Hi [[ session.user.profile.firstName ]]

Security, Privacy and Risk in a Mobile World

The discussion on privacy and security of mobile devices has become an explosive topic. With the Snowden revelations leading the way and mobile vulnerabilities like Stagefright and XcodeGhost following behind, the question of is it necessary or even possible to secure voice and data on mobile devices remain the subject of hot debate. With the focus of attackers shifting to these devices, organizations need to be ready to protect their employees and themselves.

This seminar examines the security risks associated with mobile computing devices and infrastructures, and suggested controls for mitigating those risks. It examines the key guidelines from NIST and other organizations and the best practices for mobile security.
Recorded May 25 2016 39 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Sushila Nair, Managing Director, Cybernetics, CISA, CISSP, CISM, CRISC
Presentation preview: Security, Privacy and Risk in a Mobile World

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • The State of Identity in the Age of Breaches & Cyber Attacks Aug 15 2017 3:00 pm UTC 60 mins
    Mark Weatherford (vArmour), Jeremy Grant (Chertoff Group), Paul Rosenzweig
    Enterprises, businesses, government agencies, transportation systems, hospitals, and in some cases, even power plants worldwide have been affected by the high-profile cyber attacks of 2017. What is the current state of digital identity, cyber security and privacy in an age of increased cyber attacks. With the EU General Data Protection Regulation (GDPR), going into effect in May 2018, how are global enterprises and businesses preparing for it?

    Join this panel of expert identity and cybersecurity leaders as they discuss the pressing issues concerning identity and security, especially in the context of ransomware attacks, rise in cybercrime and instances of cyber warfare.

    Moderator:
    - Mark Weatherford, Chief Cybersecurity Strategist at vArmour

    Panelists:
    - Jeremy Grant, Managing Director at The Chertoff Group
    - Paul Rosenzweig, Principal at Red Branch Consulting
  • Catch Me If You Can - Red vs. Blue Aug 10 2017 5:00 pm UTC 60 mins
    Will Schroeder and Jared Atkinson
    Attackers’ love for PowerShell is now no longer a secret, with 2016 producing an explosion in offensive PowerShell toolsets. PowerShell is gaining respect in offensive circles as “Microsoft’s Post-Exploitation Language” and being integrated into many offensive toolkits. Unfortunately, the offensive community often fails to research or share relevant mitigations with their defensive counterparts. This leaves many defenders without the information they need to protect themselves and their networks from these attacks. In a quest to combat the perceived threat, many defenders attempt to disable PowerShell rather than realizing its defensive potential.

    In this webinar, Will Schroeder (@harmj0y) and Jared Atkinson (@jaredcatkinson) will cover offensive and defensive PowerShell tools and techniques, including PowerPick, subversive PowerShell profiles, PowerForensics, and Get-InjectedThread. They will also cover mitigations and detections for popular offensive tools and techniques, demonstrating how to best handle the new offensive reality of widespread offensive PowerShell usage.
  • The Not So Same-Origin Policy & Web Security Aug 8 2017 6:00 pm UTC 60 mins
    David Petty, Network Security Analyst at Independent Security Evaluators
    The same-origin policy (SOP) remains one of the most important security mechanisms of the web, protecting servers from malicious pages interacting with their APIs through cross-site requests. However, the subtle details of the policy can be overlooked, so our talk aims to show how limitations in the application of the same-origin policy can undermine security.

    Join this talk in the "Threat Hunting" series as David Petty, Network Security Analyst at Independent Security Evaluators, explains in depth how the same-origin policy works and how it can be bypassed to exploit cross-site vulnerabilities, including examples of Java, Flash, Silverlight, and Cross-Origin Resource Sharing (CORS) misconfigurations.

    As the same-origin policy and cross-site request forgery (CSRF) are inherently connected, we will also show both simple and complex cross-site request forgery attacks and how CSRF functions within the context of the same-origin policy. This will include classic CSRF attacks that work within the confines of the same-origin policy and more complicated attacks that utilize server misconfigurations to bypass the same-origin restrictions altogether.

    About the Threat Hunter:
    David Petty is an Associate Security Analyst at Independent Security Evaluators (ISE), a security consulting company in Baltimore, MD. He has recently graduated from Northwestern University with a B.S. in Computer Science, and discovered his interest in security while working for ISE during college. He specializes in breaking web and native applications and uses these skills to conduct custom security assessments of software products. His interests also include reverse engineering and digital forensics.
  • Orchestrating Effective IT Risk Management Across the Lines of Defense Aug 8 2017 5:00 pm UTC 60 mins
    Kelley Vick, IT GRC Forum; Cameron Jackson, Riskonnect
    Today’s IT risk environment is more threatened than ever thanks to the growth in sophisticated cyber attacks and security vulnerabilities. Now, complex, hard-to-detect attacks could bring down not just a single institution but also large parts of the internet and the financial markets. Organizations need an intelligent approach when it comes to assessing IT risk and managing compliance.

