Hi [[ session.user.profile.firstName ]]

Software Development Life Cycle: Who's responsible for security?

From "start-up" through "acquisition & development", "implementation", and "operations & maintenance" to "decommissioning", it's far too easy to lay the responsibility for the secure software life cycle at the feet of the application developers. What about all the other professionals involved in the software development life cycle (SDLC)? Question: What responsibility do the application owners, procurement officers, business unit heads, delivery personnel, senior managers, business analysts, quality assurance managers, program managers, technical architects, security specialists, and IT managers have with respect to the SDLC? Answer: They all have either a legal or fiduciary responsibility to be aware of basic secure coding principles. Don't be the one who is "made an example out of" when an application development project goes awry!
Recorded Jun 3 2010 49 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Dow A. Williamson CISSP, CSSLP; SCIPP International, Executive Director
Presentation preview: Software Development Life Cycle:  Who's responsible for security?

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • Threat Analysis and Breach Protection Aug 18 2020 3:00 pm UTC 35 mins
    Kalani Enos, Partner/VCISO/Threat Analysis, Immersion Security
    As the world continues the work-from-home initiative in order to combat the COVID-19 threat to humanity, organizations must also consider that threat actors (hackers, Advanced Persistent Threats, etc.) may take this opportunity to exploit existing vulnerabilities normally mitigated in an office environment behind a firewall, as an example, but not necessarily mitigated in a Telework environment. This presentation will discuss the following topics

    - Discuss the recent rise Threat Actor exploits of Telework applications, and provide a means of ‘visibility’ by organizations to detect, analyze and remediate threats attempting to exploit vulnerabilities.

    - Visibility into emerging threat capabilities to introduce ransomware and malware into a remote computer/mobile device. Example: COVIDLOCK ransomware on Android smart phones and how to detect and remediate.

    - How VPN is only a step in the right direction towards accessing and transmitting secure, sensitive data. How additional applications and best practices can assist organizations to maintain Confidentiality, Integrity and Availability (CIA) in the near-immediate term.

    - The advantage of educating employees on the dangers associated with working remote, and whether use of personal devices versus company-provided devices are viable options.

    - How Software as a Service (SaaS), Infrastructure as a Service (IaaS) providers can assist your organization in maintaining effective CIA in a Work From Home environment. The presenter will also discuss limitations and the often overlooked Shared Responsibility.
  • Securing the Cloud in 2020: Threats, Visibility & Privileged Access Aug 18 2020 12:00 pm UTC 57 mins
    Diana Kelley, Andy Givens, Manav Khanna & Tim Bach
    Cloud security remains a challenge for enterprises, especially in the new post-COVID-19 reality of 2020 and the shift to remote working. What are the new threats on the horizon and compliance considerations to keep in mind?

    Join this interactive panel of cloud security experts and industry leaders to learn more about:
    - New and old cloud security threats to keep in mind
    - Why visibility is key for cloud security
    - Know your cloud: Who is accessing what and when? How was their identity verified?
    - Privileged identities and what's needed for secure privileged access
    - Compliance challenges and considerations
    - Best practices for securing your data in the cloud

    Speakers:
    Diana Kelley, Cybersecurity Field CTO, Microsoft
    Andy Givens, VP Solutions Engineers, North America, CyberArk
    Manav Khanna, Senior Director of Product Management Identity & Access Management, Thales
    Tim Bach, Vice President of Engineering, AppOmni
  • Business is still good for cyber criminals. How about yours? Aug 17 2020 6:00 pm UTC 45 mins
    Stella Igwenazor, IT Security Consultant, Syberficial
    Following international arrests of some cyber criminals, online criminal markets are adding security features to protect themselves from cops and additionally devising new means to continue prying on users and companies’ data in order to further their criminal behaviour.

    This session will provide some insight on:
    - The means the cyber criminals are using to obtain the information they need, and
    - The steps businesses and individuals alike can take to protect themselves.

