Hi [[ session.user.profile.firstName ]]

(ISC)2 Security Congress

  • Date
  • Rating
  • Views
  • One CyberSecurity Standard to Rule Them All?!
    One CyberSecurity Standard to Rule Them All?!
    James McQuiggan, CISSP Product & Solution Security Officer Siemens Gamesa Renewable Energy Recorded: Jan 10 2019 51 mins
    Companies today are increasingly discovering that it is difficult to determine which standard they should implement to secure their company's data, assets and people. Within the manufacturing, oil and gas, and electricity industries, they have a responsibility to themselves but also to customer's demands to be secure and compliant. Which one should they use? NIST, ISO, UL, NERC CIP, IEC 62443? This alphabet soup of standards certainly gets confusing. Is there a right one to use? Should more than one be used? From the purchaser standpoint in regards to a long-term model for industry control systems and how commodity hardware and software are demanding a change in paradigm, but rate cases do not allow for it.
  • Implementing a Successful Privileged Access Management Program - Lessons Learned
    Implementing a Successful Privileged Access Management Program - Lessons Learned
    Tariq Shaikh, CISSP, PMP, ITIL IT Program Manager, IAM Aetna Recorded: Jan 10 2019 53 mins
    Exploitation of privileged access is the #1 root cause of most large scale breaches in the recent past. Organizations are at risk of exploitation as there are typically limited controls (tools, processes) to manage privileged access and little to no comprehensive view of these controls A well-run Privileged Access management program can considerably mitigate the intentional/unintentional misuse of privileged access at all levels in the IT Stack (Host, Database, Network, Applications). This session will provide pointers on how to run a successful multi-year Privileged Access Management Program.
  • In-House Digital Forensics Team: Modern Information Security Program 'Must Have"
    In-House Digital Forensics Team: Modern Information Security Program 'Must Have"
    Gregory Braunton National Director, Threat Management, Incident Response & Forensics Catholic Health Intiatives Recorded: Jan 9 2019 55 mins
    Litigation happens. Is your preservation, collection, presentation and reporting function legally defensible? Likewise, do you have events within your enterprise that require a methodical investigation using digital forensics--a cyber incident, employee abuse, HR investigations, employment or organizational lawsuits? Need legally sound email preservation and collection, or investigate TOR/BitTorrent client, illicit use, fraudulent activities, or AUP violations? Learn the trained staff, tools, processes, workflows and synergistic relationships with privacy, legal, HR and risk teams required to run successful, value-added and indispensable digital forensics and eDiscovery functions companywide. Digital forensics is a necessary core competency and capability for the modern information security function in enterprises small and large.
  • Performing AWS Cloud Security Audits
    Performing AWS Cloud Security Audits
    Tim Sills, MBA, CISSP, CISM, CISA Recorded: Jan 8 2019 46 mins
    The migration to cloud services provides companies with enormous opportunities to deliver their brand worldwide. The ease by which the cloud providers enable their complex services offers convenience. Yet, the providers do not always take into consideration security requirements needed to safeguard sensitive data, maintain compliance and protect against data breaches.

