Name: Threat Modeling: Lessons from Star Wars - Adam Shostack
Start: 2015-10-13T20:40:00Z
End: 2015-10-13T20:40:42.000Z
Location: BrightTALK
Rating: 4.5

Looking for expertise and information to advance your career and tackle your challenges? Subscribe and join us for the educational webinars in APAC time zone. Earn CPEs quickly and at no cost by attending webinars: 1 hour of webinar equals 1 CPE. We welcome members and non members alike.

Embark on a foresight journey into the future of cybersecurity, highlighting key trends and innovations that are set to redefine the digital defense landscape in the year ahead. Discover how advancements in artificial intelligence will revolutionize the way security teams reduce cybersecurity risks and improve their abilities to defend against modern threats. Join Steve Piper, Founder & CEO of CyberEdge (and proud CISSP), as he shares his top five cybersecurity predictions for 2025.

Top Five Cybersecurity Predictions for 2025

Has your organization jumped on the passwordless authentication bandwagon yet? If not, it should. Passwordless authentication embraces possession factors, such as certificates and hardware tokens, and inherence factors, such as fingerprints and face scans, to replace legacy password and single sign-on (SSO) authentication methods. It also strengthens your organization’s security posture while improving the user experience for accessing company applications and data. Join Steve Piper, Founder & CEO of CyberEdge (and proud CISSP), as he reviews modern passwordless authentication technologies and the benefits organizations have achieved by implementing them.

Passwordless Authentication: A New Reality or a Pipe Dream?

The convergence of Information Technology and Operational Technology has introduced significant challenges across multiple industries. As digital transformation progresses, systems become increasingly interconnected and exposed to traditional and advanced cyber threats. This makes securing the supply chain a complex and dynamic priority for protecting critical infrastructure. 

Modern organisations depend on a vast network of suppliers to maintain essential functions, a trend amplified by globalisation, outsourcing, and digitisation. These extended supply chains often form intricate ecosystems where vulnerabilities are multiplied as suppliers rely on their own partners, etc. 

In this session, Dr. Tim Nedyalkov will share expert insights and actionable strategies for enhancing supply chain security for critical infrastructure. Attendees will gain valuable knowledge on securing these complex environments and safeguarding them against evolving cyber threats. 

Key takeaways include: 
- Establishing the foundational elements for secure supply chain management 
- Identifying crucial initiatives to enhance and sustain supply chain protection 
- Ensuring the long-term resilience of critical infrastructure against evolving threats

Presenter: Dr. Tim Nedyalkov, CISSP, CCSP, Technology Information Security Officer, Commonwealth Bank of Australia 
Moderator: George Hlaing, ISSAP, CCSP, CISSP

Strategic Protection for Critical Infrastructure Supply Chains

DX推進と共に積極的な活用が進むクラウドサービスですが、 一方でセキュリティインシデントも発生しており、クラウドサービス特有のリスクの理解や対策実施が重要となっています。 本セミナーでは実際に起きたイシンデント事例を踏まえ、当社独自の調査結果で見えた定量データを交えながら、 「責任共有モデル」をベースとしたクラウドサービスの安全な利用方法、効果的な対策を解説します。

スピーカー：植木 雄哉, CISSP, CCSP, セキュリティエキスパート, 株式会社アシュアード
モデレーター：Emily Kong, CISSP, CCSP

インシデント事例から学ぶクラウドサービスの安全な利用方法

従来にない内部通信制御技術として世界中で急速に普及するマイクロセグメンテーション。マルチクラウド環境の複雑なネットワークでも、横展開（ラテラルムーブメント）の可視化と遮断をシンプルに実現できます。 この技術は、侵入型ランサムウェアや標的型攻撃への有効な対策として注目されており、多くの組織が採用を進めています。内部通信を制御することは、サイバー攻撃による事業損害から組織を守る重要な技術です。また、既存のEDRやEPPといった検知ベースのソリューションと相互補完的に機能し、情報資産を強力に保護します。 アカマイは、この分野で先進的なソリューションと知見を提供し、業界をリードしています。本セッションでは、マイクロセグメンテーション技術の概要、活用シナリオ、実際の事例について紹介します。ぜひご参加ください。

スピーカー：金子 春信, CISSP, シニアリード プロダクトマーケティングマネージャー, アカマイ・テクノロジーズ合同会社
モデレーター：岡本 裕治, CISSP, メンバー, ISC2 Japan Chapter

ランサムウェアの最新手法と急拡大するマイクロセグメンテーション

New to the security industry? Or thinking about transitioning into an information security role? If so, this webinar is for you. Join Steve Piper, Founder & CEO of CyberEdge (and proud CISSP), as he provides a one-hour ‘crash course’ on the entire security industry, including:

