Hi [[ session.user.profile.firstName ]]

Information Systems Security Association

  • Date
  • Rating
  • Views
  • ISSA Thought Leadership Series: Eliminating Security Blind Spots in your AWS
    ISSA Thought Leadership Series: Eliminating Security Blind Spots in your AWS ISSA International Recorded: Sep 19 2018 54 mins
    As consumption of cloud services increases, security teams struggle to maintain visibility of the cloud assets in use across multiple environments throughout the enterprise. In fact, 43% of security pros say lack of visibility into cloud environments are their biggest operational headache. Cloud defenders struggle to answer two simple, but important questions: what do I have, and is it secure? The only way to answer these critical questions is with comprehensive security visibility of your AWS public cloud environments.

    Join us for a discussion on gaining security visibility across all of your AWS accounts, including best practices for:
    - Discovering workloads and resources in use across your AWS accounts, services, and regions
    - Reducing your attack surface by identifying and remediating security issues
    - Finding and responding to critical risks using different assessment methods (agent-based, agent-less, API, etc.)

    Mikhael Felker, Director of Information Security & Risk Management, Farmers Insurance


    Edward Smith, Product Marketing Principal, CloudPassage
    Matthew Hicks, Senior Principal, IT Security | Cyber Security Operations, Amtrak
    Alex Grohmann, Founder, Sicher Consulting
  • ISSA Thought Leadership Series: Cybersecurity risk is a shared responsibility
    ISSA Thought Leadership Series: Cybersecurity risk is a shared responsibility ISSA International Recorded: Sep 12 2018 63 mins
    As organizations increase the quantity and complexity of digital services they provide to their customers they are increasingly relying on partners, vendors and 3rd parties to support them.

    This means that the old model of snapshot assessments is falling behind in providing the timely conversations needed in today’s dynamic environment where data sharing is assumed and partners are providing business critical services outside an organization’s infrastructure.

    Join us to discuss how digital attack surfaces are expanding, what information is available to assess risk, the methodology on what makes up a score and where to use them, how to engage in constructive conversations with your partners and showcase results to leadership.

    Ken Dunham

    Vamsi Gullapalli, Product Team, RiskIQ
    Steve Tcherchian, CISO, XYPRO Technology Corporation
    Wayne Proctor, Vice President, Information Security, WestRock
  • ISSA Thought Leadership Series: Email, the Original Sin
    ISSA Thought Leadership Series: Email, the Original Sin ISSA International Recorded: Sep 5 2018 58 mins
    As email evolved from its early days, nobody could have predicted that there would one day be more than 3.8 Billion email users sending 270 Billion emails a day, and that email would become the number one source of cyberattacks. Business Email Compromise (BEC) and impersonation attacks are now one of the most insidious threats to organizations. Take a walk through the history of email with us to learn how email's "original sin" – its inherent lack of authentication – is being addressed with identity-based automated email authentication, including DMARC enforcement and other strategies to bring trust back to email.

    David Vaughn, Director, ISSA International Board

    Seth Blank, Director of Industry Initiatives, Valimail
    Karl Mattson, President, LA Cyber Lab
  • ISSA International Series: Regulation and Legislation
    ISSA International Series: Regulation and Legislation ISSA International Recorded: Aug 28 2018 124 mins
    We all realize that our security jobs are much more than just specifying technology and controls, protecting and defending our infrastructure, and investigating incidents. Over the last year privacy has been mainstreamed with GDPR going into effect, California passed its own version of GDPR, and with 40 + privacy laws in the US, and more just over the horizon. In addition, some of the questions around cloud and privacy have been addressed with the Cloud Act (which gives government agencies direct access to consumer information in the cloud). We also see more government export controls looming on the horizon. These controls will impact cyber tools and techniques and our ability to test and mitigate vulnerabilities while complying with laws and regulations.

    While we may not have all the answers, we will review the current state of our world. To do this, we will bring in legislative and regulatory experts to discuss the changes and some of the directions we see looming.

    Some of the questions we will try to address are:

    what happens when these laws and regulations conflict with one another
    what happens when these controls impact our ability to do our job
    can we mitigate any of our liability by just getting insurance.

    Michael Angelo, Chief Security Architect, Micro Focus | NetIQ

    Maher Shomali, Partner, Thomsen & Burke LLP
    Randy Sabett, Cooley, LLP
    Lisa Angelo, Attorney, Cyber Law & Insurance
  • ISSA Thought Leadership Series: Cybersecurity Heroes Aren't Born...They're Made
    ISSA Thought Leadership Series: Cybersecurity Heroes Aren't Born...They're Made ISSA International Recorded: Aug 22 2018 52 mins
    Phishing continues to be one of the fastest growing and most malicious threats to the security of industries of every kind—from financial organizations to government contractors to healthcare firms. Today’s savvy phisher manages to evade even the most sophisticated technical safeguards through carefully planned, socially-engineered emails that are only getting more advanced.

    During this panel, we will discuss key findings from Wombat’s 2018 State of the Phish™ and 2018 Beyond the Phish® Reports. You will gain insight into current vulnerabilities, industry-specific phishing metrics, and emerging threats.

    This collection of data is taken from tens of millions of simulated phishing attacks sent through Wombat’s Security Education Platform over a 12-month period; data compiled from nearly 85 million questions asked and answered inside the CyberStrength® Knowledge Assessments and interactive training modules, responses from quarterly surveys of InfoSec professionals; and an international survey of working adults who were queried about social engineering threats and their cybersecurity behaviors.

