Join ISACA for the first event in an exciting new webinar series aimed at providing professionals current and relevant education related to cybersecurity. During this webinar, we have invited an internationally recognized speaker, Dr. Vilius Benetis, to discuss the 20 critical controls identified by SANS and the Council on Cybersecurity. Specifically, Dr. Benetis will address the goals, meaning, and application of these controls.
We’ll also be providing an overview of the most current publications on Cybersecurity released by ISACA and how they relate to these critical controls. Dr. Benetis will break down how you can put the information in these publications to practical use right away and provide other resources that are available. He will also be answering your questions, live, during the Webinar.
Don’t miss this opportunity to join in the discussion! Mark your calendar for Tuesday, 24 June 2014 at 12:00 PM EDT (16:00 UTC). We hope to “see” you there!
RecordedJun 24 201462 mins
Your place is confirmed, we'll send you email reminders
Encryption today is as important as ever. We use it to protect everything, from our bank routing numbers to trade secrets. Once any of that data is exposed to attackers, it is very difficult to put that genie back into the bottle. There have been many recent headlines about governments requesting companies to provide shortcuts to access encrypted data for law enforcement purposes. With encryption impacting so many aspects of our lives, it’s incredibly important to understand how we all will be affected by these types of changes.
Join Data Protection Specialist Ted Pan in taking a look at protecting encrypted data from outside agencies as well as the ability to recover encrypted data legitimately within an organization.
Test and development environments often contain real and sensitive data for optimal development and testing. As these instances are often left wide open for collaboration, they have become an easy target for cyber criminals. Attend this session to learn how masking and subsetting can protect data and help address regulatory compliance by obfuscating sensitive data from developers, testers, and other non-production users. You will also hear how masking prevents sensitive data leakage in case of an attack.
Michael Moshiri, Director, Advanced Endpoint Protection at Palo Alto Networks
Despite the continuous advancements in cyber security in 2015, most organizations remain entirely exposed to targeted cyber-attacks that leverage zero-day exploits. The traditional antivirus and endpoint security solutions are no longer effective. How can organizations prevent security breaches that utilize unknown and zero-day exploits?
When you attend this webinar, you will discover:
• Why the most insidious, targeted attacks rely on exploits
• Which exploits were among the top 10 zero-day exploits discovered in 2015
• Why traditional antivirus and intrusion prevention systems fail to stop zero-day exploits
• How to minimize the risks and the impact associated with targeted cyber attacks
• Which technical solution virtually eliminates the risks associated with known and unknown exploits
Ron Hale, Ph.D., CISM, Chief Knowledge Officer at ISACA
The just completed State of Cybersecurity global survey conducted by ISACA demonstrates that enterprises are in a difficult situation. The number of cyber incidents are not only continuing to increase in numbers but are escalating at what can be considered an alarming rate. Attacks are more complex and enterprises are generally not well prepared to either prevent attacks or to respond to incidents. This timely session will explore cybersecurity trends drawing from ISACA’s research as well as other relevant sources. It will provide a look into the challenges that enterprises are facing including the shortage of qualified skilled practitioners who not only have the required technical skill but who are also able to speak to the business implications of cybersecurity.
You will learn:
• What the global community of information security practitioners feel are their greatest challenges
• How prepared enterprises are to respond to incidents
• What professional skills are needed in the market
Douglas Rausch, CISSP, President of Aurora CyberSecurity, Inc.
Organizations battle daily with social engineering-based cyberattacks and unfortunately often find themselves on the losing side. What can be done? To determine this we need to step back from our technological tools and start with the psychological basis of why social engineering works and why it is a tactic of choice for cyber attackers. Armed with that knowledge, organizations can begin to mount a more effective defense.
Individuals attending this session will learn:
•How human nature makes us susceptible to social engineering
•Why cyberattacks based in whole, or in part, on social engineering are the tactic of choice for cyber attackers
•Some common cyberattacks that utilize social engineering (hint: there is more than just phishing)
•Tactics you can use to make social engineering less beneficial for the cyber attacker
Scott Simkin, Palo Alto Cybersecurity Team and Dr. Larry Ponemon, Chairman and Founder of the Ponemon Institute
There are two ends of the spectrum of an attack: the cost of a breach to the victim, and the economic motivation of the cybercriminal. Much focus has been spent on understanding the increasing cost of breaches, and potential damages they can cause organizations. As cybercrime has increasingly become a business, we must also understand the relationship between time, cost and potential profit for an attacker. Like any business, it is a simple math problem, the benefit must outweigh the cost. Security decision makers can use this information to increase the cost of conducting successful data breaches to their organization, taking away the economic incentive, and majority of motivation for attackers.