    At the end of this session, the participants will take away:
    - Three key information the cyber criminals are after
    - Cyber criminals and their targets
    - Steps businesses (and individuals) can take to protect themselves from cybercrime

    About the speaker:
    Stella is an experienced, performance driven and result oriented Certified Information Systems Auditor
    (CISA) with over 13 years experience providing consulting services in SAP Security and Controls,
    Governance Risk and Compliance, IT Risk Management, and Auditing in public and private sector under
    her consulting firm Ellar Consulting Inc. She has also been involved in various cybersecurity initiatives
    which motivated her to start Syberficial in order to help those intimidated by CyberSecurity get
    acquainted with the topic.

    During the course of her career Stella, an MSc. holder in Business Applications of Computer Science has
    worked with stakeholders at various levels including C-level executives and senior leadership to create
    policies and procedures, develop strategies and deliver solutions to meet business objectives.

    When not occupied with security tasks, Stella being a fitness enthusiast and avid runner, likes to spend
    her time working out or on the running trail. She has completed a good number of half and full
    marathons and has it on her bucket list to run all six world major marathons.
  • Cybersecurity Threat Detection and Prevention Aug 17 2020 3:00 pm UTC 60 mins
    Jo Peterson | Adi Pradeep | Stan Lowe | Dr. Richard Ford | Homayun Yaqub
    Cyberthreats are viewed as a significant risk to organizations. They are capable of disrupting core operations and inflicting serious damage to brands and reputations.

    A study by Cybersecurity Ventures predicts these crimes will cost the world $6 trillion a year by 2021.

    Join this panel discussion to:
    - Review today’s expansive attack surface and the various ways bad actors penetrate networks
    - Discuss existing and emerging cyber threats
    - Understand policies, tools and best practices used to protect organizations as new threats emerge
    - Explore the roles that user training and education, skill development and governance play in defending against threats

    Panel:
    Jo Peterson, VP Cloud & Security Services, Clarify360 (moderator)
    Adarsh "Adi" Pradeep, Cybersecurity Consultant
    Stan Lowe, CISO, Zscaler
    Dr. Richard Ford, CTO, Cyren
    Homayun Yaqub, Global Security Strategist, Forcepoint
  • Police insight – How to protect your business from cyber threats Aug 17 2020 10:00 am UTC 60 mins
    Sean O’Neil L.Lb (Hon), MSyl | Carl Chapman, TiG | David Clarke, Guildhawk
    Cybercrime is at an all-time high.

    Businesses in the UK are under the constant threat of cyber security attacks, and there is an increasing risk of losing your data, money, and even the business itself. Hackers are experts at choosing vulnerable targets. Learn about the risks and best methods of defence by joining our security briefing with experts from the police, TiG and Guildhawk.

    In this briefing you will:
    - Hear how other businesses have been targeted
    - Understand the risks through real-life examples
    - Learn how to implement some simple defence strategies
    - Have the opportunity to ask questions
  • Cybersecurity in the New World Aug 17 2020 8:00 am UTC 45 mins
    John Lee, Managing Director, Global Resilience Federation ASIA-PACIFIC Pte Ltd
    Organizations are affected by changes in the external environment. The ongoing COVID-19 pandemic has demonstrated our vulnerabilities. Companies are stretched financially and operationally as they have to adjust to a new business model. Many countries have implemented lockdowns and restriction on travel and logistics. Employees are working from home and some businesses have shut down if they cannot remodel their services. Past major events such as the terror attacks in beginning of this century, the hacks of critical infrastructure in the last decade, major data breaches in the last 20 years, global financial markets crash in 2008 and others have impacted many countries and companies that are not prepared.

    As most of our systems and processes depends on digital technologies, it leaves us open to cyber attacks. We need to be prepared for the next external change that may leave us vulnerable to an attack. In the presentation some of the ways to increase our cyber resilience will be discussed. Cybersecurity must continuously evolved and be proactive. It must be top down and bottom up. The governance of Operational Technology and Information Technology needs to be holistic and seamless to prevent gaps in the environment. Just as important is the situation awareness on the ground and the control mechanism to bring to management attention when things go wrong or are likely to. In the presentation, some of the best practices of Cybersecurity to address the problems will be covered.

