Security Awareness Compliance in the PCI Software Dev. Lifecycle
Since 2004, the Payment Card Industry has addressed the need for security awareness among personnel who protect, process, store, or transmit credit card data. Commencing in 2010, the Payment Card Industry – Data Security Standard (PCI-DSS) requires both end-users and web application developers of applications which interact with credit card data to be familiar with the latest industry best business practices regarding information security. But, is that sufficient to secure the supply chain and provide adequate software resiliency? What about all the other personnel who are involved in the software development life cycle? This presentation addresses the problem and solution for a comprehensive program for secure and resilient PCI applications.
RecordedMar 25 201036 mins
Your place is confirmed, we'll send you email reminders
In order to effectively use cryptography to protect information, one has to ensure that the associated cryptographic keys are also protected. Attention must be paid to how cryptographic keys are generated, distributed, used, stored, replaced and destroyed in order to ensure that the security of cryptographic implementations are not compromised.
This webinar will introduce the fundamentals of cryptographic key management including key lifecycles, key generation, key distribution, symmetric vs asymmetric key management and integrated vs centralized key management models. Relevant standards, protocols and industry best practices will also be presented.
Johna Till Johnson, CEO and Founder, Nemertes Research; Russell Rice, VP Product Strategy at Ordr
IoT initiatives are exploding. Nemertes has found that companies with successful IoT initiatives are increasing both the number of projects and the device count, with growth that ranges up to 100%+ year over year.
Scaling these initiatives requires scaling not only the IoT solutions, but also the infrastructure and cybersecurity environments in which they operate. As enterprise technologists begin to apply next-generation cybersecurity approaches like zero-trust, they need to think seriously about how to automate the control and management of their cybersecurity and infrastructure.
The answer? Automation. Successful organizations are more likely to automate earlier, more aggressively, and more comprehensively—with dramatic improvements in performance, security, and reliability.
Find out why automation is critical to securing, managing, and scaling IoT—and what best practices can help ensure success in implementing it.
Almost overnight COVID-19 upended everyday life as we knew it. A risk that we didn’t even know we faced took center stage both personally and professionally. In this webinar, learn how businesses’ approach to cyber risk management changed in 2020, including:
- What’s driving cyber risk mitigation decisions today—and what’s very different than it was on January 1
- Important factors to consider when re-prioritizing your cyber mitigation initiatives
- Factoring in systemic or cascading risk to measure cyber risk across an entire company portfolio
- Innovative ways to manage and communicate risk
Ransomware, ransomware, ransomware. Why are our current endpoint defenses so inefficient? We will take three leading endpoint security (antivirus) products and demonstrate live how ransomware developers use trivial techniques to bypass all of them. Often a single line of code is all that’s needed to render antivirus ineffective and all data lost.
NOTE: This webinar is applicable to technical audience only. We will be digging right in the source code and compiling ransomware on the fly.
Nir Gaist, founder & CTO of Nyotron, is a recognized security expert and ethical hacker. Nir has worked with and pentested some of the largest Israeli organizations, such as banks, police and the parliament. He also wrote the cybersecurity curriculum for the Israel Ministry of Education.
Pierre Mouallem, Lenovo; Ahmad Atamli, Mellanox; Steve Vanderlinden, Lenovo
One of the most important aspects of security is how to protect the data that is just “sitting there.” How easy is it to get to? Who can get to it? If someone does get access to the data, can they read it? What are the potential risks of the wrong people reading the data? These are just a few of the questions that we try to answer when we go through the process of securing data.
Contrary to popular belief, however, securing “data at rest” is not simply encrypting the data. While it is true that data encryption plays a major role in securing “data at rest,” there are several other factors that come into play and are equally as important – if not more so.
For this webcast, we’re going to talk about those other factors (Encryption is deserving of its own, specific webcast). We will present the end-to-end process to securing “data at rest,” and discuss all the factors and trade-offs that must be considered, and some of the general risks that need to be mitigated, discussing:
• How requirements for “data at rest” differ from “data in flight”
• Legal and regulatory reasons to protect (or delete) data at rest
• Where and how data could be attacked
• Understanding the costs of ransomware
• How to protect cryptographic keys from malicious actors
• Using key managers to properly manage cryptographic keys
• Strengths and weaknesses of relying on government security recommendations
• The importance of validating data backups... how stable is your media?
The world has changed, and so has your threat landscape. Join us for a discussion on how cyber attacks have pivoted their tactics and targets. From the latest on phishing kits to video threats, our experts will explore how changes in motives and targets is disrupting and increasing our threat landscape. Learn how to reframe your understanding of your threat profile and better defend and respond to these attacks.
