Hi [[ session.user.profile.firstName ]]

In Clouds we Trust?

The idea of cloud computing is not new. Viewing computing as a utility dates back to at least the invention of timesharing. One can argue that it is not a matter of whether cloud computing will become ubiquitous, because the economic forces are inescapable, but rather what we can do to improve our ability to provide users and providers of cloud computing with trust in the software services and infrastructure that make up the cloud. In this presentation we address the trustworthiness of cloud computing in terms of transparency, expectations, architecture, and vulnerabilities. Bret Michael is a Professor of Computer Science and Electrical & Computer Engineering at the Naval Postgraduate School. His research addresses the reliability, safety, and security of distributed systems. Bret serves on the government steering committee of the Information Assurance Technology Analysis Center, is Associated Editor-in-Chief of IEEE Security & Privacy magazine, is an associate editor for the IEEE Systems Journal, chairs the IEEE Technical Committee on Safety of Systems, and serves on the IEEE Computer Society’s Professional Practices Committee and the Reliability Society’s Administrative Committee. He has a PhD in Information Technology from George Mason University in 1993. Contact him at bmichael@nps.edu.
Recorded Sep 8 2009 48 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Bret Michael; Naval Postgraduate School; Professor
Presentation preview: In Clouds we Trust?

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • SOC (R)Evolution Feb 12 2020 6:00 pm UTC 60 mins
    Carlos Valderrama, SOC Director, Proficio
    The Security Operations Center was born from its parent, the Network Operations Center, inheriting its philosophy, structure, methodologies and even roles. The SOC, of course, has been evolving over the last few years but only by updating old concepts, technologies, processes and roles coming from the NOC.

    In 2020 is when we're going to start the SOC Revolution, being independent from its parent, creating its own model (new roles, new technology and new processes), being proactive instead of reactive, risk and threat-based and becoming even more strategic: a business loss safeguard and growth enabler for all the organizations globally.
  • [PANEL] IoT Security in 2020 Feb 12 2020 4:00 pm UTC 60 mins
    Peter Wood, Terence Jackson, Brian Russell, Kalani Enos, & Alexandre Blanc
    With the proliferation of the Internet of Things, IoT devices are often added into enterprise environments without due consideration for the security and privacy risks they pose to the business. Oftentimes, IT security teams do not have full visibility into how many IoT devices are connected to the network. This creates security gaps, as IoT devices are notoriously vulnerable to hacks and attacks.

    Join this interactive panel experts to learn about how enterprises can enhance endpoint, and therefore IoT security.

    Attendees will learn more about:
    - IoT and today's enterprise
    - What's on your network? How do you evaluate IoT devices?
    - Why visibility is key
    - Controlling access to your IoT environment
    - Vendor risk and holding vendors accountable for their IoT equipment
    - Areas for automation and where to reduce your IT security team's involvement
    - Patching and upgrading
    - Expert recommendations for enhancing IoT security

    Peter Wood, Partner, Naturally Cyber LLP (Moderator)
    Terence Jackson, CISO, Thycotic
    Brian Russell, IoT Working Group Co-Chair, Cloud Security Alliance (CSA)
    Kalani Enos, Founder & CEO, KEnos Technologies LLC
    Alexandre Blanc, Director of Security, Adaware (an Avanquest company)
  • Don’t Get Kicked While You're Down! Is your BCP (Cyber) Battle-Tested? Feb 11 2020 6:00 pm UTC 60 mins
    Shinesa Cambri & Aparna Murthy
    Many businesses have put tremendous effort in automating processes and
    security controls that protect their data. However, in the case of a disaster, your business continuity plan (BCP) likely relies on manual processes that may open a side door to threat actors and leave your business and data more vulnerable than before.

    Learn the things you should be considering as part of your BCP to help keep your data protected.

    - Shinesa Cambric, CISA, IT Security and Identity Governance Architect, Fossil Group Inc.
    - Aparna Murthy, CPA, Compliance Architect and Controls Evangelist, Bank of America
  • [PANEL] Proactive Security Strategies and Best Practices Feb 11 2020 4:00 pm UTC 60 mins
    Roselle Safran, Sean Webb, Michelle McLean, Michelle Drolet & Chris Calvert
    In today’s business landscape it is important to take a proactive approach to security rather than a reactive approach. Join leading security experts as they discuss the safest ways to protect your organisation in 2019 and beyond.

