Compliance and information security have had a tumultuous relationship. Sometimes they get along; sometimes they don't. Organizations often combine them under the CISO, but provide dotted line reporting elsewhere for compliance. Compliance might partner with internal audit or have its own C-level position. All of this variation isn't really necessary. Compliance and Risk Management can be successfully combined under the practice of Security Performance Management.
During this webinar we will discuss how:
•Compliance behaves like more traditional information security threat.
•Compliance can be managed similarly to other information security programs.
•Security Performance Management provides a framework for comprehensive compliance and risk management across the enterprise.
George J. Anderson, Product Marketing Director at Webroot Inc.
Web security is back on the IT Security agenda in a big way. With breaches caused by web usage at an all-time high security professionals are realizing that relying solely on endpoint security to protect their users is downright negligent.
This presentation explores why with this reappraisal is happening and why so many companies are opting for SaaS cloud-based Secure Web Gateway solutions. It also looks at how Webroot, using its BrightCloud Threat Intelligence platform, have completely updated their existing cloud-based web security service to provide a new logical first line of security defense for web users.
1.Why web security should be the primary user security defense layer?
2.The advantages of cloud-based web security over traditional on-premise solutions.
3.The benefits your organization will see as a result of cloud-based web security.
TJ Alldridge, Product Marketing Manager, HP TippingPoint
Advanced threats and targeted attacks are wreaking havoc in our networks and desktop machines. High-profile attacks seem to make headlines every few weeks. While no security solution is 100% effective, join us to discuss best practices that could bring your security effectiveness closer to that goal.
Kevin Peterson, Director of Security & Network Transformation, Zscaler & Mark Stafford, Senior Cyber Consultant, BT Security
Cyber security is now a topic of discussion at the majority of board meetings, according to a recent NYSE/Veracode survey*. It is no longer just an IT issue, a policy or compliance issue – it is a corporate risk issue. Forrester Inc., states that CEOs are now mainly held responsible for data breaches – a shift from it solely being the responsibility of the CISO. According to them, any lapses will cost executives their job**. The stakes are very high and getting it wrong has significant consequences, including:
- Brand damage due to customer loss
- Loss of competitive advantage due to corporate espionage
- High cost of responding to a breach
How prepared is your organization to handle a security breach and discuss this in the boardroom?
This webcast will address cyber security priorities being discussed at the boardroom level, including:
- Managing security risk in today’s digital world
- Securely leveraging key technologies such as cloud, mobile and analytics
- Addressing security gaps across the ecosystem of customers and suppliers
- Effectively engaging at the boardroom level, reviewing key metrics and aligning strategy with business priorities
*NYSE/Veracode 2015 Survey: Cybersecurity in the Boardroom
**Forrester Inc., Report: Security Leaders, Earn Your Seat At The Table
Managing cyber risk isn’t just about protecting your own house. As we’ve learned from Target and other major breaches, organizations must also be diligent in overseeing risks to vendors, business associates, and other third parties that have access to sensitive data or provide important services. For credit unions, regulatory pressure and cost concerns can make this a daunting task.
Fortunately, there are several cost-effective, proactive measures organizations immediately take to mitigate third party cyber risk. Join Jacob Olcott, VP of Business Development at BitSight Technologies as he discusses ways to get started on a vendor risk management program. Viewers will learn:
Five steps you can take immediately to mitigate third party cyber risk
The types of businesses in your supply chain that may pose risks
How BitSight Security Ratings streamline the process of vendor risk management
Join us as we discuss insider threats and what cybersecurity professionals are doing to prevent, detect and remediate insider attacks. We will also review the key findings of the 2015 Insider Threat Report, including:
•Privileged users, such as managers with access to sensitive information, pose the biggest insider threat to organizations (59 percent). This is followed by contractors and consultants (48 percent), and regular employees (46 percent).
•62 percent of security professionals say insider threats have become more frequent in the last 12 months. But only 34 percent expect additional budget to address the problem.
•Fewer than 50 percent of organizations have appropriate controls to prevent insider attacks.
•62 percent of respondents say that insider attacks are far more difficult to detect and prevent than external attacks.
•38 percent of survey respondents estimate remediation cost to reach up to $500,000 per insider attack. 64 percent of respondents find it difficult to estimate the damage of a successful insider attack.
