Security is not rocket science. Developing an effective and efficient enterprise security program starts with strong culture and risk communication. Ditch the old school security ways and embrace the millennial approach. The pillars of the millennial approach to security are: developing a positive security culture, making secure business processes easy, fostering enduring business relationships, constant communication with executives, and getting the biggest bang for your limited bucks with risk prioritization.Read more >
Cloud security remains one of the top barriers to the adoption of cloud computing (Gartner top 3) and drives a need for new and broader security measures that go beyond traditional enterprise IT security tools and practices.
Join security experts from IBM, SoftLayer and Intel® for a comprehensive webinar about the cutting-edge products and services that deliver unparalleled control and data security in the cloud. In this webinar, you will receive:
Practical and technical advice can be applied immediately to help secure your organization's IT environment using SoftLayer's security-rich environment for deploying and running customer workloads.
A full overview of the chip-level Intel®TXT security available first in the cloud at SoftLayer. Lastly learn more about IBM Cloud Data Encryption Services™ about Data protection, resiliency, security and storage.
- RSA 2016 -
BrightTALK favourite Raj Samani took the time to discuss the influence of cyber on middle eastern political conflicts; the role of hacking in Russian-American tensions; how to combat the cyber skills shortage and the enduring benefits of security collaboration.
Josh Downs, BrightTALK's Information Security Community Manager breaks down 3 must-watch webinars from February's Data-driven Security Summit:
3. Business-lead and Threat-Focused Cyber Risk Management - Chris Verdonck, Global Cyber Strategy & Peter Wirnsperger, Cyber Risk Services, Deloitte
2. Making Vulnerability Management Sexy, Again! - Amar Singh, Chair of ISACA's UK Security Advisory Group
1. (mis)Adventures in Data-driven Security: How to Avoid Tragedy & Engineer Success - Nik Whitfield, CEO, Panaseer
To attend any of the above, see the URLs in the attachments.
For more insights, follow Josh on @BrightTALK_Josh
The future for women in Cyber Security is NOW.
Despite the growing demand and tremendous opportunities in the job market, cyber security remains an area where there is a significant shortage of skilled professionals regionally, nationally and internationally.
At EC-Council University we want to empower and recognize women who are results-driven and able to manage multiple disparate tasks while leading groups to achieve positive outcomes and astonishing professional successes.
Even worse, women’s representation in this male-dominated field of security is alarmingly low. Women are detail oriented with an analytical mind that quickly assess and achieve solutions to the most difficult problems, prioritizing and executing in a rapid, dynamic environment.
“At EC-Council University we wish to highlight these prestigious women and set examples for others to follow suit.”
-- Middle East CISO of the Year -- Global CISO of the Year Runner Up --
An overall deep level analysis of why it is important to go back to basics, and basics of risk based approach towards information security. The session will be covering the current and historical state of information security, its challenges, and the way to get the right security for any organisation. Risk based approach, frameworks, high level steps, cost-benefit analysis, prioritisation of corrective measures based on risk categories, and presenting the information security plans to executive management based on a risk based approach. This is extremely key, when the organisational perimeters are not physical anymore, and organisational boundaries cannot be clearly defined within a firewall or a router, due to the adoption of new technologies and solutions like cloud, big data, mobiles etc.
Something is seriously wrong here. Businesses spend millions every year on the latest security technologies to keep their businesses safe – and then they still get attacked! Why does this continue to happen over and over again, and what can we do about it? This presentation – loaded with compelling research data from many different industry sources – provides revealing statistics on how bad this cyber security problem really is, and why it has continued to get worse despite your best efforts. But, if you’re willing to think differently about network security, there is now a way you can eliminate a huge number of attacks on your network, improve productivity of your IT staff, keep your business safe, and save a significant amount of money in the process. Skeptical, right? Well attend this session, learn the facts, then decide for yourself.Read more >
Randy Franklin Smith of Ultimate Windows Security has been busy researching the changes to audit policy and the security log in Windows 10. He’ll be updating the Security Log Encyclopedia to reflect these changes and I’m going to show you these changes live in this upcoming real training for free ™ webinar. Here’s what to expect:
• Microsoft has added a new “Audit Group Membership” subcategory to audit policy that documents all the groups a user belongs to at the moment of logon – whether an interactive logon to a workstation or a remote logon as to a file server. Smith will discuss the interesting ways you can use this information to enhance your monitoring of different types of users.