This session will present compelling new research, including:
• Average time to breach an organization
• Typical yearly earnings of a cybercriminal
• Cost of conducing a breach for an attacker
• Most effective methods for dissuading or preventing attacks
Michelle Mikka-Van Der Stuyf, Sally Smoczynski, CISSP, Diana Salazar, CISM, CISA, CRISC, CGEIT, and Moderator Laszlo S. Gonc
As cybersecurity gains momentum in industries as a hot topic and buzz word, how many know how it is really impacting businesses in today’s corporate and government arenas? Where do you focus your energies? How do you know where your greatest vulnerabilities exist? Is it in e-commerce with the collection of sensitive data and credit card information on everything from a smart phone to a desktop? What do government organizations have to be concerned with to comply? How does the certifications and education you gain get applied to produce real world results?
Join this trio of women in technology for a live webinar as they share with you the areas they see cybersecurity practically being applied in business and government. See some shocking statistics that will help you focus your cybersecurity view. Understand how wide the range of cybersecurity spans and how to get a more focused view by strategically looking at what holds the greatest risk and how companies decide where to apply their security resources.
In this webinar, you’ll learn:
•Cybersecurity – Living with the new reality
•Strategic Investments to mitigate cyber risk
•Corporate and government alignment challenges
•Is there a false sense of security?
•From zero tolerance to full acceptance – what does the future hold
•Key differences with infrastructure, software, and mobility
For most security teams, there are simply too many alerts to deal with in a given day. From various security devices and third-party feeds to threat intelligence sources, the sea of information makes it virtually impossible for organizations to respond quickly prior to any damage being done.
How can security operations, analysis, and research teams cut through the noise and drill straight down into the security events that matter most?
Join Palo Alto Networks for a live webinar that will focus on how cyber security threat intelligence can help security teams to:
•Determine what is a critical, unique, and targeted attack
•Add much-needed context to indicators of compromise
•Take indicators of maliciousness and turn them into new protection mechanisms
Charlie Miller, Senior Vice President, Santa Fe Group
Hackers are now using third parties as an entry point to access an outsourcer’s sensitive data, increasing regulatory scrutiny and reputational risk. Risks to sensitive data have never been greater. With the rise in cyber attacks and data breaches, outsourcing to third parties can present an exponential threat to corporations.
New regulations, technologies, standards, and security threats require organizations to implement robust vendor oversight to meet and stay ahead of the latest risks and challenges from new payment methods and systems, data breaches, and cyber attacks. However, the service provider control evaluation process has long been inefficient and costly. Each outsourcing organization produces and distributes its own proprietary questionnaire to each of its service providers. Service providers strain their resources to respond to diverse client information requests. Inconsistencies from questionnaire-to-questionnaire cause delays for all parties. Time and resource intensive onsite visits further burden both the outsourcer and the service provider.
Leveraging the Shared Assessments Agreed Upon Procedures (AUP), the testing procedures for the Shared Assessments Program, as the common risk assessment methodology, the largest U.S. based financial institutions are collaborating to conduct “shared” assessments of key service providers who provide common services. By treating third-party risk management as a collaborative issue, not a competitive issue, it is paving the way for new, cross-industry best practices, increased efficiencies and cost savings for the industry.
This session will provide a case study to review the workflow developed by the Shared Assessments financial institution members, the robust methodology created, the collaborative assessments performed to date, and how we’re now prepared to move this program to global financial services organizations.
Eddie Schwartz, President and COO of White Ops, International VP of ISACA
Proven cyber security technical skills and certifications are in high demand - now more than ever. A 2015 ISACA and RSA Conference survey highlighted the growing need for qualified cyber security professionals who can prove that they have the practical skills to identify, respond, and remediate the most advanced threats faced by public and private sector organizations. This Webcast describes the current cyber threat landscape and the staffing challenges facing organizations today, ISACA’s new CSX training and certification programs, and why these performance-based programs provide the real-world knowledge and certifications required for the most sought-after jobs in the industry today.
