Hi [[ session.user.profile.firstName ]]

IT Governance, Risk and Compliance

  • CA PPM in der Praxis–Teil 3: Operatives Projektmgmt für Einsteiger und Experten CA PPM in der Praxis–Teil 3: Operatives Projektmgmt für Einsteiger und Experten Peter Saeckel/Advisor PPM/CA Technologies/ Dec 6 2016 9:00 am UTC 60 mins
    In Teil 3 geht es um die Aktualität der Daten der laufenden Projekte. Hierzu müssen operative Daten zeitnah und exakt eingebracht werden. Wurde ein Projekt genehmigt, wird es mit geeigneten Mitarbeitern ausgestattet und die Arbeiten verteilt. Es geht aber auch um Zeitrückmeldung der Projektmitarbeiter, Erkennen von Verzögerungen, Handhabung von Change Requests, Überwachung von Kosten uvm. Sollte einer dieser Faktoren zu einer Umplanung des Projekts führen, muss dies auch im Projektportfolio ersichtlich werden, damit die dortige Planung mit validen Daten arbeiten kann.
  • Akamai Q3 2016 State of the Internet Security Report Akamai Q3 2016 State of the Internet Security Report Jay Coley, Senior Director, Enterprise Security Architecture, Akamai Technologies Dec 6 2016 12:00 pm UTC 45 mins
    Akamai sees more than 2 trillion Internet interactions every day and mitigates 40 – 50 DDoS attacks every month. Our security experts analyse this information and share trends, observations, and findings in the quarterly State of the Internet Security report.

    Join Jay Coley, Senior Director, Enterprise Security Architecture at Akamai Technologies for an overview of what we found after analysing data from Q3 of 2016.

    Key topics covered will include:
    · Why DDoS of over 100 Mbps increased over the past quarter
    · Which country is the new leader for most sourced Web application attacks
    · Tactics Akamai used to mitigate two of the largest DDoS attacks we’ve seen
  • [Cybersecurity] Our Indigenous Apps: Securing Critical Business Data [Cybersecurity] Our Indigenous Apps: Securing Critical Business Data Senior Security Consultant, Christopher Cooper Dec 6 2016 1:00 pm UTC 45 mins
    Despite the rise of the cloud and increased reliance on web applications, native desktop applications are still highly relevant and often the delivery method of choice in enterprise IT. As penetration testers, we still see a number of very poorly architected native applications being used to protect extremely sensitive information.

    This webcast will discuss some of the core issues relating to native desktop applications, why they are so frequent, and the severe impact that their insecurity can cause.

    In the 2017 threat landscape, we propose that these flaws are not going away, and the industry isn't currently in a position to help developers resolve them effectively.
  • The 2017 Threatscape The 2017 Threatscape Steve Durbin, Managing Director, ISF Ltd Dec 6 2016 2:00 pm UTC 45 mins
    The pace and scale of information security threats continues to accelerate, endangering the integrity of trusted organisations. Although cyberspace offers opportunities for leading organisations, this environment is uncertain and potentially dangerous. It is a place where hacktivists and cybercriminals are honing their skills and governments are introducing new regulation and legislation in response to major incidents and public concerns. Organisations are forced to continually adapt and rapidly respond.

    In this webinar, Steve Durbin Managing Director at the ISF, will discuss the rapidly changing threat landscape, identify the key cyber challenges for 2017 and suggest ways of managing the associated risks.
  • Artificial Intelligence Attacks: The Cyber Arms Race Artificial Intelligence Attacks: The Cyber Arms Race Dave Palmer, Director of Technology Dec 6 2016 3:00 pm UTC 45 mins
    Advances in artificial intelligence are leading to developments in cyber-attack technology, making threats faster and more sophisticated than ever. From smart ransomware through to sophisticated, customized malwares that blend into the network, security teams are struggling to keep up with the new generation of threats. In this cyber arms race, a new approach is needed to identify and respond to AI attacks and other subtle, advanced adversaries. During this webinar, Darktrace’s Director of Technology, Dave Palmer, will examine this challenge and explain why immune system technology, powered by unsupervised machine learning, will be critical in the future of cyber defense.
  • [Video Interview] The Cyber Year in Review: Ian Glover, President, CREST [Video Interview] The Cyber Year in Review: Ian Glover, President, CREST Ian Glover, President, CREST & Josh Downs, Information Security Community Manager, BrightTALK Dec 6 2016 4:00 pm UTC 45 mins
    Join this engaging session as BrightTALK conducts an in-depth interview with Ian Glover, President of CREST.

