Hi [[ session.user.profile.firstName ]]

ISSA International Series: Breach Report Analysis

It's everyone's favorite time of year. What will we learn from this
year's breach reports? Join us as we review the latest data, look for
lessons and trends, and help you understand what it all means. Our
panel of experts will focus on how security professionals can learn
from the data, and hopefully avoid becoming a statistic for next
year's report.
Recorded May 22 2018 123 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Matt Mosley | Patrick Cable | Paul Williams | Jay Jacobs | Laurance Dine
Presentation preview: ISSA International Series: Breach Report Analysis

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • ISSA International Series: Regulation and Legislation Aug 28 2018 4:00 pm UTC 120 mins
    ISSA International
    We all realize that our security jobs are much more than just specifying technology and controls, protecting and defending our infrastructure, and investigating incidents. Over the last year privacy has been mainstreamed with GDPR going into effect, California passed its own version of GDPR, and with 40 + privacy laws in the US, and more just over the horizon. In addition, some of the questions around cloud and privacy have been addressed with the Cloud Act (which gives government agencies direct access to consumer information in the cloud). We also see more government export controls looming on the horizon. These controls will impact cyber tools and techniques and our ability to test and mitigate vulnerabilities while complying with laws and regulations.

    While we may not have all the answers, we will review the current state of our world. To do this, we will bring in legislative and regulatory experts to discuss the changes and some of the directions we see looming.

    Some of the questions we will try to address are:

    what happens when these laws and regulations conflict with one another
    what happens when these controls impact our ability to do our job
    can we mitigate any of our liability by just getting insurance.

    Michael Angelo, Chief Security Architect, Micro Focus | NetIQ

    Maher Shomali, Partner, Thomsen & Burke LLP
  • ISSA Thought Leadership Series: Cybersecurity Heroes Aren't Born...They're Made Aug 22 2018 5:00 pm UTC 60 mins
    ISSA International
    Phishing continues to be one of the fastest growing and most malicious threats to the security of industries of every kind—from financial organizations to government contractors to healthcare firms. Today’s savvy phisher manages to evade even the most sophisticated technical safeguards through carefully planned, socially-engineered emails that are only getting more advanced.

    During this panel, we will discuss key findings from Wombat’s 2018 State of the Phish™ and 2018 Beyond the Phish® Reports. You will gain insight into current vulnerabilities, industry-specific phishing metrics, and emerging threats.

    This collection of data is taken from tens of millions of simulated phishing attacks sent through Wombat’s Security Education Platform over a 12-month period; data compiled from nearly 85 million questions asked and answered inside the CyberStrength® Knowledge Assessments and interactive training modules, responses from quarterly surveys of InfoSec professionals; and an international survey of working adults who were queried about social engineering threats and their cybersecurity behaviors.

    We will also discuss best practices related to security awareness and training. Our panelists will highlight key components and common threads of some of the most successful programs, and help attendees identify ways to apply new techniques and increase the effectiveness of their own cybersecurity education initiatives.

    Jorge Orchilles, SANS Instructor

    Gretel Egan, Brand Communications Manager at Wombat, a division of Proofpoint
    Michael Levin, CEO & Founder, Center for Information Security
    Kurt Wescoe, Chief Architect, Wombat Security
  • ISSA Thought Leadership Series: The Definitive Need for Crypto-Agility Recorded: Aug 8 2018 64 mins
    ISSA International
    On the eve of quantum computing, the definitive need for crypto-agility is greater than ever. The ability to locate, manage, and securely update digital certificates on a network or on a device seems like a simple task, yet with the advent of new Enterprise use cases and flourishing IoT device introductions, management at massive scale becomes a challenge. Facing mounting pressures, IT security personnel and product managers are tasked with implementing solutions fit for today’s environment plus tomorrow’s post-quantum world. Join renowned Public Key Infrastructure (PKI) expert and Certified Security Solutions (CSS) CTO, Ted Shorter, as he outlines the defense against quantum computing and the IoT device invasion, crypto-agility:

    · How can crypto-agility lend itself to a truly future-proof Enterprise and IoT device security strategy?
    · Cryptographic kryptonite: demystifying quantum computing
    · Challenges with digital certificate/device management at scale


    Dr. Shawn Murray, Principal Scientist, US Missile Defense Agency & Director, ISSA International


    Ted Shorter, CTO, Certified Security Solutions (CSS)
    Michael Gardiner, Principal Architect, Gemalto
    Michele Mosca, Founder, Institute for Quantum Computing
    Mike Brown, CTO & Co-Founder, ISARA Corporation
  • ISSA International Series: Trials & Tribulations of Social Engineering Recorded: Jul 24 2018 121 mins
    ISSA International
    We all know about social engineering and phishing; but ‘Is it as simple as sending an email or asking for a click?’ probably not. As hackers and attacks evolve, they will go from simple tricks to very sophisticated attacks. So how do we know what these attacks will be? Simply, we can’t. So how can we detect the new attacks? This session will cover the state of the attacks and the directions they are taking. Ultimately, we will discuss strategies and how we can define the science that will evolve to thwart the evolving various attacks