- Size and growth of the security industry
- Useful vocabulary terms and buzz words
- Five types of cyberthreat actors 
- Modern cyberthreats and tactics
- Categories of security defenses
- Common security job roles
- Security industry ecosystem

Security Industry 101: A ‘Crash Course’ For Security Newbies

Cybercriminals are relentlessly targeting financial institutions, and the impact of their attacks spans financial loss, operational disruptions, reputational damage and regulatory penalties. How can financial institutions build effective defenses in an era when the speed of digital transformation is matched only by the sophistication of cyberthreats? 

 
Watch our on-demand webinar with Akamai and ISC2 as we reveal key insights from Akamai's latest State of the Internet (SOTI) report, 'Navigating the Rising Tide: Attack Trends in Financial Services.' and learn:  
-The trends behind the rise in attacks against financial services companies  
-Why attackers use Layer 3 and Layer 4 DDoS attacks most frequently against financial services companies  
-The elevated risks of identity theft and account takeover due to phishing attacks  
-How a Zero Trust approach to security limits risk and eases compliance

Presenter: Reuben Koh, Director, Security Technology and Strategy, APJ, Akamai
Moderator: Yohanna Kho, CISSP

Attack Trends in Financial Services

Artificial intelligence (AI) has bolstered cybersecurity solutions across the board. Security teams have more ways to detect advanced threats than ever before, and organizations are much better equipped to measure and reduce their attack surfaces. However, AI also benefits cyber adversaries with improved phishing and spear phishing techniques and new methods for tricking unsuspecting victims using deepfake content spawned by generative AI. Join Steve Piper, Founder & CEO of CyberEdge (and proud CISSP), as he provides a comprehensive analysis of AI's dual role in both fortifying and challenging modern cyber defenses. Discover who's winning the AI arms race in cybersecurity.

Impact of AI on the Cybersecurity Industry: Who's Got the Upper Hand?

近年、内部不正に関する事案を目にする機会が増えてきています。内部事情を知っている内部者による不正は、時に非常に大きな損害を組織に与えます。どうすればこのリスクを低減することができるのでしょうか。世の中には数多くのセキュリティソリューションが存在しますが、これらは内部不正にも有効なのでしょうか。

本講演では、まず、内部不正にはどのようなものがあり、どのようにすれば防ぐことができるのか、そして、その対策の難しさについて事例と共に解説していきます。

「内部不正対策の考え方 ～ 組織における内部不正防止ガイドラインから」
　独立行政法人情報処理推進機構　セキュリティセンター 主任研究員
　佐川 陽一

「金融機関における内部不正対策 ～ 報道事例に基づいて ～」
　金融情報システム監査等協議会 会長
　米川 敦, CISSP

【パネルディスカッション】
「なぜ内部不正対策が難しいのか? その事例と対応策」

　モデレーター：
　ISC2 Director of Business Development, Japan 小熊 慶一郎, CISSP
　パネリスト：
　独立行政法人情報処理推進機構 セキュリティセンター 主任研究員 佐川 陽一
　金融情報システム監査等協議会 会長 米川 敦, CISSP

内部不正対策はなぜ難しいか? その事例と対応策

Compromising end user computing devices through spear phishing attacks is frequently cited as the initial step of advanced persistent threats, often leading to data breaches. Year after year, IT security professionals cite “low security awareness among employees” as a top inhibitor to IT security’s success in CyberEdge’s annual Cyberthreat Defense Report. So, why aren’t more security teams adequately addressing this challenge? Join Steve Piper, Founder & CEO of CyberEdge (and proud CISSP), as he details five ways to invest in your company’s human firewalls.

Five Smart Ways to Invest in Your Human Firewalls

In today’s fast-evolving digital landscape, protecting your applications, APIs and workloads has never been more crucial. From ransomware to zero-day exploits, cyber threats are becoming increasingly sophisticated, targeting vulnerabilities in software applications and APIs to gain unauthorized access to sensitive data and cause widespread disruption to business services. According to our latest research, cyberattacks on web applications and APIs have also surged by 65% in the Asia Pacific and Japan region from Q1 2023 to Q1 2024. It is now imperative that organizations understand more about the threats targeting them so as to pivot their security posture to defend more effectively.  

On 13 August 2024 join Akamai Technologies and ISC2 for this follow-up session to our earlier webinar on “Effectively Safeguarding Your APIs,” presented to the ISC2 community in early 2024. 
 