    It's been a crucial year for cyber security with big breaches and newsworthy hacks. BrightTALK's Information Security Community Manager Josh Downs will be quizzing Ian for his thoughts on the cyber security industry and in particular:

    - The big breaches of 2016 and lessons to be learnt
    - The current threatscape
    - The big vulnerabilities on the horizon
    - Ian's insights into how to keep your company secure in 2017

    We look forward to you joining us for the session.
  • 5 Ways Black Duck Hub Can Improve Open Source Security & Compliance 5 Ways Black Duck Hub Can Improve Open Source Security & Compliance Pat Durante, Senior Director Education Services; John Beaudoin, Senior Instructional Designer; Dave Gruber, VP of Product Dec 6 2016 4:00 pm UTC 60 mins
    During our next customer webinar, we’ll share expert tips and best practices on how to extract maximum value from the latest features available in Black Duck Hub. The new integrations and features help improve both open source security and compliance. You’ll learn how to:

    •Track remediation tasks using the new Hub-Jira integration
    •Leverage new open source discovery techniques for Ruby Gems and Node.js as well as build integrations for Maven/Gradle to improve the accuracy of your open source inventory
    •Customize your notices file so that all open source is properly attributed
    •Leverage the new Hub-Email Extension to push notifications via email
    •Incorporate Hub scanning into your Jenkins pipeline projects
  • Threat Intelligence: Not a Wild Goose Chase Threat Intelligence: Not a Wild Goose Chase Rob Gresham, Senior Consultant, Intel Security Dec 6 2016 7:00 pm UTC 60 mins
    Hashes, IPs, domains, oh my, what am I to do with all this data? Analyze it. For threat intelligence to provide the proper context, you need to understand your audience and the requirements for intelligence consumption. Open source intelligence provides a capability for collecting intelligence data, but without analysis and requirements, collection efforts could produce a wild goose chase and provide little value.

    In this webinar, Rob Gresham, Senior Consultant with Intel Security, will cut to the chase to answer relevant questions such as:

    • Do I have data in the dark web and is it being sold?
    • What are my greatest risks and are they exploitable?
    • Has that exploit been used?

    Rob will discuss the contextual threat intelligence process, and share tips and tools that will help you make threat intelligence actionable beyond just the bits and bytes.
  • The Secrets of Staying Ahead of the Bad Guys The Secrets of Staying Ahead of the Bad Guys Smrithi Konanur, Global Product Manager at HPE Security & Priyank Kumar, Sr. Product Management at HPE Security Dec 6 2016 9:00 pm UTC 60 mins
    With continued improvements in payments security through technologies such as P2PE and EMV, the PCI community has been effective at combating crime in a wide variety of traditional retail environments. As the use of stolen or fraudulent cards for in-person transactions becomes more difficult, however, criminals are increasingly shifting their focus to online activities, and the rapidly growing mobile payment sector. To stay ahead of the bad guys, merchants need solutions that are designed to reliably protect payment data within their environment, and reduce PCI scope without impacting business processes.

    Join this webinar to learn why any business that wants to remove sensitive data from their databases should understand these strategies on how they can eliminate exposure to cardholder data, reduce risks and PCI audit costs. You will learn:

    •How the threat landscape is evolving
    •What the attackers are doing differently
    •How to stay ahead of cyber thieves, while neutralizing the risk of payment data breaches
    •What is necessary to secure all e-commerce and mobile transactions
    •How to enable innovation and business growth while maintaining strong data protection
  • PowerShell Audit Logging: Catch Intruders Living off the Land PowerShell Audit Logging: Catch Intruders Living off the Land Randy Franklin Smith: Windows Security Subject Matter Expert. Greg Foss: Sr. Security Research Engineer, LogRhythm, Inc. Dec 7 2016 12:00 am UTC 90 mins
    PowerShell is like nuclear fission—it’s powerful, and it can be used for good and evil. The bad guys love to exploit PowerShell for at least three reasons:

    1. It’s already installed on most versions of Windows.

    2. It’s powerful. You really can do just about anything in PowerShell—even call into the Win32 API if enabled.

    3.There are no EXEs or DLLs to upload.

    Lee Holmes (Microsoft’s PowerShell extraordinaire) will be joining me to show you how to catch intruders exploiting PowerShell to their own ends.

    First, we will provide a brief overview of PowerShell security capabilities especially enhancements in PowerShell 5.0t. There are some really good preventive steps you can take to limit your exposure to PowerShell-related risks. And PowerShell 5.0 is available on Windows 2008 R2 SP1 and Windows 7 SP1 and up, so this isn’t vaporware.

    Then we will zero in on the auditing capabilities in PowerShell. We’ll show you how to enable PowerShell logging so that you get events for every script block executed. We’ll show you sample events and discuss how to interpret them, how to filter the noise and more.

    I’ll also briefly point out some less powerful, but easy-to-implement techniques for just detecting the use of PowerShell itself using Process Tracking events. This can be useful for highly controlled endpoints where use of PowerShell at all is very limited and easy to recognize if PowerShell is being used in an unusual way.