    Presenter Biography:
    John Lee is the Managing Director of Global Resilience Federation Asia Pacific. He manages the Operational Technology Information Sharing Analysis Centre (OT-ISAC). It is a membership driven community with organizations from public and private sectors managing OT critical assets and infrastructure. He has more than 20 years of experience in Information Security and ICT industry having managed teams in APAC and Middle East for MNCs.
  • Storage Networking Security Series: Applied Cryptography Recorded: Aug 5 2020 59 mins
    John Kim, NVIDIA; Eric Hibbard, SNIA Security TWG Chair; Olga Buchonina, SNIA Blockchain TWG Chair; Alex McDonald, NetApp
    The rapid growth in infrastructure to support the real time and continuous collection and sharing of data to make better business decisions has led to an age of unprecedented information access and storage. This proliferation of data sources and of high-density data storage has put volumes of data at one’s fingertips. While the collection of large amounts of data has increased knowledge and efficiencies for businesses, it has also made attacks upon that information—theft, modification, or holding it for ransom--more tempting and easier. Cryptography is often used to protect valuable data.

    This webcast will present an overview of applied cryptography techniques for the most popular use cases. We will discuss ways of securing data, the factors and trade-offs that must be considered, as well as some of the general risks that need to be mitigated, including:

    •Encryption techniques for authenticating users
    •Encrypting data—either at rest or in motion
    •Using hashes to authenticate/ Information coding and data transfer methodologies
    •Cryptography for Blockchain
  • Storage Networking Security Series: Security & Privacy Regulations Recorded: Jul 28 2020 61 mins
    Thomas Rivera, Co-Chair, SNIA Data Protection & Privacy; Eric Hibbard, SNIA Security TWG Chair; J Metz, SNIA Board Chair
    Worldwide, regulations are being promulgated and aggressively enforced with the intention of protecting personal data. These regulatory actions are being taken to help mitigate exploitation of this data by cybercriminals and other opportunistic groups who have turned this into a profitable enterprise. Failure to meet these data protection requirements puts individuals at risk (e.g., identity theft, fraud, etc.), as well as subjecting organizations to significant harm (e.g., legal penalties).

    This webcast highlights common privacy principles and themes within key privacy regulations. In addition, the related cybersecurity implications are explored. Lastly, the session will probe a few of the recent regulations/laws to outline interesting challenges due to over and under-specification of data protection requirements (e.g., “reasonable” security).

    After viewing this webcast, attendees should understand:
    •How privacy and security is characterized
    •Data retention and deletion requirements
    •Core data protection requirements of sample privacy regulations from around the globe
    •The role that security plays with key privacy regulations
    •Data breach implications and consequences
  • PCI Dream Team - PCI Compliance with Non-supported Software & Hardware Recorded: Jul 28 2020 61 mins
    Ben Rothke | David Mundhenk | Jeff Hall | Arthur Cooper "Coop"
    Being left at the payment altar is not easy.

    PCI DSS requirements 6.1 and 6.2 address the need to keep systems up to date with vendor-supplied security patches in order to protect systems from known vulnerabilities. But what do you do if you have an in-scope application and it is no longer supported by the vendor?

    Many payment applications, gateway and software are long past end-of-life, yet still processing cardholder data. Can such a setup be PCI compliant?

    This PCI Dream Team webinar will detail the issue, challenges dealing with unsupported hardware/software, and suggest strategies for compensating controls.

    Our panelists are some of the top PCI QSA’s in the country, with decades of combined PCI and card processing experiences. They’ve seen it all: the good, bad and ugly; and lived to tell the tale.

    Join Ben Rothke, David Mundhenk, Arthur Cooper, and Jeff Hall for an interactive Q&A session, and get answers to your most vexing PCI questions. No PCI question is out of bounds.
  • Ransomware: Are Your Vulnerabilities Exposing You? Recorded: Jul 22 2020 48 mins
    Troy Vennon, Director of Cybersecurity and Trustworthiness, Covail
    More mid-to-smaller companies are being targeted by cyber attackers with ransomware. According to a recent report, the average-sized company impacted has decreased from 2018 to about 650 employees in 2019. This trend will likely continue.