    We will also discuss best practices related to security awareness and training. Our panelists will highlight key components and common threads of some of the most successful programs, and help attendees identify ways to apply new techniques and increase the effectiveness of their own cybersecurity education initiatives.

    Jorge Orchilles, SANS Instructor

    Gretel Egan, Brand Communications Manager at Wombat, a division of Proofpoint
    Michael Levin, CEO & Founder, Center for Information Security
    Kurt Wescoe, Chief Architect, Wombat Security
  • ISSA Thought Leadership Series: The Definitive Need for Crypto-Agility
    ISSA Thought Leadership Series: The Definitive Need for Crypto-Agility ISSA International Recorded: Aug 8 2018 64 mins
    On the eve of quantum computing, the definitive need for crypto-agility is greater than ever. The ability to locate, manage, and securely update digital certificates on a network or on a device seems like a simple task, yet with the advent of new Enterprise use cases and flourishing IoT device introductions, management at massive scale becomes a challenge. Facing mounting pressures, IT security personnel and product managers are tasked with implementing solutions fit for today’s environment plus tomorrow’s post-quantum world. Join renowned Public Key Infrastructure (PKI) expert and Certified Security Solutions (CSS) CTO, Ted Shorter, as he outlines the defense against quantum computing and the IoT device invasion, crypto-agility:

    · How can crypto-agility lend itself to a truly future-proof Enterprise and IoT device security strategy?
    · Cryptographic kryptonite: demystifying quantum computing
    · Challenges with digital certificate/device management at scale


    Dr. Shawn Murray, Principal Scientist, US Missile Defense Agency & Director, ISSA International


    Ted Shorter, CTO, Certified Security Solutions (CSS)
    Michael Gardiner, Principal Architect, Gemalto
    Michele Mosca, Founder, Institute for Quantum Computing
    Mike Brown, CTO & Co-Founder, ISARA Corporation
  • ISSA International Series: Trials & Tribulations of Social Engineering
    ISSA International Series: Trials & Tribulations of Social Engineering ISSA International Recorded: Jul 24 2018 121 mins
    We all know about social engineering and phishing; but ‘Is it as simple as sending an email or asking for a click?’ probably not. As hackers and attacks evolve, they will go from simple tricks to very sophisticated attacks. So how do we know what these attacks will be? Simply, we can’t. So how can we detect the new attacks? This session will cover the state of the attacks and the directions they are taking. Ultimately, we will discuss strategies and how we can define the science that will evolve to thwart the evolving various attacks

    Moderated by: Pete Lindstrom, IDC


    Roger Grimes, Data-Driven Defense Evangelist, KnowBe4
    Andrew Lewman, Laxdaela Technology
    Ben Rothke, Senior Security Consultant, Nettitude
    Paul Williams, CEO, Clarity Consulting Corporation
  • ISSA Thought Leadership Series: Is DNS a Part of Your Cyber Security Strategy?
    ISSA Thought Leadership Series: Is DNS a Part of Your Cyber Security Strategy? Kurt Seifried, Cloud Security Alliance | Craig Sanderson, Infoblox | Joe St Sauver, Farsight Security Recorded: Jul 11 2018 58 mins
    Detecting malware, helping to prevent and disrupt command and control communication, ransomware and phishing attacks, being part of a data loss prevention program – DNS can help with this and much more, but are you leveraging it as part of your security controls and processes?

    DNS is the perfect choke point to stop not just data exfiltration through it, but also detect and stop malware from spreading and executing.

    Join us for a discussion on this often overlooked topic and learn:

    - About the value of DNS as part of your cyber security strategy
    - How DNS can provide your SIEM with actionable intelligence
    - How DNS can add value to other security controls, such as
    vulnerability scanners and end point protection
  • ISSA International Series: Cloud Services and Enterprise Integrations
    ISSA International Series: Cloud Services and Enterprise Integrations Michael F. Angelo | Stephen Lipka, CISO and Consulant | Vince Campitelli | Mark Kadrich | Michelle Cobb, Skybox Security Recorded: Jun 26 2018 124 mins
    Securing cloud environments is a shared responsibility between your organization and your cloud service provider. But upholding your end of the bargain can be a challenge in these dynamic, complex environments — especially when dealing with a mix of physical networks and public and private clouds. In this webinar, we will discuss issues and strategies for handling Cloud Services and Enterprise Integrations. Amongst the topics covered we will attempt to address the issues of:

    - How do cloud services impact security implementations?

    - Who is responsible for defining security and how does one implement a security management program in an integrated enterprise cloud service environment?

    - What transitional issues may occur during your migration? How do you audit a cloud service?

    Register for the webinar to see the issues and benefits of handling cloud services and enterprise integration.
  • ISSA Thought Leadership Series: Making sense of Fileless Malware
    ISSA Thought Leadership Series: Making sense of Fileless Malware Debbie Christofferson, ISSA | Shimon N. Oren, Deep Instinct | Rob Boles, Blokworx Recorded: Jun 13 2018 58 mins
    Fileless malware attacks are steadily growing in recent years, both in absolute numbers and in their share of the threat landscape. Fileless attacks pose an increasing threat to organizations and a challenge for security vendors, due to the use of various non-executable file formats for infection, and the ability to conduct parts of the attack vector in-memory only. Cyber criminals are adopting fileless and memory-based attack techniques, which were once mostly used by nation-states. The panel will deal with the various differing definitions of fileless malware, overview some of the solutions and approaches taken by industry players in protecting from fileless threats, and discuss ideas and best practices for dealing with these threats.

Embed in website or blog