A Dissection of Recent High Profile特権アカウント乗っ取り事件の事例とその真相

API经济迅猛发展，各个行业都在试图通过API技术手段将自己的传统服务与外部建立更多的连接，提供更多的服务，建立一个以自己核心价值为基础的生态系统，从而获得更大的经济利益。

参加F5 Networks和(ISC)²在12月4日下午2:00至3:00的在线研讨会《为API 经济保驾护航 - 整体API防护解决方案》，您将了解到针对API的多层级的保护措施，以及具体的防护参考架构，还等什么？赶紧加入我们吧。

演讲人: 闫海波, 资深解决方案顾问, F5 Networks
主持人: 顾伟, CISSP, CCSP, (ISC)² 授权讲师及(ISC)²上海分会理事

*本次在线研讨会将以普通话进行

As the phishing threat landscape continues to evolve at a pace that technology is unable to keep up with, organizations are turning to phishing awareness and simulation programs to plug the gap. Is your phishing awareness program keeping up with this changing landscape?

Join Cofense and (ISC)² on Nov 27, 2019 (Wed) at 14:00 (GMT +8) as we explore the attributes of a modern phishing awareness program and see what our data, based on millions of phishing simulations, shows about awareness programs and simulation exercises.

You will learn:
- The statistical advantage of using an email reporting tool
- The important role the end user plays in active defense
- How often you need to send simulations for maximum resiliency
- The advantages of basing simulations on active threats, not random dangers
- Why ‘phish testing’ is the enemy of true phishing defense

Presenter: Ryan Jones, Principal Sales Engineer, APAC, Cofense
Moderator: Kawin Boonyapredee, CISSP, Chief Cyber Strategist, Booz Allen Hamilton

Enabling consumers to have personalized, meaningful interactions with a brand online is an essential component of digital business. While this unlocks tremendous business value, it also increases the risk surface as attackers are quick to leverage techniques such as credential stuffing to cause financial losses to the business. This session, featuring a technical attack demo, will help highlight key architectural considerations for security practitioners to mitigate these risks and stay ahead of attackers.

Join Akamai Technologies and (ISC)² on Nov 20, 2019 (Wed) at 13:00 (GMT +8) to learn about public authentication system security.

Presenter: Ajay Mishra, Senior Enterprise Security Architect, Akamai Technologies
Presenter: Sid Deshpande, Director of Security Strategy, Akamai Technologies
Moderator: Clayton Jones, Managing Director, APAC, (ISC)²

Earning the globally recognized CCSP cloud security certification is a proven way to build your career and better secure critical assets in the cloud.

In this info-session, you will learn:

- Trends in cloud security
- Why you should pursue CCSP
- How to earn the CCSP certification: exam and experience requirements
- And, ask any question that will support your certification journey

Each presentation is followed by a Q&A period to answer your questions about your certification journey.

===================================================================

The CCSP shows you have the advanced technical skills and knowledge to design, manage and secure data, applications and infrastructure in the cloud using best practices, policies and procedures established by the cybersecurity experts at (ISC)².

Prove your skills, advance your career, and gain support from a community of cybersecurity leaders here to help you throughout your professional journey. More details>> www.isc2.org/ccsp

Are you ready to prove yourself? Register and begin your certification journey today!

NOTE: Join this info-session and earn 1 CPE.

제로 트러스트 보안에는 내부(국내외 지점) 및 외주직원이 온프라미스와 클라우드에 위치한 기업의 애플리케이션을 원격에서 안전하게 액세스하고, 기업내부에서 외부로 나가는 DNS쿼리를 제어하여 데이터 유출을 차단 할 수 있는 활동이 필요합니다. 원격 네트워크 액세스, DNS 기반 보안 및 응용 프로그램 계층 공격 방어 측면에서 가장 성공적인 모범 사례를 살펴보겠습니다.

이 웹 세미나는 두 부분으로 나뉩니다.

첫 번째 부분에서는 원격 네트워크 액세스 및 DNS 기반 보안 측면에서 Zero Trust Security Reference Architect를 통해 기존 경계 기반보안 모델의 문제점과 고려사항 및 해결방안을 살펴 봅니다.

두 번째 부분에서는 금융 서비스의 DDoS 트렌드를 살펴 보겠습니다. 또한 한국에서 발생한 L7 계층 7 볼륨 공격의 실제 사건과DDoS 완화 모범 사례에 대한 권장 사항을 공유 할 것입니다.

발표자: 백 용 기, Senior Enterprise Security Executive, Akamai Technologies
발표자: 정 덕 진, Security Technical Project Manager, Akamai Technologies
진행자: 박 선 영, Senior Business Development Manager, APAC, (ISC)²

The cybersecurity skills shortage is a significant problem for many organisations today. (ISC)² research shows an estimated 2.13 million cybersecurity jobs will go unfilled in the Asia-Pacific region by 2022.