Our featured experts for this webinar include Richard Stiennon, chief research analyst at IT-Harvest and Kurtis Minder, CEO of GroupSense, GroupSense is a digital risk management company that delivers customer-specific intelligence.
Here’s What Will Be Discussed:
1) Threat actors are adapting their tactics and targets
2) Changes in motives and targets are disrupting and expanding the threat landscape
3) Understanding your threat profile to create a better cyber defense strategy.
Chenxi Wang | Vishwanath Raman | Michelle Dennedy | Tom Pendergast
In the fight against COVID-19, countries are taking urgent actions to address the crisis. Some are turning to tech to find solutions for containing the spread of the virus. Digital contact tracing, in particular, is gaining a lot of traction. For example, Apple and Google recently announced a rare collaboration to jointly facilitate contact tracing within their mobile platforms for public health monitoring applications.
So, what does this mean for privacy?
While some efforts are being made to preserve user privacy, like not tracking user location or collecting other identifying information, digital contact tracing can still reveal more user information than necessary.
Join this panel of security and privacy experts lead by Chenxi Wang to learn more about the different implications associated with digital contact tracing, how it is being used around the world, and the long-term effects of COVID-rushed decisions.
- Chenxi Wang, Founder & General Partner of Rain Capital
- Vishwanath Raman, Lead, Privacy Technologies, Oasis Labs
- Michelle Dennedy, CEO Drumwave
- Tom Pendergast, Chief Learning Officer, MediaPRO
Colin Whittaker with Chad Wood, Galvanize; Joseph Carson, Thycotic; Chad Carter, Wallix; and Ilia Sotnikov, Netwrix
Security practitioners around the world are struggling to cope with the challenges posed by remote workers during the COVID-19 pandemic. With all users working from home simultaneously, there is a tremendous load and increased security risks across private networks and the cloud. In light of more workers accessing data from the cloud, many organizations are taking a "zero trust" approach, including the use of solutions such as Privileged Access Management (PAM).
If your organization is just getting started with a Privileged Access Management (PAM) program, or you are focused on implementing advanced PAM strategies to align with a COVID-19 environment, this CPE accredited webinar will address what you need to know for data security. Our panel of experts will outline the key challenges and offer some clear recommendations that emphasize the critical role of people, processes and technology in effectively mitigating PAM risk, including:
- Tracking and Securing Every Privileged Account
- Governing and Controlling Access
- Recording and Auditing Privileged Activity
- Operationalizing Privileged Tasks
- Creating a Zero Trust environment
David Morris | Lee Imrey | Brett Foy | Lance James
Crippling ransomware attacks are on the rise and U.S. cities are falling victim at alarming rates. The public sector is especially vulnerable because state and local governments tend to have outdated computer systems and maintain sensitive data which is highly desirable to attackers.
Join this episode of the Election Hacking series to learn more about the ransomware threat to state and local governments and what this means for the 2020 U.S. presidential election.
- The year of ransomware
- How cities and states are coping with the scourge of ransomware
- The ransomware dilemma: Pay the ransom or fight the infection
- How AI is enabling - and helping fight - ransomware attacks
- Ransomware as a threat to democracy
Moderator: David Morris, Executive Director at Digital Risk Management Institute
- Lee Imrey, Cybersecurity Advisor, Splunk
- Brett Foy, Global Vice President, Engineering, Datrium
- Lance James, CEO of Unit 221B
This episode is part of the Election Hacking Original series examining the threats to democratic elections, the technologies used to power and hijack elections, and what's needed to educate and empower voters before Election Day.
Judy Furlong, Dell Technologies; Ed Pullin, Intel; Alex McDonald, NetApp
Encryption has been used through the ages to protect stored secrets, authenticate messages, communicate secretly in broad daylight, and even to check that messages were properly transmitted and received without tamper. Now, it’s often our first go-to tool for making sure that data simply isn’t readable to prying eyes, ears or AI bots.
But how does encryption actually work, what makes it tick, and how is it managed? How do we ensure compatibility? How do we protect the keys; i.e., “Who will guard the guards themselves?”
It’s a big topic that we’re breaking down into three parts: Encryption 101, Key Management 101, and Applied Cryptography.
Join us on May 20th for the first encryption webcast: Storage Networking Security: Encryption 101 where security experts will cover:
•A brief history of Encryption
•Definition of terms – Entropy, Cipher, Symmetric & Asymmetric Keys, Certificates and Digital signatures, etc.
