The CISO Job - Getting It, and Keeping It

Network devices including firewalls and routers are the gatekeepers to “endpoint” resources and are increasingly using complex software components. These devices are often remotely accessible and whose configuration changes regularly, making them susceptible to vulnerabilities and misconfigurations. To add to this, network and security teams are often separate parts of an organization often leading to incomplete understanding of vulnerable infrastructure. In this webcast, we examine how to identify vulnerable devices and communicate them across multiple teams and ultimately fortify these devices from configuration and security issues.

Automating the 20 Critical Security Controls has demonstrated reduction in risk by over 90%. Tenable is the first vendor to offer an integrated real-time risk management solution to help organizations easily implement these controls.

DHS' CDM program combines the valuable lessons learned from the existing implementation of FISMA mandates, the strides made by the Cyberscope program, and the proven results of the State Department’s iPOST program. During this webinar, we will discuss:

- Current challenges in enterprise continuous monitoring
- How to move your program from periodic system state analysis to real-time monitoring
- A glimpse into the future: DHS CDM and it's affect on security and regulatory compliance

Defining "normal" is one of the hardest things we do in security (the other is trying to get people to write perfect code!), but there are a few tricks that work. In this second session, Marcus Ranum and Ron Dilley will be talking about detection algorithms and the problem of defining "normal" network activity.

Big data and security analytics have become the buzz of the industry. It is true organizations are collecting more and more data each year with the intention of getting better network telemetry and enterprise-wide visibility to solve complex security problems. One of the main challenges is collecting the necessary data that lives dispersed across an organization to build an effective security model.

The first part of this series is a lively discussion between Marcus Ranum, CSO of Tenable Network Security, and special guest, Ron Dilley.

CISOs must deal with several stakeholders within the organization. These stakeholders range from BOD members, C-Level management, peer compliance stakeholders (e.g. Legal, Privacy Office), vendors, and the IT organization itself.

This session will focus on critical success factors to dealing with this wide array of stakeholders and success case studies.

Specifically, this session will discuss the politics of getting alignment and buy in with the many stakeholders within the organizations such as:
•Board of Directors and C-Level management
•Natural allies such as compliance, privacy, audit, enterprise risk management
•Potential contentious relationships with line or business unit management
•IT organization strategic and tactical delivery goals and objectives

Speakers include:
•Craig Shumard, Principal, Shumard and Associates, LLC, Emeritus CISO, Cigna
•Tom Doughty, VP & CISO,Prudential
•Larry Brock, CISO emeritus, Dupont
•Bob Hillmer, Director, Enterprise Information Security and Directory Services
•Marcus Ranum, CSO, Tenable Network Security

Data from continuous monitoring is in turn enabling “Outcome based” security for identifying trends before they are problems, making better policies, and making asset owners more accountable for the systems they are managing.

Register for this new webcast to learn about how data from continuous monitoring is enabling "Outcome Based" security.

A Politics of Information Security Webcast.

This webcast will focus on how risk tolerance is decided within an organization and the processes and politics of risks assumption. Topics to be covered include:

- How risk tolerance is decided within an organization
-- Informal to formal risk tolerance model
- How and who can assume risk
- Risk assessment and risk assumption linkages
- Competing Drivers
-- Business unit versus enterprise risk

Presenters include:
- Craig Shumard, Principal, Shumard and Associates, retired CISO, Cigna
- Dennis Brixius, VP of risk management and CSO, McGraw Hill
- Catherine Rees, CISO, Dow Jones & Company
- Marcus J. Ranum, CSO, Tenable Network Security

Learn how new upgrades to Tenable’s SecurityCenter CV™ identify vulnerabilities in devices that could be located in any of 18,446,744,073,709,551,614 (18 quintillion!) IPv6 addresses, the /64 space recommended for a “typical” organization.

Register for Tenable’s webcast on Dec 4 at 2PM EST to hear about the Newest version of SecurityCenter Continuous View™ (SC CV). This is the first solution designed to manage risk across IPv6 networks, the next generation of Internet address spaces.

Speakers include:
- Ron Gula, Tenable Co-founder and CEO
- Jack Daniel, Tenable technical product manager
- Allan Carey, Tenable product marketing manager

A Politics of Information Security Webcast
Earlier this year, a panel of Chief Security Officers from some of the nation’s highest profile companies met to talk about how to get and keep the CISO job. The response was tremendous – over 1,000 people have participated in the session. But that talk only scratched the surface – our team of panelists has much more information to share. Join us for Part II of the discussion where we’ll dig into some of the questions that didn’t get answered in the initial discussion, and cover more ground on topics like working with senior management.
You'll learn:
How to Get the CISO Job:
- How to deal with senior management
- Establishing governance frameworks to guide your activities
- Advice on balancing tactical vs. strategic efforts
- Positioning yourself as an enabler, not a blocker
- Staying ahead by meeting all important audit and regulatory requirements
Featured Speakers:
- Craig Shumard, Principal, Shumard and Associates, LLC, retired CISO, Cigna
- Marcus Ranum, CSO, Tenable Network Security
- Todd Bearman, CISO, Towers Watson
- Vas Rajan, CISO, ING Direct
- John Masserini, Chief Security Officer of Miami International Holdings and the Miami International Securities Exchange (MIAX)