Do you have what it takes to become an information security professional? Do you have the skills, experience and team culture to help keep your organization secure? Plan your next career advancement goal – Become CISSP certified in 2020!

The CISSP is the global gold standard in cyber security certification and has been awarded the top cyber security certification program for 2019 by SC Media magazine. Becoming CISSP certified opens the doors for career and salary advancement.

Join this online info-session hosted by (ISC)² and learn everything you need to know about the globally recognized credential CISSP!

During the online info-session, you will:
• How large the cybersecurity workforce gap is today.
• Why you should consider pursuing the CISSP.
• How to earn the CISSP certification including exam and experience requirements.
• And you can ask any question you may have to help you on your certification journey

Each presentation is followed by a Q&A period to answer your questions about your certification journey.

==================================================================
Earning the CISSP proves you have what it takes to effectively design, implement and manage a best-in-class cybersecurity program. With a CISSP, you validate your expertise and become an (ISC)² member, unlocking a broad array of exclusive resources, educational tools, and peer-to-peer networking opportunities.

Prove your skills, advance your career, and gain the support of a community of cybersecurity leaders here to support you throughout your career. More details >> https://www.isc2.org/cissp

过去数年网络及应用的漏洞数量不断上升，去年新被披露的漏洞数量高达18,000。 再加上网络环境日益复杂，网络攻击面频繁发生，导致企业极大商业的损失。 过去一直未被重视的漏洞风险管理 (Vulnerability Risk Management - VRM) 终于获得企业IT的极大重视。

参加Tenable和 (ISC)² 在10月30日下午2：00至3：00的在线研讨会，Tenable 亚太区资深架构顾问 Disney Cheng 郑学辉，将与大家精选几个用户案例及技术要点及管理手法，希望有助大家建立有效漏洞及风险管理流程。探讨一些全新技术、工具和应用场景。

演讲人: 郑学辉, Senior Solution Architect - APAC, Tenable Inc
主持人: 邵菊, CISSP, CCSP, (ISC)² 南京分会财务官兼理事

*本次在线研讨会将以普通话进行

爬虫管理是当今网络安全中不容忽略的一项内容。爬虫活动几乎影响了所有行业，包括金融企业，电子商务，旅行酒店等。而且它的形式百变-可能是刮板爬虫，撞库爬虫等。 爬虫很好地隐藏了自己，不断变换并迅速发展。

在这在线研讨会上，我们想分享一下企业所面对的爬虫威胁状况以及管理爬虫时应做好的准备。

• 爬虫的演变
• 行业重点：针对金融企业，电子商务和酒店业的爬虫
• 爬虫管理应考虑的事项

参加Akamai Technologies和 (ISC)² 在10月23日下午2:00至3:00的在线研讨会，此次演讲将为您带来爬虫管理应考虑的事项，敬请期待！

演讲人: 梁医, 技术顾问, Akamai Technologies
主持人: 卢佐华, CISSP-ISSAP, (ISC)²北京分会会长

*本次在线研讨会将以普通话进行

The perimeter has shifted. Your users directly access cloud applications from everywhere and data no longer reside only in data centers. Digital transformations like SD-WAN, IoT and cloud make securing your infrastructure, applications and data complicated. SD-WAN enabled branches directly connect to the Internet, but they don’t have the ability to replicate a full HQ security stack. IoT leads to an explosion of non-standard devices using non-standard protocols, making them harder to secure. Every new change doesn’t equal need for a new security tool.

What’s needed is a scalable, simple, and integrated security solution that leverages existing infrastructure that organizations already own. DNS is critical to the fabric of the internet and any IP based communication (on-premises, cloud, SD-WAN and IoT environments). It serves as the perfect foundation for security because it is simple to deploy, ubiquitous in networks, is needed anyway for connectivity and can scale to the size of the Internet.

Join Infoblox and (ISC)² on Oct 16, 2019 (Wed) at 14:00 (GMT +8) to learn how leveraging DNS as a foundational security architecture for digital transformations can:

• Protect your brand by securing your traditional networks and transformations like SD-WAN, Cloud and IoT
• Reduce time and cost of your enterprise threat defense
• Automate response when it sees things happening and provide data to the rest of the ecosystem

Presenter: Jerry Wong, Systems Engineer, Infoblox
Moderator: Sam Goh, CISSP, GM for Korea and Japan, Ensign InfoSecurity

