Hi [[ session.user.profile.firstName ]]

PCI Dream Team: Ask Us Your Toughest Questions [Part 7]

The PCI Dream Team is back for another interactive Q&A session.

With hundreds of different requirements, the various Payment Card Industry (PCI) standards can be overwhelming. While the PCI Security Standards Council has provided lots of answers, the devil is often in the details.

Our panelists are some of the top PCI QSA’s in the country, with decades of combined PCI and card processing experiences. They’ve seen it all: the good, bad and ugly; and lived to tell the tale.

Join Ben Rothke, David Mundhenk, Arthur Cooper, and Jeff Hall for an interactive Q&A session, and get answers to your most vexing PCI questions. No PCI question is out of bounds.

Speakers:
- Ben Rothke, Senior Information Security Specialist at Tapad
- David Mundhenk, Senior Security Consultant at Herjavec Group
- Jeff Hall, Senior Consultant with Online Business Systems
- Arthur Cooper "Coop", Senior Security Consultant at NuArx
Recorded Aug 15 2019 61 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Ben Rothke | David Mundhenk | Jeff Hall | Arthur Cooper "Coop"
Presentation preview: PCI Dream Team: Ask Us Your Toughest Questions [Part 7]

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • [Panel] Improving Email Security for the Remote Workforce Live 60 mins
    Peter Jones; Rodrigo Araujo; Ed Adams and Benn Morris
    Despite the recent rise of workplace chat and instant messaging apps as a result of the pandemic and the shift to remote working, email continues to be the primary method of business communication for many organizations. Email is also still very commonly used by attackers. In fact, according to Verizon's Data Breach Investigations Report, around 96% of phishing attacks arrive by email. What can enterprises do to strengthen email security in 2021?

    Join this panel of security experts and industry leaders to learn more about:
    - New and persisting email security threats
    - What's at stake and what organizations can do to better protect their employees and data
    - Phishing fears and employee training in COVID times- Addressing business email compromise attacks- Best practices and solutions for protecting the enterprise from email-based threats
  • Best Practices for reducing email compromise (except for eliminating humans) Recorded: Jan 21 2021 37 mins
    Sean Letona, Director of Professional Services at Abacode, Inc
    Other than eliminating humans, what are the best practices for reducing business email compromise?

    Join this session to learn how to:

    - leverage the cloud
    - take advantage of SaaS security features
    - implement email security controls, monitor and respond to incidents, and
    - empower your workforce to be the first line of defense

    Presented by Sean Letona, Director of Professional Services at Abacode, Inc.
  • Early lessons learned mitigating SolarWinds hack-style Insider Risk Recorded: Jan 20 2021 60 mins
    Valentin Bercovici, Chainkit Founder and Chief Executive Officer
    The SolarWinds Hack and response is creating new cyber security science and awareness of survivorship bias. Since Dec 13th, 2020 DHS/CISA has issued elaborate, regularly updated guidance to all government agencies and private sector organizations on how to respond, contain, recover and mitigate unprecedented and immeasurable insider data breach risk posed by the Russian Intelligence APT29 group. To address newly discovered stealth operations and privileged identity exploits, MITRE has also concluded new techniques need to be defined and added to their popular ATT&CK framework. We will review key CISA guidance to both Organizational Leaders and SOC teams, sharing new best-practices and suggested new ATT&CK techniques for threat hunters, compliance groups and DFIR practitioners.

    About Valentin Bercovici:
    Val is founder and CEO at Chainkit, democratizing trust throughout digital transformation. Previously, Val was co-founder, now senior advisor at Peritus.ai, focused on AIops via machine learning. A Cloud, Big Data & DevOps pioneer, Val was a founding member of the governing board at the Cloud Native Compute Foundation (CNCF), the Linux Foundation’s home for Google’s Kubernetes, and most popular open source project. Val has enjoyed a long leadership career. Previously, at NetApp/SolidFire, he launched multibillion-dollar storage and compliance products, created the competitive team and strategy, directed new research investments for the NetApp Data Fabric roadmap, and served as SolidFire’s CTO. A pioneer in the cloud industry, Val led the creation of NetApp’s cloud strategy and introduced the first international cloud standard to the marketplace as CDMI (ISO INCITS 17826) in 2012. Val advises numerous data-driven start-ups and is passionate about improving diversity within the tech industry. He has several patents issued and pending around data centre applications of augmented reality and data authenticity.
  • Is the biggest threat to your firm’s security already on your network? Recorded: Jan 20 2021 35 mins
    Tina Gravel, SVP Global Channel & Alliance, Appgate
    Working from home has caused many firm’s attack surface to grow exponentially overnight. Where there might have been three locations prior to the advent of COVID19, there could now be 300 or 3,000.

