Hi [[ session.user.profile.firstName ]]

Protect Sensitive Data (and be PCI Compliant, too!)

Sensitive data is vulnerable when it is stored insecurely and transmitted over open networks. The PCI Security Council takes a hard line on protecting cardholder data and describes specific methods to comply with its standards.

Attend this webinar to better understand methods that make data theft more difficult for attackers and render stolen data unusable.

Topics covered:

• Properly protecting stored cardholder data - encryption, hashing, masking and truncation

• Securing data during transmission - using strong cipher suites, valid certificates, and strong TLS security

• How to identify and mitigate missing encryption
Recorded May 7 2020 59 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Kevin Poniatowski, Principal Security Instructor
Presentation preview: Protect Sensitive Data (and be PCI Compliant, too!)

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • Steal the Attackers Playbook with Purple Teams Recorded: Jul 28 2021 49 mins
    Ed Adams, Security Innovation | Trupti Shiralkar, Illumio | Bill Titus, Skillsoft | Bryson Bort, SCYTHE
    Historical approaches to IT security have been driven by primary colors – red teams attack, blue teams defend. This leaves technical teams color blind as to how hackers exploit the very software they are tasked with building and protecting.

    Purple Teaming is a collaborative approach organizations use to improve their security posture during the attack exercise to capture immediate value and foster a real-world defensive approach. This strengthens a team’s understanding of abuse cases so they can employ effective controls from requirements through deployment.

    Attend this talk to learn how to embed an exploit mentality into technical teams, which results in a reduced attack surface, fewer security vulnerabilities, and accelerated feature release.
  • Steal the Attackers Playbook with Purple Teams Recorded: Jul 28 2021 49 mins
    Ed Adams, Security Innovation | Trupti Shiralkar, Illumio | Bill Titus, Skillsoft | Bryson Bort, SCYTHE
    Historical approaches to IT security have been driven by primary colors – red teams attack, blue teams defend. This leaves technical teams color blind as to how hackers exploit the very software they are tasked with building and protecting.

    Purple Teaming is a collaborative approach organizations use to improve their security posture during the attack exercise to capture immediate value and foster a real-world defensive approach. This strengthens a team’s understanding of abuse cases so they can employ effective controls from requirements through deployment.

    Attend this talk to learn how to embed an exploit mentality into technical teams, which results in a reduced attack surface, fewer security vulnerabilities, and accelerated feature release.
  • Steal the Attackers Playbook with Purple Teams Recorded: Jun 22 2021 49 mins
    Ed Adams, Security Innovation | Trupti Shiralkar, Illumio | Bill Titus, Skillsoft | Bryson Bort, SCYTHE
    Historical approaches to IT security have been driven by primary colors – red teams attack, blue teams defend. This leaves technical teams color blind as to how hackers exploit the very software they are tasked with building and protecting.

    Purple Teaming is a collaborative approach organizations use to improve their security posture during the attack exercise to capture immediate value and foster a real-world defensive approach. This strengthens a team’s understanding of abuse cases so they can employ effective controls from requirements through deployment.

    Attend this talk to learn how to embed an exploit mentality into technical teams, which results in a reduced attack surface, fewer security vulnerabilities, and accelerated feature release.
  • Creating an Effective Application Privacy Policy Recorded: Jun 7 2021 61 mins
    Kevin Poniatowski, Sr. Security Engineer and Trainer
    From executives to software developers and database administrators, each role plays an important part in protecting privacy data. But what does an effective privacy program look like for the teams that build and operate the software applications that powers your enterprise?

    This webcast will describe how to build powerful policies that can be easily understood and implemented in today’s continuous delivery and DevOps approaches.

    Topics include:

    Privacy Concerns for Software Applications
    Threats, Regulations, and Laws
    Guidelines for Building Privacy Policy
    Privacy Engineering Principles
    Data Collection, Retention, and Consent

    This Webcast is ideal for policy makers, program leads, compliance managers, and privacy officers. Development and IT Operations teams will also gain valuable insight into how to protect data throughout the entire application lifecycle.
  • Creating an Effective Application Privacy Policy Recorded: Jun 3 2021 61 mins
    Kevin Poniatowski, Sr. Security Engineer and Trainer
    From executives to software developers and database administrators, each role plays an important part in protecting privacy data. But what does an effective privacy program look like for the teams that build and operate the software applications that powers your enterprise?

    This webcast will describe how to build powerful policies that can be easily understood and implemented in today’s continuous delivery and DevOps approaches.