最新のセキュリティトピックを2部構成でお届けします。

前半は、ゼロトラスト実現の重要な検討項目であるセキュリティポスチャー（体制）についてお話しします。ゼロトラスト・セキュリティの実現には、アイデンティティ、アクセス、およびポスチャーという3つの重要な柱があると考えられています。企業におけるユーザーとデバイスの状況を監視し、適応型の自動化されたセキュリティポスチャーを実現する方法を考察します。

後半は、今話題となってるデシリアライゼーション脆弱性に関する攻撃手法をデモを交えながら解説します。この脆弱性は如何に危険なものかを説明し本脆弱性に対する防御に関してベストプラクティスを解説します。

Presenter: アジェイ・ミスラ, エンタープライズ・セキュリティー・アーキテクト, Akamai Technologies
Presenter: 金子 春信, CISSP, シニア・プロダクト・マーケティング・マネージャー, Akamai Technologies
Moderator: 小熊慶一郎, CISSP, Director of Business Development, Japan, (ISC)²

Subtitle: How to Use Your Mobile as a Strong Authorization and Authentication Tool

Tough times call for tough security measures.

And to become secure enough, you need strong authentication mechanisms. But...these are sometimes inconvenient. Uncomfortable. Irritable.

Or are they? The phone in your pocket may just prove that claim wrong.

That's one of the things cyber security experts of Comarch are going to discuss during the webinar. You'll also learn about the history of 2FA, its best use cases, how it compares to 2SV, common security problems with mobile apps, or and GDPR/PSD2 best practices.

We'll be sharing lessons we've learned (sometimes the hard way) throughout two decades of working not only in the banking realm.

Join Comarch and (ISC)² on Sep 25, 2019 (Wed) at 14:00 (GMT +8) to learn about the authentication tool.

Presenter: Michał Kaszuba, Cyber Security Business Unit Consulting Director, Comarch
Presenter: Maciej Nowak, IT Security Consultant, Comarch
Moderator: Tony Vizza, CISSP, Director of Cybersecurity Advocacy, APAC, (ISC)²

2018年に公開された脆弱性は1万6千を超えます。限られた人員と時間で、数多の脆弱性に対応するにはどうすればよいのでしょうか。最新の脆弱性管理は、悪用されている脆弱性や悪用される可能性が高い脆弱性のみにフォーカスする機能が提供されています。実際の画面をご覧いただきながら、最新の脆弱性管理プラットフォームについてご紹介いたします。

Presenter: 花檀 明伸, Security Engineer, Tenable
Moderator: 小熊慶一郎, CISSP, Director of Business Development, Japan, (ISC)²

(ISC)² recently completed our multi-year Digital End-to-End Transformation (DETE) project, which positions us to deliver a more a seamless and user-friendly experience to all members. In addition to revamping our online presence, we launched a new Learning Management Systems where members can access all the courses developed by our Professional Development Institute. In Part 3 of the (ISC)² Digital End-to-End Transformation (DETE) webcast, we will examine the “new world” of what the project has provided to internal (how we serve the members and visitors), the members (what you as members see and experience) and what’s to come. Join Wes Simpson, COO and Bruce Beam, CIO on September 17, 2019 at 1:00PM Eastern for a discussion on these items and a Q&A with our COO and CIO.

Across the globe, forward-looking enterprises are fundamentally changing their approach to customer identity access management. Many are looking to leverage identity management technologies that enable them to securely store customer data and to provide GDPR-compliant consent management and better customer experience. When sensitive customer data is stored in an identity platform, you also need to make sure that platform is built with strong data protection capabilities and add-ons to protect against vulnerabilities.

The second part of the webinar will cover our technical security research on deserialization attacks – a high severity vulnerability that can lead to remote code execution attacks.

Join Akamai Technologies and (ISC)² on Sep 11, 2019 (Wed) at 13:00 (GMT +8) to know more about:
- Customer identity access management that enables and secures the business
- How a deserialization attack is performed via a demo
- Best practices to mitigate deserialization attacks

Presenter: Fernando Serto, Head of Security Technology and Strategy, Asia Pacific and Japan, Akamai Technologies
Presenter: Ajay Mishra, Senior Enterprise Security Architect, Akamai Technologies
Moderator: Tony Vizza, CISSP, Director of Cybersecurity Advocacy, APAC, (ISC)²

Mottos like "If you see something, say something" speak to the power of human observation in preventing security disasters. Similarly, valuable human-generated intelligence can be effective in preventing data breaches emanating from phishing attacks. In today’s changing cyber threat landscape, humans need to be conditioned to recognise phishing attacks and security teams need to be armed with actionable threat intelligence to rapidly manage an attack once it hits.

This is where Phishing Threat Intelligence comes into play. By extracting key IOCs from newer phishing threats and making them available to security teams, organisations can detect attacks in progress and respond quickly to reduce the effect of a breach. Plus, by incorporating the same intelligence and tactics in your awareness program, you can train your users to more quickly detect and report an active threat.

