Browse communities
Browse communities
Presenting a webinar?

Managing Insider Threats: EC-Council CISO Summit Panel Session

Ira Winkler, Eric McKim, Steven Fox, Rick Moy, Anthony Meholic, Joe McCray
Despite the hype of malicious hackers, APT, etc, the insider threat is the most costly to organizations. Insiders can cause loss either through malicious or malignant actions, and again, the losses from malignant actions far outweigh the losses from malicious actions. The panel will address the most common underlying vulnerabilities that enable the losses incurred due to insider actions, both malignant and malicious, as well as discuss lessons learned and best practices in attempting to mitigate such losses.


EC-Council CISO Summit Panel Session
Moderator:
Ira Winkler, CISSP, Chief Security Strategist for Codenomicon, and President of the Internet Security Advisors Group

Panelists:
-Eric McKim, Senior Vice President of Cybersecurity and Chief Information Security Officer (CISO) for Business Integra
-Steven Fox, Security Architecture & Engineering Advisor at U.S. Department of the Treasury
-Rick Moy, President & CEO at NSS Labs, Inc.
-Anthony Meholic, Chief Information Security Officer – Republic Bank
-Joe McCray, Founder & CEO at Strategic Security, LLC
Mar 14 2012
60 mins
Managing Insider Threats: EC-Council CISO Summit Panel Session
More from this community:

IT Security

  • Live and recorded (5422)
  • Upcoming (142)
  • Date
  • Rating
  • Views
  • Channel
  • Channel profile
  • Leveraging the Hybrid Cloud for Complete Data Protection Apr 21 2015 5:00 pm UTC 45 mins
    Jayme Williams, Senior Systems Engineer, TenCate
    Jayme Williams, Senior Systems Engineer at TenCate is protecting eight environments across the US and Canada – and each site has different storage. All sites require disaster recovery and backup across the application set. Having one solution would be ideal, but not possible – until they came across Zerto.
    Zerto Virtual Replication is storage agnostic and made it easy to integrate a new site into their disaster recovery plan. Their original business continuity and disaster recovery (BC/DR) plan, affectionately named the “Hit by the bus” book due to its volume, has been greatly simplified and the service levels they are seeing are outstanding – single digit seconds for their recovery point objectives (RPO).

    Finally, they are incorporating public cloud into their IT plans by backing up their applications from their DR site to AWS. With one solution, they can achieve their BC/DR and backup SLA, while reducing costs and introducing public cloud into their IT strategy at a pace that supports changing business requirements.

    With Zerto Virtual Replication:
    •Manage all sites in one pane of glass with one tool for replication and automation of failover, failback and testing processes as well as backup
    •Increase efficiencies with the ability to track and manage consumption across the hybrid cloud
    •Hardware agnostic solution does not require a change in the infrastructure reducing costs
    •Consistency in the BC/DR solution dramatically reduces operational costs
    •Replicates between different types of storage and versions of VMware vSphere making it easy to add new sites to the process
    •Point-in-time recovery enables failover to a previous point to recover from any issue – logical corruption, datacenter outage, etc.
    •Leveraging a public cloud strategy with backups stored in Amazon
  • DDoS Attacks: More Dangerous to You; Never Easier to Launch Apr 21 2015 5:00 pm UTC 45 mins
    Christina Richmond, Program Director, IDC and Joe Loveless, Product Marketing, Neustar
    If your organization cannot afford downtime from DDoS attacks, join this timely discussion from Neustar, with special guest perspective from IDC’s Christina Richmond. Explore the complexity and purpose behind today’s attacks and what you can do to defend your Internet presence. You will learn:

    · What the DDoS threat environment looks like today
    · Why “smokescreening” is a particular danger
    · Where attacks can have impact across your organization
    · How you can take steps to thwart DDoS threats
  • Leveraging Risk, Physical and Cyber Security and Continuity Planning Apr 21 2015 4:00 pm UTC 45 mins
    Eric Kretz, Director, Continuity of Operations (COOP) Division, National Continuity Programs (NCP)
    Generally, risks associated with continuity planning, from physical to cyber-security, are part of an ever-evolving threat to our systems and technologies. Continuity planning is simply the good business practice of ensuring the execution of essential functions through all circumstances, and it is a fundamental responsibility of public institutions and private entities responsible to their stakeholders. What are some of the risks associated with continuity planning? Why is managing risk important for continuity? What are some of the methods used to mitigate risks in continuity planning?