    Topics include:

    Privacy Concerns for Software Applications
    Threats, Regulations, and Laws
    Guidelines for Building Privacy Policy
    Privacy Engineering Principles
    Data Collection, Retention, and Consent

    This Webcast is ideal for policy makers, program leads, compliance managers, and privacy officers. Development and IT Operations teams will also gain valuable insight into how to protect data throughout the entire application lifecycle.
  • Risk-Based Testing for IoT Systems Recorded: May 30 2021 48 mins
    Ed Adams, CEO of Security Innovation
    IoT Systems provide powerful, flexible features for IT systems — tracking, monitoring, and other data sharing. Today’s IoT devices utilize microservices and APIs that make them easy to put into production. But securing them isn’t as easy.

    This webinar will look at security risks of IoT devices, interfaces, and implementations. We’ll provide practical steps and checklists any DevOps team can use to make their IoT components as secure as possible. We’ll also cover some testing best practices that can be done pre- and post-production to verify security and resilience on an ongoing basis. 

    About the Speaker
    Ed Adams is a software quality and security expert with over 20 years of experience in the field. He served as a member of the Security Innovation Board of Directors since its inception in 2002 and took over as CEO in 2003. Ed is a Research Fellow at The Ponemon Institute, serves on the board of several IT security organizations, and was named a Privacy by Design Ambassador by the Information and Privacy Commissioner of Canada.
  • Risk-Based Testing for IoT Systems Recorded: May 26 2021 48 mins
    Ed Adams, CEO of Security Innovation
    IoT Systems provide powerful, flexible features for IT systems — tracking, monitoring, and other data sharing. Today’s IoT devices utilize microservices and APIs that make them easy to put into production. But securing them isn’t as easy.

    This webinar will look at security risks of IoT devices, interfaces, and implementations. We’ll provide practical steps and checklists any DevOps team can use to make their IoT components as secure as possible. We’ll also cover some testing best practices that can be done pre- and post-production to verify security and resilience on an ongoing basis. 

    About the Speaker
    Ed Adams is a software quality and security expert with over 20 years of experience in the field. He served as a member of the Security Innovation Board of Directors since its inception in 2002 and took over as CEO in 2003. Ed is a Research Fellow at The Ponemon Institute, serves on the board of several IT security organizations, and was named a Privacy by Design Ambassador by the Information and Privacy Commissioner of Canada.
  • Protect Sensitive Data (and be PCI Compliant, too!) Recorded: May 23 2021 59 mins
    Kevin Poniatowski, Principal Security Instructor
    Sensitive data is vulnerable when it is stored insecurely and transmitted over open networks. The PCI Security Council takes a hard line on protecting cardholder data and describes specific methods to comply with its standards.

    Attend this webinar to better understand methods that make data theft more difficult for attackers and render stolen data unusable.

    Topics covered:

    • Properly protecting stored cardholder data - encryption, hashing, masking and truncation

    • Securing data during transmission - using strong cipher suites, valid certificates, and strong TLS security

    • How to identify and mitigate missing encryption
  • Protect Sensitive Data (and be PCI Compliant, too!) Recorded: May 21 2021 59 mins
    Kevin Poniatowski, Principal Security Instructor
    Sensitive data is vulnerable when it is stored insecurely and transmitted over open networks. The PCI Security Council takes a hard line on protecting cardholder data and describes specific methods to comply with its standards.

    Attend this webinar to better understand methods that make data theft more difficult for attackers and render stolen data unusable.

    Topics covered:

    • Properly protecting stored cardholder data - encryption, hashing, masking and truncation

    • Securing data during transmission - using strong cipher suites, valid certificates, and strong TLS security

    • How to identify and mitigate missing encryption
  • Connected Cars: What Could Possibly Go Wrong? Recorded: May 16 2021 55 mins
    Dr. Larry Ponemon of the Ponemon Institute and Ed Adams of Security Innovation
    Millions of cars with tens of millions of lines of code are already talking to servers and each other. According to the Ponemon Research Institute, 63% of manufacturers test less than half of the technologies in your car for vulnerabilities and only 33% train developers on secure coding methods.

    However, there is a new IT system going into cars that was built with security and privacy by design. This “Talking Cars” safety of life program, which is estimated to save 10,000 lives per year, is one of the few automotive technologies that is secure and private for drivers.

    This webinar discusses the trade-off between safety, privacy, and convenience. It will also examine the 10-year Privacy by Design system used in “Talking Cars” and how other technology projects can benefit from similar due diligence.

