Global Panel: Dissecting Cloud Security Standards

Cybersecurity professionals do a great job when it comes to understanding, and mitigating, technical and functional risk.

But CEOs and board members tend to think in terms of business risk. This webinar shows cybersecurity professionals how to articulate requirements in business terms. With that knowledge, they can build the case for cybersecurity tools, staffing, and initiatives in a way that business professionals will understand--and fund.

Although overused, Next Generation Security still means keeping up with the challenges of securing today’s networks. The fundamental rule of keeping up with those challenges is having both a vision and an architecture that provides the foundation, regardless of how the market or the threats themselves change.

This session will focus on what is needed in an evolving security architecture to provide Next Generation Security in a constantly changing environment.

As organizations rely on third parties to grow and thrive, they’re exposed to major cybersecurity risks. Mitigating this risk means confronting the potential security vulnerabilities that are present in your third party network, but traditional vendor risk management (VRM) methods are no match for modern threats. According to Deloitte 83% of today’s business leaders lack confidence in third party VRM processes.

Join our panel of experts on this CPE accredited webinar to learn how your organization can create a VRM program that’s ready and able to stand up to today's third party threat landscape.

Learning objectives:

• Find out how to gain executive leadership buy-in for your VRM program.
• Learn how to perform quantifiable vendor security analyses.
• Discover how to leverage Automation to Scale your VRM program.

Join this webinar to hear from past students and current champions discuss how the SANS CyberTalent program is changing lives and closing the workforce gap. The cybersecurity workforce gap can be partly solved through increasing diversity. Organizations like SANS CyberTalent and the WSC are reaching into communities throughout Maryland and the US searching for professionals with technical appitude but new to cybersecurity.

These academies are designed to help qualified veterans and women receive training and certifications to quickly and effectively launch careers in cybersecurity. The Immersion Academy is an intensive, accelerated program designed for completion in six to eight months, depending upon program selected. The program is at NO COST to the students selected.


Come listen to learn:
• What the selection process includes and important application tips
• Understand what kind of training is provided (length and format)
• Hear from a recent graduate who will share her experience
• How this training academy and related certifications can help your career

With hundreds of different requirements, the various Payment Card Industry (PCI) standards can be overwhelming. While the PCI Security Standards Council has provided lots of answers, the devil is often in the details. Our panelists are some of the top PCI QSA’s in the country, with decades of combined PCI and card processing experiences. They’ve seen it all: the good, bad and ugly; and lived to tell the tale.

Join Ben Rothke, David Mundhenk, Arthur Cooper, and Jeff Hall for an interactive Q&A session, and get answers to your most vexing PCI questions. No PCI question is out of bounds.

Speakers:
- Ben Rothke, Principal Security Consultant at Nettitude
- David Mundhenk, Senior Security Consultant at Herjavec Group
- Jeff Hall, Principal Security Consultant at Optiv Security
- Arthur Cooper "Coop", Senior Security Consultant at NuArx

In the past few years manufacturers have been taking products that have existed for years or decades already and decided to put computers in them and connect them to the Internet. From cars, to smart home devices like Echo, to smart meters, to elevators, there has been orders of magnitude more devices that are now connected.

The problem is that, in most cases, you can't make any real changes to them so how do you apply controls and maintain the security of your network with thousands of these devices now being connected that you may not even be able to log in to? There are perceptions of what threats these devices can pose, but there are life-safety risks that are not adequately addressed.

The business model around many IoT devices leads naturally to a situation where many can be exploited by malicious code to create botnets with minimal opportunity to monitor them.

Even though there are companies which are taking action, the existence of any “defector” from a secure standard creates problems. Coordinated government action, at least incorporating kitemarks, is needed. But the nature of software could mean that even that is a forlorn hope.

About the Speaker:
Charles Arthur is the author of Cyber Wars: Hacks That Shocked the Business World, published by Kogan Page. He is a journalist who has been writing about technology, science and medicine for over 20 years, most recently as technology editor at The Guardian from 2005-2014 and previously from 1995-2004 at The Independent. He lives in Essex.