    The COOP presentation will provide an understanding of Continuity and Continuity of Operations, explain the importance of a viable Continuity capability, and emphasize the need for a viable Continuity capability in all organizations, to demonstrate some of the linkages between continuity programs and:

    • Risk Management
    • Physical Security
    • Emergency Management
    • Cyber Security/ Information Technology

    Join us on April 21 as NCP’s senior continuity practitioner shares resilient continuity programs and outreach efforts. Hear from Eric Kretz, NCP, as he talks about Information Integration: Leveraging Risk, Physical and Cyber Security and Continuity Planning.
  • SIEM Detection & Response Cases Apr 21 2015 3:00 pm UTC 30 mins
    Tom Clare, Director, Arctic Wolf
    Before tackling a SIEM project to improve detection and response, learn from these case studies as their scenario likely matches yours. To firebreak your network brings together technologies, processes and people in the right balance across four phases. More than a security point solution or another box, you need to turn craft into a discipline to improve detection and response.

    Learn from your peers about the following:
    - Before environment and issues
    - Transition effort, cost and impact
    - After environment and benefits
    - Best practices for managed SIEM
    - Your network and next steps
  • Webroot’s 2014 Threat Brief Preview Recorded: Apr 16 2015 38 mins
    Grayson Milbourne, Security Intelligence Director
    This presentation provides an overview of the threats against a wide range of organizations and individuals during 2014. This overview is based on research and analysis conducted by the Webroot Threat Research team. The report includes analysis of IP addresses associated with malicious activity, details on the reputation of URLs by category and location, phishing detection statistics, insights into file reputation and encounter rates with malware and PUAs and information on mobile app security for Android devices. All data presented comes from Webroot’s Intelligence Network and was observed during 2014.
  • Next-Generation Security for Amazon Web Services Recorded: Apr 16 2015 37 mins
    Matt Keil, Product Marketing, Palo Alto Networks
    Public cloud computing resources such as Amazon Web Services (AWS) are helping organizations like yours develop and deploy new applications rapidly; expand into geographic regions seamlessly and extend competitive advantages. Cyber criminals are well aware of the rapid expansion into the public cloud and are looking for weaknesses in your security posture. Don’t let them find one. The VM-Series for AWS, allows you to securely extend your corporate datacenter into AWS, using our next-generation firewall and advanced features to protect your data while native management features ensures policies keep pace with the changing to your applications.

    In this webinar, attendees will learn:
    - Common customer use cases for AWS
    - Key security challenges and considerations
    - How the VM-Series can protect your AWS environments
  • Improve Threat Detection with OSSEC and AlienVault USM Recorded: Apr 15 2015 60 mins
    Garrett Gross, Sr. Technical Product Marketing Manager, Bjorn Hovd, Systems Engineer
    Host-based IDS systems, or HIDS, work by monitoring activity that is occurring internally on a host. HIDS look for unusual or nefarious activity by examining logs created by the operating system, looking for changes made to key system files, tracking installed software, and sometimes examining the network connections a host makes. AlienVault USM features a complete integration of OSSEC, one of the most popular and effective open source HIDS tools.

    In this live webinar, we'll show you how USM helps you get more out of OSSEC with:
    Remote agent deployment, configuration and management
    Behavioral monitoring of OSSEC clients
    Logging and reporting for PCI compliance
    Data correlation with IP reputation data, vulnerability scans and more
    We'll finish up by showing a demo of how OSSEC alert correlation can be used to detect brute force attacks with USM
  • Surfacing Critical Cyber Threats Through Security Intelligence Recorded: Apr 15 2015 62 mins
    Dr. Sameer Bhalotra, Former White House Director; Chris Petersen, CTO; Robert F. Lentz, Former CISO for the Dept of Defense
    The rapidly expanding supply chain supporting the cybercrime economy is empowering cyber criminals, cyber terrorists and even nation states in ways that put companies, critical infrastructure and governments at increased risk. The fate of an organization whose defenses have been compromised will be determined by the speed with which they can detect and respond to intruders. A mature security intelligence posture boosts an organization’s resiliency amidst these advanced threats. If intruders are detected early in their lifecycle, organizations can respond quickly and potentially avoid loss altogether.

    In this webinar, three cyber security veterans will discuss today’s rapidly evolving cyber threat landscape and LogRhythm’s new Security Intelligence Maturity Model™ (SIMM). They will explore how the SIMM provides organizations with a framework to plan for continuous reduction in their mean-time-to-detect (MTTD) and mean-time-to-respond (MTTR) to high-impact threats.