    Join this Q&A panel to learn more about:

    - Key organisational benefits to practising proactive security
    - Technologies powering security
    - Best practices and recommendations for a more secure organization

    Roselle Safran, President, Rosint Labs (Moderator)
    Sean Webb, Information Security Manager, Patriot One Technologies Inc.
    Michelle McLean, Vice President of Product Marketing, StackRox
    Michelle Drolet, CEO & Co-Founder, Towerwall
    Chris Calvert, VP of Product Strategy, Respond Software
  • Breach Response & Incident Response, They Both Start With a Plan Feb 10 2020 4:00 pm UTC 60 mins
    David Froud, Director, Core Cncept Security Ltd.
    The rise of breach response as an absolute necessity has GDPR to thank/blame. But what should have been an extension of every organization's existing incident response / disaster recovery program, is now an excuse to reach into your pockets . Like everything in security, breach response is not complicated, or even difficult in most cases, it just has to be 'appropriate'.
  • How To Go from Waterfall AppDev to Secure Agile Development in 2 Weeks Jan 31 2020 5:00 pm UTC 60 mins
    Ulf Mattsson, Head of Innovation, TokenEx
    Waterfall is based on the concept of sequential software development—from conception to ongoing maintenance—where each of the many steps flowed logically into the next.

    Join this webinar presentation to learn:
    - Why DevOps cannot effectively work in waterfall
    - How to use DevOps tools to optimize processes in either development or operations through automation

    We will also discuss what is needed to support full DevOps optimization and create a Secure Agile Development process.
  • How to Add Security in DataOps and DevOps Jan 29 2020 5:00 pm UTC 60 mins
    Ulf Mattsson, Head of Innovation, TokenEx
    The emerging DataOps is not Just DevOps for Data. According to Gartner, DataOps is a collaborative data management practice focused on improving the communication, integration and automation of data flows between data managers and consumers across an organization.

    The goal of DataOps is to create predictable delivery and change management of data, data models and related artifacts. DataOps uses technology to automate data delivery with the appropriate levels of security, quality and metadata to improve the use and value of data in a dynamic environment.

    This session will discuss how to add Security in DataOps and DevOps.
  • CCPA Compliance Beyond Deadline Day Jan 28 2020 7:00 pm UTC 60 mins
    Guy Cohen | Lisa Hawke | Joanne Furtsch | Laura Koulet
    On January 1st 2020, the California Consumer Privacy Act (CCPA) is going into effect. Are you familiar with the CCPA's privacy requirements? Is your organization ready for the most far-reaching data privacy regulation in the U.S. to date? 
    Join this panel of privacy experts for an interactive Q&A session to learn more about how CCPA will impact your organization, as well as dive into the main differences between CCPA and GDPR.
    - The CCPA privacy requirements- CCPA checklist beyond deadline day
    - Data mapping: how and why it is important for CCPA and GDPR
    - Data Subject Access Requests 
    - Other key similarities and differences between GDPR vs. CCPA
    - The future of privacy and compliance in 2020 and beyond

    - Guy Cohen, Strategy and Policy Lead, Privitar
    - Lisa Hawke, VP Security and Compliance, Everlaw
    - Joanne Furtsch, Director, Deputy Data Governance Officer, TrustArc
    - Laura Koulet, Vice President, Head of Legal & Privacy, Tapad
  • The Emerging PCI DSS and NIST Standards Jan 28 2020 4:00 pm UTC 60 mins
    Ulf Mattsson, Head of Innovation, TokenEx
    The Payment Card Industry Data Security Standard (PCI DSS) and the National Institute of Standards and Technology’s (NIST) Cybersecurity Framework share the common goal of enhancing data security. This session maps PCI DSS to the NIST Framework and discuss how to align security efforts to meet objectives in both PCI DSS and the NIST Framework.

    PCI DSS is focused on the unique security threats and risks present in the payments industry

    The NIST Framework provides an overarching security and risk-management structure with security Functions, Categories, and Subcategories of actions. These Subcategories reference globally recognized standards for cybersecurity.