The IoT landscape is exploding, with predictions of more than 20 billion connected objects worldwide by 2020. But protecting and securing data, devices and services in this dynamic, ever- expanding landscape presents significant challenges. Many of today’s connected objects do more than simply provide information at your fingertips – they can make use of sensitive data, gather information and even impact the physical world. Because of this, there is a need for ubiquitous end-point security, regardless of the use case, to prevent devices from becoming a platform for attacks.

To be able to trust today’s digital services and devices, the IoT ecosystem needs to be built on a proven security foundation. Years away, right?
Wrong. GlobalPlatform Specifications are readily available to the IoT community today, to protect service providers, device manufacturers and consumers on the edge.

In this presentation GlobalPlatform, will provide an overview of:
- The increasingly urgent need for robust security in IoT objects and the principles that must be addressed if the IoT market is to fully evolve;
- The value that GlobalPlatform specifications and frameworks deliver to IoT stakeholders to address their security and privacy concerns;
- How GlobalPlatform’s new Device Trust Architecture framework empowers all actors in the value chain to seamlessly deliver, and securely manage, digital services and devices.

With an increase of IoT adoption and a 99% connectivity by 2020, users, including businesses of IoT technology must consider the impact on privacy and security of those new gadgets. In fact, we are exponentially increasing our risk surface, in alignment with the growth of connected end points.

Did you ever asked your manufacturer, are you adopting a Privacy and a Security By Design approach?

Nowadays, with the data breaches on the first page of all magazines, we clearly are doing it all wrong, and are unable to protect our systems and data properly.

How are we going to tackle the challenges of an interconnected complex ecosystem, interacting with billions of ''gadgets'', across networks and systems?

In this talk, you will hear from one of the advocates of cyber security inclusion and diversity, how to prepare or get yourself cyber ready in an era of unknown threats.

The internet of everything is around us whether we like it or not. Organisations are increasingly relying on IoT for all aspects, making the need for auditing IoT increasingly critical.

Join this interactive webinar to:
- Understand current and potential IoT usage
- Appreciate the concerns that will need to be addressed
- Establish audit considerations for IoT
- Learn how to conduct IOT audits based on a framework approach.

This webinar will explore the end-to-end IoT architectures that are in use today. This will be done from a security perspective, itemizing the vulnerabilities that are present at each level of the architecture.

Kevin McNamee of Nokia's Threat Intelligence Lab will then take a detailed look at actual exploits of IoT vulnerabilities from field cases over the past couple of years. The webinar will conclude with a summary of actions that can be taken to reduce the risk of cyberattack and subsequent compromise of IoT devices.

About the Speaker:
Kevin McNamee heads up Nokia's Threat Intelligence Lab. This lab analyzes thousands of mobile malware samples each day to create the detection rules that power Nokia’s network based malware detection system. Previously at Alcatel-Lucent he was director of Security Research with Alcatel-Lucent's Bell Labs, specializing in the analysis of malware propagation and detection. He has had speaking engagements at RSA, BlackHat, SECTOR, (ISC)2, Virus Bulletin and BSides.

Artificial Intelligence, machine learning, and deep learning are the raves in network security. It's perceived as the only practical approach to staying ahead of today's cyberthreats.

The various steps used by Artificial Intelligence is not so different than a physician’s approach to treating a patient. You must first understand the patient (or device), monitor and assess that all organs (or components) are behaving as intended, and proactively treat (or remediate) viruses and other harm.

In this session, Dr. May Wang will explore:
- The latest advancements in AI for IoT security using healthcare as an example
- The top security threats to healthcare organizations and how to address them.

How do hackers infiltrate organizations through IoT connected devices? What can be done to prevent the next attack via an IoT device? Why can a weakened link in the IoT chain lead to compromised digital assets? The Internet of Things (IoT) is bringing convenience to consumers and process optimization to businesses, but it comes at a cost. Exploding onto the IT scene and the consumer world, it has created endless opportunities for a super-connected environment. But IoT could also signal the next security crisis. IoT formed a rising tide of shadow IT and a new frontier to data security vulnerabilities, in an ever-expanding attack surface.