David Murray (HEAT Software), Alvaro Vitta (Dell Software), Wade Williamson (Vectra Networks), Diana Wong (RES Software), John Yun (Palerra), Matt Zanderigo (ObserveIT), Eric Anderholm (Sergeant Laboratories)
Jonathan Smith, Application Security Specialist, WhiteHat Security
This presentation will demonstrate the value of manual business logic assessments and provide an example of a vulnerability that scanners cannot find because the problem isn’t in the code or framework.
We will provide a real life instance of a business logic flaw at a major high-end clothing retailer. The flaw allowed malicious users to purchase negative amounts of expensive merchandise, and credit thousands of dollars to their accounts.
Watch a cyber-attack unfold live to show you how your vendors can unwittingly leave the door open to your network and understand how to prevent these by managing, controlling and auditing all vendor access This webcast will offer best practice recommendations on how to secure vendor access to your organization. Hear top tips on how to protect your company and customer data, infrastructure and assets from cyber-attacks by securing vendor access while improving productivity.
This webinar will offer best practice recommendations on how to secure vendor access to your organisation. Hear top tips to protect your company and customer data, infrastructure and assets from cyber-attacks by securing vendor access whilst improving productivity.
Sunil Choudrie and Laurence Pitt – Security Solution Specialists
Understand what happened, and get back on track fast
Identifying and neutering a breach is only half of the work that needs to be done – now the business needs to know what systems were impacted, clean up the damage and get things back to normal. Advanced threat technology has visibility from the cloud into network and onto endpoints. This means unparalleled visibility into not only what happened, but also what was affected and how best to clean up after a breach. A complex attack will not be simple, and it will have spread fast, but being able to understand the route taken into the network makes it simpler, and faster, to deploy a security response, and use what has been learned to ensure better preparation for the future.
Missed the first 2 webcasts?
Webcast 1: If a breach is inevitable, what should I do? How best to prevent attack, and keep bad stuff out - https://www.brighttalk.com/webcast/5691/170123
Webcast 2 - I’ve been breached, what happened? What happens when bad stuff gets in, how to react fast - https://www.brighttalk.com/webcast/5691/170133
We live in a world where technological change is rapid. There is a race against time to be faster and better than the competition. Businesses will need to change as a result of technology disruption or risk becoming irrelevant to their customers. It is during these times of tumultuous change and uncertainty when the unexpected - new attack opportunities and tools - are presented to cybercriminals to steal, harm or destroy the digital assets of organisations in an unprecedented way and scale.
In this presentation, Rik will identify the top disruptive technologies to government and business today and examine the impact of such innovations on the cybersecurity of corporate networks. He will also provide recommendations to assist organisations to prepare for the unexpected threats and challenges that will arise from technology disruption in the future.
Many security vendors claim to have access to the security intelligence and analytical capabilities needed to identify the trace elements of malware activity before cyber-attacks take place.
They claim the ability to identify threats and data breaches at the earliest possible stage. Even accepting that the average time to detect a breach has halved over the last eighteen months, a discovery and remediation timeline that is still close to 200 days is by any standards far too long.
This presentation looks at what can be done to improve things and what businesses should be demanding from there security service providers.
Patrick Grillo, Senior Director, Security Solutions, Fortinet
Advanced Threat Protection is built on the principle of Prevention, Detection and Mitigation. However, if the different technologies within each of these areas operate independently, there will be gaps between the different elements, gaps that can and will be exploited during an attack.
This session will focus the concept of bringing together all of the elements of Advanced Threat Protection to form a holistic, collaborative solution that encompasses all of the network.
Barry Fisher, Sr. Product Marketing Manager OpenDNS, now part of Cisco
Next-generation firewalls and sandboxes stop attacks at various steps, but they only react to malicious communications and code after attacks have launched.
There’s another way—observing where attacks are ‘staged’.
We’re going to demonstrate how we can visualize Internet infrastructures for visibility into where attacks will emerge. Then, we’ll know where advanced malware will be downloaded and where compromised systems will callback—before attacks launch.
In this live session, you’ll learn:
7 steps of an attack and how you can use this data to get ahead of new security events.
3 ways to uncover malicious activity by looking at domain names, IP addresses, and autonomous system numbers (ASNs).