• The other new audit policy, “Audit PNP Activity” allows you to audit connection of external devices by the Windows plug and play system.
• Microsoft has new events and more fields to some existing events so that get additional useful information on activity like: Logons, process creation, enumeration of the local SAM account database and changes to Boot Configuration Database (BCD).
A lot of these changes are valuable enhancements that will help you catch endpoint security threats more effectively. Furthermore, Smith will show specific examples of these new events and point out the new fields in existing events.
LogRhythm, has sponsored this real training for free ™ session. LogRhythm has a new version of their cool SIEM out and Erick Ingleby will demo the new version 7.1. This includes the introduction of a new back-end technology for storing all log data that provides greater scalability, search performance, faster indexing rates, and enables new capabilities such as unstructured search against the full log message text.
In this webinar I will discuss what security culture is, where it belongs in the organisation, and how good security culture can reduce the likelihood of being breached. I will point to research on culture, human behaviours, and how to motivate people to do the right thing.Read more >
Since 2013 we have created a Security Champions network in Diageo across our 21 markets globally.Given limited resources, we had a clear vision of what we wanted to achieve and we took a top-down approach to gain support for the initiative. We developed SMART objectives with a view to slowly and demonstrably driving value for Diageo employees and management over time. This is the story of how we achieved mutual benefit both for us in the central Security team and for the market Security Champions & their colleagues. Key takeaways will include;
1: Aim for a Win-Win situation;
2: Gain support from senior management first;
3: Empower your champions;
4: Build the program into champions’ annual targets or development plans;
5: Actively drive network continuous improvement.
For centuries mankind’s greatest innovations came about through careful examination of natural systems. Information Security is no different. This presentation will explore how information security professionals can use the agricultural concept of “permaculture” (the practice of using design principles observed in natural ecosystems) to cultivate a sustainable, data-driven security program.
In this fast-paced, thought-provoking session you’ll learn:
- The basic tenets of permaculture and how they apply to information security strategy
- How to build a security program that fosters collaboration, coupled with feedback loops and metrics
- How embracing differences within an organization can lead to increases in productivity and security
- Effective policy and control designs that enhance business objections as opposed to stifling them
About the Speaker
Chris Nelson has a passion for security, especially building security programs and teams in incredibly dynamic organizations. Chris is currently the Vice President of ISSA’s Denver Chapter, and Director of Security for Distil Networks, where he continues to expand his theories on using Permaculture in the design and implementation of security programs and controls. Chris held a similar role at Rally Software after working with Aetna as a security, compliance and privacy lead. Previously, he held similar roles with Return Path and has served multiple Fortune 500 clients in a consulting capacity.
For more than two decades organizations worldwide have failed at creating the security awareness we have aimed for. Instead of continuing doing things we already know are failing to give us the results we need, Mr. Roer and his team set out to analyse what the key elements in successful awareness programs are, and what the major reasons for failure are. The research project was the basis to create the Security Culture Framework, a free and open methodology on organizing successful awareness campaigns that creates lasting cultural change. Today, the framework is being used by a large number of organizations around the world, to build and maintain security culture. In this talk, Mr. Roer will walk you through the four basic principles of the Security Culture Framework, and explain how to be successful when building security culture.Read more >
The world of IT security is undergoing tremendous change. The unstoppable momentum of the Internet and cloud computing, the ubiquity of mobile devices and the emergence of Internet of things have together turned the IT security landscape upside down. So what can you do today to keep your security ahead of these trends? In this webcast, we will share actionable best practices gleaned from more than 5,000 leading global organizations - including United Airlines, Humana, Sealed Air, British American Tobacco, the United States Marines and NATO. We will also talk about the latest strategies and techniques cyber-criminals are using today and the concrete steps you can take to keep your organization safe.Read more >
As management is increasingly involved in information security budgets, many questions are being asked – Did we really need to spend this money or could we have done without it? Are we really more secure now than before? Would we be more secure if we installed this product or spent money on security training?