    Moderated by: Pete Lindstrom, IDC


    Roger Grimes, Data-Driven Defense Evangelist, KnowBe4
    Andrew Lewman, Laxdaela Technology
    Ben Rothke, Senior Security Consultant, Nettitude
    Paul Williams, CEO, Clarity Consulting Corporation
  • ISSA Thought Leadership Series: Is DNS a Part of Your Cyber Security Strategy? Recorded: Jul 11 2018 58 mins
    Kurt Seifried, Cloud Security Alliance | Craig Sanderson, Infoblox | Joe St Sauver, Farsight Security
    Detecting malware, helping to prevent and disrupt command and control communication, ransomware and phishing attacks, being part of a data loss prevention program – DNS can help with this and much more, but are you leveraging it as part of your security controls and processes?

    DNS is the perfect choke point to stop not just data exfiltration through it, but also detect and stop malware from spreading and executing.

    Join us for a discussion on this often overlooked topic and learn:

    - About the value of DNS as part of your cyber security strategy
    - How DNS can provide your SIEM with actionable intelligence
    - How DNS can add value to other security controls, such as
    vulnerability scanners and end point protection
  • ISSA International Series: Cloud Services and Enterprise Integrations Recorded: Jun 26 2018 124 mins
    Michael F. Angelo | Stephen Lipka, CISO and Consulant | Vince Campitelli | Mark Kadrich | Michelle Cobb, Skybox Security
    Securing cloud environments is a shared responsibility between your organization and your cloud service provider. But upholding your end of the bargain can be a challenge in these dynamic, complex environments — especially when dealing with a mix of physical networks and public and private clouds. In this webinar, we will discuss issues and strategies for handling Cloud Services and Enterprise Integrations. Amongst the topics covered we will attempt to address the issues of:

    - How do cloud services impact security implementations?

    - Who is responsible for defining security and how does one implement a security management program in an integrated enterprise cloud service environment?

    - What transitional issues may occur during your migration? How do you audit a cloud service?

    Register for the webinar to see the issues and benefits of handling cloud services and enterprise integration.
  • ISSA Thought Leadership Series: Making sense of Fileless Malware Recorded: Jun 13 2018 58 mins
    Debbie Christofferson, ISSA | Shimon N. Oren, Deep Instinct | Rob Boles, Blokworx
    Fileless malware attacks are steadily growing in recent years, both in absolute numbers and in their share of the threat landscape. Fileless attacks pose an increasing threat to organizations and a challenge for security vendors, due to the use of various non-executable file formats for infection, and the ability to conduct parts of the attack vector in-memory only. Cyber criminals are adopting fileless and memory-based attack techniques, which were once mostly used by nation-states. The panel will deal with the various differing definitions of fileless malware, overview some of the solutions and approaches taken by industry players in protecting from fileless threats, and discuss ideas and best practices for dealing with these threats.
  • ISSA International Series: Breach Report Analysis Recorded: May 22 2018 123 mins
    Matt Mosley | Patrick Cable | Paul Williams | Jay Jacobs | Laurance Dine
    It's everyone's favorite time of year. What will we learn from this
    year's breach reports? Join us as we review the latest data, look for
    lessons and trends, and help you understand what it all means. Our
    panel of experts will focus on how security professionals can learn
    from the data, and hopefully avoid becoming a statistic for next
    year's report.
  • Why Automation is Essential to Vulnerability Management Recorded: May 10 2018 62 mins
    John Donovan, ISSA | Ken Wilson, Skybox Security | Larry Ponemon, Ponemon Institute
    ISSA Thought Leadership Series

    Due to the volume of new vulnerabilities announced (14,000 new CVEs in 2017 alone), complex environments in which they exist and an increasingly well-equipped threat landscape, intelligent automation has never been more important to cyber risk reduction. In this panel discussion, we’ll examine where automation is needed to support a risk-focused vulnerability management program.

    Register to learn:

    · What data sources beyond vulnerability scanners are needed to automate vulnerability discovery in physical IT, multi–cloud and OT networks

    · How automation can help break down data silos between vendors, processes and teams

    · Why analytics–driven automation is needed to analyze vulnerabilities in the complete context of your attack surface

    · How automated analysis can identify best remediation options — and not just available patches

    Join the ISSA panel in a webinar that examines why automated solutions are no longer sufficient to counter the threat landscape, and how automated solutions can help build a holistic, proactive vulnerability management program
  • ISSA International Series: IoT/Mobile Security Recorded: Apr 24 2018 66 mins
    Hari Pendyala | S.A. Srinivasa Moorthy | Chris Rouland | Matthew Crouse
    The prolific outburst of IoT devices in our lives has become a boon or a curse. Boon as they make it easy to interact with "Things" and Curse as they make it easy for hackers to invade our privacy and breach security.

