A Real World Approach to Risk-Based Security Planning
It's easy to decide to deploy a piece of security technology and think you've mitigated the latest threats. However, a recent study by the Ponemon Institute indicates that despite all of this new technology, there was a 58% increase in malware incidents in 2012. The median cost of a cyber attack in 2012 was $6.1 million. it has been proven that a strong security posture can help to moderate the costs. In order to truly improve security, you must first consider a few key things:
•What you’re protecting
•What it’s worth to you
•What you’re protecting against
•What are the consequences if you fail
Join us to learn how you can start leveraging a risk-based approach to security that can help drive cost out of your organization. This approach will help you to:
•Objectively develop security plans that are prioritized and actionable: Obtaining sufficient budgeted resources can result in $2.1 million less in costs related to dealing with cyber crime. *
•Better understand the costs and benefits:
Extensive use of security metrics can reduce cyber crime related costs by $939,247. *
•Articulate and defend the criticality of your projects:
Employment of security experts like Integralis security and risk management consultants can help you reduce the cost of cyber crime by $1.5 million. *
*Source: Ponemon Institute 2012 US Cost of Cyber Crime Study
RecordedMar 21 201360 mins
Your place is confirmed, we'll send you email reminders
Dale Tesch, NTT Com Security & guest speaker John Kindervag, Forrester Research
Doing more with Less – NTT Com Security and Forrester Research address the growing security skills shortages within your organization and what options are available to reduce your risk of cyber threats while remaining compliant
Dale Tesch, NTT Com Security & Michael Dalgliesh, LogRhythm
NTT Com Security would like to invite you to join us and our partner LogRhythm on July 28th, 2015 from 2:00-3:00 p.m. EST for a webinar addressing the current and ongoing cyber-threat to Financial and Insurance institutions.
Forget the politics, state sponsored attacks and espionage are and will continue to be conducted around the world. Organizations across nearly all verticals are caught in the crossfire or actively targeted. Find out what the threats are, how they operate, and what you can do to help protect your network and data.
In this session you will learn:
1: Consequences of state sponsored hacking
2: How state sponsored attackers operate
3: Steps that can be taken to reduce the risk
Compliance and security departments are recognizing that as they enable the mobile work force, being compliant doesn’t always equal being secure. For mobile security to be effective, tools and policies often need to be customized for specific users, roles, departments, or technologies.
This session will explore:
- Extending and reinforcing security controls and compliance requirements in mobile file share and sync solutions
- The benefits and risks of private vs public cloud deployments
- The features to look for in mobile file sharing and content management solutions
- Specific financial use case
Jamil (Jamie) Mneimneh, Sales Engineer at LogRhythm
NTT Com Security webinar with LogRhythm: Most organizations realize it’s no longer a matter of ‘If’ their organization will be breached but ‘When’ (if it hasn’t already happened and they just don’t know it). The key question is ‘How can you gain better visibility, sooner to the signs that your organization is under attack and respond quickly?’ In this webinar we will examine critical dynamics in the cyber threat landscape. We’ll also discuss how integrating security intelligence with a new and more efficient organizational approach to responding to cyber-attacks can enable organizations to detect and respond to these threats faster and with greater precision than ever before.
Not going to Black Hat or DefCon this year? Don’t worry, we have you covered. Black Hat USA takes place August 2-7 and DefCon follows from August 7-10 in Las Vegas. Chris Camejo, NTT Com Security’s Director of Assessment Services, will give you an inside look at the show’s highlights, trends, and latest tools and techniques.
In this session we’ll cover:
· The latest trends in information security
· What briefings had the most impact
· The latest tools and techniques being used in the industry
If you couldn’t make it to Black Hat or DefCon you won’t want to miss this webinar.
According to our recently published Global Threat Intelligence Report, organizations are under attack every minute of every day. We need to figure out the appropriate balance of risk exposure within the context of our commercial objectives. When companies are able to take risk, they are able to grow and compete effectively. It’s all about understanding risk and making the best decisions for your organization. With threats changing, growing and moving, it’s important to consider risk exposure in the context of commercial objectives. This level of understanding allows you to identify and prioritize the security activities that need to take place, allowing you to move to a state of continuous risk management aligned to your business goals.
In this session we’ll cover:
· Real world examples of risk management driving business forward
· Prioritizing budget relative to risk and opportunity
· Addressing risk proactively and programmatically
· Aligning risk and GRC programs to business strategy
If you’re interested in helping move your organization to a state of managed risk and industry leadership, you won’t want to miss this webinar.
We are constantly reminded by the media of the real and potential threats of attacks. Any organization can be the target of an Advanced Persistent Threat (APT). Even those that may not consider themselves a target need to take into account the fact that information such as customer data, partner data, employee data, merger and acquisition activity, and resources shared with others may be targeted in an attack. Additionally, organizations must recognize that security weaknesses in their environment could be used as a base of attack against customers or business partners who may have information that is valuable to APT attackers.
The NTT Global Threat Intelligence Report analyzed three billion attacks over the course of 2013 and has revealed valuable information, trends and insights surrounding APTs. The report emphasizes advanced techniques to detect, investigate and respond to the threats we face.
Join this webinar where you will learn more about the practical steps organizations are taking to create a rational, proportional approach to tackle attacks. In this fast-paced, informative webinar, we will highlight report findings including:
- Incident response case studies and their financial impact on the victim organizations
- Information organizations can use to improve their operational security
- Proper implementation, management and adjustment of proven control
Don’t miss this opportunity to learn how to help reduce risk by avoiding threats and compress the mitigation timeline, significantly reducing loss exposure.
