Helen Patton - Cross-Industry Collaboration
•Download as PPTX, PDF•
1 like•1,411 views
This presentation will explore suggestions for ways Security people in Central Ohio can and do collaborate to improve Security practices within and external to organizations. This will explore ISACs, ISAOs, partnerships such as the Collaboratory, Internships, ISSA, etc.
Report
Share
Report
Share
Recommended
Gary Sheehan - Winning a Battle Doesn't Mean We Are Winning the War
In the spirit of Continuous Improvement, we must ask ourselves - Are we doing the best job we can? In this presentation Gary will present some ideas and concepts that can be used to improve the security posture within your organization. These ideas and concepts are not your typical solutions, rather they will force you to make a fundamental change in your approach to implementing security and underlying assumptions about good security practices. This presentation will challenge conventional thinking about how to build a successful security program. After all, what do you have to lose? Are we really winning the cybersecurity war?
Ruben Melendez - Economically Justifying IT Security Initiatives
This presentation discusses frameworks for justifying IT security initiatives and demonstrating their business value. It introduces the Enterprise Value Creation (EVC) framework, which includes principles, stages, and enabling tools for dynamic, collaborative value management. The EVC framework advocates using a Business Value Plan approach rather than just a business case to proactively plan and track value realization over the initiative lifecycle. It provides examples of how tools like the EVC matrix and urgency analysis can be used to assess needs, risks, and pace of initiatives.
Keith Fricke - CISO for an Hour
This presentation is aimed at a technical security audience seeking to advance into a security leadership role. In this interactive presentation, attendees will learn how they need to apply their technical skills in a CISO or security director role. In addition, they will learn the fundamentals of leading people, managing budgets and projects, presenting to an executive audience, and dealing with other challenging issues security leaders face.
Tre Smith - From Decision to Implementation: Who's On First?
This presentation will explore tactics to improve organizational control implementations that meet the spirit of organizational risk decisions. An approach that may help to improve the time it takes to see organizational policy reflected in everyday workplace practice and technologies. Starting with clarifying “Who’s On First?”
Deral Heiland - Fail Now So I Don't Fail Later
With network data breaches being reported weekly, it appears our implementation of prevention solutions is failing. With the average time to detect a breach being greater than 6 months our detection solutions also appear to be failing. Maybe these solutions and technologies are working correctly and we are just not training our teams how to manage, maintain, and leverage those solutions effectively. In this presentation I will be discussing security testing and validation methodologies that includes Internal/external pentesting, social engineering, and red team/blue team exercises. In addition I will be covering how using these methodologies we can better prepare and build a more robust security environment that will keep your organization off the front page.
Brian Henger - Psychological Warfare: How Cyber Criminals Mess With Your Mind
-The evolution of online advertising tactics
-What cyber criminals find appealing about advertising and profiling
-How advertisers and cyber criminals have worked together in the past
-What psychological tactics are used by cyber criminals in real world attacks
-How to protect yourself from psychological attacks
Jeffrey Sweet - Third Party Risk Governance - Why? and How?
In this session information will be presented on Third Party Risk Governance. The presenter will provide a better understand of the what’s, why’s and how’s of a Third Party Risk Governance program and provide some suggestions on sources for a program as well as some of the typical “gotchas”. This presentation will also provide common objections from the recipients of assessments and how to overcome those objections as well as discuss contract language that can be added to your products and services contracts.
William Diederich - Security Certifications: Are They Worth the Investment? A...
The IT world seems to be exploding with certifications, with new ones being offered practically every month. How does one chose from all of the options available, and are they worth it?
This session discusses the plethora of Governance, Risk, Compliance, Security and Technology related certifications being offered today. What are the benefits, and which are the most highly valued? Most importantly, which ones are right for you? Can one get too many certifications, and what’s the balance?
Practical tips and recommendations are offered to help the person who decides on attaining certifications. Including, how to select the best certifications, how to plan a roadmap for achieving them, and successfully completing the plan they set out.
Lastly, the benefits of certifications are discussed, and how to maximize their value.
Recommended
Gary Sheehan - Winning a Battle Doesn't Mean We Are Winning the War
In the spirit of Continuous Improvement, we must ask ourselves - Are we doing the best job we can? In this presentation Gary will present some ideas and concepts that can be used to improve the security posture within your organization. These ideas and concepts are not your typical solutions, rather they will force you to make a fundamental change in your approach to implementing security and underlying assumptions about good security practices. This presentation will challenge conventional thinking about how to build a successful security program. After all, what do you have to lose? Are we really winning the cybersecurity war?
