Hi [[ session.user.profile.firstName ]]

Crusaders and Pragmatists: Software Security Assurance

Historically, software security vendors and enterprise teams have been divided into two camps: The Crusaders, who embrace the 'true religion' of source code analysis as the holy grail and believe that they can achieve nirvana with solving problems completely at the code level; and the Pragmatists, who believe that the Crusaders are unrealistic idealists, and that dynamic analysis of staged web applications is the only practical way of addressing real, attackable vulnerabilities.

The reality is that both camps are correct when placed within an overarching Software Security Assurance (SSA) framework. SSA creates a programmatic enterprise application security approach that incorporates both the source code Crusaders and the dynamic Pragmatists. This presentation will describe how the Crusaders and Pragmatists, placed within the SSA discipline, can work together to reinforce each other and bolster the entire security program’s ultimate goal – securing the enterprise.
Recorded Mar 8 2012 42 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Adam Hils, Senior Product Manager, HP Enterprise Security (Fortify)
Presentation preview: Crusaders and Pragmatists: Software Security Assurance

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • [*CPE] Cloud Security Tips for the WFH Enterprise Dec 17 2020 6:00 pm UTC 75 mins
    Moderated by Colin Whittaker, Founder of Informed Risk Decisions.
    TBC
  • [*CPE] Executive Tips to Present Cybersecurity to the Board Nov 19 2020 6:00 pm UTC 75 mins
    Panel Moderated by Colin Whittaker, Founder of Informed Risk Decisions
    Cyberattacks can cost an organisation its reputation, its customers and a great deal of money, making CEOs and board members more accountable. Yet, research shows that a high percentage of corporate boards are not actively involved in cybersecurity oversight. Nonetheless, Gartner estimates by 2021, 100% of large enterprises will be asked to report to their board of directors on cybersecurity and technology risk at least annually.

    When communicating your cybersecurity program to the board, it is important to translate technical, tactical details about cybersecurity into business terms: risks, opportunities and strategic implications.In order to justify the desired cybersecurity expense, you must clearly present the risks, the plan you will implement to protect the company’s assets, and the rationale behind the cost. In this webinar, our expert panel will discuss how to present cybersecurity to the board and get buy-in, including how to:

    - Map out your cybersecurity program.
    - Get an independent view of your current cybersecurity state and present the facts.
    - Translate technical, tactical details about cybersecurity into business terms: risks, opportunities and strategic implications.
    - Propose concrete solutions and demonstrate ROI.
  • [*CPE] Accelerating Threat Detection with Real-Time Security Intelligence Oct 22 2020 5:00 pm UTC 75 mins
    Panel Moderated by Colin Whittaker, Founder of Informed Risk Decisions
    Many organizations rely on governance, risk, and compliance (GRC) technology to consolidate risk information from internal sources (such as finance, IT, and operations) and external sources to understand their threat landscape. Yet as vendor ecosystems grow in size and complexity, risk management teams are increasingly struggling to procure and maintain high-quality, real-time data to feed their GRC systems.

    Creating a threat intelligence strategy is essential for a company to identify and prioritize threats effectively. But when it comes time to choose threat intelligence services and products it can be hard to know where to start. In this webinar, our expert panel will discuss how to use real-time threat intelligence to accelerate threat detection, including how to:

    - Understand the important distinction between threat data and intelligence.
    - Establish what types of intelligence will prove beneficial to your organization and be critical for ROI.
    - Ensure logging and reporting mechanisms are in place that can provide data per API to simplify forensic and compliance reporting.
    - Gain complete visibility into all of your organization’s API traffic, and analyze relevant intelligence effectively from large volumes of threat data.
    - Empower your teams to leverage automation to detect and block threats to your organization. 
  • [*CPE] A Third-Party Risk Management Masterclass Sep 24 2020 5:00 pm UTC 75 mins
    Panel Moderated by Colin Whittaker, Founder of Informed Risk Decisions
    TBC
  • [*CPE] Executive Tips to Modernize Your Compliance Program Aug 27 2020 5:00 pm UTC 75 mins
    LogicGate
    Under the weight of new and changing regulations around the world, many organizations struggle to achieve compliance. They often lack a holistic view of their compliance profile and face increasing challenges due to digital transformation. Chief Compliance Officers who take a top-down approach are often met with resistance, but a successful program requires management to actively participate, not just sign off.  