    Both PCI DSS and the NIST Framework are solid security approaches that address common security goals and principles as relevant to specific risks.

    We will discuss how the NIST Framework identifies general security outcomes and activities, and how PCI DSS provides specific direction and guidance on how to meet security outcomes for payment environments.

    This session will also discuss the interesting attribute based access control (ABAC) as a logical access control methodology where authorization to perform a set of operations is determined by evaluating attributes associated with the subject, object, requested operations, and, in some cases, environment conditions against policy, rules, or relationships that describe the allowable operations for a given set of attributes. This session also provides considerations for using ABAC to improve information sharing within organizations and between organizations while maintaining control of that information.
  • Holistic InfoSec: Achieving Real Information Security Program Results Jan 23 2020 10:00 pm UTC 45 mins
    Diane Jones, Director of Cyber Risk, Kalles Group
    Too often, Information Security means technical point solutions. This approach leaves enterprises exposed and management and customers disillusioned.

    Join us to learn:

    - Why security programs remain on the margins of business adoption in spite of heightened threats and acknowledged need
    - Why security by technology alone is a dead end
    - The secret sauce for a vibrant, effective information security program
  • [Earn CPE] Cornerstones to Fortify Your Enterprise Cybersecurity Defense Jan 23 2020 6:00 pm UTC 75 mins
    Panelists: Dr. Anton Chuvakin, Google Cloud; with Sumedh Thakar, Qualys; Roger Grimes, KnowBe4; and Vivian Tero, Illumio.
    The enterprise cybersecurity landscape is dramatically expanding in scale and complexity, and cyberattacks are growing in magnitude and impact as digital transformation increases on a global scale. From phishing scams, to ransomware attacks, to malicious breaches from state actors, the potential threat to your business is huge. According to the Ponemon Institute, the average per breach cost to a company in 2018 was estimated at $3.86 million, an increase of 6.4 percent over the previous year.

    Even though cybersecurity presents a challenge to the enterprise, you are not helpless against the bad actors who seek to cause real and costly damage to your business. A proactive, company-wide, integrated digital security strategy that addresses cybersecurity threats at all levels of your business will provide you with both the offensive and defensive capabilities you need to handle whatever comes your way. Earn 1 CPE credit by attending this educational and interactive panel webinar. Our experts will discuss why fortifying your cybersecurity strategy should be a critical priority and highlight some best practices that you can employ to stay ahead of evolving threats, including how to;

    - Understand the changing cyberattack landscape,
    - Create a company-wide cybersecurity task force,
    - Evaluate your security budget against your threat level,
    - Fortify your cybersecurity defense with systems hardening, adaptive authentication, and endpoint protection.
  • Data De-identification: Protecting Privacy While Preserving Utility Jan 23 2020 6:00 pm UTC 45 mins
    John Noltensmeyer, Head of Privacy and Compliance Solutions, TokenEx
    As organizations evaluate their de-identification and data minimization practices to satisfy an expanding landscape of regulatory obligations there are a number of factors to consider. Various technologies will be considered as part of a data-centric security strategy for de-identifying and securing sensitive information such as statistical tools, cryptographic solutions, suppression, pseudonymization, generalization, and randomization. Further, we will examine the capability of these technologies to preserve business utility within a Zero Trust data security model.

    Listen to this session and you will take away:

    • An understanding of the definition of de-identification as it relates to international and industry privacy regulations, including the difference between pseudonymization and anonymization
    • A strategy for balancing privacy and security concerns with business needs, such as evaluating and prioritizing risk
    • How various methods of de-identification can help meet the privacy requirements of applicable compliance obligations
  • When Privacy Compliance "Gets Stuck": Dos and Don'ts of Privacy Operations Jan 22 2020 10:00 pm UTC 45 mins
    Adrienne Allen, Head of Security GRC and Privacy, Coinbase
    Companies today are increasingly aware of their privacy compliance obligations, including the emerging requirements from recent regulations like GDPR and California's CCPA. Most companies that invest in a privacy compliance uplift spend time on policy revisions, data subject rights tooling, training, and data discovery. But after the first rush of compliance activities, the challenges of privacy operations evolve:

    - How do you get beyond point in time compliance into managing repeatable processes?
    - What existing teams and operations should privacy leverage right away, and how should this change over time?
    - How do you prioritize updates to your data subject rights tooling, whether you've custom built or outsourced?
    - How do you avoid privacy fatigue?