    Staying safe is no longer just about deflecting attackers. It’s about staying ahead of attackers who are already inside the organization, and banks are doing this through structured lines of defense that enhance security capabilities, involve IT risk managers in operations, and expand internal audits mandate so they can cover business disruption. On this webinar presentation we will address some ways how organizations can as a part of an Integrated Risk Management initiative orchestrate effective IT risk management across the lines of defense.
  • Threat Hunting Tool: Sweet Security Supercharged [Hunter Spotlight] Aug 1 2017 6:00 pm UTC 45 mins
    Travis Smith, Principal Security Researcher at Tripwire
    In this episode of the Threat Hunting series we will feature a network security tool developed and used by real-life threat hunters. Sweet Security is a network security monitoring and defensive tool which can be deployed on hardware as small as a Raspberry Pi.

    Using the power of Bro IDS and threat intelligence feeds, malicious network traffic can be exposed. This data is gathered and visualized with the ELK stack (Elasticsearch, Logstash, and Kiban). Going beyond detection, the device can implement blocking for specific devices on a granular level. Sweet Security can monitor all network traffic with no infrastructure change and block unwanted traffic. It ships with Kibana dashboards, as well as a new web administration UI. Even better, the installation can be separated between web administration and sensor.

    Want to deploy the web administration to AWS and install a dozen sensors? No problem! With the ability to intercept all network traffic combined with the power of Bro and ELK, you can unlock the ability to hunt for threats across any environment.

    Travis Smith will go through how the tool works, as well as some interesting findings he has discovered on his own home network.
  • The Cost of Insecure Endpoints – New Findings from Ponemon Institute Jul 27 2017 5:00 pm UTC 60 mins
    Dr. Larry Ponemon, Chairman and Founder, Ponemon Institute & Richard Henderson, Global Security Strategist, Absolute
    Just how dangerous, inefficient, and ineffective are the endpoint security solutions used in most organizations today? Ponemon Institute independently surveyed hundreds of IT security professionals to find out — and are ready to share the surprising results in this important webinar.

    On July 27th, join founder and chairman, Dr. Larry Ponemon, and Richard Henderson, global security strategist at Absolute, for an interactive webinar on the results, including:

    • Exposing the largest dangers and greatest inefficiencies with endpoint security management today
    • Average financial and productivity costs associated with insecure systems – and how to mitigate in your organization
    • Steps you can take now to prevent attacks and stay compliant
  • The State of Cloud Security Jul 20 2017 5:00 pm UTC 75 mins
    Eric Hibbard, Hitachi Data Systems, Mark Carlson, Co-Chair SNIA Tech Council, Toshiba
    Standards organizations like SNIA are in the vanguard of describing cloud concepts and usage, and (as you might expect) are leading on how and where security fits in this new world of dispersed and publicly stored and managed data. In this webcast, SNIA experts Eric Hibbard and Mark Carlson will take us through a discussion of existing cloud and emerging technologies (such as the Internet of Things (IoT), Analytics & Big Data, and so on) – and explain how we’re describing and solving the significant security concerns these technologies are creating. They will discuss emerging ISO/IEC standards, SLA frameworks and security and privacy certifications. This webcast will be of interest to managers and acquirers of cloud storage (whether internal or external), and developers of private and public cloud solutions who want to know more about security and privacy in the cloud.

    Topics covered will include:

    Summary of the standards developing organization (SDO) activities:
    - Work on cloud concepts, CDMI, an SLA framework, and cloud security & privacy
    Securing the Cloud Supply Chain:
    - Outsourcing and cloud security; Cloud Certifications (FedRAMP, CSA STAR)
    Emerging & Related Technologies:
    - Virtualization/Containers, Federation, Big Data/Analytics in the Cloud, IoT and the Cloud
  • Digital Business is Here - Is your Trust Infrastructure Ready? Recorded: Jul 20 2017 57 mins
    Mike Hathaway, Aaron Davis
    The move to digital business is exposing the limits of existing trust infrastructures. Rapid growth in the number of deployed certificate authorities (CAs). Increased burden on multiple PKI point solutions deployed to address specific problems. And while IT grapples to support tactical implementations of PKI, the demands of digital business overwhelmingly require a more strategic and holistic approach.

