Hi [[ session.user.profile.firstName ]]

Security Metrics That Matter: Improving Visibility and Effectiveness

Security metrics for improving management have long been an issue of discussion and debate across the industry. Some experts and practitioners contend that we need these key indicators if we’re ever going to drive down real-world risk, while others think that the concept can’t be applied practically
Security metrics for improving management have long been an issue of discussion and debate across the industry. Some experts and practitioners contend that we need these key indicators if we’re ever going to drive down real-world risk, while others think that the concept can’t be applied practically. Some experts feel that we just haven’t found the right numbers to measure security effectiveness yet.

Count RedSeal Networks among the final group… although we think that we’ve made some important headway in helping organizations unearth those figures that will actually allow them to better trend and improve their rates of success.

Expanding on his sold-out keynote at Security BSidesSD, join RedSeal CTO Dr. Mike Lloyd for a webcast: Security Metrics that Matter
As part of his presentation Dr. Mike will outline:

•Why previous metrics efforts have under-delivered
•The need to tie measurement to underlying business value
•How you can build metrics that truly measure effectiveness

As an added bonus, we’ll also release the results of our in-booth RSA survey: “Panning for Gold in the Avalanche: Security Pros Still Searching for Metrics”

Don’t miss this chance to hear this compelling new research that surfaces the opinions that you and your colleagues at RSA shared with us.

Hear about your peers’ current level of visibility into network access and risk exposure, the desire for new security metrics, and how RedSeal can help.
Recorded Apr 26 2012
56 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Dr. Mike Lloyd, CTO, RedSeal Networks
Presentation preview: Security Metrics That Matter: Improving Visibility and Effectiveness
Recommended for you:
  • Date
  • Rating
  • Views
  • Dynamic Analysis of Android Apps - Attacking Android Apps from the Inside Dynamic Analysis of Android Apps - Attacking Android Apps from the Inside Erez Metula, Founder, AppSec Labs Recorded: May 25 2016 49 mins
    Dynamic analysis of android apps is all about analyzing apps in real time, for the purpose of detecting application level vulnerabilities and for the sake of manipulating applications while they execute. It is often used as a last resort due to its complexity, when other pentesting techniques mainly focused on static analysis are not enough. Common usages of dynamic analysis are extraction of sensitive data from application memory variables, stealing encryption keys, manipulating signature mechanisms and so on.

    During this talk we will focus on memory dumps, remote debugging, small debugging, native debugging, usage of ReFrameworker platform and other interesting things.

    This talk is based on a similar chapter as part of the Android application hacking course given by the speaker at recent BlackHat USA 2015
  • PCI DSS: Preventing Costly Cases of Non Compliance PCI DSS: Preventing Costly Cases of Non Compliance Mathieu Gorge, VigiTrust; Terence Spies, HPE Security – Data Security; Derek Brink, Aberdeen Group; Dan Fritsche, Coalfire Recorded: May 24 2016 62 mins
    There is a substantial cost associated with reaching and maintaining PCI DSS compliance requirements, but the cost of non-compliance is often much greater. While the initial cost of the technology, staff and other resources necessary to implement satisfactory controls has its price tag, it is vital that all organizations affected by the PCI standard consider both the short and long-term costs of non-compliance as well as the benefits to meeting the requirements.

    This is especially important as PCI DSS evolves and increase in complexity as the standard moves towards becoming a federal regulation. The costs of non-compliance can far exceed the cost of systems to bring a company into compliance, as demonstrated by so many high profile data breaches. Join this executive panel as we discuss ways to prevent costly cases of non compliance with PCI DSS.
  • PCI DSS: Preventing Costly Cases of Non Compliance PCI DSS: Preventing Costly Cases of Non Compliance Mathieu Gorge, VigiTrust; Terence Spies, HPE Security – Data Security; Derek Brink, Aberdeen Group; Dan Fritsche, Coalfire Recorded: May 24 2016 62 mins
    There is a substantial cost associated with reaching and maintaining PCI DSS compliance requirements, but the cost of non-compliance is often much greater. While the initial cost of the technology, staff and other resources necessary to implement satisfactory controls has its price tag, it is vital that all organizations affected by the PCI standard consider both the short and long-term costs of non-compliance as well as the benefits to meeting the requirements.