    Organizations can no longer afford to apply check-the-box approaches to compliance. Executive management must take a variety of actions to demonstrate leadership and commitment to the company’s compliance management program. On this CPE accredited webinar our panel of experts will discuss the current compliance landscape and challenges facing today's organizations, and they will address best practices to modernize your compliance program, including how to:

    - Use a risk-based approach to meet regulatory demands.
    - Employ digital transformation in the management of compliance obligations.
    - Understand the impacts of regulatory changes and minimize resource-intensive manual processes.
    - Get buy-in from other departments and create a working group of stakeholders to develop and improve your compliance program.
  • [*CPE] Privacy in a Pandemic: Implementing a Global Framework for Compliance Jul 30 2020 5:00 pm UTC 75 mins
    Colin Whittaker, Founder of Informed Risk Decisions, with speakers from ProcessUnity and OneTrust
    In response to the Coronavirus Pandemic, countries are turning to tech to find solutions for containing the spread of the virus. New government initiatives including contact tracing apps are being implemented at lightning speed, and tele-health regulation is being approved in days instead of years. The world is rapidly digitising in response to all users working from home simultaneously, companies are adding network technology to expand coverage and capability, and online video conferencing is exploding.

    But what does this all mean for privacy, and how can companies maintain compliance with regulations such as the GDPR in the current climate? Join this CPE accredited webinar to learn from our panel of security and privacy experts as they discuss how to implement a framework for compliance in the current climate, including how to:

    - Better align global privacy data regulations,
    - Enable business agility in a changing environment,
    - Foster greater interplay between CIOs, CTOs, DPOs and CEOs,
    - Create successful privacy frameworks that are globally aligned, and locally deployed.
  • Email Security Strategies & Solutions Jul 14 2020 3:00 pm UTC 60 mins
    Michael Thoma | Panelists TBA
    With email security breaches constantly making headlines, it is crucial for organisations to be ahead of the curve. Join this interactive panel of industry experts as they discuss the latest trends in email security and how to prevent becoming the next international headline.

    Join this Q&A panel to learn more about:

    - Emerging trends in email attacks
    - How to stay on top of the latest threats
    - Best solutions to protect your organization

    Moderator: Michael Thoma, Principal Consultant at the Crypsis Group
  • [PANEL] Security as a Service Jul 13 2020 3:00 pm UTC 60 mins
    Panelists TBA
    As in-house security becomes increasingly complex and costly, organizations are in need of a reliable and safe security provider. Join industry experts as they discuss the latest trends in SEaaS, including:

    -Why your organisation needs to move towards SEaaS
    -The different models of security as a service
    - SEaaS solutions and strategies
  • Securing the Remote Workforce Jun 30 2020 4:00 pm UTC 60 mins
    Diana Kelley | David Sherry | Manoj Apte
    Remote working has been a growing trend for the last few years, especially in the tech sector. However, the COVID19 outbreak has really pushed businesses to adopt or accelerate their remote integration plans. How has this affected security? What are the steps companies need to take to better protect their remote workforce?

    Join this episode as we explore the security challenges in the time of COVID, why a strong security culture is important, and what steps to take today.
    - What are the security challenges associated with remote working
    - Examples of changes in cyber-attacks during COVID
    - Managing patching, VPNs, and backups for large and small remote workforces
    - How to maintain auditability and visibility
    - How to enable and keep your remote team secure
    - ​Tips for training end users to help themselves
    - Why a strong security culture matters now more than ever

    Panelists:
    - David Sherry, CISO, Princeton University
    - Manoj Apte, Chief Strategy Officer, Zscaler

    This episode is part of The (Security) Balancing Act series with Diana Kelley. Viewers are encouraged to ask questions during the live Q&A.
  • [*CPE] Automated Integrations for Third-Party Risk Management Jun 25 2020 5:00 pm UTC 75 mins
    Colin Whittaker, with LogicGate, Allan Liska, Recorded Future; Jonathan Ehret, RiskRecon, ProcessUnity
    High-Profile Data Breaches have placed a spotlight on the risk of cyber security breaches with vendors and subcontractors, expanding the need to have greater rigor in third-party risk management and ongoing risk assessments. By integrating third-party risk management systems with other enterprise systems, external data sources, and analysis and reporting applications, and organization can deliver significant benefits and centralize processes into a single, automated platform that standardizes workflows and reduces manual effort.