Ryan Olson, Intelligence Director from Palo Alto Networks
As security professionals, defending our organizations can often times seem like a monumental, almost impossible task. Yet, there has never been as much focus, data, or development available to the security industry as there is today. The sharing of tactics, techniques, and procedures, as well as threat intelligence in an open and free manner throughout the security community is becoming standard practice, and is key to building a proactive defense posture against today’s adversaries.
Join us for a live webinar, where the Palo Alto Networks threat intelligence team will examine the latest security trends, including:
•Trends across application usage and the threat landscape, including regional and industry-specific variances
•Ways to reduce the attack surface available to an adversary
•Potential effects of non-standard network activity
•Reuse of legacy attack tactics
•Benefits of open threat intelligence sharing
Yonatan Most, Head of Adallom Labs and Danelle Au, VP of Strategy, Adallom
As more organizations adopt cloud applications, how will today’s adversaries target corporate data in the cloud? What are the tools, techniques and tactics that are being used to achieve their objectives? How are they different from traditional on-premises attacks? How can you enable proven best practices to reduce the attack surface, and mitigate risks?
Join Adallom for a live webinar that will take a detailed look at the anatomy of attacks in cloud applications like Salesforce, Box, Office 365 and Google Apps. Dive into real-world usage reports and understand high-risk behaviors that should be mitigated. Understand how to best identify attacks in the cloud.
In this webinar, you’ll learn:
•Real-world usage of cloud applications that introduce risks
•Unique tools and techniques attackers are using in the cloud
•How heuristics and intelligence-based approach is important for cybersecurity in the cloud
Robert E Stroud, CGEIT, CRISC, immediate past president of ISACA & vice president of strategy & innovation at CA Tech.
ISACA and the RSA undertook a survey in early 2015 to understand the State of Cybersecurity and the implications on you, your role and your organization. The session will present the key results from the survey including the current threats and vulnerabilities, changes in the threat landscape and where the threats are coming from, how enterprises are responding and where are the gaps in the industry and with staff. The results will include implications including skills gaps for employers who are looking to solve their growing cyber challenges.
By end of 2015 there will likely be more smartphones than humans and by 2016 there could be 10 billion smartphones. That’s 1.4 mobile devices for each human on the planet.
People are increasing their reliance on their mobile devices to perform monetary transactions, including purchasing goods and services and sending a variety of payments. The rapid adoption of, and reliance on, mobile technologies has not gone unnoticed by the cybercriminals.
Unfortunately, mobile users face a range of very real risks from ransomware, spyware, malicious apps and financial malware. In this live webinar, Ori Bach, Senior Security Strategist for IBM Security Trusteer, will share the latest research on mobile threats including:
• Top mobile threats for the remainder of 2015
• Growth trends for attacks and malicious actors
• Future trends in mobile threats
• The emerging underground mobile malware market
Scott Simkin, Sr. Manager, Threat Intelligence, Palo Alto Networks
Current assumptions are that today’s adversaries move through the kill-chain step-by-step, using the most advanced tools, techniques, and tactics to carry out their objective. In reality, there’s no template for advanced attacks.
Adversaries follow the path of least resistance, still causing irrevocable damage to organizations with simple but proven methods.
Defeat is not inevitable. It’s time for a new prevention-based mindset.
Join Palo Alto Networks for a live webinar that will take a detailed look at the anatomy of real attacks carried out by advanced adversaries. Specifically, you’ll learn:
•What tools, techniques, and processes advanced attackers are really using.
•Why you need an intelligence-based approach that stops attacks at every point in the kill-chain, no matter what form it takes.
•How to architect for prevention, and plan for detection.
Tom Pendergast, Ph.D, Director of Awareness Solutions at MediaPro
When NIST’s Framework for Improving Critical Infrastructure report was released in 2014; it raised the standard for professionals in all industries to consider how they implemented all elements of their information security program. The highest tier of implementation suggest by the Framework is Tier 4: Adaptive, which is characterized by an organization that uses “a process of continuous improvement incorporating advanced cybersecurity technologies and practices … to respond to evolving and sophisticated threats in a timely manner.”