    Learn about:
    • Emerging cyber threat vectors in 2015.
    • Security Intelligence and the critical role it plays in addressing high-impact threats
    • Using the SIMM to assess your current Security Intelligence Maturity
    • How to move from “greatly exposed” to “highly resilient” via End-to-End Threat Lifecycle Management
  • What You Don't Know about Cryptography and How It Can Hurt You Recorded: Apr 14 2015 50 mins
    Chuck Easttom, Computer Scientist, Author, and Inventor
    This presentation describes the gaps in most security professionals knowledge of crypto, why that is a problem, and how you can correct it.
  • The Dark Side of Anonymizers: Protect Your Network from the Unknown Recorded: Apr 14 2015 44 mins
    Joanna Burkey, DVLabs Manager, HP TippingPoint
    While anonymizers can serve a positive purpose by protecting a user’s personal information by hiding their computer’s identifying information, their use in your network environment can be dangerous. Anonymizers can evade enterprise security devices, and their misuse can make your organization susceptible to malware and unwanted intrusions. Attend this session to learn how you can detect and block elusive anonymizers from wreaking havoc on your network.
  • Industrial Control Systems Cyber Security: It’s Not All About Stuxnet Recorded: Apr 14 2015 46 mins
    Dr Daniel Trivellato, Product Manager, SecurityMatters
    Recently cyber attacks against Industrial Control Systems (ICS) used by
    utilities and other Critical Infrastructure organizations have hit the
    newlines worldwide. Stuxnet is the best known cyber attack against an
    industrial installation, but it's not the only one.

    But what if cyber attacks were not the biggest threat to industrial
    networks and systems? Although malware is still a major point of
    interest, the sword of Damocles for critical industrial networks is
    represented by system misuse performed by disgruntled employees,
    contractors and vendors, as well as unintentional mistakes,
    network and system misconfiguration; all this could lead to the
    divergence or failure of critical processes.

    In this talk we will reshape the concept of ICS cyber security and will present our vision for a comprehensive approach to cyber security for ICS.
  • All About the Thousands of 2014 Vulnerabilities - From Secunia Research Recorded: Apr 14 2015 43 mins
    Kasper Lindgaard, Director of Research and Security, Secunia
    Every year, Secunia Research releases a review of the global vulnerability landscape, based on their large vulnerability database and data from the Secunia Personal Software Inspector (PSI) user base.

    The data in this research provides security professionals around the world with perspective on the impact and evolution of the threat landscape and what has trended throughout the year.

    In this webinar, Secunia’s Director of Research and Security Kasper Lindgaard will discuss the data presented in the Secunia Vulnerability Review 2015 and answer questions.

    The review itself was released on March 25.

    You can download a copy of the review on our website:

    www.secunia.com/VR2015

    Key takeaways:

    - The number of vulnerabilities and zero-days detected in 2014

    - How quick vendors are to respond to vulnerabilities

    - Which programs are more vulnerable

    - How products bundled with open source applications and libraries affect security
  • It Wasn't Me, It Was Bennett Arron Recorded: Apr 14 2015 29 mins
    Bennett Arron, Comedian, Author & Identity Theft Speaker
    Several years ago, award-winning writer and stand-up comedian Bennett Arron was in serious debt. He owed thousands of pounds to mobile phone companies, catalogues and department stores. Only it wasn’t him. Bennett was a victim of Identity Theft, the fastest growing crime in the UK. This theft resulted in Bennett and his pregnant wife becoming penniless and homeless.

    Years later, Bennett wrote a comedy show about his experience. The show was critically acclaimed at the Edinburgh Festival and led to Bennett being asked to direct and present a Documentary for Channel 4. The Documentary, How To Steal An Identity, was Pick of The Week in The Guardian and The Telegraph and was called ‘Fascinating and Disturbing’ by the TV Times. It went on to be shortlisted for a BAFTA.

    In the Documentary, Bennett proved the ease of ID theft, by first stealing the identities of the general public and then stealing the identity of the then Home Secretary, Charles Clarke.This action resulted in Bennett being arrested in a dawn raid by Scotland Yard and given the code-name Operation Hydrogen.

    Bennett has recently written a memoir on the subject. This book, which has received several 5 star reviews, is not only a disturbingly true yet funny account of what it's like to have your identity stolen and but also reveals the devastating consequences of making a documentary ‘in the public interest’.

    He has performed as a speaker at many corporate events around the world and he was the Guest Speaker at the International Fraud Convention in Italy, the International Congress On Anti-Fraud & Anti-Corruption in Poland (twice) and the opening keynote speaker at Auscert in Australia.