    Implementing Security in IoT devices is still after thought.This webinar looks at the challenges of securing IoT devices against threats and discusses about the options available to secure these devices.
  • ISSA International Series: Blockchain and other Mythical Technology Recorded: Mar 27 2018 123 mins
    Mark Kadrich | James Grundvig, Myntum Ltd. | Peter Linder | Brian Russell, Leidos
    We will be examining blockchain technology and its proliferation in our data security architectures. Our speakers will discuss their experiences with BC technology, how it’s working today, plans for taking advantage of it in the future, and possible technical issues that may affect its long term efficacy.
  • ISSA Thought Leadership Series: Security Awareness Strategies Recorded: Mar 21 2018 62 mins
    Jack Koziol, InfoSec Institute | Robb Reck, Ping Identity | Marnie Wilking, Orion Health | Michael Towers, Allergan
    Beating Hackers at Their Own Game: Security Awareness Strategies That Work

    If 2017’s explosion of cybersecurity breaches taught us anything, it’s that our workforces, more than ever, are one of our most critical defenses. But with as much as 30% of employees unable to spot a phishing email, how do you keep hackers from hijacking your data? The seemingly obvious answer is security awareness training. Unfortunately, many security education programs today fail to sufficiently change employees’ security attitudes, skills and behaviors -- providing a false sense of protection and safety. Even worse, 48% of companies do not have an employee security education program.

    If your New Year’s infosec resolutions include launching a security awareness initiative, or reviving an existing one, what better way to guarantee results than to learn from pros who have been in your shoes. Join our expert panel as they share:

    ● Their most effective security awareness strategies to improve your organization’s security posture

    ● Proven methods to get employees to take security seriously (before a breach occurs)

    ● Security awareness program pitfalls to avoid and biggest lessons learned

    ● Predictions on what will cyber attacks will look like in the next couple years and what you should do in your security awareness program today to prepare
  • ISSA International Series: Privacy vs. Security Recorded: Feb 27 2018 121 mins
    Pete Lindstrom, IDC | Randy Sabett, Cooley LLP | Mathieu Gorge, Vigitrust | Brad Keller, Prevalent | Jim Jaeger, Arete
    We are all concerned about Privacy. Every day there we hear about multiple PII breach announcements. Our current solution – lets create laws to require announcements and levy fines to encourage proper activities and protections. With GDPR looming on the horizon, as the most recent and perhaps the most comprehensive regulation yet, we find ourselves wondering if others will adopt similar regulations. If so, do we as security professionals need to be concerned about our ability to perform forensic analysis, and gather information outside of our realm of direct influence to identifier a hacker? Do elements of GDPR create a situation in which hunting for a hacker might violate their privacy rights? In the end will companies still be able to monitor and protect their assets as they do today, or will it require a change? This webinar will provide insight into the Privacy vs Security Debate.
  • ISSA Thought Leadership Series: A Cure for the Common SOC Recorded: Feb 14 2018 55 mins
    Candy Alexander, CISSP, CISM | Rocky DeStefano, JASK | Vince Campitelli II
    With cybersecurity concerns escalating, organizations of all sizes have scrambled to boost budgets, hire talent and improve security operations – all in the hopes of catching up with and defeating a sophisticated and nearly-invisible enemy. But in this rush to build the SOC according to perceived industry best practices, have we truly optimized our human, technological and procedural resources? Or are we all SOC, and no action? If we took a moment to regroup and build the whole system again from scratch, would it be better than the SOC we’ve reached today by throwing resources at the problem? And if so, where did we go wrong – and how do we course correct? Join a panel of experts to discuss their visions of the perfect SOC and its top priorities while exploring how it can be evolved to achieve them.
  • ISSA International Series: 2017 Year in Review & Predictions for 2018 Recorded: Jan 23 2018 121 mins
    Keyaan Williams - ISSA, Kim Jones - Arizona State University, Jedidiah Bracy - IAPP, Shivaun Albright - HP
    2017 was a horrendous year in cyber security every month was filled with major breaches, hacks, and attacks surfacing. The nature and range of the attacks varied from email hacking to recently announced vulnerabilities being exploited, from minor incursions to (potentially) everyone’s financial history being stolen. 2017 will probably go down as the worst year for Cyber Security with all the previous year’s events having been far surpassed. Even our doom and gloom or same old same old predictions of last year have been blown away. The question now, will 2018 bear the full weight and impact of the events of 2017, or will it have its own harrowing events. Will the growing impact and occurrences spotlight security and translate in terms of media and regulatory attention? What kinds of threats will dominate the 2018 landscape?

    Join us, make notes, and then check back in a year to see how our panel of experts did in providing insight and making predictions for the 2018 challenges to InfoSec.
Developing and Connecting Cybersecurity Leaders Globally
ISSA is the community of choice for international cybersecurity professionals dedicated to advancing individual growth, managing technology risk and protecting critical information and infrastructure.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: ISSA International Series: Breach Report Analysis
  • Live at: May 22 2018 4:00 pm
  • Presented by: Matt Mosley | Patrick Cable | Paul Williams | Jay Jacobs | Laurance Dine
  • From:
Your email has been sent.
or close