In this presentation, MEEZA’s Information Security team will talk about a 3-step process which is a pragmatic view of the different components of an effective Security Risk based approach which provides perspective to a given organisation.
The MEEZA Information Security team will provide pointers on how to effectively present a Risk-based Security Plan to executives by highlighting some of the benefits which are considered ironies from a risk-based perspective
As bad actors relentlessly continue to take advantage of the many innovations and trends in our current world, network security professionals are realizing that the passive mode of checking for threats is no longer adequate. As BYOD is now the norm rather than the exception in the corporate world and most organizations have a significant presence in the cloud, bad actors are more than happy to take advantage of the new conduits into the corporate network. Therefore, the need to catch, repair and eliminate security threats as early as possible has never been greater. With this in mind, VSS Monitoring has been helping various enterprise customers to deploy an inline layered security infrastructure that provides multiple lines of defense against the bad actors.
This webinar will present some of the use cases we have been involved in, what were the motivations that led to the deployment of layered security and how a layered security architecture, anchored by VSS Monitoring, allowed enterprises to become more nimble in their never ending fight against bad actors. Join us for a safari tour of an exciting and evolving space!
VMware AirWatch and Netskope present:
Cloud Security for Dummies, Enterprise Mobility Edition
As more mission-critical business workflows move to the cloud, yesterday’s security protocols and measures have become inadequate. And as cybersecurity threats increase, protecting business resources from compromised mobile endpoints is no longer a “nice to have” but a “must have” for the digital enterprise. More than half of all enterprise cloud app activities now occur over mobile devices with enterprise mobility at the epicenter and crossroad of business productivity and cybersecurity challenges.
Join VMware AirWatch Director of Enterprise Mobility, Christopher Campbell and Netskope authors of Cloud Security for Dummies, Steve Malmskog and Lebin Cheng, for a lively discussion and reveal of the 10 “must haves" for cloud-consuming mobile workforces. Attendees will learn how to:
Use intelligence about identity, device, and cloud usage to inform policy decisions on the device, in the app, and in the cloud;
Identify cloud app usage trends to anticipate users’ needs and create a better mobile and cloud user experience;
Proactively protect sensitive user and corporate information through policy; and
Halt threats in the cloud before they propagate to users’ devices.
The notion of API management in which enterprise architects, app developers,and IT security experts work in harmony is great in theory. The reality, according to new research from Ovum, is much more scattered.
Register today and join Ovum IT Security Analyst Rik Turner, Rami Essaid, CEO of Distil Networks and Shane Ward, Senior Director of Technology at GuideStar as they dig deep into API Security and what it means for your business.
Here’s just some of what you’ll learn in this webinar:
-The importance of CIO and/or CISO visibility into how API security is managed across the enterprise
- How to map your business requirements to your API security strategy
- The How, Where, and Why of API controls such as geo/org fencing, token governance, dynamic access control lists, and advanced rate limiting
- When heavy “application services governance” software suites are the wrong approach
Don’t worry about every network security trend that might happen next year
Just the important ones.
The network security trade can feel pretty gloomy. We spend all our time looking for trouble and expecting the worst, and the doom and gloom hits its peak during prediction season. It’s a terrible way to close out the year.
So this year, we’re taking a more balanced approach.
For 2015, we’ve identified several security trends you shouldn’t worry about—and some you should. From government policies to business practices to new technologies, we’ll help you gain a little perspective around network security for the new year.
Hey, we can’t promise it will all be rainbows and unicorns. But if you’re going to look to expert predictions for guidance, wouldn’t it be nice to know what NOT to worry about?
Join us as WatchGuard’s Director of Security Strategy Corey Nachreiner takes a look into the future and helps you get ready to face 2015.