    This webinar will cover common areas where privacy compliance can "get stuck," and discuss ways to successfully operationalize a growing privacy program at the speed of business.

    Presenter Info: Adrienne Allen, Head of Security GRC and Privacy, Coinbase
  • Offensive vs Defensive Security Jan 22 2020 8:00 pm UTC 60 mins
    Rhonda Bricco (UnitedHealth Group), Deb Doffing (Optum), Sue Perkins (Optum), Cat Goodfellow (Optum)
    US Cyber Command has undergone a significant shift in strategies away from defense and deterrence to engagement and forward disruption. We’ll discuss whether offensive cyber actions deter or invite retaliatory attacks, impacts to private industry (both positive and negative), and whether enterprise security offices should take offensive measures and if so – how far should we go?
  • Privacy-2020: A Millennial Perspective Jan 22 2020 6:00 pm UTC 45 mins
    Deveeshree Nayak, IT Security Professional
    Webinar Take-Aways:

    - What millennials think about privacy and What’s their expectation?
    - Diversity in Privacy in 2020
    - Impact on Criminology and Criminal Justice System in Privacy.
    - Career in Privacy

    About the Speaker:
    Deveeshree Nayak
    Faculty, School of Engineering & Technology (SET)
    University of Washington, Tacoma

    Disclaimer: My views in this webinar are my own.
  • What to expect in 2020: Regulatory Compliance in Privacy & Cybersecurity Jan 21 2020 10:00 pm UTC 45 mins
    Kevin Kim, CIPP/C, CIPT, CIPM, FIP former Chief Privacy Officer, Canadian Western Bank Financial Group
    The General Data Protection Regulation (GDPR) has been making far more influence on the privacy landscape online than expected since its enactment by the European Union (EU) on May 25th, 2018.

    Google and Facebook, two of the most powerful digital platforms, were heavily scrutinized and penalized with hefty fines for their non-compliance in the European market. GDPR has also driven many countries, such as Japan, Brazil, and South Korea, to follow suit by strengthening their privacy laws. All 50 states in the United States have also joined the camp by amending their privacy laws - albeit to varying degrees - to make privacy breach reporting mandatory.

    Most notably, the State of California developed its own GDPR-style privacy law called “California Consumer Protection Act” (CCPA) and will enact in January 2020. Moreover, two federal privacy bills were recently submitted to the Congress aiming to be the very first federal-level, comprehensive privacy law in the U.S. Canada is no exception in this privacy-aware trend. The ruling liberal party made clear that modernizing privacy legislation to protect citizens online will be one of the party’s priorities.

    This presentation will talk about current trends in privacy field in terms of regulatory requirements in the U.S., Canada, and Europe, discuss what to expect in 2020, and what to do to make sure that all the organizations and institutions are compliant with applicable laws and regulations in their jurisdiction.
  • Balancing Data Privacy & Security in 2020 Jan 21 2020 6:00 pm UTC 60 mins
    Dr. Christopher Pierson | Shahrokh Shahidzadeh | Michelle Drolet | George Wrenn
    How has the compliance landscape changed in 2020? Is your organization aware of the main differences in data regulations around the world?

    Join this panel of industry leaders for an interactive Q&A roundtable to get a comprehensive look into the different data privacy and security requirements. The panel will also discuss what to expect in 2020 and beyond.