    Many firms are concerned with this and have shored up their security around remote access significantly. But what if the risk was still located inside their network. From careless staff to rogue employees, the consequences your business could face if tampered by an insider are unfathomable.

    Research has suggested that 75% of all breaches could be avoided by better management of third party access and insider threats.

    The principles of Zero Trust and least privilege is a method by which each employee is provided access to just what is needed for their job and nothing more.

    The term “Zero Trust” was coined by Forrester Research analyst and thought-leader John Kindervag, and follows the motto, “never trust, always verify.” His ground-breaking point of view was based on the assumption that risk is an inherent factor both inside and outside the network.

    Come hear some practical examples of how to get started utilizing zero trust in your organization to protect yourself from internal risk of employees and third parties accessing your network.
  • The Inside-Outsider: How to deal with vendors that have privileged access Recorded: Jan 20 2021 37 mins
    Tony Howlett, CISO, SecureLink
    Dealing with the threats from insiders who have administrative privilege in your systems is a challenge enough, but how do you handle the risk that comes from vendors and other third parties such as contractors who need privileged access? These are usually trusted vendors and have undergone some vetting but it isn't usually as rigorous as your internal processes and your visibility into their employee’s background and activities within your systems can be opaque. We will go over why this kind of access represents an outsized risk to security and compliance, the challenges of managing these “Inside-Outsiders” and give some best practices to make sure that their access is as secure, compliant and efficient as your internal employees.

    About Tony Howlett:
    Tony Howlett is a published author and speaker on various security, compliance, and
    technology topics. He serves as President of (ISC)2 Austin Chapter and is an Advisory Board
    Member of GIAC/SANS. He is a certified AWS Solutions Architect and holds the CISSP, GNSA
    certifications, and a B.B.A in Management Information Systems. He has previously served at
    CTO for Codero, a managed cloud hosting provider and CTO of Network Security Services, a
    security and compliance consulting firm, as well as founding InfoHighway Communications, one
    of the nation’s first high speed internet access providers. Tony is currently the CISO at
    SecureLink.
  • Data Privacy and Data Protection in the COVID Era Recorded: Jan 20 2021 61 mins
    Eric Hibbard, SNIA Security TWG, Mounir Elmously, Ernst & Young; Alex McDonald, SNIA CSTI Chair
    The COVID-19 Pandemic has amplified cybersecurity concerns particularly related to the cloud. Threat actors have recognized a unique opportunity to exploit pandemic-related vulnerabilities through social engineering attacks, business email compromise, work from home or other remote weak points. This results in increased risk and occurrence of ransomware attacks and data breaches that can disrupt or totally compromise organizations’ ability to conduct business. These security incidents can also subject victims to liability for violations of privacy and data breach notification laws. Join this webcast as SNIA experts will discuss:
    • Changing threat landscape due to COVID
    • Recent attacker exploits
    • Common security failures and their consequences
    • Data Protection (Mounir)
    o Strategies to combat malware
    o Minimizing ransomware risks
    • How emerging technologies (5G, IoT, AI, etc.) expand the threat landscape
  • Election Takeaways for Cybersecurity Leaders Recorded: Jan 20 2021 61 mins
    Diana Kelley | Jim Richberg | W. Curtis Preston
    The 2020 US presidential election is behind us, but the key cybersecurity issues surrounding election integrity could linger for years to come. From ransomware attacks on local governments, to the untamed spread of disinformation, to experimenting with online voting apps and the myriad of vulnerabilities uncovered across election infrastructures, cybersecurity had never before taken such a central place in the national conversation as it did in 2020.

    So, what have we learned in the aftermath? And how can we apply it to better protect upcoming elections as well as enterprises, customers and employees?

    Join this interactive panel with security experts and tech leaders to learn the biggest lessons from the election from a cybersecurity and privacy standpoint. Discover what went down, what could have gone better and how to prepare for the midterm elections in 2022.