Organizations everywhere are deep in the grips of “malware madness.” Industry estimates of the number of unique malware variants are pegged in the hundreds-of-millions, and it’s rapidly growing. Faced with increasing stealth and sophistication, and an ever-broadening selection of worthy targets, security teams must not only invest in dedicated anti-malware products, but also take advantage of every tool in their arsenal capable of helping combat the problem.

Join AimPoint Group Founder and Principal Analyst Mark Bouchard and Tenable CEO and CTO Ron Gula to learn:

• What’s driving the malware problem and how extensive it is
• Strategies for building effective, long-term malware defenses
• The benefits of a next-generation vulnerability management solution with integrated malware defense capabilities

Vulnerability management is growing in strategic importance as organizations seek to optimize the efficiency of their security teams, and to better understand and manage risk. As managers struggle to make sense of a deluge of vulnerability data, vulnerability scanners are evolving to address these needs. As a result, they’re emerging as a much more strategic component of the security infrastructure. Join Securosis analyst and president Mike Rothman as he discusses critical findings around this market shift – including an examination of underlying drivers and detailed insights into the capabilities and features you’ll need to move to next-generation vulnerability management and begin reaping the rewards. Mike will be joined by Jack Daniel, Tenable Network Security product manager and security blogger, who’ll provide insights into how organizations are achieving these gains today with Tenable products and technologies.

Topics to be covered include:

•What core features are essential in today’s more complex networking environments

•The increasing importance of assessing the application layer

•How to expand capabilities by incorporating value-add technologies to your deployment

•The unique requirements of the enterprise

•Deciding whether you can work with the tools you have – and how to replace them if new technologies are needed

Taking Vulnerability Management to the Next Level:
The Case for Integral Attack Path Analysis

Are your high-value servers and the data they contain really safe from attack, even with multiple countermeasures in place? Given today’s highly motivated attackers and the increasingly sophisticated threats they are generating it is not surprising that patching, firewalls, intrusion prevention systems and other commonly deployed defenses are no longer sufficient. Unfortunately, all it takes is a single, seemingly unimportant system to provide skilled attackers with a beachhead they can use to work their way through and around your defenses. Tenable’s next-generation vulnerability management, with integrated attack path analysis capabilities provides the answer, delivering the tools, insights, and intelligence organizations need to identify and close off otherwise overlooked attack paths – while simplifying infrastructure and streamlining operations in the process.

Join AimPoint Group Founder and Principal Analyst Mark Bouchard and Tenable CEO Ron Gula and learn:

• Why traditional vulnerability management fails to measure up
• What’s needed to efficiently identify and close common attack paths
• Processes, tips and techniques for conducting attack path analysis
• The benefits that can be derived from a next-generation vulnerability management solution with integral attack path analysis capabilities

A Politics of Information Security Webcast

Over the last decade, the Chief Information Security Officer (CISO) has emerged as the job in IT risk management. But for many, it's a high-risk career move. Average tenures in the role remain mired at just a few years. But success is possible — join our expert panel to learn how you can get, and keep, the CISO job.

You'll learn:

How to Get the CISO Job:
- Who gets to the top of the shortlist
- Whether certifications play a role
- How experience in other parts of the organization can help your bid

And Then, How to Keep It:
- How to deal with senior management
- Establishing governance frameworks to guide your activities
- Advice on balancing tactical vs. strategic efforts
- Positioning yourself as an enabler, not a blocker
- Staying ahead by meeting all important audit and regulatory requirements


Featured Speakers:
- Craig Shumard, Principal, Shumard and Associates, LLC, retired CISO, Cigna
- Marcus Ranum, CSO, Tenable Network Security
- Todd Bearman, CISO, Towers Watson

70% of security professionals agree mobile device vulnerability management is very important, but 67% of enterprises report they have no or few mobile controls deployed. Despite the bleak outlook, it is possible to reassert control over this rapidly growing security exposure. Join AimPoint Group Founder and Principal Analyst Mark Bouchard and Tenable CEO Ron Gula and learn how to apply a layered approach to mobile device security to regain control, evaluate risks, and establish essential policies.

You’ll learn:

•Why mobile devices are inherently difficult to track, evaluate, and assess
•The four essential layers of an effective mobile device security strategy
•How to prioritize mobile device security activities
•Why scanning technologies need to change to assure effective vulnerability assessment of mobile devices