    Join Troy Vennon, who leads the Ohio security community of CISOs and security managers (ISAO), for a discussion about protecting your company with practical steps and tight budgets. Troy will discuss how knowing how vulnerable your company is to ransomware helps you better protect from it.
    You will learn from this discussion:
    + Top 3 steps your security team can take to protect your network on a budget
    + How to find, prioritize and close vulnerabilities that expose you to ransomware
    + What best practices other companies are deploying to defend their enterprise from attack
  • Your Pen Test Isn't a Pen Test Recorded: Jul 22 2020 49 mins
    Ted Harrington, Executive Partner at Independent Security Evaluators (ISE)
    What is penetration testing anyways?
    It's probably not what you think it is. You're building an application and need to prove it's secure, so you go get some penetration testing. But what are you actually getting?

    In this talk, author Ted Harrington takes you to the front lines of ethical hacking and security research, blending real-world exploit stories with actionable insights in order to help you understand what penetration testing is, what it isn't, how to tell the difference, and determine what you might actually need. You'll learn how hackers break applications, and you'll walk away with practical guidance about how to:
    - Abuse functionality
    - Chain vulnerabilities
    - And much more

    About the Speaker:
    Ted Harrington is the author of HACKABLE: How to Do Application Security Right, and the Executive Partner at Independent Security Evaluators (ISE), the company of ethical hackers famous for being the first to hack the iPhone. He’s overseen security research hacking medical devices, password managers, and cryptocurrency wallets. Ted has helped hundreds of companies fix tens of thousands of security vulnerabilities, including Disney, Amazon, Google, Netflix, Adobe, Warner Brothers, Qualcomm, and more. For his stewardship of security research that Wired Magazine says “wins the prize, hands down,” Ted has been named both Executive of the Year [by American Business Awards] and 40 Under 40 [by SD Metro].
  • Top Threats Campaigns are Facing and How to Address Them Recorded: Jul 22 2020 60 mins
    David Morris | Mick Baccio | Frank Snyder | Lance James
    As the 2020 U.S. presidential election draws near, let's take a look at the top cyber threats campaigns are facing this election cycle and what can be done to address them.

    The lessons can easily be applied to the private sector and enable organizations to take steps toward better security.

    Join this panel to ask your questions and learn more about:
    - Domain spoofing
    - Email threats
    - Information warfare
    - Cyber attacks

    Speakers:
    - Mick Baccio, Splunk
    - Frank Snyder, Yubico
    - Lance James, Unit 221B

    Moderator: David Morris, Executive Director at Digital Risk Management Institute

    This episode is part of the Election Hacking Original series examining the threats to democratic elections, the technologies used to power and hijack elections, and what's needed to educate and empower voters before Election Day.
  • Protecting Your Business from Nation State Attacks Recorded: Jul 21 2020 59 mins
    Diana Kelley | Matt Rider | Etay Maor
    Cyberattacks attributed to foreign governments have been on the rise for years, many against organizations all over the world. These attacks try to steal online account information, infect computers, and compromise the safety of networks. Targets of these attacks include think tanks, university staff, government employees, and even members of organizations focused on human rights issues.

    As these attacks increase in prevalence and sophistication, organizations are taking notice of the threats posed by hostile state actors and state-sponsored cybercriminal groups.

    So, how can businesses protect against them?

    Join today's episode of The (Security) Balancing Act with Diana Kelley to learn whether your business should be concerned about nation state attacks and what to do about it.

    The topics up for discussion will include:
    - State actors & rise in cyber crime
    - How the attackers get in
    - A review of recent nation-state campaigns
    - How does this impact organizations across different verticals (Financial vs Healthcare vs Government)
    - How industry and law enforcement are responding to these attacks
    - How AI and ML may change cybercriminal tactics
    - How to deal with threats from criminals and hostile states

    Panelists:
    - Etay Maor, Chief Security Officer, IntSights
    - Matt Rider, International Engineering Director, Rapid7