Up until fairly recently, creating a sophisticated, multi-dimensional security awareness program that met these criteria was a difficult and cumbersome task. InfoSec professionals either had to build such a program themselves (often in combination with their colleagues from Learning and Development or Communications) or cobble together a program from the disparate offerings of a range of vendors. Either way, the results were typically underwhelming.
Today, you’ll still have to make the decision whether to build or buy, but the general state of knowledge about how to develop and deploy a sophisticated program is so much more advanced (and vendor offerings so much more mature) that either decision is much easier. And that’s what we’ll discuss in this webinar: how to create an awareness program that is aligned with your organization’s unique risk profile; is embraced and even enjoyed by the employee population; generates measurable proof of progress; and is easy to adapt to changes over time. We’ll discuss the various elements you can (and arguably should) deploy, including training, reinforcement, employee surveys/quizzes, phishing, and more
Aaron Berman, Security Solutions Advisor and Russell Miller, Director, Security Solutions at CA Technologies
Access Management has grown consistently more challenging as your business requires secure engagement with new user groups and additional partners via mobile, cloud and social channels. In order to securely enable such a multi-channel, open enterprise you must:
• Facilitate secure federation with a large number of partners
• Enable the use of social identities
• Securely connect to Cloud-based services
• Extend access and security to mobile applications and devices
• Protect against existing and evolving threats
Please join Aaron Berman, Security Solutions Advisor and Russell Miller, Director, Security Solutions at CA Technologies, to learn how the latest Access Management capabilities can help you meet these rapidly evolving requirements and deliver secure applications on a timely basis.
Brian Tokuyoshi Sr. Solution Analyst, Palo Alto Networks
In recent months, threat research teams at Palo Alto Networks have encountered several game changing advances in mobile malware for both iOS and Android. For example, WireLurker employed a multistage infection that exploited non-jailbroken iPhones. These techniques indicate an increase in sophistication and signify a shift in the way we think about mobile security. In this webcast, learn about the capabilities of several new families of malware, the methods used to reach victims, and strategies to mitigate exposure to risk.
Steve Smith, Sr. Network Security Manager & Dan Frey, Sr. Product Marketing Manager McAfee
Standalone network security products don’t share threat data, preventing you from seeing the complete threat landscape. As part of the US Government’s Cyber Intelligence Sharing and Protection Bill, they are clearing a path for the means of sharing critical threat information between the intelligence community and cybersecurity entities. But it shouldn’t stop there; your network security infrastructure should be doing the same. Learn how sharing threat intelligence between security devices assembles the big picture needed to block threats across your entire network, including branch offices and remote locations.
Demetrios Lazarikos (Laz) - IT Security Strategist
The risk-based approach to managing the risk of security breaches is useful in providing answers to the following questions:
•What level of risk you are willing to accept for breaches that occur in your externally facing web applications?
•Do you know which application security vulnerabilities leave the business most exposed to breaches and why?
•How do you gain clarity about your application security risks and impact of breaches?
While many organizations understand the value of the risk-based approach, they need guidance on best practices for implementation. In this webinar, we will discuss how to transform IT security management with a next-generation approach to managing risk. This will be particularly relevant to Chief Information Security Officers (CISOs) who are looking to establish transformative processes to manage and communicate application security risks.
In this webinar, participants will be informed about implementing well-regarded risk-based approaches used by leading industry practitioners to secure their web application and IT assets. Topics to be discussed include industry best practices used to:
•Align the businesses with IT and InfoSec projects and deliverables
•Embed exit criteria through the project lifecycle
•Create dashboards that track threats, identify key metrics, and quantify the potential risks identified
Stay ahead of cyber threats with tools, tactics and expert guidance for taking on and succeeding in the ever-changing world of cybersecurity. The Cybersecurity Nexus (CSX) Webinar Series offers cutting-edge thought leadership, research and advice on the current and emerging threat environment and how you can be better prepared to counter it.
Register ahead of time for each month's 60-minute Cybersecurity Webinar, presented live by subject matter experts and accessible to you free of charge.