    Topics:
    • Connected cars – threats and attack surface
    • Review of the most current research on automotive IT security and privacy
    • Blueprint for excellence: Security & Privacy in the “Talking Cars” program

    Though basic knowledge of cybersecurity and privacy is helpful, this webinar is for anyone who wants to better understand connected car technology and how to design resilient IT systems. The speakers, Dr. Larry Ponemon and Ed Adams, are experts in their field and deliver this information-rich webinar.
  • Connected Cars: What Could Possibly Go Wrong? Recorded: May 14 2021 55 mins
    Dr. Larry Ponemon of the Ponemon Institute and Ed Adams of Security Innovation
    Millions of cars with tens of millions of lines of code are already talking to servers and each other. According to the Ponemon Research Institute, 63% of manufacturers test less than half of the technologies in your car for vulnerabilities and only 33% train developers on secure coding methods.

    However, there is a new IT system going into cars that was built with security and privacy by design. This “Talking Cars” safety of life program, which is estimated to save 10,000 lives per year, is one of the few automotive technologies that is secure and private for drivers.

    This webinar discusses the trade-off between safety, privacy, and convenience. It will also examine the 10-year Privacy by Design system used in “Talking Cars” and how other technology projects can benefit from similar due diligence.

    Topics:
    • Connected cars – threats and attack surface
    • Review of the most current research on automotive IT security and privacy
    • Blueprint for excellence: Security & Privacy in the “Talking Cars” program

    Though basic knowledge of cybersecurity and privacy is helpful, this webinar is for anyone who wants to better understand connected car technology and how to design resilient IT systems. The speakers, Dr. Larry Ponemon and Ed Adams, are experts in their field and deliver this information-rich webinar.
  • Privacy in a Gossipy, Digital World Recorded: May 13 2021 60 mins
    Ed Adams, Security Innovation | Elena Elkina, Aleada Consulting | Larry Ponemon, Ponemon Institute | Erika Fisher, Atlassian
    Attitudes toward privacy have an amazingly broad spectrum. Laws like CCPA and GDPR are forcing organizations to build privacy programs, but their robustness varies significantly based on geography, industry, and consumer views. Counter forces of IT Security, Data Breaches, and IoT put privacy at risk every day. Come listen to 3 industry experts discuss privacy in the context of today’s digital world. They will discuss the organizational impacts of privacy, compliance drivers, and the difference between data security and data privacy.

    Topics include:
    • Impacts of emerging technologies (5G, Artificial Intelligence, etc.) on privacy programs
    • How the WFH movement has changed corporate privacy and security strategies
    • Findings from the recent study "Privacy and Security in a Digital World” by The Ponemon Institute
    • The battle between security and privacy (corporate, law enforcement, compliance, personal)
    • Practical tips on how to protect both privacy and data security
  • 7 Sins of Cloud Security Recorded: May 4 2021 56 mins
    Ed Adams, CEO, Security Innovation
    The cloud offers near-instant scale and numerous security features that organizations can leverage; however, it’s not that way by default. Despite wide adoption of cloud services, many organizations remain unprepared and unknowingly expand their attack surface. Gartner predicts that by 2025, 99% of cloud security issues will be the customer’s fault.
  • Securing the Modern Enterprise: Software Total Risk Management (SToRM) Framework Recorded: Apr 29 2021 55 mins
    Ed Adams, President and CEO, Security Innovation
    The proliferation and complexity of software-enabled systems have amplified risk for many organizations. Conventional approaches to software security don’t work, typically encompassing no more running vulnerability scanning. Executives need a better way to understand which products, systems, and teams are putting their enterprise at most risk – and deploy appropriate action plans.

    SToRM represents a new approach for enterprises to more effectively assess and protect software-dependent IT systems. Change your approach – evolve from a vulnerability focused approached to risk-based one. Learn pragmatic steps to ensure you’re mitigating the most risk with limited resources, time, and budget.

    Topics include:

    • Why traditional approaches aren’t working
    • How to identify risks at the business workflow and IT system levels
    • Techniques to calibrate assessment and mitigation efforts
  • Executive’s Guide to DevSecOps Recorded: Apr 23 2021 50 mins
    Ed Adams, President and CEO, Security Innovation
    DevOps brings the potential of faster time to market and higher quality software applications.  But to accelerate adoption or realize its full benefit, organizations need to adapt to the policy, staff, and technology changes that inherently accompany it.   

    Join us for an educational webinar that examines DevOps from an implementation and risk perspective and how to minimize organizational impact.

    Topics include:
    * What’s the difference? DevOps vs. other development approaches
    * Third-party risk:  COTS, open source, and cloud
    * Implications of accelerated development and automation 
    * Making room for DevOps: organizational changes
  • Back to Basics: The importance of security principles in technical roles Recorded: Apr 21 2021 63 mins
    Ed Adams, CEO, Security Innovation
    Principle-based approaches have long been at the core of “traditional” engineering disciplines. However, when it comes to building software and IT systems, best practices around encryption, access control, and authorization are often lackluster. The ability to understand and apply security concepts is essential to protecting today’s digital business.