    - Can we build a hack-free election
    - Does misinformation on social sites impact how people vote and what can be done to stop the spread
    - What was new this time and what should security leaders keep in mind for their organizations
    - Would it be safer if we brought the voting process online or in app
    - Can nation state actors change voter rolls or polling data
    - What the biggest election threats mean for industry
    - Key takeaways for cybersecurity leaders

    Panelists:
    - Jim Richberg, Public Sector Field CISO at Fortinet
    - W. Curtis Preston, Chief Technical Evangelist, Druva

    This episode is part of The (Security) Balancing Act original series with Diana Kelley. We welcome viewer participation and questions during this interactive panel session.
  • Applying the MITRE ATT&CK Framework to Detect Insider Threats Recorded: Jan 20 2021 61 mins
    Augusto Barros, VP of Solutions at Securonix
    The MITRE ATT&CK framework has become an excellent way for security professionals to understand and describe threats. However, most of the time, it is used to describe the actions of external threats.

    But what about the insider threats? According to Forrester, 25% of breaches resulted from internal incidents, and almost half of them were malicious. In the past few years, insider threats have evolved in several aspects from how sensitive data leaves the organization to ways in which privilege access gets misused, creating risks for organizations to mitigate. The proliferation of cloud applications and the current remote work setup make tracking and protecting sensitive data extremely challenging.

    Can we use the MITRE ATT&CK framework to help us describe, understand, and finally detect and protect against insider threats? If the framework often describes and supports threat detection of external threats, does it also help deal with insider threats? What organizations should expect from this exercise, and what do they need to do differently to achieve the desired results?

    Join Augusto Barros, VP of Solutions at Securonix, to learn about:

    • How insider threats have evolved and the new challenges they present?
    • How the MITRE ATT&CK framework supports threat detection practices?
    • How the MITRE ATT&CK framework can also help to address the issues related to insider threats?

    Augusto Barros was the Research VP in the Gartner for Technical Professionals (GTP) Security and Risk Management group. He has over 20 years of experience in the IT security industry as an analyst and a security architect and officer for large enterprises.
  • Tackling Insider Threat with Open Source Intelligence (OSINT) Recorded: Jan 20 2021 48 mins
    Rachel Carson, Analytical Development Director, Futurum
    This webcast, Tackling Insider Threat with Open Source Intelligence (OSINT), will demonstrate how OSINT can be leveraged to help identify and prevent insider threat.

    Rachel will discuss the critical role OSINT can play in effective business risk management, specifically in managing insider threat.

    In particular, Rachel will describe how companies can make more informed decisions about the people they employ and do business with by embedding OSINT within their recruitment and screening purposes, thereby minimising the risk of taking on high risk personnel.

    Rachel will also discuss how OSINT can be used to understand an individual’s vulnerability to being an unconscious insider by, for example, inadvertently clicking on a link to a malicious website through a specifically targeted email.

    Lastly, the webcast will examine the way in which organisations are using continuous OSINT methods combined with machine learning to identify and alert them to early indicators of insider threat, for example negative attitudes towards work, excessive spending, or a close association with a competitor. Indicators which when fused with other information regarding an individual such as a change in working hours or excessive data extraction, can start to build a picture of risk.

    Key takeaways:
    - The principles of OSINT
    - The types of freely available information on people and companies
    - The value OSINT brings to business risk management, specifically in managing insider threat
    - How OSINT can be embedded within recruitment processes to help prevent companies taking on high risk personnel
    - How understanding a company’s and individual’s online footprint can help reduce the harm caused by unconscious insiders
    - How machine learning and continuous OSINT methods can help detect insider threat and provide an early warning of potential harm
  • MINDHUNTER #1 - Social Engineering: The Threat Is Coming From Inside The House Recorded: Jan 20 2021 33 mins
    John Aarsen, SE - Benelux and Nordics, SonicWall
    Join SonicWall expert John Aarsen as he goes through the anatomy of social engineering attacks to demonstrate how people are manipulated into performing actions or divulging confidential information. These attacks have become more frequent and aggressive as attackers attempt to exploit the circumstances surrounding COVID-19. In the case of both users and organizations, overconfidence can lead to complacency, allowing such attacks to succeed. That’s why it’s crucial that you consider social engineering as your company builds its boundless cybersecurity strategy.
  • You Never Mean to Let Attackers in the Front Door… Recorded: Jan 20 2021 43 mins
    Randy Pargman, Senior Director of Threat Hunting and Counterintelligence, Binary Defense
    Threat actors are clever adversaries who prey on human error in your employee workforce to execute successful cyberattacks. They use social engineering to trick your teams into giving them access to your files and network. That’s why having a team of experienced security analysts on your side that work 24/7 is a crucial defense. When you’re up against real people who are targeting your employees, the solution isn’t a computer program but other people who know to combat these attackers.