    What's required is a centralized yet agile overarching trust framework that can easily accommodate multiple use cases today and in the future.

    This webinar looks at the steps you can take to build an agile trust infrastructure with a centralized PKI deployment.

    * Digital Trust at Scale Learn how to build a PKI that supports endpoint diversity, evolving and multiple use cases and integration with complimentary solutions.
    * Streamline PKI Deployment Discover how a trust infrastructure can be deployed and managed across your organization to mete the requirements of today's dynamic and distributed business models
    * Simplify 3rd Party CA Key Migration Find out how you can migrate certificates from other vendor systems without having to distribute a new trust anchor and without the need to generate new keys and certificates.
  • NotPetya - 3 Steps to Prepare for the Next Ransomware Attack Recorded: Jul 17 2017 44 mins
    Nadir Izrael, CTO & Co-Founder, Armis
    Much of the world was still scrambling to patch and clean up from WannaCry ransomware attack when the (not)Petya attack hit. While (not)Petya relied on Eternal Blue, just as WannaCry did, it had a few new tricks.
    - No Kill Switch – There doesn’t appear to be a kill switch URL, so (not)Petya can’t be shut down simply by purchasing a domain name.
    - Lateral Movement – The new attack includes additional exploits so it can move laterally through the network and infect other devices.
    - New Unmanaged Devices – Reports say the attack hit point of sale devices and ATMs, in addition to the laptops and desktops.

    Join Nadir Izrael, CTO of Armis, and former Captain in the Israel Intelligence 8200 Group, to discuss the 3 steps you should take to prepare for the next ransomware attack. And, why your weakest link now exposures your entire enterprise.

    About the Presenter:
    As co-founder and CTO, Nadir Izrael guides the technology vision behind Armis to protect unmanaged and IoT devices. He co-founded the company in 2015 with its CEO, Yevgeny Dibrov. Prior to Armis, worked at Google as senior software engineer. Before Google, Nadir spent six years in the Israeli army, specifically in unit 8200, where he designed and programmed software projects and systems, served as team leader and did officer’s training attaining the rank of captain.
  • Impact of NotPetya & Top Recommendations for Defending Against the Next Big One Recorded: Jul 13 2017 62 mins
    Greg Bell (Corelight), Stephen Boyer (BitSight), Michael Landewe (Avanan), Brian Robison (Cylance)
    In the aftermath of the recent NotPetya/ExPetr cyber attack that spread across Europe, Asia and the US in June, what are the lessons for enterprises and organizations? How should we improve our critical data security in an age of high-frequency and high-impact cyber attacks?

    Join this interactive Q&A panel session with security experts from Cylance, Corelight and BitSight as they discuss:
    - Trends in cyber attacks: NotPetya / Wannacry
    - The short-term and long-term impact
    - Tips for organizations on how to improve their security posture
    - Steps to take today and insights to guide your long-term security strategy

    Speakers:
    - Greg Bell, CEO of Corelight
    - Stephen Boyer, CTO & Co-founder of BitSight
    - Michael Landewe, Co-Founder of Avanan Cloud Security

    Moderator:
    - Brian Robison, Sr. Director of Technical Marketing, Cylance
  • Petya Ransomware Attacks: Autopsy and Lessons to Learn Recorded: Jul 13 2017 55 mins
    Josh Downs, BrightTALK; Ben Bartle,Barracuda Networks & Amar Singh, Cyber Management Alliance
    The only thing that can stop the security world discussing WannaCry was another large ransomware attack; which is exactly what happened at the end of June in the shape of Petya / notPetya / Goldeneye.

    The attacks compromised several global organisations and hit the headlines worldwide.

    In this session the moderator and panelists will cover the following:

    Where did Petya originate and who was responsible?

    - What halted the spread?

    - Why was it such an effective and newsworthy cyber attack?

    - Should you be worried about something similar happening to your business?

    - What you do to be better prepared to defend against similar ransomware striking again?

    Tune into this session to get the lowdown on where the attacks came from; who was behind them; what they mean for the cyber security industry and how you can improve the protection for your business the next time something similar rolls along.

    PANELISTS:


    - Josh Downs, Senior Community Manager, BrightTALK (moderator)
    - Ben Bartle, Technical Engineer, Barracuda Networks
    - Amar Singh, CEO & Founder, Cyber Management Alliance
  • NotPetya Attack - Cybercrime or Cyberwar? Recorded: Jul 12 2017 64 mins
    Malcolm Harkins (Cylance), Erika Noerenberg (LogRhythm Labs), Nadir Izrael (Armis), Michael Landewe (Avanan)
    The NotPetya pandemic that started in late June and disrupted the operations across companies, utilities, government agencies across France, Russia, Spain, Ukraine and the United States, happened just weeks after the WannaCry ransomware attack. Was NotPetya a financially motivated ransomware attack or an act of cyberwar?