    Bennett has been called... 'A Welsh Seinfeld' by The Guardian, 'Genuinely Original and Funny' by The Times and ‘Case Number 2477419’ by The Metropolitan Police.
  • Visualize Data for Actionable Insight into Your B2B Processes Recorded: Apr 12 2015 2 mins
    OpenText DEMO
    An overview of how businesses can gain visibility into B2B transactions to speed decision-making, respond to changing customer and market demands, and optimize business processes.
  • Discover how to simplify your LMS Experience -LearnFlex SimplifyDPS Recorded: Apr 12 2015 47 mins
    Joel Kristensen, Solutions Consultant, OpenText
    LearnFlex Learning Management Solution (LMS) enables your organization to create and share knowledge in a simple, automated, and integrated way. LearnFlex makes the process of automating, tracking, managing, and reporting on all aspects of your enterprise-level learning initiatives easier—all while demonstrating a clear return on investment.
  • Designing an Effective IPv6 Addressing Plan Recorded: Apr 10 2015 44 mins
    Tom Coffeen, Chief IPv6 Evangelist
    The developed world's global Internet registries have officially depleted their supply of free IPv4 addresses. IPv6 is not just the future—it’s already here (65% of Verizon’s traffic is over IPv6!). Some organizations even have their IPv6 allocations already. But since a single site assignment in IPv6 contains 1 trillion, trillion, addresses (or 279 trillion Internets!), designing an effective plan can be both intimidating and unnecessarily time consuming. With that many addresses, where do you start? Join us for this webinar as Tom Coffeen, Infoblox IPv6 evangelist and O'Reilly author of IPv6 Address Planning, discusses how to design, deploy, and successfully adopt an effective IPv6 addressing plan. Both IPv4 exhaustion and IPv6 adoption are real and happening now. Take the first step to realizing an effective IPv6 address plan and adoption strategy, and watch this webinar today.
  • Is your email running rogue? Leverage your DM to start managing your email Recorded: Apr 10 2015 58 mins
    Larry Roy, Senior Director, Product Management, OpenText, and Stevan Quincy, Senior Solutions Consultant, OpenText
    Email exchange is the biggest source of content production in any enterprise and its management is usually left in the hands of the senders and receivers as to what to save, archive, or delete. From an IT perspective operating this way is unsustainable as email volumes continue to grow. OpenText eDOCS experts explain how integrating email with your eDOCS content repository will speed up your discovery process and ease the burden on your IT resources.
  • From the Front Lines: The Top 10 DNS Attacks Recorded: Apr 9 2015 31 mins
    Srikrupa Srivatsan, Sr. Product Marketing Manager, Infoblox
    More than 75% of organizations in the U.S. and U.K. have experienced at least one DNS attack according to SC Magazine. DNS Attacks are increasing in frequency and evolving constantly. They range from common amplification, reflection, and flood attacks to more sophisticated and stealthier types. These might have fancy names like random subdomain, phantom domain, and domain lock-up, but their effects on DNS are far from pretty. Join this webinar as we reveal the top 10 attacks on external and internal DNS servers; and the impact they have on your operations.
  • Optimize Customer Signup Flows Online and in Your Mobile App Recorded: Apr 9 2015 48 mins
    Chris Morton, President, Block Score; Lisa Aguilar, Marketing Manager, Jumio; James Bickers, Sr Editor, Networld Media
    In today’s online and mobile environment, financial service organizations are struggling to comply with a multitude of regulatory requirements that impede online and mobile customer signups. What is the best way to signup customers while still complying with regulations and mitigating fraud?

    Join us for a live webinar, “Optimizing customer signup flows in your mobile and web channels” and listen in as experts in ID authentication and identity verification discuss various strategies that will help you:

    · Quickly and safely signup customers through your mobile and online channels
    · Remain compliant with regulatory requirements without adding additional operational overhead
    · Reduce customer sign-up abandonment

    Don’t lose another customer because you can’t offer a real-time sign-up process through your online and mobile channels. Join us and learn how to optimize your sign-up flows, and enable anytime, anywhere through any digital channel customer account opening.
  • Looking Forward to HIMSS 2015: What are the latest trends? Recorded: Apr 8 2015 49 mins
    Lysa Myers, Security Researcher III, ESET North America
    ESET security researcher Lysa Myers discusses developments in healthcare IT system security that you may see at the HIMSS conference in Chicago next week. Find out what is being done to better protect patient data privacy and more.
Your Resource for Information Security Trends & Education
With over 200,000 members, the Information Security Community is the largest community of infosec professionals in the industry. Let's build a network that connects people, opportunities, and ideas. If you are involved in purchasing, selling, designing, marketing ... or using information security solutions - this group is for you. Covered topics include compliance, encryption, anti-virus, malware, cloud security, data protection, hacking, network security, virtualization, and more.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Managing Insider Threats: EC-Council CISO Summit Panel Session
  • Live at: Mar 14 2012 7:00 pm
  • Presented by: Ira Winkler, Eric McKim, Steven Fox, Rick Moy, Anthony Meholic, Joe McCray
  • From:
Your email has been sent.
or close
You must be logged in to email this