The presentation details and explains the most popular methodologies used over the last year in attacking small to medium size businesses and outlines the most cost-effective methods for countering these threats based on real-life case studies.
Everyone is aware that non-mainframe platforms have vulnerability issues. There are a multitude of ways to compromise these platforms as well as the data residing on these platforms. Corporation’s blissfully assume that the IBM mainframe is immune to similar cyber-attacks. While we believe z/OS is a secure platform, it is still susceptible to vulnerabilities that could allow your user community the ability to compromise your z/OS systems and data. This represents a serious flaw in your mainframe security implementation as well as reputational damage and compliance violations.
Vulnerability scanning and penetration testing is stanchly done for non-mainframe platforms and networks. However it is not currently an accepted practice to perform similar audits on z/OS systems. That is starting to change, due in part to; Advanced Targeted Treats, Industrial Espionage, Zero-Day exploits and the creation of new compliance regulations by the United States and other governments..
This presentation will provide a best-practices overview of the need for advanced z/OS Vulnerability Scanning and the related management issues which are required to fully maintain the system integrity and security of the z/OS platform.
The constantly evolving nature of threats and vulnerabilities not only affects individual firms and their customers, but collectively the threats pose a persistent economic and national security challenge. The concepts and principles the security professionals and their managers need to know to conduct or participate in a Cyber incident response event investigation will be presented. Ensuring that proven policies and procedures are established and followed are manager level responsibilities, along with personnel certifications and levels of expertise. These will be discussed along with critical chains of evidence collection and custody in each investigation. The laws, ethics, regulations and boundaries (both technical and political) for investigations and the investigators are next presented to help clarify positions and policies. Finally, the needed relations for the Cyber response team manager are presented; these include technical, management, law enforcement and civil relationships with professionals and organizations. Some of the current tools, tactics and procedures for conducting these activities will be discussed.
No one comes to work for you on day-1 with the intent to do you and your organization harm. They don't show up on that first day to steal your intellectual property, to sabotage your operations, or to give away or sell your secrets to competitors or other nations. They in-fact, on that first day, want to save the world, help you make lots of money, or some other goal than screwing you over. This presentation will look at the leadership factors in private sector and government agencies that creates the environment for the creation of insider threats and will offer some specific mitigations you can use to a) determine if you are at risk, and b) to do something about reducing that risk.
Active Defense has been making a lot of headlines lately. Unfortunately most equate it with hack back and jump to the conclusion that it is illegal. This is a shame since Active Defense can be a very useful tool/technique/process for companies that find themselves persistently attacked. Many companies are beginning to advertise active defense but unfortunately most of it is a glorified version of current defensive systems and techniques. Active Defense cannot be automated and requires the human element. The automation is to detect an attack, once you get into traceback, intell collection and analysis you need the human in the mix. This lecture will discuss what Active Defense really is, a process to help companies address persistent attacks or loss of proprietary data or IP. A decision matrix will be presented that reveals the steps company leadership must take and the decisions they must make in order to address these problems. Finally, this presentation will address the team that is needed, malware analysis, intell collection/analysis, traceback experts, tool/technique development, law and legal analysis, and more all to provide leaders the necessary info to make informed decisions taking into account risk, liability, the law and legal issues.
There is increasing awareness of the threats on the Internet. There
is also an increasing awareness that these threats can affect everyone – from
the largest organizations to individual(s). As increasing numbers of people
look to computer security companies for help, they encounter a confusing
mess of cool sounding words – but much less substance.
This presentation will briefly examine: where Intelligence comes from, provide
several key definitions and examine how people can use these definitions to
ensure they get value for dollars spent on security information.
The presentation will examine the Department of Homeland Security's evolving role in cyber security over the past three Secretaries of DHS. Specifically, DHS's structure and institutional role will be discussed in the context of policy/enforcement issues and the public/private partnership in securing cyber space.