    Join Randy Pargman, Senior Director of Threat Hunting and Counterintelligence at Binary Defense and former FBI Computer Scientist, in this discussion that covers real stories from his experience with attacks targeting employees, how attackers attempt to deceive analysts, and ways to educate your workforce to defend against these attacks.

    In this webinar you will learn:
    - How threat actors target employees
    - What next steps cyber criminals take to continue their attacks
    - Examples of attacks on businesses
    - Ways that an experienced SOC can combat these attacks
  • It’s Not You, It’s Me. Go From Frenemy to Friend With Security Automation. Recorded: Jan 19 2021 14 mins
    Shinesa Cambric, Sr. Manager - Identity and Access Management Information Security, Fossil Group
    Improve your relationship with your developers and auditors, protect your environment, and go from frenemy to friend through streamlined processes and automated detective and corrective controls.

    This session will cover tips on ways to address human error elements for development within your Google Cloud environment.
  • Human Error & Cyber Security Recorded: Jan 19 2021 51 mins
    Changiz Sadr, P.Eng., FEC, CISSP, Director of Engineers Canada
    In this webinar, Changiz will cover:

    - Description of cyber attacks and statistics from known and published attacks
    - The most common types of attacks including phishing, ransomware, DDOS, Drive-By-Downloads, Dumpster Diving
    - Why cyber attackers target people to set their attacks such as human senses, feelings, emotions, etc. with examples such as affection, kindness, greed, political and religious views, financial and employment needs
    - Examples of common attacks such as phishing, social engineering, social media attacks, etc. and how they target those human senses
    - Distinguishing the fake communications from the real ones
    - Solutions and the importance of the SETA (Security Education, Training, and Awareness) programs for individuals and organizations
  • Affects of Human Behavior in Cybersecurity Recorded: Jan 19 2021 60 mins
    Nicholas Jahn, IT Administrator/Cyber Security Engineer, Fearing’s Audio·Video·Security
    In today’s world of intense cybersecurity awareness, the daunting task of securing your workforce while employees are working from home can be very overwhelming. To address this issue most Information Technology and Information Security staff focus on digital factors, but it is important to not overlook the human factors.

    The biggest human factor in Cyber Security is human behavior and the issues that result directly and indirectly from how we think, behave, and act. In this presentation I will cover the most common digital and non-digital threats I have encountered that are designed to take aim at exploiting human nature and are designed to “steer” how we act and react, as well as common mistakes in configurations and policies that can drastically impact any organizations “readiness” to protect against cyber attack. The goal of this presentation is that by the end of it you will be in a much better place of understanding the threats you and your organization face, and what you can do to resolve these issues through unified threat management, utilization of a multilayer cybersecurity approach, automation platforms in the cloud, and end user education.
  • Why the next Ryuk Ransomware will bypass your defenses Recorded: Jan 19 2021 20 mins
    Walter Avendano, Solutions Architect for Nyotron
    Ransomware-as-a-service and big game hunting: Gain a basic understanding of the two most popular Ransomware extortion methods used by Ransomware gangs and employed to create a product to extract revenue from the victims (customers). See for yourself how to gain a foothold and understand a shift in defense posture in order to prevent catastrophic Ransomware damage.

    Join this webinar to learn more about Ransomware as a business model that needs to be understood in the proper context. In that context, you are the product.
  • CISO Insights - The Top 21 Security Predictions for 2021 Recorded: Jan 19 2021 61 mins
    Dan Lohrmann CSO Security Mentor | Earl Duby CISO Lear Corporation | Tony Pepper CEO of Egress
    Every year top security companies, industry thought-leaders, and tech media publications come out with their predictions for the upcoming year, and every year Dan Lohrmann publishes his roundup of these security industry reports, forecasts, themes and trends.

    This BrightTalk webinar will dig into the 2021 prediction report in detail.

    In addition to counting down (and referencing) the top 21 security prediction reports from the leading vendors, this webinar will examine:
    - Where is their agreement on what’s coming next?
    - Where is their major disagreement?
    - Where will cyberattacks come from next?
    - Which vendors have the best reports (and why)?
    - Who are the award-winners for most creative, most likely, most scary and other security industry predictions?

    We'll discuss security and tech predictions on Covid-19 and working from home as well as major security incidents such as attacks on global events (like the 2021 Olympics), cyber incident response and much, much more.