Join Cofense and (ISC)² on Sep 4, 2019 (Wed) at 14:00 (GMT +8) to learn about:
- The constantly changing threat landscape
- Turning active, real threats into learning moments for your users
- Speeding up response with timely, actionable intelligence

Presenter: Ryan Jones, Principal Sales Engineer, APAC, Cofense
Moderator: Chuan-Wei Hoo, CISSP, Technical Advisor, Asia-Pacific, (ISC)²

IT automation and orchestration, the key enabler of digitization is the number one IT initiate globally according to our state of application services report 2019. In addition, Zero Trust and Security-By-Design are key imperatives of organizations pursuing digital transformation as these organizations accelerate adoption of cloud technologies to gain speed, scale and accessibility to innovative technologies like AI and blockchains.

In this webinar, we will look at the changing landscape of DevOps and explore the practice of scaling application security, controlling vulnerabilities and controlling advanced threats with the web application firewall in CI/CD environments. We will also take a look at how the technologies enable close collaboration between security teams and development teams on securing APPs without requiring application teams having in-depth knowledge of security.

Join F5 Networks and (ISC)² on Aug 28, 2019 (Wed) at 14:00 (GMT +8) to learn about web application firewall in a CI/CD workflow.

Presenter: Scott Van Kalken, Systems Engineer, F5 Networks
Moderator: Tony Vizza, CISSP, Director, Cybersecurity Advocacy for APAC, (ISC)²

일반적으로 제로트러스트 접근방식에는 접근시도과 신원 확인, 그리고 기기확인이라는 3가지 핵심 축으로 살펴볼 수 있습니다.

이전 웨비나에서는 아이덴티티 기반 접근 방식을 클라우드 프록시와 함께 사용하여 내부 어플리케이션에 보다 안전하게 액세스 하는 방법을 살펴보았습니다.

이번 웨비나는 두가지 파트로 나뉘어 집니다. 첫번째 부분에서는 앞서 언급한 3가지 제로트러스트 접근 핵심축에 대해 좀 더 자세히 알아보고 사용자와 접근 장비에 대한 의미에 대해 더 살펴보는 과정을 통해 제로 트러스트 아키텍처를 구현하는 방안에 대해 알아보겠습니다.

두번째 부분에서는 Web에서 API로 전환되는 보안의 트렌드에 대해 살펴보겠습니다.
여기서 우리는 모바일 어플리케이션의 폭발적인 증가와 함께 웹에서 API로 공격이 이동하는 API의 공격 트랜드와 Credential Fraud의 라이프 사이클을 살펴볼예정입니다.

발표자: 김 현 도, Senior Solution Engineer, Akamai Technologies
발표자: 한 준 형, Technical Account Manager, Akamai Technologies
진행자: 박 선 영, Senior Business Development Manager, APAC, (ISC)²

(ISC)² recently completed our multi-year Digital End-to-End Transformation (DETE) project, which positions us to deliver a more a seamless and user-friendly experience to all members. In addition to revamping our online presence, we launched a new Learning Management Systems where members can access all the courses developed by our Professional Development Institute. In Part 2 of the (ISC)² Digital End-to-End Transformation (DETE) will examine how (ISC)² executed the plan for the project, following the AGILE Project Management framework and the buy-in and support from other departments and stake holders within the organization. Additionally, there was board governance and oversight to contend with. Join Bruce Beam, CIO; Beth Paredes, Sr. Corporate Member Services Manager; and Sommer Hess, Director PMO, Quality and Training on August 20, 2019 at 1:00PM Eastern for a discussion on these items and the speed bumps that were run into on this project.

2018年5月25日，《欧盟数据保护通用条例》(General Data Protection Regulation，简称“GDPR”)正式生效。但条例生效后的1年多，欧洲各国监管机构尚未对违规企业作出巨额罚款。终于，在2019年7月8日与9日，英国信息监管局（Information Commissioner’s Office，简称“ICO”）先后对英国某航空公司和某知名连锁酒店开出1.83亿英镑和9920万英镑的巨额罚单，拉开GDPR强硬执法的序幕。

• 航空公司和酒店的数据泄露事件，公司网站被劫持，谁该负责？
• 对中国企业，特别是有出海业务的国内企业有什么启示？

参加Akamai Technologies和 (ISC)² 在8月14日下午2:00至3:00的在线研讨会，此次演讲将为您带来对这些问题的解答，敬请期待！

演讲人: 李岳霖, 技术顾问, Akamai Technologies
演讲人: 郑伟, 大中华区产品市场部经理, Akamai Technologies
主持人: 丁斐, CISSP, (ISC)² 南京准分会会长

*本次在线研讨会将以普通话进行