    Viewers will learn more about:
    - CCPA is now in effect and what this means for you
    - The main differences between GDPR and CCPA
    - Best tools, practices, required policies and cultural game changers for commercial and government environments
    - Other data regulations on the horizon
    - Recommendations for 2020

    - Dr. Christopher Pierson, CEO & Founder, BLACKCLOAK
    - Shahrokh Shahidzadeh, CEO, Acceptto
    - Michelle Drolet, CEO, Towerwall
    - George Wrenn, CEO & Founder, CyberSaint Security

    This Q&A panel is part of Privacy Month.
  • Data Privacy in 2020: Data Management for a Multi-Regulation Environment Jan 21 2020 6:00 pm UTC 45 mins
    Jill Reber, CEO & Chair | Kina Ratanjee, Delivery Director, Primitive Logic
    When GDPR first arrived, some companies addressed it by implementing data privacy measures solely for their EU data subjects — only to have to go through the same exercise for California residents when CCPA came along. With major data privacy laws now in effect on both sides of the Atlantic and more on the way (possibly including U.S. federal legislation), organizations must adopt a holistic approach to managing personal data in an ethical, compliant manner.

    Join the data privacy experts from Primitive Logic to explore data management strategies for achieving and maintaining readiness for CCPA, GDPR, and other current and future privacy regulations.

    You will learn:

    - Why traditional master data management (MDM) can lay the groundwork for multi-regulation readiness, but won’t make you compliant on its own
    - How to address common threads in data privacy legislation while maintaining flexibility to adapt to future requirements
    - How to build a single source of truth for personal data as a cornerstone of your data privacy strategy
    - Governance strategies for adapting to “triggers” in maintaining data privacy readiness
  • A Practical Approach to FFIEC, GDPR & CCPA Compliance Jan 21 2020 4:00 pm UTC 60 mins
    Ulf Mattsson, Head of Innovation, TokenEx
    With sensitive data residing everywhere, organizations becoming more mobile, and the breach epidemic growing, the need for advanced data privacy and security solutions has become even more critical. French regulators cited GDPR in fining Google $57 million and the U.K.'s Information Commissioner's Office is seeking a $230 million fine against British Airways and seeking $124 million from Marriott. Facebook is setting aside $3 billion to cover the costs of a privacy investigation launched by US regulators.

    This session will take a practical approach to address guidance and standards from the Federal Financial Institutions Examination Council (FFIEC), EU GDPR, California CCPA, NIST Risk Management Framework, COBIT and the ISO 31000 Risk management Principles and Guidelines.

    Learn how new data privacy and security techniques can help with compliance and data breaches, on-premises, and in public and private clouds.
  • STORAGE LIMITATION under GDPR: Overcoming compliance challenges in 2020 Jan 21 2020 1:00 pm UTC 45 mins
    Virgilio Cervantes, Data Protection Compliance Manager, Countrywide PLC
    The GDPR principle of storage limitation determines that personal data must be erased (or anonymised) when 'no longer necessary'.

    As such, data controllers must embed appropriate technical and organisational measures into operations, to allow for the periodical review of personal data and to the erasure (or anonymisation) of any 'non-necessary' data, thus achieving compliance with GDPR's data storage requirements.

    An overview on the impact of the 'storage limitation' principle on organisations' operations will be undertaken, considering:

    - Storage limitation (structured, unstructured data);
    - Data minimisation (data collection, data hygiene);
    - Time limitation (retention policies, procedures and time schedules);
    - Risks of non-compliance (Data subject rights, data breaches).

    This session will thus provide a holistic and pragmatic framework-based approach to storage limitation and its ongoing compliance.

    Virgilio Lobato Cervantes holds an LLB Honours degree in Law and a Master of Arts degree in International Tourism and Aviation Management. He is a certified Data Protection Officer by the University of Maastricht (ECPC-B DPO). Currently pursues a Doctorate degree in law at the University of Reading. Virgilio’s research focus is in EU data protection and privacy law.

    England and Wales Qualified Paralegal Lawyer, member of the Professional Paralegal Register (PPR Tier 3) and the Institute of Paralegals (Q.Inst.Pa.), specialised in Data Protection and Privacy Law, Virgilio presently takes on the role of Data Protection Compliance Manager at Countrywide PLC, the UK’s largest property services group.
The latest trends and best practice advice from the leading experts
This channel features presentations by leading experts in the field of information security. From application, computer, network and Internet security to access control management, data privacy and other hot topics, you will walk away with practical advice for your strategic and tactical information security initiatives.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: In Clouds we Trust?
  • Live at: Sep 8 2009 6:00 pm
  • Presented by: Bret Michael; Naval Postgraduate School; Professor
  • From:
Your email has been sent.
or close