    Of course producing valuable audit data is one thing. Collecting, analyzing and alerting on it is another. And that’s where our sponsor, LogRhythm, comes in. The security experts at LogRhythm have been following the increased exploitation of PowerShell by the bad guys and been publishing their own tips on how to combat. Greg Foss will briefly demonstrate LogRhythm’s built-in knowledge of PowerShell and its ability to correlate PowerShell events with all the other security intelligence LogRhythm collects from your enterprise.
  • Adding Intelligence to Investigations (Focus on data breach investigations) Adding Intelligence to Investigations (Focus on data breach investigations) Stuart Clarke, CTO, Cybersecurity, Nuix; John Douglas, Technical Director, First Response Dec 7 2016 6:00 am UTC 60 mins
    Data volumes are growing in both size and complexity; we have increasingly less control and awareness of the data we hold. In this session, we will highlight the benefits of information governance practices enabling organisations to build intelligence about their own data and identify their critical information assets. In the event of a data breach or security incident, this information provides actionable intelligence, allowing you to discover and respond to an incident before the matter escalates into a crisis.

    Key takeaways:
    1. Understand the basic principles required to understand your data
    2. See how leveraging intelligence can get you to the answer faster
    3. Extract hidden links and relationships with analytics

    Join Nuix and (ISC)² on Dec 07 (Wed) at 02:00p.m. (Singapore time) in learning how to add intelligence to investigations (focus on data breach investigations).

    Presenters:
    - Stuart Clarke, Chief Technical Officer, Cybersecurity, Nuix
    - John Douglas, Technical Director, First Response

    Moderator:
    SC Leung, CISSP, CCSP, CISA, CBCP;
    Member, Asia-Pacific Advisory Council, (ISC)²
  • El panorama de las amenazas-Resumen del año y un vistazo a lo que está por venir El panorama de las amenazas-Resumen del año y un vistazo a lo que está por venir Ramsés Gallego - Symantec Strategist Dec 7 2016 8:00 am UTC 60 mins
    Por desgracia, el 2016 ha sido otro mal año para la seguridad informática. Si bien nuestro enfoque se centró en el aumento de las amenazas para los dispositivos del Internet de las cosas, a lo largo del año aparecieron diferentes amenazas de malware y varios eventos importantes en materia de seguridad. Todo esto tendrá una gran relevancia en el próximo año.

    Nuestro webcast analizará el panorama de las amenazas en 2016 y se centrará en los aspectos a recordar ante la llegada del 2017.

    Inscríbase ahora.
  • Il panorama delle minacce-retrospettiva sull'ultimo anno e uno sguardo al futuro Il panorama delle minacce-retrospettiva sull'ultimo anno e uno sguardo al futuro Antonio Forzieri, Global Cyber Lead Dec 7 2016 9:30 am UTC 60 mins
    Anche quest’anno la sicurezza informatica ha subito duri attacchi. L'attenzione verso le minacce che mirano ai dispositivi IoT è alta, ma nel corso dell'anno ci sono stati numerosi altri eventi negativi per la sicurezza e si sono diffusi nuovi malware. Tutto questo avrà ripercussioni sull’anno che sta per cominciare.

    Questo webcast riesamina il panorama delle minacce 2016 considerando anche tutto ciò che è importante ricordare mentre avanziamo verso il 2017.

    Registrati subito.
  • It’s My Life but I no Longer Have Control Over it! It’s My Life but I no Longer Have Control Over it! Simon Bryden, Consulting Systems Engineer Dec 7 2016 10:00 am UTC 45 mins
    We all know that technology plays a role in our everyday life but do you know the extent of that role? Advertising tells us to spend more and more of our life online and embrace technology in our homes, cars and everywhere else a microchip can be placed.

    But nowhere is there a message about the consequences of the misuse of that technology. 2016 has seen a rise in the number of incidents involving ransomware, IoT, and simply well intentioned connectivity gone wrong. That momentum is set to continue into 2017 and beyond.

    Although past performance does not guarantee future results, this session will focus on what we have seen this year and what we expect to see in the near future.
  • The Threat Landscape – Cybersecurity Trends in 2016 and Beyond The Threat Landscape – Cybersecurity Trends in 2016 and Beyond Sian John (Chief Strategist) - Symantec Dec 7 2016 11:00 am UTC 45 mins
    We’re starting to see the refining of techniques that have been built over a number of years. The past 5 years have been dominated by ransomware and economic espionage. While they haven’t gone away, cybercrime has gotten bigger and bolder and the financial rewards have gotten much bigger. Cyber attacks have also started to become a part of the political landscape which has been particularly evident during US election where we have seen them being used for subversive purposes.

    This webcast will review the threat landscape of 2016 with a focus on what we need to remember as we move into 2017.