Ruben Melendez - Economically Justifying IT Security Initiatives
This presentation discusses frameworks for justifying IT security initiatives and demonstrating their business value. It introduces the Enterprise Value Creation (EVC) framework, which includes principles, stages, and enabling tools for dynamic, collaborative value management. The EVC framework advocates using a Business Value Plan approach rather than just a business case to proactively plan and track value realization over the initiative lifecycle. It provides examples of how tools like the EVC matrix and urgency analysis can be used to assess needs, risks, and pace of initiatives.
Keith Fricke - CISO for an Hour
This presentation is aimed at a technical security audience seeking to advance into a security leadership role. In this interactive presentation, attendees will learn how they need to apply their technical skills in a CISO or security director role. In addition, they will learn the fundamentals of leading people, managing budgets and projects, presenting to an executive audience, and dealing with other challenging issues security leaders face.
Tre Smith - From Decision to Implementation: Who's On First?
This presentation will explore tactics to improve organizational control implementations that meet the spirit of organizational risk decisions. An approach that may help to improve the time it takes to see organizational policy reflected in everyday workplace practice and technologies. Starting with clarifying “Who’s On First?”
Deral Heiland - Fail Now So I Don't Fail Later
With network data breaches being reported weekly, it appears our implementation of prevention solutions is failing. With the average time to detect a breach being greater than 6 months our detection solutions also appear to be failing. Maybe these solutions and technologies are working correctly and we are just not training our teams how to manage, maintain, and leverage those solutions effectively. In this presentation I will be discussing security testing and validation methodologies that includes Internal/external pentesting, social engineering, and red team/blue team exercises. In addition I will be covering how using these methodologies we can better prepare and build a more robust security environment that will keep your organization off the front page.
Brian Henger - Psychological Warfare: How Cyber Criminals Mess With Your Mind
-The evolution of online advertising tactics
-What cyber criminals find appealing about advertising and profiling
-How advertisers and cyber criminals have worked together in the past
-What psychological tactics are used by cyber criminals in real world attacks
-How to protect yourself from psychological attacks
Jeffrey Sweet - Third Party Risk Governance - Why? and How?
In this session information will be presented on Third Party Risk Governance. The presenter will provide a better understand of the what’s, why’s and how’s of a Third Party Risk Governance program and provide some suggestions on sources for a program as well as some of the typical “gotchas”. This presentation will also provide common objections from the recipients of assessments and how to overcome those objections as well as discuss contract language that can be added to your products and services contracts.
William Diederich - Security Certifications: Are They Worth the Investment? A...
The IT world seems to be exploding with certifications, with new ones being offered practically every month. How does one chose from all of the options available, and are they worth it?
This session discusses the plethora of Governance, Risk, Compliance, Security and Technology related certifications being offered today. What are the benefits, and which are the most highly valued? Most importantly, which ones are right for you? Can one get too many certifications, and what’s the balance?
Practical tips and recommendations are offered to help the person who decides on attaining certifications. Including, how to select the best certifications, how to plan a roadmap for achieving them, and successfully completing the plan they set out.
Lastly, the benefits of certifications are discussed, and how to maximize their value.
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
From this presentation you will learn:
· A brief history of encryption
· How encryption is now deployed in the enterprise
· Encryption and key management best practices to keep data safe
Carolyn Engstrom - IT Data Analytics: Why the Cobbler's Children Have No Shoes
This presentation is to provide IT departments who have not leveraged their own data analytics skills for increasing the efficiency and effectiveness of compliance efforts to implement very low-cost solutions while achieving high returns on investment. Focusing on understanding how audit performs testing should assist IT organizations in designing their own compliance testing. Multiple examples will be provided to demonstrate how unlocking the potential of small and/or unstructured data and focusing on data relationships will improve overall data integrity and provide quantifiable measures of operational effectiveness.
Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...
This document summarizes a presentation on building a cybersecurity risk management program. Some key points:
- The presenter discusses the importance of understanding business impacts of cybersecurity failures and balancing compliance obligations with operational risks.
- Cybersecurity controls must be embedded in business processes to be effective.
- As an executive, one must understand the organization's risk posture relative to peers and how the organization responds to incidents.
- The presenter emphasizes communicating cybersecurity risks using common language executives can understand and prioritizing risks based on limited resources.
Aaron Higbee - The Humanity of Phishing Attack & Defense
In 2015, phishing related breaches dominated security news headlines, and will likely remain the leading initial point-of-entry method for 2016. Not surprisingly an upswing in security awareness spending has paralleled the rise in phishing. In this presentation we dive deep into the largest data pool of human phishing susceptibility and also new research about phishing awareness. We will also look at phishing from the attacker’s point of view and look for opportunities to be better defenders.