    Join this interactive Q&A session with industry experts and find out the answers to your Petya/NotPetya questions. The topics up for discussion will include:
    - Difference between cybercrime and cyberwar
    - Industries targeted in the NotPetya attack
    - Short-term and long-term impact of this attack
    - Requirements and recommendations for strengthening cyber defense

    Speakers:
    - Malcolm Harkins, CSO of Cylance
    - Erika Noerenberg, Threat Research Engineer, LogRhythm Labs
    - Nadir Izrael, CTO of Armis

    Moderator:
    - Michael Landewe, Co- Founder of Avanan Cloud Security
  • Building Breach Notification into your IR process post-GDPR Recorded: Jul 12 2017 62 mins
    Jamie Cowper, Director, IBM Resilient, Jessica Cholerton, Product Specialist
    The rise in large scale data breaches has been accompanied by a growing number of data privacy reporting regulations across the world. The latest of these, the General Data Protection Regulation (GDPR) will require companies to notify the regulator of a serious incident within 72 hours.

    Companies therefore need to look at their cybersecurity incident response plans and how technology can be leveraged to improve their ability to detect and respond to security incidents faster.

    Join IBM Resilient on July 12 at 2pm to review how organisations can build in data privacy reporting into their incident response strategy whilst using security automation and orchestration tools to enhance their IR processes.

    Attendees will learn:

    •The latest on breach notifications and GDPR; what actions are expected of organisations if data belonging to EU citizens is compromised.

    •How to operationalise GDPR using automation and orchestration to improve IR processes

    • A broader view of global and vertical data breach reporting requirements.

    •What benefits can be achieved through the deployment of an Incident Response Platform (IRP)
  • [Ask the Expert Q&A] McAfee's Raj Samani on the Petya Ransomware Attacks Recorded: Jul 12 2017 45 mins
    Raj Samani, Chief Scientist, McAfee
    - Interactive audience Q&A -

    Fresh of the heels of WannaCry this week has seen the Petya / notPetya / Goldeneye attacks strike many global organisations in a wave of devastating ransomware attacks.

    Questions need to be raised though:

    - Where did Petya originate and who was responsible?

    - What halted the spread?

    - Why was it such an effective and newsworthy cyber attack?

    - Should you be worried about something similar happening to your business?

    - What you do to be better prepared to defend against similar ransomware striking again?

    Tune in live to this interactive ask the expert webinar with McAfee Chief Scientist Raj Samani as he takes your questions on the attacks and suggests ways that you can defend yourself from similar variations in the future.
  • What You Need To Know About Petya/NotPetya & Cyber Attack Protection Recorded: Jul 11 2017 59 mins
    Eric Hanselman (451 Research), May Wang (ZingBox), Ted Harrington (ISE), Mike Ahmadi (Synopsys)
    Another widespread cyber attack in late June wreaked havoc across businesses, organizations, banks, government agencies, utility companies, shipping companies, and even power plants. Was this a ransomware attack or something more sinister?

    Join this panel of industry leaders and security experts for an interactive session on:
    - Why cybersecurity is a key focus for enterprises and organizations worldwide
    - Why ransomware protection is more crucial than ever
    - How to best prepare against future cyber attacks
    - Steps your organization should take today to ensure data security. Short term steps and long-term strategy

    Speakers:
    - May Wang, Co-founder & CTO of ZingBox
    - Ted Harrington, Executive Partner at Independent Security Evaluators
    - Mike Ahmadi, Director of Critical Systems Security, Synopsys Software Integrity Group

    Moderator:
    - Eric Hanselman, Chief Analyst at 451 Research
  • NotPetya: Ransomware Or a Cyber Attack in Disguise Recorded: Jul 10 2017 58 mins
    Scott Crawford (451 Research), Joseph Carson (Thycotic), Omri Moyal (Minerva), Dan Daggett (Phantom Cyber)
    The major ransomware attack that spread across the world in late June struck large pharmaceutical companies, Chernobyl radiation detection systems, the Kiev metro, an airport, banks, hospitals and government agencies. Was this a financially motivated cyber attack or something more sinister? Is the worst over or is there more to come?

    Join this panel of cybersecurity experts as they go over the details of this attack, what it means for organizations worldwide and how to better protect against ransomware.

