
  • Antivirus Software: Understand Detection Methods Before you buy Jul 10 2013 5:00 pm UTC 60 mins
    Before you choose an antivirus solution it's important to understand how it goes about detecting malware in the first place. Join us as we discuss:
    - Security in the News
    - Modern threat categoreis and attack vectors
    - Endpoint risks, infection methods, payloads
    - Detection with signatures and hueristics
    - Zero Day Risk
    - Technologies that protect removeable storage devices
    - Best Practices
  • Guard Your Business When Disaster Strikes Jun 26 2013 4:00 pm UTC 60 mins
    Fires, tornadoes, and hurricanes. Viruses, malicious attacks, and human error. Today's CTO must be part strategist, part superhero in his effort to achieve an always on infrastructure.
  • Why Your Current Endpoint Security Is Doomed to Fail Jun 25 2013 5:00 pm UTC 45 mins
    Join guest speaker Chris Sherman, researcher at Forrester Research, Inc., serving security & risk professionals, and learn why a new approach is needed to protect your enterprise against advanced threats.

    Attend this webcast and learn:

    -Why traditional security solutions-such as antivirus-are increasingly ineffective against the relentless tide of today's advanced threats and targeted attacks
    -How real-time visibility, forensics and signature-less detection on endpoints and servers are the keys to reducing your organization's threat surface
    -The benefits of integrating endpoint/server security with network security for comprehensive protection
  • Ever changing Social Media platforms – What are the newest threats associated? Recorded: Jun 19 2013 55 mins
    There are always new threats in Social Media out there. What are the newest social media platforms and threats associated with them?
  • How To Win the War Against Cybercrime - Turning the Tables on Hackers Recorded: Jun 18 2013 47 mins
    In the last 10 years, hacking has become big business with a well organised infrastructure, defined roles and responsibilities, and sophisticated attack vector automation that generates large-scale attacks of unprecedented size, speed and devastation. Advanced protection is needed in order to successfully stand up to the ‘industrialisation of hacking’. In this webinar, Andy will talk about:

    - How to prevent web attacks like SQL injection, cross-site scripting, app DDoS or site scraping.

    - The limitations and vulnerabilities associated with IPS solutions and other traditional security solutions.

    - Attack-mitigation techniques for combating malware including bots and other automated attacks common in industrialised hacking.

    - How to protect networks from the ‘compromised insider’ threat.

    About the speaker:
    Mark has 18 years’ experience in the IT industry, and has specialised in Internet security systems for more than 16 years. Mark is a passionate evangelist for technology and is multi-skilled across a broad range of security solutions including Firewalls, VPNs, IPS, WAF, web and email content filtering, SIM/SIEM, load balancing, DLP, risk assessment, monitoring tools, DB security and consultancy. Mark joined Imperva in 2007 and held previous technical roles at Nokia and contracted as a security specialist where he has held senior roles designing and implementing firewall, IDP and VPN solutions in mission critical environments.
  • HIPAA and FTC Health Breach Law: Correcting The Perils Of Lax Security Recorded: Jun 13 2013 49 mins
    Join Raj for a complete regulatory overview including:

    - HIPAA Omnibus Update
    - FTC Health Breach Rule
    - Top 5 reasons organizations FAIL Security Assessments
    - Case Studies
    - Guidance
    - Success Stories
  • What You Need to Know Before the Auditors Ask Recorded: Jun 13 2013 47 mins
    Don't be caught off guard when your auditors show up and start asking internal control questions that you can't answer. In this roundtable session, listen, learn, and share your experiences around managing your internal control system with your ERP system and what to be prepared for BEFORE the auditors show up. There are always tips to learn from others in the compliance area and this session traditionally has lively dialogue, so don't miss this opportunity to prepare for your next audit.
  • Securing Mobile Apps: Old School Know How For the New World Order Recorded: Jun 13 2013 58 mins
    Mobile devices and applications are redefining business, revolutionizing productivity and driving competitive advantage. But as the volume of mobile applications increases, so too are mobile exploits. In the rush to enter the mobile software market, are we taking shortcuts that force us to repeat sins of the past? Like caching sensitive data, incomplete encryption and simple mistakes in coding? Don't let old-school vulnerabilities allow hackers to resurrect previously obsolete malware and exploits. With the experience of more than 1,400 incident response investigations, thousands of penetration tests and hundreds of application security tests, Trustwave SpiderLabs' Charles Henderson will show IT, security and development teams how to make sure they're not leaving sound security practices and due diligence behind as they develop new mobile applications.
For Certified Members and Information Security Professionals Globally
The International Council of E-Commerce Consultants (EC-Council) is a member-based organization that certifies individuals in various e-business and security skills. It is the owner and developer of the world famous Certified Ethical Hacker (C|EH), Computer Hacking Forensics Investigator (C|HFI) and EC-Council Certified Security Analyst (E|CSA)/License Penetration Tester (L|PT) programs, and various others offered in over 60 countries around the globe.
  • Upcoming webinars (15)
  • Recorded webinars (386)
  • Subscribers (10,652)
Channel RSS feed
Up Down

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Technology Overload? Why Just Buying New Tools Is Not the Way to Better Security
  • Live at: Aug 9 2012 6:00 pm
  • Presented by: Amar Singh, CISO, News International
  • From:
Your email has been sent.
or close
You must be logged in to email this
OK