Hi [[ session.user.profile.firstName ]]

CSA Research

  • Date
  • Rating
  • Views
  • Hackers, Cybercriminals, or Employees - Who Poses the Biggest Threat to the Org?
    Hackers, Cybercriminals, or Employees - Who Poses the Biggest Threat to the Org?
    Jon-Michael Brook, Principal: Security, Cloud & Privacy at Guide Holdings LLC Recorded: Jul 16 2019 58 mins
    The Top Threats Working Group from the Cloud Security Alliance produces annual research on the biggest risks to cloud environments. The recent Top Threats: Deep Dive publication examines nine recent case study examples of Treacherous Twelve in action. In this webinar, Jon-Michael will cover...
    - The Treacherous Twelve in action – where they fit within the NIST Cyber Risk Framework
    - The Deep Dive case studies and how they may benefit your budget justifications
    - Using the Deep Dive for tabletop compliance exercises
  • IoT Threats and Vulnerabilities
    IoT Threats and Vulnerabilities
    Brian Russell, IoT Chair at CSA and Founder of TrustThink & Alon Levin, VP Product Management at VDOO Recorded: Jun 12 2019 44 mins
    The year 2018 saw increased adoption of consumer and enterprise IoT. These IoT products were faced with multiple IoT attack variants: Wicked, OMG Mirai, ADB.Miner, DoubleDoor, Hide 'N Seek and even a Mirai-Variant IoT Botnet used to target the Financial Sector. The major attack in 2018 was VPNFilter, infecting over a half a million devices from a wide range of known vendors. In 2016, an attack of similar magnitude by the infamous Mirai, was major news and caused havoc on the Internet. Today, while such an attack is relatively big, it is not uncommon or unexpected.

    Alon Levin and Brian Russell will examine why many of the new attacks are more advanced compared to what we've seen previously. They will explore today's new attack types and their impacts on emerging IoT technologies. They will discuss the impact of these new sophisticated attack techniques on emerging technologies including autonomous transportation, smart buildings, and collaborative robotics.
  • Build Fast, Secure Well: Automate DevSecOps and Secure Your Cloud
    Build Fast, Secure Well: Automate DevSecOps and Secure Your Cloud
    Vikram Varakantam, Sr. Director of Product at Lacework Recorded: May 7 2019 50 mins
    Automation is key aspect of success in cloud adoption, it can help build faster and deliver continuously at scale. However, it can also make managing security a challenge it not planned well. A strong partnership between DevOps and security - focused on baseline safe configurations and hygiene - can lead to faster innovation and better security.

    Join us for a live webinar with Vikram Varakantam, Sr. Director of Product at Lacework on how cloud security and DevOps teams can come together to forge a more unified DevSecOps model, including:
    ● Fitting security INTO your infrastructure, not IN FRONT of it
    ● Visibility into Use of your Cloud accounts: Securing the cornerstone of your cloud security posture
    ● Operational Configuration Baseline: Baseline your cloud configuration and usage, avoid unintended access that causes serious data leaks
    ● Entity configuration: How best to manage the thousands of entities that are ephemeral and can be a potential risk vector if not used appropriately
  • The Role of Security Champion in DevOps
    The Role of Security Champion in DevOps
    Kenneth Peeples, Principal Consultant, Red Hat & John Martin, Security Program Manager, Boeing Recorded: Feb 20 2019 47 mins
    Organizations need Security Champions to help foster security best practices to ensure a security-supportive culture. During this webinar the CSA/SAFECode DevSecOps Working Group wants to share how to build a group of security champions and the characteristics they possess.

    During the session we will discuss:
    - The Definition of a Security Champion
    - Why are Security Champions Needed
    - How Security Champions help teams in the organization
    - How should an organization go about building a SC Program Strategy?

    Joins us as we explore Security Champions and all it entails
  • Zero-Trust and Securely Deploying Medical Devices
    Zero-Trust and Securely Deploying Medical Devices
    Chris Frenz, AVP of Information Security and Infrastructure at Interfaith Medical Center Recorded: Feb 15 2019 55 mins
    The healthcare sector has been routinely described as lax with the implementation and enforcement of information security controls. In recent years this issue has been highlighted by the numerous attacks targeting healthcare facilities and their devices. Because of this many older devices that remain functional but unpatched have become a liability. This risk goes beyond just a breach vector, it can directly impact human life and give new meaning to the term Denial of Service…
    - What if that infusion pump’s dosage was illegitimately changed or the pacemaker programming made malicious?
    - What if Brickerbot took out a surgical robot or a heart monitor at a critical time?

    In this webinar, Chris Frenz, VP of Information Security and Infrastructure at Interfaith Medical Center, will discuss...
    - OWASP Secure Medical Device Deployment Standard v2
    - Methods to securely deploy medical devices
    - Preventing the compromise of medical devices and mitigating the damage
  • IoT Security: Building Security in from the Start
    IoT Security: Building Security in from the Start
    Madjid Nakhjiri of Samsung, Aaron Guzman of Aon, and Tal Zarfati of VDOO Recorded: Oct 11 2018 64 mins
    Hear from IoT security experts to get your team on the right track. We’ll discuss:
    - Why is it important to start with a secure hardware foundation for IoT products?
    - What hardware and software security features should you look for in a secure platform?
    - How is penetration testing an IoT product different from traditional IT systems?
    - What lessons can be learned from IoT product penetration testing?
    - What role can automated security analysis play in the product security lifecycle?
    - What can a product team do today to get them on the road to security-by-design?

Embed in website or blog