•Introduction to Key Management
After you watch the webcast, check out the Encryption 101 Q&A blog at https://bit.ly/2ZGMisl
Diana Kelley | Susan Whittemore | Jay Ryerse | Courtney Radke
Smaller businesses have a common problem when it comes to cybersecurity - limited expertise, resources and budget.
The board is asking for, clients are demanding to know whether the company is secure, IT team can't articulate the cybersecurity program, because there isn't one.
Cybersecurity is sometimes an afterthought for a start-up, or delegated to one engineer. There's a tendency to think of cybersecurity as a set of tactical, technical implementations to cover obvious threats rather than a business problem.
We'll discuss the role of the CISO in terms of providing the leadership and strategy for a cohesive, risk based program. Ideally, the role is not a technician.
With an ever-evolving threat landscape and a growing business, where does a business start to build and maintain an affordable program? We'll discuss a baseline program, technologies required, focusing on fewest technologies for maximum benefit.
This episode is part of The (Security) Balancing Act series with Diana Kelley. Viewers are encouraged to ask questions during the live Q&A.
As the world continues the work-from-home initiative in order to combat the COVID-19 threat to humanity, organizations must also consider that threat actors (hackers, Advanced Persistent Threats, etc.) may take this opportunity to exploit existing vulnerabilities normally mitigated in an office environment behind a firewall, as an example, but not necessarily mitigated in a Telework environment. This presentation will discuss the following topics
- Discuss the recent rise Threat Actor exploits of Telework applications, and provide a means of ‘visibility’ by organizations to detect, analyze and remediate threats attempting to exploit vulnerabilities.
- Visibility into emerging threat capabilities to introduce ransomware and malware into a remote computer/mobile device. Example: COVIDLOCK ransomware on Android smart phones and how to detect and remediate.
- How VPN is only a step in the right direction towards accessing and transmitting secure, sensitive data. How additional applications and best practices can assist organizations to maintain Confidentiality, Integrity and Availability (CIA) in the near-immediate term.
- The advantage of educating employees on the dangers associated with working remote, and whether use of personal devices versus company-provided devices are viable options.
- How Software as a Service (SaaS), Infrastructure as a Service (IaaS) providers can assist your organization in maintaining effective CIA in a Work From Home environment. The presenter will also discuss limitations and the often overlooked Shared Responsibility.
Every company in the world is being forced to digitize their customer and supplier interactions while enabling flexible work from home patterns. Just like trying to change a tire on a car going 60MPH, businesses are forced to adapt quickly because of today’s state of business. Hackers are licking their chops as more digitization happens quickly CIOs and IT Teams are more vulnerable than ever.
Join us as our security experts discuss the following cyber-attack trends and recommended strategies for better security in 2020:
1. The Digital Data Attack Surface
2. Cloud / Endpoint Visibility Challenges
3. De-Risk Data in the Cloud
4. Incorporate CyberSecurity into Risk Management
5. Six Practical Steps to beat Hackers
Javier Perez, Product Management, Open Source and Security Advisor
In this session you are going to hear about application security and open source software. A review of how open source software grows and how vulnerabilities are created. Vulnerabilities in open source software increase the risks of exploitation, it is critical then to understand the dynamics of how open source software is built and to have a plan in place to reduce risk. A security plan around visibility, early stage in the development lifecycle and policy governance.
Open source sparks innovation, it provides bug fixes and security fixes, the solution is not to stop using open source software. All new technologies from AI and Machine Learning to Virtual Reality, self-driving cars and robotics are built in the open, so there’s no turn back. The best approach is to keep up with the progress in open source, to shift-left and automate application security.
This session will provide:
-Insight into how open source software works and grows
-How to address security for open source components
-How to keep up with constant changes and new vulnerabilities
Anas Hadidi, CISSP, Sr. SecOps Practice Lead – EMEA & LatAm, Micro Focus
Firewalls and IPSs don’t replace but rather complement each other’s roles in securing the parameter, yet some are insisting that analytics, analysis, and Machine Learning are meant to replace each other when it comes to situational awareness. This Session will help explore how these concepts complement each other to help achieve better situational awareness.
Welcome to the world of IoT (Internet of Things) as more and more devices get connected online. With weak or almost no security these devices can easily become a victim, be turned into a BOT which can then be controlled and used to participate in a DDoS (Distributed Denial of Service) attack or turn systems into bricks along with the data.
This session walks you through the reality check on the risks and threats that IoT devices introduce to the business and what you can do to reduce the risks. A best practice approach to an IoT Risk Assessment.