    This is especially important as PCI DSS evolves and increase in complexity as the standard moves towards becoming a federal regulation. The costs of non-compliance can far exceed the cost of systems to bring a company into compliance, as demonstrated by so many high profile data breaches. Join this executive panel as we discuss ways to prevent costly cases of non compliance with PCI DSS.
  • How secure is your Office 365 deployment? How secure is your Office 365 deployment? Teresa Law, Sr. Product Marketing Manager, Symantec & Sunil Choudrie, Solutions Marketing Manager, Symantec Recorded: May 24 2016 60 mins
    Are you concerned about securing your users and data in cloud based collaboration applications like Office 365? You’re not alone. Over 35% of Microsoft Exchange installed base is now on Office 365. Many of these enterprises are actively seeking to extend the same level of security and consistent policies they have in place for existing on-premise and cloud applications, to Office 365.

    Join us for this webcast where we tackle the challenge of securing Office 365 head on and show you how your organization can take Office 365 security to a new level.

    Agenda:

    • Shield Email From Phishing, Sophisticated Malware and Spam
    • Neutralize Advanced Threats and Targeted Attacks
    • Safeguard Your Sensitive Data
    •Control Access with Strong Authentication
  • How secure is your Office 365 deployment? How secure is your Office 365 deployment? Teresa Law, Sr. Product Marketing Manager, Symantec & Sunil Choudrie, Solutions Marketing Manager, Symantec Recorded: May 24 2016 60 mins
    Are you concerned about securing your users and data in cloud based collaboration applications like Office 365? You’re not alone. Over 35% of Microsoft Exchange installed base is now on Office 365. Many of these enterprises are actively seeking to extend the same level of security and consistent policies they have in place for existing on-premise and cloud applications, to Office 365.

    Consider these statistics from IDC:

    • Over 50% enterprises have users that access their Office 365 applications using unmanaged mobile devices
    • Over 90% of threats to enterprises emanate from email
    • 65% of threats go undetected for weeks/months

    IT administrators lose traditional visibility and control when enterprises move email, content creation, file sharing, and collaboration to the cloud; making it harder to detect inappropriate behavior. This makes it critical for organizations to extend the basic security capabilities of Office 365 and ensure consistency in the level of security across all their cloud services.

    Securing cloud applications like Office 365 is a shared responsibility between the cloud service provider and the tenant. Analysts like Gartner and IDC recommend assessing third party security products as a best practice in a comprehensive Office 365 security framework.

    Join us for this webcast where we tackle the challenge of securing Office 365 head on and show you how your organization can take Office 365 security to a new level.

    Learn how to enhance your Office 365 security to:

    • Shield Email From Phishing, Sophisticated Malware and Spam
    • Neutralize Advanced Threats and Targeted Attacks
    • Safeguard Your Sensitive Data
    •Control Access with Strong Authentication

    Symantec can help your organization enhance your security for Office 365 while enabling employee collaboration and productivity. Let us show you how!
  • Dell SonicWALL’s ‘Secure Mobile Access’ Raises the Bar! Dell SonicWALL’s ‘Secure Mobile Access’ Raises the Bar! Steven Sanderson – WW SMA Product Marketing Manager Mark Hewett – WW SMA Product Manager Recorded: May 24 2016 30 mins
    See how it’s possible to give end-users fast, simple access to enterprise applications, data and resources – without compromising your security.

    In this live webinar, you’ll hear from two Dell Security solution experts on how you can manage the proliferation of devices in your workplace.

    During the interactive session, you’ll see how to:
    • Ensure only authorized users and approved devices are granted access to your business network
    • Quickly and easily provision secure mobile access and role-based privileges
    • Keep company data secure in-flight and at rest on devices
  • Secure Mobility: How to Best Protect Your Data Secure Mobility: How to Best Protect Your Data Florian Malecki, Dell SonicWALL & Amar Singh, Founder and CEO, Cyber Management Alliance Recorded: May 24 2016 57 mins
    Today's workforce is mobile, with employees demanding access to more resources from more remote devices and platforms than ever before. Global networks connect employees, partners and customers over multiple Internet, intranets and VoIP channels. Even the smallest organization is now competing globally. IT organizations are struggling to keep up with mobile worker demand for access to more resources from more device types without compromising security and data.