How to apply this intelligence to your current defenses.
Every day, your organization is creating more data that is critical to the operational success of your company. Making sure that you have a proper backup solution to recover data is not only important, it’s vital to the long term success of your business.
Even though users are creating more mission critical data than we have ever seen in the past, that doesn’t mean your backup solution has to be expensive. In this webinar we cover a wide range of options about how you can effectively backup your content without breaking the bank.
The solutions we will cover will take into account being highly fault-tolerant, mindful of high performance, and assurance that your data will be available when you need it.
Amar Singh, Chair of ISACA's UK Security Advisory Group, Exec. Board Member & Consultant to UK's National MBA in Cyber Sec.
Wishful thinking or a cursory security assessment may have worked in the past but dealing with persistent and advanced threats requires an equally sophisticated and mature approach.
While APT’s are on the rise and the use of zero-day vulnerabilities can be one of the weapons for such attacks, reality is that the large majority of incidents – advanced or not – occur using known vulnerabilities. Resolving these is, therefore, paramount to reducing the attack surface for cyber criminals.
Join Amar as he shares his tips on adopting a mature and continuing vulnerability management process that can help organizations reduce risk and be better prepared to respond to APT’s.
According to Verizon’s “2015 Data Breach Investigation Report,” the cyberattacks are becoming increasingly sophisticated. Cybercriminals have been successful in creating new techniques and deceptive tactics that outpace security efforts. Under these conditions, what would be your approach to dealing with security threats?
Join us for a live webinar session and discover how auditing can help mitigate the risk of data breaches and solidify your security strategy overall. During the session, we will talk about:
- The latest data breaches and their ramifications;
- How auditing complements threat-defense mechanisms;
- What should be audited and why.
Today’s cyber attacks have become increasingly more sophisticated, requiring organisations to embrace an agile and ever more adaptive approach to their cyber security strategy. Join our webinar as we discuss the changing landscape of advanced threats in EMEA, look into the anatomy of APTs and explain why conventional security methods are no longer equipped to deal with these advanced attacks. In addition, we’ll share insights into real-life case studies of advanced threat actors using zero-day attacks and how an adaptive defense model allows FireEye to quickly respond, detect and remediate such attacks.
Jason Creasey, Information Security Consultant, Jerakano
Jason will introduce some of the major challenges associated with monitoring and logging cyber security events, highlighting the need to identify indicators of compromise at a much earlier stage and in a more consistent, insightful manner.
He will present a cyber-security monitoring framework, emphasising the benefits of taking a balanced, intelligence-led approach, based on fundamental log management and situational awareness. He will then look at what a cyber-security incident actually is and outline how to prepare for and respond to a cyber-security incident effectively – ensuring that it is properly followed up - helping to reduce the frequency and impact of future cyber security incidents.
Finally, Jason will introduce a cyber-security incident response maturity model, showing how you can measure the maturity of a cyber-security incident response capability.
The growing sophistication and evasiveness of cyber threats have redesigned the paradigms of the information security landscape. Since traditional signature-based technologies alone cannot keep the pace with advanced threats, a breed of new technologies has been developed to fill the gap in what seems an endless arms race against malware creators. In the same time, the volatility of the perimeter, direct consequence of the growing adoption of cloud services, dramatically broadens the vulnerability surface of the organizations, requiring a new approach for the CISOs in terms of both technologies and policies.
In this webcast we will analyse the current threat landscape related to advanced malware, demonstrating that, unlike what is commonly believed, it is not necessarily related to state-sponsored operations, but it is frequently used even in opportunistic attacks (and in several cases also available as a P/SaaS model).
After showing the characteristics that make a malware “advanced” (evasion at the endpoint and network level, polymorphism, etc), the webcast will outline the foundations of a multi-layered approach needed to detect, contain and mitigate the threats posed by advanced threats.
Your Resource for Information Security Trends & Education
With over 200,000 members, the Information Security Community is the largest community of infosec professionals in the industry. Let's build a network that connects people, opportunities, and ideas. If you are involved in purchasing, selling, designing, marketing ... or using information security solutions - this group is for you. Covered topics include compliance, encryption, anti-virus, malware, cloud security, data protection, hacking, network security, virtualization, and more.