We’ll share a holistic view of how threat actors are targeting APIs, applications and critical workloads. In this session, you’ll learn about the latest attack trends in Asia Pacific and Japan, including:  
- The top industries targeted for web application and API attacks  
-The top 5 methods used in web application attacks  
-Analysis of different DDoS attack types  
-Real-world case studies on how enterprises are securing critical workloads 
-Tips to enhance protection without impeding digital innovation

Presenter: Reuben Koh, Director of Security Tech and Strategy, APJ, Akamai
Moderator: Anthony Lim, CSSLP, Sub-Commitee Member, ISC2 Singapore Chapter

Advanced Insights and Strategies for Application Protection in 2024

Want to know which IT security technologies are hot and which ones are not? Join Steve Piper, Founder & CEO of CyberEdge (and a proud CISSP), as he reviews key purchase insights from the 2024 Cyberthreat Defense Report. Specifically, Steve will examine which security technologies are most widely deployed and most planned for acquisition in 2024 so you can benchmark your company’s current and planned investments against your peers. Steve will review purchase intent across five key security technology categories, including:

- Network security
- Endpoint security
- Application and data security
- Security management and operations
- Emerging security technologies

The ‘Hottest’ IT Security Technologies in 2024

Artificial Intelligence (AI) is reshaping the cybersecurity landscape, presenting new opportunities and challenges. Join us for an exclusive discussion, where our speakers  will discuss the challenges and questions on securing AI, what AI Cybersecurity Strategy is about, and provide a sneak peek into our upcoming workshop dedicated to AI Cybersecurity Strategy.

Speaker:
Meng-Chow Kang, CISSP, ISC2 APAC Advisory Council Member & Adjunct Associate Professor, Nanyang Technological University, Singapore

Moderator:
 Paolo Miranda, CISSP, President, ISC2 Singapore Chapter

Securing AI - Challenges, Questions and Strategy

Ransomware attacks, among the most damaging cybersecurity threats, are becoming more frequent and sophisticated. As with the saying: “If you know the enemy and know yourself, you need not fear the result of a hundred battles,” understanding the latest trends and statistics in ransomware is crucial for organizations looking to enhance their security. In this webinar, we will also discuss how AI is being weaponized to enhance the complexity and efficacy of ransomware attacks, while also serving as a powerful tool for detection and mitigation.  

On 27 June 2024 join Akamai and ISC2 to learn:  
-Recent trends and statistical data on ransomware attacks  
-The dual role of AI in modern ransomware, as a tool for both attackers and defenders 
-Best practices and proactive measures to safeguard against ransomware threats  
- A real-world case study of a ransomware incident and effective response strategies

Presenter: Reuben Koh, Director, Security Technology and Strategy, APJ, Akamai
Moderator: Yohanna Kho, CISSP

What Now? How Ransomware is Evolving: Trends, Impact and AI

Colonial Pipeline, CNA Financial, JBS Foods, Garmin, and Travelex. All victimized by high-profile ransomware attacks. All paid ransoms. Did these companies do the right thing by paying ransoms to accelerate data and system recovery? Or are they merely funding the ransomware industry and prompting even more attacks? Join Steve Piper, Founder & CEO of CyberEdge (and proud CISSP), as he reviews key findings from CyberEdge’s 2024 Cyberthreat Defense Report. In this webinar, Steve will:

- Examine disturbing ransomware trends, by country and by industry
- Evaluate key factors that go into deciding whether to pay ransoms
- Outline ways to be prepared for a successful ransomware attack
- Review technologies to help give security teams the upper hand

Ransomware Deep Dive: To Pay or Not to Pay?

CyberEdge’s annual Cyberthreat Defense Report (CDR) has become a staple for assessing organizations’ security postures, for gauging perceptions of IT security professionals, and for ascertaining current and planned investments in IT security infrastructure. It incorporates dozens of insights from 1,200 security professionals from 17 countries and 19 industries. Join Steve Piper, Founder & CEO of CyberEdge (and proud CISSP), as he reviews key findings from CyberEdge’s tenth-annual 2024 CDR, including:

- The percentage of organizations victimized by cyber attacks 
- The percentage of organizations victimized by ransomware attacks
- How AI helps both cybersecurity teams and cyber adversaries
- Factors that improve overall job satisfaction among security professionals
- The health of IT security budgets
- The hottest security technologies planned for acquisition

Key Insights From the 2024 Cyberthreat Defense Report

Join us for a deep dive into Systems Security Certified Practitioner (SSCP), the security operations and network security credential from ISC2, creator of the CISSP. 