    We welcome viewer participation and questions during this interactive panel session.
  • Get Compete Threat Visibility with All-in-One Security Essentials Recorded: Jul 16 2020 34 mins
    Senthil Palaniappan, Founder and CEO, Sennovate Inc.
    Any organization’s security depends on its ability to rapidly detect and respond to emerging threats across your cloud and on-premises environments. Yet, attack methods and strategies evolve constantly, making threat detection an always-moving target. If you are a CISO or key stakeholder and would like to learn ways to monitor, detect, and secure your environment, you should attend this webinar.
    You will learn
    • Collecting Security Events
    • Reviewing Log data
    • Performing Analysis
    • threat intelligence from the Open Threat Exchange® (OTX™)
    • Managed SOC - An effective and efficient way to compliment your Cyber Security team
    • AlienVault Case Study
  • Building a Better Mousetrap: Breach Prevention and Detection in the Modern World Recorded: Jul 16 2020 39 mins
    Graydon McKee – CISSP, MSIA CISO and Practice Director, Information Security, Pyramid Solutions
    Hackers attack every 39 seconds and their attacks are becoming more and more sophisticated. Gone are the days where simply keeping your anti-virus up to date and locking down your perimeter will protect you from the bad guys. This talk will focus on how prevention and detection has changed over the years. Building off the premise that there is no “silver bullet,” this talk will blend the tried and true techniques of years past with new technologies to guide the listeners down the path to knowing how to blend them into a new mousetrap for our new normal.
  • Breach Prevention, Detection and Response in context of new Privacy Regulation Recorded: Jul 16 2020 37 mins
    Malu Septien Milan, President & Founder, Cryptopon
    Traditional Breach Prevention and Detection are now insufficient capabilities without the organization’s ability to respond to new Privacy Regulations and the everchanging landscape of Cybersecurity Governance. A firm must be ready to respond to a data breach and avoid the penalties.

    While traditional organizations continue to align cybersecurity breach prevention and detection through the lens of cybersecurity frameworks and certifications such as ISO 27001 and NIST 800-53 as examples, the Privacy regulations are forcing firms to pivot how they integrate Data Governance strength to protect themselves from the damages of breaches not only to their firms but to avoid fines and reputational damage that can cost millions of dollars.

    This presentation is a practical Data Breach Readiness pathway to mitigate data breach RISK and FINANCIAL impact to your firm while increasing consumer trust.

    Take aways will include:

    - A practical and proven approach to assess breach response readiness
    - How to start integrating your cyber-defense program with data governance so breach readiness and response can be effective
    - Tools and tips to get Privacy Breach Ready
    - The role of a Defensible Narrative

    Malu brings more than 25 years of industry expertise in Government, High Tech Manufacturing, Retail and Executive Digital Solutions advisory across every functional vertical. Her portfolio of experience includes deep technical product leadership, strong drive for Quality & Operational Excellence, Product Innovation and simplification, Cybersecurity & Privacy (GDPR/CCPA), Process and People leadership across business units and IT. Malu has served as Board Member to multiple organizations focusing on Cloud Digital Transformation, Operational Excellence, Cybersecurity, GRC & Privacy.

    Malu is President and Founder of Cryptopn, LLC. An executive advisory firm that has delivered Cybersecurity and Privacy Strategy to multiple Fortune 500's and startups.
  • [Panel] Breach Prevention and Detection Recorded: Jul 16 2020 61 mins
    Jo Peterson, Clarify360 | Tyler Cohen Wood, CyberVista | Rich Thompson, BlackBerry | Stephenie Southard, BCU
    According to Digitalguardian.com, a data breach at U.S. firm in 2019 cost an average of $8,19 million, an increase from $7.91 million in 2018, and more than twice the global average.