Almost every day the public is exposed to rather bombastic claims of Cyber War, Cyber Pearl Harbor, 9/11, and other scenarios out of the movies Die Hard 4 and Hackers. The over-the-top tone of these statements and "blanket" finger pointing at China and Eastern Europe confuse the public who confuse the already confused politicians who come up with legislation like CISPA, PIPA and government entities that spend money on cyber security like water. This presentation seeks to debunk the notion of cyber war and other Hollywood scenarios and replace it with rational and common sense solutions through the lens of "open source security." This concept looks to blend the open source development community as applied to legislation and intelligence analysis to come up with policies that don't interfere with personal privacy and makes the Internet safe for everyone.
Understanding your Cyber Liability- A Primer for Small & Medium Business
The largest growth area for targeted attacks, comprising 31 percent of all attacks last year was with businesses having fewer than 250 employees. Not surprising since small business is the backbone of any economy and all data has a commodity tied to it. Additionally the cost of breach notification can cost upwards of $200 per record compromised generating significant liability risk. This brief will give you an overview of the threat landscape that small and medium sized business should be concerned about and strategies they can do reduce their risk levels. Large business that utilize small business should also find this brief interesting in order to understand their supply chain risk.
The Apollo moon programme was the touchstone of my youth. Everyone was immersed in its excitement and drama, especially Apollo 13. I believe the cybersecurity industry, as was the Mission Control team at the outset of the Apollo 13 disaster, appears still to be in denial as to the nature and scale of the problems we face and as confused about what to do next. I suggest it is time for us to stand back, as Gene Kranz did, and look at things from a position of status. Let’s look at what is actually happening out there, it might give us a clue as to what to do next.
At the end of this session delegates will have learned:
1. There is nothing to be frightened about with cybersecurity - you don’t need to be a techie to get it right.
2. Most of the cybersecurity technical defences will already be in place within enterprises, they may just not be configured correctly or used properly.
3. The remaining weaknesses and vulnerabilities of our IT systems and networks will be due to human error, ignorance and omission and can be fixed easily and quickly.
Having spoken recently on 'incorporating ERM (Enterprise Risk Management) within an MBP (Modern Business Plan), I could tailor make the presentation to suit the relevant audience. The presentation would involve how to get C suite attention on cyber risk exposures in plan development, training and scenario testing. I would be exposing some very real pitfalls in trying to deal with internal politics within large (and not so large) organisations in getting an area such as cyber security relevant attention at at time of cut backs and reduced IT resources.
An observation of areas where on-line and off-line fraud combine to pose a threat to business. Off line fraud can often be neglected but as we will see it is imperative for businesses to monitor off line activities so they can better protect themselves on-line.
The multifaceted and advanced nature of today’s more sophisticated attacks, and looking into the future at the form they will take in years to come exposes the lack of preparedness of most companies to deal with the complexity and uncertainty they will face. The presentation will present a simulated evolution of a complex attack and highlight the challenges and typical failings, step-by-step as the attack evolves, of the crisis management process which illustrate the problems in attaining real resilience in the cyber domain. In doing so the audience will be led through a typical war game process to discover the value of simulating sophisticated and persistent attacks in order to develop greater preparedness towards more effective cyber resilience.
Theories of crime are an important part of criminological literature as they attempt to describe and
explain criminality at a range of levels. These theories can help researchers and practitioners to
understand how and why crime occurs, to predict future criminal behaviour, to prepare successful
rehabilitative interventions for offenders and to develop appropriate crime prevention strategies. This presentation critically examines several theories of crime at societal, community, socialisation and individual levels and evaluates which of these theories are most applicable to cybercriminal incidents. A range of cybercriminal activities are identified and analysed, including; hacking, malware development and distribution, online child pornography, online predation of children, cyberterrorism, online fraud and identity theft and copyright infringement
The CIA Triad of confidentiality, integrity and availability has served the practice of computer and data security for many years, but in today's world it is inadequate to encompass the complexities to be found in business information.
This presentation introduces the Information Assurance Heptad, which extends the Department of Defense 'Five Pillars Model" and Donn B Parker's Information Assurance Hexad in a model that addresses the key issues for businesses in describing their requirements for information governance and compliance.
With the government wanting to fight cyber crime and get more students interested as well as the jobs marketing being so limited. This presentation is about how Zentek now works with a number of universities in the north of England and helps bring in industry standard tools and methods to academia.