    On this CPE accredited webinar our panel of experts will address how to strengthen your third-party risk management process for improved efficiency and effectiveness, and get more from your platform investment through automated integrations with a broader digital ecosystem. Attendees will learn:

    - How integrations with external data sources accelerate the assessment process and improve security, financial, and reputation risk reviews,
    - Where to connect to internal systems — ERP, GRC, CRM, Contracts, and more — throughout the third-party management lifecycle,
    - The pros and cons of various integration methods and how to make a best-fit choice,
    - How to strengthen and streamline your third-party risk management efforts.
  • Stay Frosty: Cloud Security & Cyber Attack Prevention Jun 18 2020 9:00 pm UTC 60 mins
    Eric A. Nielsen, CISSP, C|CISO, CCSP, HCISPP, CAP, CRISC, Chief Executive Officer, Defense In Depth Cyber Security
    As an information security professional knowledge of cloud security and cyber-attack tactics and techniques is critical to protecting your organization. Data breaches threaten organizational financials and reputations. Strengthen your security through the use of actionable intelligence. Attendees will hear about:

    Cloud Common Body of Knowledge

    Cyber Attack Tactics & Techniques

    Tips to Protect Your Organization
  • Cloud Controls and Cyber Attack Prevention Jun 18 2020 3:00 pm UTC 60 mins
    Jo Peterson, Tyler Cohen, Mark Lynd, Paul Love
    Gartner predicts that by 2021, over 75% of midsize and large organizations will have adopted multi-cloud or hybrid IT strategy. The corporate perimeter has been redefined.

    In this session, we’ll discuss:

    Six major cloud security threats along with risk mitigation and avoidance tactics
    Best practices to help secure cloud deployments
    Shared Responsibility Model for Cloud Security

    Speakers:
    Jo Peterson, Vice President, Cloud and Security Services
    Tyler Cohen Wood, Cyber Security Expert, Former Senior Intelligence Officer
    Mark Lynd, Head of Digital Business at NetSync
    Paul Love, SVP Chief Information Security & Privacy Officer, Co-Op Financial Services
  • Data Privacy in 2020 and Beyond Jun 17 2020 3:00 pm UTC 60 mins
    Mali Yared, Robert Razavi, Baber Amin & Proofpoint Speaker TBD
    Is your organization aware of the main differences in data regulations around the world?

    Join this panel of industry leaders for an interactive Q&A roundtable to get a comprehensive look into the different data privacy and security requirements. The panel will also discuss what to expect in 2020 and beyond.

    Viewers will learn more about:
    - What's new on the data privacy and compliance landscape
    - Main differences between data regulations around the world and what this means for your organization
    - Expert recommendations regarding best tools and practices for achieving and maintaining compliance
    - The future of data privacy
    - What to expect in 2020 and beyond

    Moderator: Mali Yared, Practice Director, Cybersecurity and Privacy, Coalfire
    Robert Razavi, Senior Security Architect CTO Office, IBM Canada
    Baber Amin, CTO West, Ping Identity
    Speaker TBD, Proofpoint
  • Insider Threats Jun 16 2020 5:00 pm UTC 60 mins
    Arun Kothanath, Shahrokh Shahidzadeh, Eitan Bremler, John Pepe
    There have been countless insider threat breaches recently, it’s no surprise that research suggests that up to 60% of cyberattacks are due to insider threats. With so much at stake, it's vital for organizations to protect against insider threats.

    Join this interactive panel of industry experts as they discuss:

    - How to protect your organisation from insider threats
    - Latest technologies and solutions
    - Benefits of early and timely detection

    Arun Kothanath, Chief Security Strategist, Clango (Moderator)
    Shahrokh Shahidzadeh, CEO of Acceptto
    Eitan Bremler, Co-Founder & VP Corporate Development, Safe-T
    John Pepe, Market Development Principal Financial Services, Proofpoint
  • Who Are You? Cloud Security Must Center on Identity Jun 16 2020 3:00 pm UTC 60 mins
    John Burke, CIO and Principal Research Analyst, Nemertes Research
    The destruction of hard perimeters, the rise of remote work and mobility, and increasingly hybridized infrastructures push identity to the center of enterprise security. Join us as we discuss identity-centric security in a multicloud environment, and concrete steps you can take towards that goal.
  • Managing Security in the Age of the Disappearing Network Perimeter Jun 11 2020 4:00 pm UTC 60 mins
    Ulf Mattsson | Damien Chastrette | William Miroux
    Global commerce was in transition before the pandemic. Now, businesses are accelerating their digital aspirations and work will never be the same. Mobility has raised business productivity, but it’s brought its share of issues, as well. One of the biggest challenges is the need to provide complete, consistent security across devices that you may not own.

    • How do I control in one place the security and identification of all devices connecting to my network?

    • How can I address the challenge of managing security in a world where cloud computing, mobility and the Internet of things are eroding the network perimeter?

    • How can I provide Data Privacy and Data Security and be compliant with GDPR and local regulations?

    • How do I give support engineers access to my organization's admin portal, provides Internet security, web security, firewalls, sandboxing, SSL inspection, antivirus, vulnerability management and granular control of user activity in cloud computing, mobile and Internet of things environments?

    • How can I provide automated threat forensics and dynamic malware protection against advanced cyber threats, such as advanced persistent threats and spear phishing.