    The number of data breaches is growing as well. Statisa reports a 14% increase in the number of breaches in 2019 over 2018 figures. So how can we guard against them? While there is no one and done solution for solving security challenges, Risk Reduction is a key element

    In this session we’ll discuss both the educational and technical approaches to data breach risk reduction:

    - Types and Causes of a Data Breach
    - Consequences of a Breach
    - Data Breach Response Plan and Breach Notification Plan
    - Method for Evaluating Risks and Harm
    - Breach Prevention Tactics

    Moderated by:
    Jo Peterson, Vice President, Cloud and Security Services, Clarify360
    Panelists:
    Tyler Cohen Wood, Executive Director Cyber Workforce Program
    CyberVista
    Stephenie Southard, CISO of BCU
    Rich Thompson, VP Sales Engineering, BlackBerry
  • The Advantage of Deception Technology to Detect a Breach Recorded: Jul 16 2020 42 mins
    Steve Cobb, CISO, One Source
    Join us for an interactive discussion on how deception technology can provide early detection of a breach and significantly improve an organization's capabilities to quickly and accurately defeat attackers. We will cover:

    - Faster detection of threats at a lower cost
    - Collecting specific threat intelligence on if and how you are being targeted
    - Reducing false positives and not missing alerts
    - Detecting insider threats

    Speaker bio - Steve Cobb, CISO at One Source
    Steve Cobb is One Source’s Chief Information Security Officer (CISO) bringing more than 25 years of leadership consulting surrounding IT infrastructure, cybersecurity, incident response, and cyber threat intelligence. Since joining One Source in 1995, Steve has been responsible for providing strategic IT consulting, delivering an increased organization efficiency and security for our customers. Prior to One Source, he was a Senior Security Engineer with Verizon Managed Security and a Senior Escalation Engineer with Microsoft. Steve serves on several CISO boards and a frequent presenter at conferences such as InfoSecCon, ISSA, Cyber Defense Summit, and others.
  • DISCOVER, BREAK, FEEL, FIX: THE INTELLIGENT WAY TO PROACTIVE PREVENTION Recorded: Jul 16 2020 105 mins
    David Israel Senior Manager, Enterprise Information Security - Protect, MOTOROLA SOLUTIONS
    Breach protection and detection is a central challenge for security experts who are tasked with protecting an enterprise. In addition, the endless effort to protect business assets does not lead to certainty.

    It is difficult to prove that defensive efforts are effective and ready for real life attacks.

    In this presentation, you will learn how the collaboration between a Threat Intelligence Team and a Red Team led to a revolutionary change in security posture and provides an effective method to evaluate and improve the prevention and detection of compromises.

    In this session you will explore
    - A method to identify gaps in breach protection and detection
    - The challenges around endpoint protection and DLP
    - Enhancing logging and monitoring by adding context
    - Building a trusted environment
  • Cyber crime in 2020 - Secrets of the virtual illicit underground Recorded: Jul 16 2020 52 mins
    Karen Stephens, CEO, BCYBER | Brett Williams, Lead Solutions Architect, Flashpoint
    Opportunity is the cause of cyber crime, take away the opportunity and take away the crime.

    Threat actors collaborate, conspire and acquire targets with impunity - just below the surface of what we see on the internet every day. Often referred to as the Deep Web or Dark Web, these virtual meeting places hide cybercriminals, insiders, terrorists and activists from plain view. How do you become proactive and get visibility into the forums and communication channels where 'bad actors' hatch their plans? This session will dispel the mystery of the dark web, discuss how the virtual underground operates and provide guidance on how organisations can gain visibility into these environments to help inform and manage their business risk. Join BCyber as they host a discussion with intelligence expert, Brett Williams, Flashpoints Lead Solutions Architect, where we will provide an:

    - Understanding and dispelling the myths of the deep and dark web
    - Overview on how cybercrime works and how illicit actors operate
    - Update on key trends being seen in first half of 2020, for example, COVID threats, extortionist ransomware and more
    - Example from real-life, covering content from virtual illicit communities, like forums, marketplaces, chat services etc
    - Actions that you can do to gain external visibility for your organisation to better manage business risk
The latest trends and best practice advice from the leading experts
This channel features presentations by leading experts in the field of information security. From application, computer, network and Internet security to access control management, data privacy and other hot topics, you will walk away with practical advice for your strategic and tactical information security initiatives.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Software Development Life Cycle: Who's responsible for security?
  • Live at: Jun 3 2010 6:00 pm
  • Presented by: Dow A. Williamson CISSP, CSSLP; SCIPP International, Executive Director
  • From:
Your email has been sent.
or close