Identity is the New Perimeter - Part II The Role of Content and Context
While traditional Identity and Access Management (IAM) solutions allow
control to access to key applications and information, they do not control
what an individual does once they get the information. Soft skill efforts
such as data classifications and information protection policies are still
critical, and provide a valuable foundation of your protection strategy,
but what tactics and technologies do they require to support the rest of
your efforts? Join (ISC)2 and CA Technologies for part 2 of our Security
Briefings series on August 30th at 1pm Eastern where content expert Sumner Blount discusses with moderator Brandon Dunlap and the audience these topics and presents case studies on IAM and content control.
Anurag Kahol, CTO, BitGlass; Adam Gordon, CISSP, CISO/CTO, New Horizons Computer Learning Center; Brandon Dunlap, Moderator
As more companies jump on the cloud bandwagon and migrate core services to cloud apps like Office 365, native app security has proved lacking. Enter Cloud Access Security Brokers. CASBs augment corporate identity and access controls to Cloud services, enabling better visibility, more granular data security, threat protection and compliance. What are the best strategies when making the move to public cloud applications? Join Bitglass and (ISC)2 on December 3, 2015 at 1:PM where we will discuss CASBs and how they can help secure cloud apps like Office 365.
Dan Kennedy, Research Director for Information Security at 451 Research
Last year we spoke about enterprise perceptions towards advanced persistent threats, or as 451 Research terms them adaptive persistent threats. The acknowledgement that there are threat classes that can not be rebuffed by preventative security controls has led to a refocus on security monitoring for many enterprise heads of information security, but the approach is not without its challenges, including notably complexity and manpower. Join Dan Kennedy, Research Director for Information Security at 451 Research on November 10, 2015 to review portions of two end user studies on enterprise perception towards major security monitoring platforms: SIEM and IDS/IPS. The presentation will draw on results of over two thousand surveys conducted with enterprise information security managers.
Javvad Malik CISSP®, Security Advocate, Alien Vault
I used to be a security professional, but even my boss didn’t remember my name. My brilliant ideas weren’t listened to, I was never invited to speak at conferences and not even my mother visited my blog." In this talk, we've distilled the key skills and traits taken from personal experience as well as industry professionals to present strategies you can employ to increase your stock internally within an organization as well as within the industry. Simply being hard working and skilled in your job is not enough.
Ismael Valenzuela, IR Technical Practice Mgr, Foundstone; Mat Gangwer, Rook Security; Jack Walsh, ICSA Labs;
While some indicators of compromise (IoCs) can be incredibly helpful in gaining visibility into the details and breadth of a breach, others can be noise. How do you decipher the difference between the good, the bad and the just plain ugly? Join Intel Security and (ISC)2 on November 5 at 1:00PM Eastern for a discussion on IoCs as we discuss what threat intelligence provides the most value along with where IoCs are going and should go next to better enable investigations and defend organizations.
Dave Lewis, CISSP, Global Security Advocate, Akamai Technologies
This talk will examine the tools, methods and data behind the DDoS attacks that are prevalent in news headlines. Using information collected, the speaker will demonstrate what attackers use to cause their mischief and mayhem and examine the timeline and progression of attackers as they move from the historical page defacers to the motivated DDoS attacker. We'll also look at motivations and rationale to detect patterns and build better protections.
It’s probably not too often that you’ll get this perspective. Star Wars was really all about information disclosure threats! You’ll want to find out more as noted presenter and author Adam Shostack, references one of George Lucas’ epic sagas to deliver lessons on threat modeling. Not only was the Death Star badly threat modeled, the politics between Darth Vader and Gran Moff Tarkin distracted incidence response after the plans were stolen. This session will provide you with proven foundations for effective threat modeling as you develop and deploy systems. Adam will help you understand what works for threat modeling and how various approaches conflict or align. The force is strong with this session.
Jim Taylor, Oracle; Darin Reynolds, John Carnes, Brandon Dunlap, Moderator
By 2020, more than 7bn inhabitants of Earth will be using over 35bn devices to communicate, collaborate, negotiate and perform transactions.
To put it into perspective, there are only about 8.7bn connected devices now.
The surge will come quickly and organizations will scramble to take advantage of monetizing this digitally connected world. Identities are at the forefront as the digital passport to an online world of goods and services because a single view of an individual customer is the key to knowing that person better and building a deeper personal and business relationship with them. Join Oracle and (ISC)² on October 8, 2015 at 1:00PM Eastern to learn about the new identity economy.