    We will take your questions at the end, and may even ask you to vote for your favorite predictions (or offer one of your own to share.) Join us now!
  • Why did they click that? Human errors factor Recorded: Jan 19 2021 48 mins
    Dennis E. Leber, CISO, University of Tennessee Health & Science Ctr, Dr Calvin Nobles, Cybersecurity Professional,Wells Fargo
    This webcast discusses the Human errors factor of cybersecurity. Organizations often focus on the processes and technology and leave out the Human aspect. Many industries embrace Human factor programs in addressing challenges and cybersecurity can learn a lot from these programs and utilize them to improve security and reduce risks.

    During this webinar we will discuss; HFACS-Cyber, the need for Human Factors Programs in Cybersecurity, targeting human risk factors, and the business value of Human Factors.

    Participants will take away the following:
    1. The importance of including Human Factors
    2. The risks removed once you include Human Factors
    3. The business value and some tips on how to obtain executive support for such a program
  • Managing the most vulnerable element in our cyber security strategy Recorded: Jan 19 2021 105 mins
    Kojo Degraft Donkor, Cisco Systems - Technology Transformation Group (TTG) CX America & Charles Boateng, AmeriHealth Caritas
    With a greater number of organizational activities relying on technology, the focus on how to protect the use of technology is primal for all organizations. Institutions are right to focus on external threat actors to safeguard their assets. But more importantly, it is imperative that the internal structures of organizations are tuned into the strategies used to protect their activities and assets. An overwhelming majority of cyber breaches are as a result of human actions within the organization. That is a fact.

    Conventional defenses are bound to fail due to the human element in the process of securing organizational infrastructure. Human behavior is only predictable to some extent. A recent report by Cyberchology notes that 80% of companies see an increased cybersecurity risk resulting from the human factor as a major challenge during the COVID-19 pandemic.

    The Human Factor, therefore cannot be ignored as we formulate strategies to secure organizational infrastructure.

    In this presentation, we will attempt to cover the following questions:
    • What is “The Human Factor?”
    • By the Numbers – Why should we worry about this Factor
    • Strategies to mitigate the Human Challenges
    • Case Studies
  • Employees: weakest or strongest link in your Cyber Security posture? Recorded: Jan 19 2021 34 mins
    Srinath Vangari, Project Manager & Himanshu Dubey, Director of Security Labs, Quick Heal Technologies Ltd.
    Humans are the primary target for Cyber Attackers. Most cyber-attacks against businesses start by luring humans into making errors and thus allowing attackers a foot inside the target organization’s network. Impact of such attacks can range from monetary loss to even shutting down of businesses

    In this presentation, we will discuss why human errors cause so many breaches, and how security solutions are bypassed in these cases? We will also look at the story behind human error and address them to improve employee cyber behaviour in an organization

    Key takeaways:
    - Why cyber attackers target humans
    - Impact of human errors
    - How such attacks bypass Cyber Security solutions
    - Steps that organizations can take to address the gaps
    - Make employees your best defence against Cyber Attacks
  • Deployment Pipeline - Way to secure your workloads Recorded: Jan 19 2021 37 mins
    Pushkar Tiwari, Director Engineering, Symantec Division, Broadcom
    Cloud migration is at the peak, and so the data breaches are in the cloud. The most common culprit of these breaches are human errors like improper security controls, misconfigurations etc. Complexity of security controls in public cloud providers and presence of multiple cloud providers within an organization makes it almost impossible for humans to do flawless deployments.

    This webinar presents case studies on high profile data breaches that happened due to human errors. In order to tackle human errors from cloud operations, the human factor needs to be completely removed.

    In this webinar you will learn how security control, operations and auditing can be baked into the deployment pipeline and make the pipeline as the only gateway for service operations.

    It will discuss implementation challenges and other considerations of the deployment pipeline to achieve complete immutability of deployment.
The latest trends and best practice advice from the leading experts
This channel features presentations by leading experts in the field of information security. From application, computer, network and Internet security to access control management, data privacy and other hot topics, you will walk away with practical advice for your strategic and tactical information security initiatives.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: PCI Dream Team: Ask Us Your Toughest Questions [Part 7]
  • Live at: Aug 15 2019 5:00 pm
  • Presented by: Ben Rothke | David Mundhenk | Jeff Hall | Arthur Cooper "Coop"
  • From:
Your email has been sent.
or close