By joining this webinar with XM Cyber’s Security Expert, Amit Waisel, you will learn about the perils of an expanding attack surface and what can be done to prevent an APT attack via an IoT connected device. We will dive into hard core questions including:
- How an ever-expanding IoT attack surface is creating multiple opportunities for the perfect attack vector to digital assets
- Why an innocent aquarium thermometer, defibrillator or printer is a possible gateway to disaster
- Steps you can take to avoid a potential crisis

About the Speaker
Amit Waisel is a Senior cybersecurity Engineer at XM Cyber. He is a seasoned data security expert with vast experience in cyber offensive projects. Prior to XM Cyber, Amit filled multiple data security positions in the Israel intelligence Corps. He graduated from the Open University with a BSc. in Computer Science and is currently completing a MSc. degree in Computer Science at Tel Aviv University.

To succeed with innovation at speed, IT organizations must accelerate their release velocity - and do it with greater quality, security, and availability! Enter DevOps! For most organizations, the transition to DevOps starts small, in a single team or a new project with cobbled-together open source solutions with security often an afterthought, leading to an extensive threat landscape.

To scale effectively, deploying daily or hourly (or even more frequently) requires organizations treat security as a first-class citizen – engaged in all aspects of the development and deployment lifecycle.

Robert will share market trends, tips and techniques to incorporate security into the complete DevOps lifecycle – delivering DevSecOps.

It is critically important to know how cyber criminals target their victims, what you can do to reduce the risk and make it more challenging for the attackers who steal your information, your identity or your money.

This session explains how outside attackers or malicious insiders can exploit vulnerabilities using examples such as a compromised email account password that escalates into a full-blown breach of network security and how a light bulb almost stopped Christmas from happening.

- This session describes the anatomy of a privileged account hack
- The risks of introducing IoT for ease of use but sacrificing security
- We will show how cybercriminals target their victims
- What you can do to reduce your risk and prevent abuse of your critical information assets

Internet of Things devices are built with cost & convenience in mind, not security. This makes them easy targets for cybercriminals looking to exploit their vulnerabilities and infiltrate your systems. With IoT adoption on the rise, organizations are looking for ways to improve security at all levels and limit the damage IoT-powered cyber attacks can cause. The stakes are even higher for the Industrial Internet of Things (IIoT).

Join this interactive Q&A panel with top security experts across the ecosystem to learn more about:
- IoT as a gateway to your systems
- Key factors for building a successful security strategy encompassing the IoT & IIoT
- Threats targeting the IoT / IIoT
- Industrial threat detection and response
- Recommendations for improving security

Speakers:
- Mark Weatherford, Chief Cybersecurity Strategist, vArmour
- Robert M. Lee, CEO, Dragos
- Jennifer Minella, VP of Engineering and Security, Carolina Advanced Digital

Small businesses face great threats from cyber attackers every day, and do so with a fraction of the resources that mid-sized companies and large corporations have at their disposal. A small business’s network, its customer data, and its intellectual property is just as critical to its operation as a firm 100 times its size, but it lacks the skills, the processes and the technology to keep pace with ever-present cyber threats and defend itself. Join us for this session where Dark3 experts will outline how small businesses can protect themselves effectively by taking advantage of the confluence of cloud-based technologies, scalable automation and enterprise-grade cybersecurity expertise.

Join security expert Kalani Enos for an interactive Q&A webinar on the latest trends in IoT security. Discover how effective IoT threat modeling and data privacy affects your organization.

Viewers will learn more about:
- Current IoT challenges
- How businesses are and are not recognizing security and IoT
- How IoT Threat Modeling is imperative for businesses who utilize, or plan to utilize IoT products and services within their organization
- Data Flow Diagrams and specific use cases where IoT Security is necessary
- IoT Security requirements from a regulatory / data privacy perspective