Michelle Waugh, VP Security Solutions, CA Technologies; Brandon Dunlap, Brightfly
Rarely has the landscape of security changed as dramatically as in the past year. Applications are now rightfully driving security strategy across organizations of all sizes. Attacks against your critical systems and information are more insidious than ever before. Your customers are demanding access from a variety of devices, across access channels, along with a consistent, intuitive, and convenient user experience. If that wasn't enough, you need to engage with your developer communities to help build those complementary solutions that you need to grow your business. Join CA Technologies for this first part of a six-part webcast series on September 17, 2015 at 1:00PM Eastern to learn how security leaders can rise to the top of the pack by leveraging these new realities, and grow their business through an innovative security vision and strategy.
Torry Campbell, CTO, Endpoint & Mgmt Tech Intel; JJ Thompson; Rook Security; Michael Cloppert, Chief Analyst, Lockheed Martin
Emergency responders often talk about the "Golden Hour", the period of time where there is the greatest likelihood that prompt attention will mitigate impact and damage. The same holds true for the Cyber Attack Chain. At what phase in the chain should you concentrate on to get the best protection for your organization or credible threat intelligence information? Join Intel Security and (ISC)2 on Thursday, September 10, 2015 at 1:00PM Eastern for a discussion on the chain and where it might be best to focus your attention on the links of the chain to best defend your organization.
Jim Reavis, CEO of Cloud Security Alliance and David Shearer, CEO, (ISC)²
(ISC)² and CSA recently developed the Certified Cloud Security Professional (CCSP) credential to meet a critical market need to ensure that cloud security professionals have the required knowledge, skills and abilities to audit, assess and secure cloud infrastructures. Join Jim Reavis, CEO of Cloud Security Alliance and David Shearer, CEO, (ISC)² on August 20, 2015 at 1:00PM Eastern to learn more about the CCSP, the qualifications for it and the future of cloud security.
Madhu Reddy, Global Product Manager, HP Security Voltage; Michael Osterman, Principal, Osterman Research
Enterprises receive, create and store enormous amounts of email data each year: roughly 30,000 emails for every information worker, a large proportion of which contains attachments that are often sensitive or confidential. Increasingly, this information must be encrypted to ensure that data breaches are prevented and that data protection obligations are satisfied. At the same time, information must be retained for long periods in compliance with corporate, legal and regulatory obligations.
However, encryption and archiving are often at odds with one another: data that must be encrypted can be rendered difficult or impossible to access when archived. Data that is archived, but not encrypted, can be more susceptible to data breaches. As a result, the use of an integrated eDiscovery solution becomes more critical than ever. Join HP/Voltage Security and (ISC)2 on August 13, 2015 at 1:00PM Eastern to learn how to protect your enterprise communications with data-centric email encryption ands make it easy to access encrypted and archived content in support of eDiscovery, regulatory and other requirements.
Mitchell Bezzina, Sec Product Mktg Mgr, Guidance; Dr. Randy Burkhead, Sen. Sec Consultant: Rafal Los, Director, Optiv
Due to the widespread adoption and use of cloud applications, a burgeoning mobile workforce and the rise in APTs, endpoint risks have become more prevalent and a challenge to manage. Indeed, endpoint penetrations and breaches take only minutes to occur. An effective endpoint detection & response solution is critical to a timely response, as is properly trained incident response team. Join Guidance Software and (ISC)2 on August 6, 2015 at 1:00PM Eastern for a discussion on EDR and the need for effective Incident Response and automation to hasten mitigation.
Michael Santarcangelo, Founder, Security Catalyst; Philip Casesa, CISSP, CSSLP, Dir of Service Ops, (ISC)2
The biggest challenge in security is no longer technology. We need to rise from recognition as security experts and experts within security teams to leaders protecting information from a world of risk and vulnerabilities.
Michael Santarcangelo cracked the code on the pathway to becoming an exceptional security leader. On July 30, 2015 at 1:00PM Eastern Michael will share the Exceptional IT Leadership Framework, including the 5 foundational elements, 9 competencies, and 5 essential habits. The webcast will explore the benefits of a framework-based, competency-driven approach to developing your leadership and how to assess where you really are in your leadership journey.