    • How can I repurpose the existing WiFi and create key metrics of the deployment and visitors use and integrate data with existing CRM tools?

    • How do I dissociate and secure the use of my network among daily guests, consultants, employees and IOT devices?

    We will discuss how a cloud-based proxy and firewall can route all traffic through its software to apply corporate and security policies.
  • Storage Networking Security Series – Key Management 101 Jun 10 2020 5:00 pm UTC 75 mins
    Judy Furlong, Dell Technologies; J Metz, Rockport Networks
    In order to effectively use cryptography to protect information, one has to ensure that the associated cryptographic keys are also protected. Attention must be paid to how cryptographic keys are generated, distributed, used, stored, replaced and destroyed in order to ensure that the security of cryptographic implementations are not compromised.

    This webinar will introduce the fundamentals of cryptographic key management including key lifecycles, key generation, key distribution, symmetric vs asymmetric key management and integrated vs centralized key management models. Relevant standards, protocols and industry best practices will also be presented.
  • Fast, Secure, Scalable: Why IoT Needs Automation to Succeed Jun 9 2020 5:00 pm UTC 60 mins
    Johna Till Johnson, CEO and Founder, Nemertes Research; Russell Rice, VP Product Strategy at Ordr
    IoT initiatives are exploding. Nemertes has found that companies with successful IoT initiatives are increasing both the number of projects and the device count, with growth that ranges up to 100%+ year over year.

    Scaling these initiatives requires scaling not only the IoT solutions, but also the infrastructure and cybersecurity environments in which they operate. As enterprise technologists begin to apply next-generation cybersecurity approaches like zero-trust, they need to think seriously about how to automate the control and management of their cybersecurity and infrastructure.

    The answer? Automation. Successful organizations are more likely to automate earlier, more aggressively, and more comprehensively—with dramatic improvements in performance, security, and reliability.

    Find out why automation is critical to securing, managing, and scaling IoT—and what best practices can help ensure success in implementing it.
  • How Does Ransomware Fool Top Antivirus Products? May 27 2020 7:00 pm UTC 60 mins
    Nir Gaist, Founder and CTO of Nyotron
    Ransomware, ransomware, ransomware. Why are our current endpoint defenses so inefficient? We will take three leading endpoint security (antivirus) products and demonstrate live how ransomware developers use trivial techniques to bypass all of them. Often a single line of code is all that’s needed to render antivirus ineffective and all data lost.

    NOTE: This webinar is applicable to technical audience only. We will be digging right in the source code and compiling ransomware on the fly.

    Presenter:
    Nir Gaist, founder & CTO of Nyotron, is a recognized security expert and ethical hacker. Nir has worked with and pentested some of the largest Israeli organizations, such as banks, police and the parliament. He also wrote the cybersecurity curriculum for the Israel Ministry of Education.
  • Storage Networking Security Series: Protecting Data at Rest May 27 2020 5:00 pm UTC 75 mins
    Pierre Mouallem, Lenovo; Ahmad Atamli, Mellanox; Steve Vanderlinden, Lenovo
    One of the most important aspects of security is how to protect the data that is just “sitting there.” How easy is it to get to? Who can get to it? If someone does get access to the data, can they read it? What are the potential risks of the wrong people reading the data? These are just a few of the questions that we try to answer when we go through the process of securing data.

    Contrary to popular belief, however, securing “data at rest” is not simply encrypting the data. While it is true that data encryption plays a major role in securing “data at rest,” there are several other factors that come into play and are equally as important – if not more so.

    For this webcast, we’re going to talk about those other factors (Encryption is deserving of its own, specific webcast). We will present the end-to-end process to securing “data at rest,” and discuss all the factors and trade-offs that must be considered, and some of the general risks that need to be mitigated, discussing:

    • How requirements for “data at rest” differ from “data in flight”
    • Legal and regulatory reasons to protect (or delete) data at rest
    • Where and how data could be attacked
    • Understanding the costs of ransomware
    • How to protect cryptographic keys from malicious actors
    • Using key managers to properly manage cryptographic keys
    • Strengths and weaknesses of relying on government security recommendations
    • The importance of validating data backups... how stable is your media?
The latest trends and best practice advice from the leading experts
This channel features presentations by leading experts in the field of information security. From application, computer, network and Internet security to access control management, data privacy and other hot topics, you will walk away with practical advice for your strategic and tactical information security initiatives.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Crusaders and Pragmatists: Software Security Assurance
  • Live at: Mar 8 2012 9:00 pm
  • Presented by: Adam Hils, Senior Product Manager, HP Enterprise Security (Fortify)
  • From:
Your email has been sent.
or close