    We will answer the question of how do you perform an audit against an environment that consists of hundreds of resources that are all located world-wide? How do you validate that the deployment aligns with corporate policies? We will introduce open source tools to show how data can be collected across AWS deployments, and we’ll discuss how to interpret the results in that green is good and red is bad may not always apply.
  • In-House Digital Forensics Team: Modern Information Security Program 'Must Have"
    In-House Digital Forensics Team: Modern Information Security Program 'Must Have"
    Gregory Braunton National Director, Threat Management, Incident Response & Forensics Catholic Health Intiatives Recorded: Jan 7 2019 55 mins
    Litigation happens. Is your preservation, collection, presentation and reporting function legally defensible? Likewise, do you have events within your enterprise that require a methodical investigation using digital forensics--a cyber incident, employee abuse, HR investigations, employment or organizational lawsuits? Need legally sound email preservation and collection, or investigate TOR/BitTorrent client, illicit use, fraudulent activities, or AUP violations? Learn the trained staff, tools, processes, workflows and synergistic relationships with privacy, legal, HR and risk teams required to run successful, value-added and indispensable digital forensics and eDiscovery functions companywide. Digital forensics is a necessary core competency and capability for the modern information security function in enterprises small and large.
  • Exploring Smartphone Ransomware
    Exploring Smartphone Ransomware
    Kevin McNamee, CISSP, Director, Threat Intelligence, Nokia Recorded: Jan 3 2019 48 mins
    If the new generation of smartphone ransomware is combined with worm-like spreading capability akin to something like Wannacry, the result could be catastrophic. We will look at several examples of smartphone ransomware with demonstrations showing how the phone is infected, how the device is locked, what data is encrypted, how the ransom is paid and what can be done about it. The presentation will conclude with a discussion on the evolution of smartphone ransomware and how the technology could be leveraged to launch a major attack against the mobile network services by disabling a significant number of handsets.
  • Rise of the Machines
    Rise of the Machines
    Aamir Lakhani, Lead Researcher, Fortinet Recorded: Jan 2 2019 34 mins
    Many of the top security vendors, information security specialists and cybersecurity professionals are claiming how artificial intelligence and machine learning are changing the face of defending against the most advanced attacks. Most vendors fail to be transparent on how these technologies work. We are bombarded with buzzwords, yet we don't understand what they mean, what the technology does, and how we should keep vendors accountable. When we look for the details on the specifics of what makes these products effective, we are usually given vague answers or told it is a proprietary technology. The truth is there is no magic behind machine learning.

    This talk will examine the details behind the mechanics on artificial intelligence and machine learning. We'll discuss how different techniques are being used to detect malware, malicious domains, phishing emails and other threats. We will examine how these systems need to be set up and trained, and the inherent weaknesses built into them.

    We will examine why these technologies fail and how attackers routinely bypass these methods for detection to infiltrate systems. Attendees will learn about advance attacker techniques and how hackers are using machine learning against organizations that use them.

    Learn to look past the marketing hype and understand the true value and limitation of cybersecurity AI. You will understand what the technology actually has the capability of achieving and how to hold vendors who claim they utilize the technology accountable.
  • Risk Management and the Cyber Threat Landscape
    Risk Management and the Cyber Threat Landscape
    M. K. Palmore, MBA, CISM, CISSP Assistant Special Agent in Charge - Cyber Branch Federal Bureau of Investigation Recorded: Jan 2 2019 56 mins
    A strong understanding of risk management principals has been the new call to action for information security professionals. This is surely a necessary component of developing a strong information security posture, but maintaining a firm grasp and understanding of the cyber threat landscape remains foundational in establishing world-class security. This session examines the threat landscape and places emphasis on basic risk management principals needed to convey the need for resources to the C-suite and boards of directors.
  • Your Table Tops Are...ZZZZZZZZ
    Your Table Tops Are...ZZZZZZZZ
    Kristy Westphal, CISSP, CISA, CRISC, CISM, CIPP/US CSIRT, Vice President MUFG Union Bank Recorded: Jan 2 2019 58 mins
    Table top exercises are key in properly preparing for incident response. Ever wonder why you hear the sound of snoring during them? This talk will bring together ideas, examples and methods that you can try in your table top exercises to not only make them meaningful, but truly uncover gaps in your incident response playbooks and help drive valuable post-mortem action plans. We will also touch on how to derive meaningful metrics from your exercises to report back to your management to show that it was time well spent and that there needs to be more time spent on them!
  • Automating Security Controls Using Models and Security Orchestration
    Automating Security Controls Using Models and Security Orchestration
    Kurt Lieber VP, CISO IT Infrastructure Aetna Recorded: Jan 2 2019 28 mins
    Many organizations have adopted machine learning and data analytics to help them identify security anomalies. However, mere identification isn’t good enough in a world where Petya and other modern attacks can take down 15,000 servers in a single organization in under two minutes. To combat these new types of malware, organizations need to be looking at Model-Driven Security Orchestration, where the security responses to emerging threats and attacks are automated and driven at machine speed. In this presentation, Aetna will provide an overview of our security orchestration program, including what worked, what didn’t and lessons learned.

Embed in website or blog