Sandy Borthick, Stratecast|Frost & Sullivan; Reiner Kappenberger, HP Security Voltage
Large enterprises want to use all the data they can get to earn the trust and the dollars of their customers. At the same time, they must secure this data, which is increasingly the target of sophisticated cyber-attacks. Traditional triple A (access, authentication and audit) security solutions are no longer sufficient-data-centric security must be added to the mix. In this webinar, join Stratecast | Frost & Sullivan, HP Security Voltage and (ISC)2 on July 16, 2015 at 1:00PM Eastern for an examination of ICT technology trends and business policies that have brought us to this point and how format preserving encryption can be used to protect data at rest, in motion and in use.
Michael Shaulov, Head of Mobility Product Mgmt, CheckPoint; Frank Aiello, CISO, American Red Cross; Raj Goel, CTO, Brainlink;
The rapid rise of mobile computing has caused more sleepless nights for security professionals than they would care to admit. Laptops, smart phones, tablets… most employees have one of each, and each needs to be protected. What are the best strategies to enable threat prevention for your mobile workforce? What exactly are the threats being seen today, and what could be around the corner tomorrow? Join Check Point Software and (ISC)2 on July 9, 2015 at 1:00PM Eastern for a roundtable discussion on tackling mobile security challenges to keep on-the-go employees productive and your enterprise secure.
Adrian Davis, Managing Director (ISC)2 EMEA | Craig Isaacs, CEO Unified Compliance
Cybersecurity is a mess. The number of guides, standards, laws, rules, and regulations grows every day, and most organisations don’t have the ability or the resources to handle the continuously changing (and expanding) set of requirement:
In this webinar run jointly by (ISC)2 and Unified Compliance, you will learn
· How to efficiently manage complex compliance requirements by creating customised control sets and compliance templates in seconds
· What harmonisation of compliance across multiple regulations, standards & frameworks looks like—including Sarbanes Oxley to FFIEC, PCI, GLBA and HIPAA to CMS, NERC, NIST, and ISO among others
· How to understand and clarify overlaps and conflicts between documents in your regulatory requirements
· How to save time and eliminate duplicate efforts by asserting compliance across multiple authority documents simultaneously
Taking this new approach will save organisations considerable time, effort, and resources when it comes to audit and cybersecurity compliance. More importantly, this will improve the efficiency and effectiveness of their overall Governance, Risk Management, and Compliance programs.
Securing change in employee behaviour, to ensure compliance with organisational policy and to reduce risk to an organisation, relies on employees making a discretionary effort with a positive security outcome. How can security leaders secure not just employee awareness but most importantly positive security behaviours to support embedding security into corporate culture?
Adrian Davis, MD (ISC)2 EMEA
Bruce Hallas, Founder, Analogies Project
Lee Barney, Head of Information Security, Home Retail Group
Andrew Leeth, CISSP, Product Security Eng, SalesForce; Chuck Gaughf, (ISC)2; Brandon Dunlap: Rob Ayoub, NSS Labs
While the economics of moving workloads to the cloud is well understood by small and medium sized businesses (SMBs), they often struggle with corresponding economics associated with these changes in security challenges. These SMBs often rely on service providers and suppliers for security, but how can they take control or have more of a hand in the security of the cloud services they are using? Join (ISC)2 and our sponsor Sophos on June 25, 2015 for our next From the Trenches where we’ll discuss cloud security and challenges SMBs face when leveraging cloud services.
Reiner Kappenberger, Global Product Mgmt, HP Security Voltage; William Peterson, Director, Product Marketing, MapR Tech
Security Briefings Part 1 - Big data analytics and Hadoop environments come with myriad benefits-but also new risks to enterprises. In the past, cyber-attackers had to search for high-value information across a wide range of systems. But with centralized data, hackers can focus on a known, single target. Even when key information is considered secure, there's still a high risk that sensitive information can be re-identified by utilizing multiple data sets. Join HP Security Voltage, MapR and (ISC)2 on June 11, 2015 at 1:00PM Eastern for 5 steps in protecting critical data and learn how to build a strategy and methodology to secure big data in Hadoop.
Adrian Davis, Managing Director (ISC)2 EMEA | Gavin Kenny, Associate Partner IBM Security
Join IBM and (ISC)2 to learn about the latest Cost of a Data Breach study and discuss the implications of the study for today's businesses.
In this live webinar, you will learn the key findings of the Cost of a Data Breach study, including:
-Major factors that affect the financial consequences of a data breach
-How companies changed their operations and compliance following a breach
-Most common cybersecurity governance challenges
-Why companies failed to stop data breaches