    Topics up for discussion:
    - Detailed account of this cyber attack
    - What is NotPetya? How is it different from Petya and Wannacry?
    - What is the impact of this ransomware attack?
    - What you should do today to better protect your organization

    Speakers:
    - Joseph Carson, Chief Security Scientist at Thycotic
    - Omri Moyal, Co-Founder & Vice President of Research, Minerva
    - Dan Daggett, Security Solution Architect, Phantom Cyber

    Moderator:
    - Scott Crawford, Research Director, Information Security Channel at 451 Research
  • NotPetya: Wiper or Ransomware & How to Protect Yourself Recorded: Jul 7 2017 60 mins
    Chris Roberts (Acalvio), John Bambenek (Fidelis), Jay Beale (Inguardians), Vince in the Bay
    Join this interactive Q&A session and learn the facts about the recent NotPetya attack on the Ukraine and the collateral damage it caused by crippling large businesses and organizations worldwide.

    Topics that will be discussed during this live Q&A panel will include:
    - How is NotPetya different from Petya and Wannacry?
    - Timeline of the attack
    - Impact and aftermath
    - What's next? How can companies better protect their data against similar attacks in the future?

    Moderator:
    - Vincent Tocce of the Vince in the Bay Podcast

    Speakers:
    - Chris Roberts, Chief Security Architect at Acalvio
    - Jay Beale, COO & CTO of Inguardians
    - John Bambenek, Threat Systems Manager at Fidelis Cybersecurity
  • NotPetya: Ransomware or Wiper? Nation State or Criminal Gang? Recorded: Jul 6 2017 37 mins
    Dr. Mounir Hahad, Sr. Director at Cyphort
    On the heels of WannaCry, the world awoke on June 27 to another cyber attack that employs ransomware as a weapon. But this one is different and has fueled much speculation as to whether it is truly a ransomware attack or a wiper/destroyer attack meant to inflict irreversible damage. In this webinar, we will review some of the details of this attack and discuss clues towards motives and potential threat actors behind this attack.

    About the Presenter:
    Mounir Hahad, Ph.D. is Sr Director at Cyphort, a Security Analytics company headquartered in Santa Clara, CA. Mounir is the head of Cyphort Labs, the group responsible for conducting threat research within Cyphort and driving detection enhancements for Cyphort’s Advanced Detection Fabric which uses behavioral analysis along with machine learning to detect advanced threats and correlate those incidents with ingested information from third party solutions. Mounir holds a Ph.D. in computer science from the University of Rennes.
  • [VIDEO] CREST President Ian Glover on GDPR & May 2018 Recorded: Jul 6 2017 12 mins
    Josh Downs, Senior Community Manager BrightTALK & Ian Glover, President, CREST
    BrightTALK caught up with CREST president Ian Glover for an in-depth conversation on the current state of information security, today's threatscape and a discussion on the cyber industry.

    Topics up for discussion:

    - GDPR and the preparation that organisations need to implement to remain compliant

    - Steps that professionals can take to make sure that they're in-the-know and up-to-date with the legislation and changes that need to be made

    - The value of improving security culture in an organisation to increase security stature

    - Nationstate attacks and their influence on the cyber security industry

    - AI & machine learning systems and their applications to the security industry
  • [VIDEO] KPN Telecom's CISO Jaya Baloo on Ransomware, the IoT and 'Hacking Back' Recorded: Jul 6 2017 13 mins
    Josh Downs, Senior Community Manager BrightTALK & Jaya Baloo, CISO, KPN Telecom
    BrightTALK caught up with KPN Telecom's Jaya Baloo for an in-depth conversation on the current state of information security, today's threatscape and a discussion on the cyber industry.

    Topics up for discussion:

    - The WannaCry attacks and what it means for the ransomware landscape

    - 'Hacking back' and the ethical considerations that need to be taken

    - Nation state attacks and the future of cyber warfare

    - How to improve security culture amongst your troops on the ground

    - AI & machine learning and how effective the techniques can be when assessing big security data sets

    - The explosion of the IoT and how to protect connected devices and the overall network - from a telecoms standpoint
The latest trends and best practice advice from the leading experts
This channel features presentations by leading experts in the field of information security. From application, computer, network and Internet security to access control management, data privacy and other hot topics, you will walk away with practical advice for your strategic and tactical information security initiatives.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Security, Privacy and Risk in a Mobile World
  • Live at: May 25 2016 3:00 pm
  • Presented by: Sushila Nair, Managing Director, Cybernetics, CISA, CISSP, CISM, CRISC
  • From:
Your email has been sent.
or close