    Join this panel discussion where info security leaders Florian Malecki and Amar Singh will be covering how you can get ahead of the next wave of mobile access and security challenges.
  • GDPR Summary:  Why encryption and other measures are now a must? GDPR Summary: Why encryption and other measures are now a must? Adrian Davis, MD (ISC)² EMEA; Jason Hart, CTO Gemalto; Tom De Cordier, Lawyer and Partner, CMS DeBacker Recorded: May 24 2016 62 mins
    Until recently, EU data protection laws mainly focused on data subject consent, proportionality, purpose limitation, transparency, etc. Information security, however, was very often deemed to be an area for the techies, not an area of legal compliance.
    This will change as a result of two recent and major pieces of EU legislation: the General Data Protection Regulation (GDPR) and the Network and Information Security Directive (NIS Directive).
    Under the GDPR and the NIS Directive, businesses and operators of essential services (eg. hospitals; airports; etc.) will have to implement robust information and system security measures. In addition, the new rules contain a new name-and-shame mechanism: businesses and operators will have to inform the relevant authorities of security incidents. And they will have to inform the affected data subjects, unless the affected data were rendered unintelligible (for example by means of encryption).
    Finally, the EU wants the new data protection rules to become a board-level issue and it has therefore decided to make the rules subject to hefty fines:
    •If a business fails to comply with its data security obligations under the GDPR, it may get a fine of up to 10,000,000 EUR or 2 % of its total worldwide annual turnover, whichever is higher.
    •Worse even, if a business is found to be in breach of certain other obligations under the GDPR, the fine may go up to a dazzling 4 % of its total worldwide annual turnover.
    During this webinar, you will learn from Jason Hart, CTO at Gemalto and Tom De Cordier, an expert in data protection and information security law at CMS in Brussels, what the new rules mean in practice and what businesses should do to bring themselves in line with the upcoming requirements.
  • GDPR Summary:  Why encryption and other measures are now a must? GDPR Summary: Why encryption and other measures are now a must? Adrian Davis, MD (ISC)² EMEA; Jason Hart, CTO Gemalto; Tom De Cordier, Lawyer and Partner, CMS DeBacker Recorded: May 24 2016 62 mins
    Until recently, EU data protection laws mainly focused on data subject consent, proportionality, purpose limitation, transparency, etc. Information security, however, was very often deemed to be an area for the techies, not an area of legal compliance.
    This will change as a result of two recent and major pieces of EU legislation: the General Data Protection Regulation (GDPR) and the Network and Information Security Directive (NIS Directive).
    Under the GDPR and the NIS Directive, businesses and operators of essential services (eg. hospitals; airports; etc.) will have to implement robust information and system security measures. In addition, the new rules contain a new name-and-shame mechanism: businesses and operators will have to inform the relevant authorities of security incidents. And they will have to inform the affected data subjects, unless the affected data were rendered unintelligible (for example by means of encryption).
    Finally, the EU wants the new data protection rules to become a board-level issue and it has therefore decided to make the rules subject to hefty fines:
    •If a business fails to comply with its data security obligations under the GDPR, it may get a fine of up to 10,000,000 EUR or 2 % of its total worldwide annual turnover, whichever is higher.
    •Worse even, if a business is found to be in breach of certain other obligations under the GDPR, the fine may go up to a dazzling 4 % of its total worldwide annual turnover.
    During this webinar, you will learn from Jason Hart, CTO at Gemalto and Tom De Cordier, an expert in data protection and information security law at CMS in Brussels, what the new rules mean in practice and what businesses should do to bring themselves in line with the upcoming requirements.
  • Social Engineering: Is that a Pwn Plug in Your Pocket? Social Engineering: Is that a Pwn Plug in Your Pocket? Peter Wood Recorded: May 24 2016 44 mins
    Most organisations are surprised by the ease with which social engineering defeats their security. The human factor provides a simple and effective route to bypass even the best hardware and software security controls, yet is commonly overlooked or considered too difficult to solve. Peter will share a number of real examples to reinforce his opinion: as more and more data breaches are published, perhaps it’s time to become creative and strengthen the human firewall.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Security Metrics That Matter: Improving Visibility and Effectiveness
  • Live at: Apr 26 2012 10:00 pm
  • Presented by: Dr. Mike Lloyd, CTO, RedSeal Networks
  • From:
Your email has been sent.
or close
You must be logged in to email this