- What are the biggest risks from IoT devices?
- What are the biggest threats from IoT devices?
- Best Practices in reducing the risks
- Future of IoT Security
A few months ago, security vendors were offering up cyber threat predictions for 2020 and product roadmaps indicating how solutions were evolving to address the shifting threat landscape. Market research firms were sharing revenue projections and providing guidance to end-user organizations intended to help them solidify their security strategy and budgets for the year. And then along came the coronavirus.
The rapid on-set of a global pandemic has changed both the threat landscape and what organizations should be spending their security budgets on, almost overnight. An all-remote workforce opens the door to new opportunities for malicious activity by bad actors; stealing passwords and data is easier, and critical business applications are at greater risk as employees attempt to access both on-prem and cloud-based apps from home.
In this webinar, Identity and Access Management (IAM) experts from Sennovate and Idaptive will address the role IAM and adaptive multi-factor authentication (MFA), in particular, can play in both enabling and securing the remote workforce. Adaptive MFA, based on the oh-so-important principles of Zero Trust—“never trust, always verify”—holds the keys to dramatically reducing risk and improving compliance, no matter where an organization’s employees are in the world. Best of all, adaptive MFA improves user productivity and happiness, while reducing IT and helpdesk overhead.
Attendees will gain an understanding of: the new or increased threats caused by the surge in remote workers; the critical role that IAM and adaptive MFA can play in filling any security gaps that may still exist across a far-flung labor force; and the benefits of adaptive MFA, including improved user productivity and job satisfaction, and reduced IT and helpdesk burden.
Greg Tomchick, Director of Proactive Advisory Services, Cyber Defense Labs
With constantly changing physical and technological environments, companies and individuals are encountering the most difficult time in history to develop and maintain Resilience. As we to continue to build smart cities and smart nations, connecting our cloud-based networks to Internet-of-things (IOT) devices and other operational technologies, our lives are being impacted more and more and we have rapidly increasing risk, by virtually expanding our threat surface.
With 83% of enterprise workloads being hosted in cloud-based environments, today's leaders are being exposed to extreme challenges in understanding and addressing the intangible risks that could cripple an organizations entire supply chain in real-time.
In order to combat this growing threat, Greg Tomchick and his team at Cyber Defense Labs empower organizations to adopt a proactive approach to minimizing the connected risks across the enterprise, while meeting or exceeding regulatory requirements.
Be sure not to miss this important conversion on what you can do to protect your corner of cyberspace, build operational resilience in the cloud and how we can work together to address this important issue as we voyage through 2020.
Ben Rothke | David Mundhenk | Jeff Hall | Arthur Cooper "Coop"
May 2020 marks the 2nd anniversary since EU's General Data Protection Regulation (GDPR) came into effect. How has the world of regulations changed in the last two years, and what else can we expect on the privacy and compliance landscape?
Join the PCI Dream Team as they celebrate GDPR's 2nd birthday - while social distancing from home - with a fun and insightful Q&A discussion on all things GDPR, CCPA & PCI DSS.
Grab a seat, eat some cake and bring us your toughest compliance-related questions.
Our panelists are some of the top PCI QSA’s in the country, with decades of combined PCI and card processing experiences. They’ve seen it all: the good, bad and ugly; and lived to tell the tale.
Kalani Enos (Immersion Security), Terence Jackson (Thycotic), Rick Holland (Digital Shadows), Joseph Carson (Thycotic)
In today’s multi-cloud and hybrid environments, CISO's are struggling to secure assets, manage security policies across clouds, monitor and mitigate risks, while also supporting the business. How are CISOs solving the challenge of complexity?
Join this panel of experts to learn how to simplify cyber risk management as well as maximize the value of your team and technology.
- Risk scoring and security controls
- How to identify risks for organizations and their third-party vendors
- How to prevent, detect, and respond to, privacy and network security incidents
- Best of vulnerability and risk management in a multi-vendor environment
- Best practices and use cases across industries
Kalani Enos, Partner/VCISO/Threat Analysis, Immersion Security (Moderator)
Terence Jackson, Chief Information Security Officer, Thycotic
Rick Holland, CISO, Vice President Strategy, Digital Shadows
Joseph Carson, Chief Security Scientist, Thycotic
The latest trends and best practice advice from the leading experts
This channel features presentations by leading experts in the field of information security. From application, computer, network and Internet security to access control management, data privacy and other hot topics, you will walk away with practical advice for your strategic and tactical information security initiatives.