As organizations continue to pursue digital transformation initiatives, the threat
landscape is always expanding. Yet cybersecurity leadership talent is scarce. That’s
where SSCP from ISC2 comes in — to help fill the gap. Once certified, the opportunities
for certified professionals are near limitless.

The SSCP is ideal for IT administrators, managers, directors and network security
professionals responsible for the hands-on operational security of their organization’s
critical assets. It shows you have the advanced technical skills and knowledge to
implement, monitor and administer IT infrastructure using security best practices,
policies and procedures.

In this 60-minute live virtual session, you’ll learn:
- If SSCP is right for you
- How Official ISC2 Training flexes with your learning style
- What to expect on exam day
- How to become endorsed and maintain your certification
- Plus, more!

Plus! Get answers to your SSCP questions during the Q&A section.

Register now and begin your SSCP certification journey today!

Systems Security Certified Practitioner (SSCP) Info Session

Join us for our live webinar where we’ll tell you all about refreshed training for the Certified Information Systems Security Professional (CISSP) exam update that launched on April 15, 2024. 

We’ll start with a look at what was updated in the exam and why. Then we’ll go into the details about AI-driven adaptive online training and how it helps you study smarter with a personalized experience.

Agenda
• CISSP Exam Update
• Refreshed ISC2 Online Instructor-Led CISSP Training
• Refreshed ISC2 Online Self-Paced CISSP Training
• Benefits of AI-Driven Platform
• Response: What the Data Shows
• Q&A

Save your spot now.

Refreshed! ISC2 Online Self-Paced CISSP Training for Updated Exam

It’s probably not too often that you’ll get this perspective. Star Wars was really all about information disclosure threats! You’ll want to find out more as noted presenter and author Adam Shostack, references one of George Lucas’ epic sagas to deliver lessons on threat modeling. Not only was the Death Star badly threat modeled, the politics between Darth Vader and Gran Moff Tarkin distracted incidence response after the plans were stolen. This session will provide you with proven foundations for effective threat modeling as you develop and deploy systems. Adam will help you understand what works for threat modeling and how various approaches conflict or align. The force is strong with this session.

Threat Modeling: Lessons from Star Wars - Adam Shostack

(ISC)2;

Threats;

Threat

Modeling;

Infosecurity

Welcome to the mobile computing community on BrightTALK! With the consumerization of IT and the widespread adoption of mobile devices across the globe, mobile computing has become an important part of many people's lives in a culture of bring your own device (BYOD). With mobile devices doubling as work phones and more employees working from home, businesses need to provide secure access to data and work applications from anywhere at any time. Join this growing community and hear from industry thought leaders in webinars and videos as they share their insight on mobile computing research and trends.

Mobile Computing

Cloud computing has exploded over the past few years, delivering a previously unimagined level of workplace mobility and flexibility. The cloud computing community on BrightTALK is made up of thousands of engaged professionals learning from the latest cloud computing research and resources. Join the community to expand your cloud computing knowledge and have your questions answered in live sessions with industry experts and vendor representatives.

Cloud Computing

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

The application development community features top thought leadership focusing on optimal practices in software development, SDLC methodology, mobile app development and application development platforms and tools. Join top software engineers and coders as they cover emerging trends in everything from enterprise app development to developing for mobile platforms such as Android and iOS.

Application Development

Join thousands of engaged IT professionals in the application management community on BrightTALK. Interact with your peers in relevant webinars and videos on the latest trends and best practices for application lifecycle management, application performance management and application development.

Application Management

Network infrastructure professionals understand that a reliable and secure infrastructure is crucial to enabling business execution. Join the network infrastructure community to interact with thousands of IT professionals. Browse hundreds of on-demand and live webinars and videos to learn about the latest trends in network computing, SDN, WAN optimization and more.

Network Infrastructure

Welcome to the big data and data management community on BrightTALK. Join thousands of data quality engineers, data scientists, database administrators and other professionals to find more information about the hottest topics affecting your data. Subscribe now to learn about efficiently storing, optimizing a complex infrastructure, developing governing policies, ensuring data quality and analyzing data to make better informed decisions. Join the conversation by watching live and on-demand webinars and take the opportunity to interact with top experts and thought leaders in the field.

Big Data and Data Management

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Information Technology

Thousands of healthcare IT professionals compose the health IT community on BrightTALK. Learn alongside them with relevant webinars on healthcare IT compliance, big data in healthcare and IT solutions for healthcare organizations. Join the conversation by asking questions and engaging with other participants during live webinars and organized discussions.

Threat Modeling: Lessons from Star Wars - Adam Shostack

Presented by

About this talk

More from this channel