With the release of PCI-DSS version 3.0 many organizations that are already PCI compliant or are working towards becoming PCI compliant are wondering what these changes will mean to their organization. In this webinar we will take a look at what has changed (and what hasn’t) and the impact this will have on how organizations approach PCI compliance.
Many security initiatives go undone because of a lack of support from executive management to fund them, or push back from the business areas when trying to implement them. This presentation will look at the causes of these issues, and present strategies for overcoming them.
A General does not go into war without a plan, and we as security leaders should not begin to take on securing our organizations without one either. To prevent knee jerk reactions, misaligned investments, failed projects, and general lack of direction, we need to assess the core of our information security pains and plan accordingly. When an organization has an agreed upon and defined direction, funding for projects is easier, knowing what to do next is anticipated, and there is a greater sense of control around the company’s information security. Developing such a strategy can seem a daunting task, however there are ways to attack the problem and make it more manageable. Understand how to develop and maintain this so you can get more sleep at night, confident in your security strategy.
It’s not the Threat it’s the Defense That is Killing You: Rethinking the Information Security Process
In this seminar, NTT Com Security Senior Director Rich Boyer, explores the assumptions we are using to build our information security defenses. The threat is not our enemy, but haphazard approach and failing about without a coherent, quantified strategy.
The fundamental questions are:
• Are we protecting the right things or our we running in place while the attacker is running us in circles?
• What should we, as security organizations, have as our baseline?
• Where should we be spending our resources and how do we justify our ongoing investment?
In this webinar, we explore our baseline and layout the roadmap that we need to take as a small, medium or large enterprise to achieving holistic measures against loss, infiltration and downtime. The three enemies of the information security, CIA (Confidentiality, Integrity and availability) triad.
New, innovative and devastatingly sophisticated cyber threats are emerging that are resistant to our traditional lines of defense. Who are the new enemies and what can we do to reduce the risk and impact on our existing security infrastructure? In this session Jeremy Wolff from NTT Com Security will take a closer look at why traditional and legacy security systems are failing to adequately secure our data and discuss how technologies like Application Security and Access Control can be applied to mitigate these risks.
Integrating SIEM with Network Access Control
Compliance is always top of mind for today’s CISOs. Finding the balance between reducing costs while effectively managing risks is a challenge; failing it can mean damaged bottom lines, reputations, and information put at risk. However, by automating your Risk Management, many of these hazards can be avoided. Leveraging a combination of SIEM and NAC provides greater visibility across the network, alerting you to potential intrusions while simultaneously providing more secure guest access to the network. Risk management strategies fall more easily in line with those of the board, while CISOs can rest assured that their decisions are based off of real time information provided by the system. Expand your risk management and reach across lines of business, all while maintaining full security with an automated system.
Special Guest Jeffrey Richard, Blue Cross Blue Shield MA
Outsourcing business functions does not absolve you from the responsibility of protecting your information or your systems. Yet, many organizations do not perform security evaluations on their security vendors. And of those who have performed security evaluations on various vendors, large and small, they continually find 1) that they have limited experience with information security and 2) their current clients didn't ask the questions they are asking about encryption, data retention, access control, organizational security, etc. Join Jeffrey Richard of Blue Cross Blue Shield Insurance to hear examples, stats and what worked (or didn't) as he implemented a program to assess risk with third parties.
The worlds of regulations and security are closely connected, though historically have not been well aligned. Network Security and compliance teams must work together to balance their efforts and resources to maintain optimal security levels and comply with dozens of complex regulatory requirements. Join us for this webinar to learn how compliance impacts security and how Check Point's Compliance Software Blade revolutionizes compliance and can help you improve security.
-Discover how compliance effects network security
-Learn about real time compliance monitoring, and why you should care about it
-See how a compliance solution can improve security
-Reduce your time preparing for audits and compliance reporting
Modern malware has evolved from being simple, replicating viruses to highly evasive and adaptable network applications that allow hackers to launch increasingly sophisticated and targeted attacks. This new breed of malware is at the heart of many of today's most complex breaches, enabling attackers to gain a foothold within the enterprise from which they can dig deeper into the network, control their attack and steal information. As malware has become more powerful, it has also become more targeted and customized for a particular network, thus helping it avoid traditional signature-based anti-malware solutions.
To meet this challenge, Palo Alto Networks has developed WildFire, which provides the ability to identify malicious behaviors in executable files by running them in a virtual environment and observing their behaviors. This allows Palo Alto Networks to identify malware quickly and accurately, even if the particular sample of malware has never been seen in the wild before.
Integralis is pleased to host Palo Alto Network system engineer, Ted Slockbower, as he demonstrates how WildFire makes use of a customer's on-premises firewalls in conjunction with Palo Alto Networks' cloud-based analysis engine, delivering an ideal blend of protection and performance.
How easy is it to use social networking tools to collect the information from your employees that could lead to data loss, intrusion, fraud, downtime and loss of revenue? Many organizations may have underestimated the threat posed by social networking, but it isn’t too late to regain control without compromising personal privacy. If your organization has assets worth protecting, social engineering definitely is a threat that you need to address. Join us to learn from the practical experience of our speaker, Chris Camejo.
NTT Security seamlessly delivers cyber resilience by enabling organizations to build high-performing and effective security, and risk management programs with controls that enable the increasingly connected world and digital economy to overcome constantly changing security challenges. Through the Full Security Life Cycle, we ensure that scarce resources are used effectively by providing the right mix of integrated consulting, managed, cloud, and hybrid services – delivered by local resources and leveraging our global capabilities. NTT Security is part of the NTT Group (Nippon Telegraph and Telephone Corporation), one of the largest information and communications technology (ICT) companies in the world. For more information, visit www.nttsecurity.com.