    Join host Ed Adams, a Ponemon Institute research fellow, for a panel discussion with security professionals whose collective experience spans Fortune 500 technology, financial services, and medical device industries.

    JOSHUA CORMAN
    Founder of I Am the Cavalry (dot org). His approach to security in the context of human factors, adversary motivations, and social impact has helped position him as one of the most trusted names in security.

    UMA CHANDRASHEKHAR
    Leader of the Global Information Product Security function at Alcon. She holds several patents in information security, privacy, and reliability and was an invited council member of the U.S. Federal Communications Commission’s Security, Reliability, and Interoperability Council (CSRIC).

    MARK MERKOW
    CISSP, CISM, CSSLP. A prolific author and advocate for building security into the SDLC with software-quality and security activities, tools, processes, and education.

    Topics to be discussed:

    * Why and for whom are security principles important?
    * Have principles become a lost art form, or did they never really take off?
    * What is the most underutilized principle? Does it vary based on tech stack and deployment?

    FREE GIVEAWAY
    We'll also be raffling off three copies of Mark Merkow's latest book "Secure, Resilient, and Agile Software Development" during the webinar.
  • 7 Sins of Cloud Security Recorded: Apr 13 2021 56 mins
    Ed Adams, CEO, Security Innovation
    The cloud offers near-instant scale and numerous security features that organizations can leverage; however, it’s not that way by default. Despite wide adoption of cloud services, many organizations remain unprepared and unknowingly expand their attack surface. Gartner predicts that by 2025, 99% of cloud security issues will be the customer’s fault.
  • Assessing System Risk the Smart Way Recorded: Apr 8 2021 60 mins
    Ed Adams, President and CEO, Security Innovation
    Information systems in the digital age are complex and expansive, with attack vectors coming in from every angle. This makes analyzing risk challenging, but more critical than ever.

    Attend this webcast to better understand the dynamics of modern IT systems, security controls that protect them, and best practices for adherence to today’s GRC requirements.

    Topics include:
    · Threats, vulnerabilities, weaknesses – why their difference matters
    · How vulnerability scanning can help (and hinder) your efforts
    · Security engineering and the system development lifecycle
    · High impact activities - application risk rating and threat modeling
  • Threat Modeling – Locking the Door on Vulnerabilities Recorded: Apr 6 2021 62 mins
    Ed Adams, CEO by day, engineer at heart
    Did you lock the door before leaving your house this morning? If you did, you threat modeled without even realizing it. Threat modeling is identifying potential threats (house robbery) and implementing measures to mitigate the risk (locking your door).

    Protecting valuable assets, no matter if personal assets or business-related assets such as the software you are developing, threat modeling should become an instinctual and necessary part of your process.

    Our talk highlights how nearly 50% of security flaws can be mitigated through threat modeling. We help you prevent and mitigate risks by utilizing a reliable and hard-hitting analysis technique that can be applied to individual applications or across an entire portfolio. We show you how to effectively apply these techniques at the start of the design phase and throughout every phase of the development lifecycle so you can maximize the ROI of your security efforts.

    Topics covered include:
    • Threat Modeling 101
    • The propagating effect of poor design
    • Tabletop exercise – a world with and without threat modeling
    • Best practices and metrics for every stakeholder
  • Aligning Application Security & Compliance Recorded: Apr 6 2021 48 mins
    Ed Adams, President and CEO, Security Innovation
    Regulatory compliance mandates have historically focused on IT & endpoint security as the primary means to protect data. However, as our digital economy has increasingly become software dependent, standards bodies have dutifully added requirements as they relate to development and deployment practices. Enterprise applications and cloud-based services constantly store and transmit data; yet, they are often difficult to understand and assess for compliance.

    This webcast will present a practical approach towards mapping application security practices to common compliance frameworks. It will discuss how to define and enact a secure, repeatable software development lifecycle (SDLC) and highlight activities that can be leveraged across multiple compliance controls. Topics include:

    * Consolidating security and compliance controls
    * Creating application security standards for development and operations teams
    * Identifying and remediating gaps between current practices and industry accepted "best practices”
Securing software in the connected world
In today's connected world, software runs everything - from smart phones to banking applications, cars to home security systems, even refrigerators, garage doors and other every day devices are "connected." Software is everywhere – and unfortunately, it provides the largest attack surface for hackers. We are a cybersecurity company leveraging our deep knowledge of software security to create relevant products and services.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Protect Sensitive Data (and be PCI Compliant, too!)
  • Live at: May 7 2020 6:00 pm
  • Presented by: Kevin Poniatowski, Principal Security Instructor
  • From:
Your email has been sent.
or close