Let’s examine the evidence and decide if awareness is the problem. Why do users who are aware of phishing continue to fall for it? What are some of the most successful phishing themes? What are some common response rates? And finally, what can conditioned informants (your co-workers) reporting suspicious emails bring to the table?
Bill Lisse - Communicating Security Across the C-Suite
CISO's are increasingly being included in Board and Executive discussions. Skills for developing CISOs need to include soft skills, including the ability to communicate across the executive table. This presentation is about the sell versus the tell.
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...
A method to define minimum controls, policies, and procedures to apply to devices not controlled by the organization.
NESCO Town Hall Workforce Development Presentation
Moderated and Presented by Andy Bochman
Discussion Topic: Workforce Development in the ICS WorkPlace
Discussion Abstract: Ask anyone working in the field at an electric utility about cybersecurity and the conversation will inevitably turn to the shortage of a qualified security staff with knowledge of our industry. The need to comply with NERC CIP standards, secure the rapidly proliferating smart grid technologies, and defend against the threat of cyber attacks targeting control systems, makes the short supply of cybersecurity talent is a critical issue.
Scrubbing Your Active Directory Squeaky Clean
Bytes Technology identified Active Directory issues within their customer base, so they brought in NetIQ as a strategic partner. This deck outlines how scrubbing your environment clean with the right tools and processes will help you keep your Active Directory environment consistent, manageable, auditable and efficient.
Building Human Intelligence – Pun Intended
Presented by: Rohyt Belani, Phishme
Abstract: In the physical world, the human brain has evolved to avoid danger. The threat of physical pain triggers fear – and we have learned to avoid behavior that causes pain. In the electronic world of email, however, this concept doesn’t translate. Clicking on a malicious link or opening an attachment laced with malware doesn’t cause pain, and often a user won’t even notice anything is wrong after doing it. How then, can we teach fear perception in the electronic world? Is it even possible? In this presentation I’ll discuss how immersive training can key on psychological triggers to teach people to become skeptical email users who not only avoid undesired security behavior but can aid intrusion detection by reporting suspicious emails, helping to mitigate one of the most serious problems in security: slow incident detection times. According to reports from Mandiant and Verizon, average detection time for an incident is in the hundreds of days. A properly trained workforce is not only resilient to phishing attacks, but can improve detection times as well.
A Smarter, More Secure Internet of Things
Presented at the Gartner Identity & Access Management Summit, London, Travis Greene discussed the opportunities and challenges of the Internet of Things (IoT), as well as the early indicators of what the IoT world will look like. He also addressed IoT security and privacy, and the critical role that identity will play in the future.
Achieving Compliance Through Security
This document discusses the challenges of audit compliance and proposes a continuous monitoring approach. It describes how organizations often scramble to prepare for audits in an unplanned, reactive way that disrupts work and does not maintain long-term compliance. The document proposes establishing security controls integrated with daily operations to make compliance a natural byproduct. It provides steps for continuous monitoring, including categorizing assets, determining risk thresholds, setting monitoring frequencies, and generating detailed reports to assess risk and guide security improvements. The benefits are presented as leveraging automation to reduce audit effort while providing objective data to address gaps and priorities.
CISO's first 100 days
- The document outlines a roadmap for a CISO's first 100 days in a new role. It discusses assessing the organization's security posture, planning security strategy and goals, and taking initial actions like redefining teams. Key steps include preparing for day one, assessing people and processes, planning strategy and a 2-3 year roadmap, acting on projects and technology selection, and measuring program impact and providing executive reports. The roadmap is meant to help a new CISO gain insight, define a security vision, and show early progress and wins.
Dynamic Cyber Defense
Presented by: John Fleker, HP
Abstract: The cyber threat landscape is continually evolving. More and more, the critical infrastructure of our nation is at risk. Whether by nation-state actors, criminal organizations, hacktivists or any number of hackers looking to prove their skills, our safety and economic prosperity is threatened. There are four things that must be considered in order to address the evolving threats:
1- Becoming more proactive in our cyber defense efforts through intelligence
2- Better user behavior management
3- Assessing risk using meaningful metric
4- Resilience – operating through an intrusion
We need to look at the threat picture differently – in a proactive way – to ensure that CEO’s and CIO/CISO’s are on the same page regarding the threat, to allow those leaders to make better resourcing decisions and to be better prepared to mitigate adversaries when they arrive at the security perimeter. We need to integrate a wider set of intelligence into our thinking. This is critical to taking a more proactive stance in defending your networks. Combined with what you know of your own network, cyber intelligence strategically helps make solid resource planning decisions and functionally, helps your network operators better defend, mitigate and operate through cyber intrusions. The Operational Levels of Cyber Intelligence paper by the Intelligence and National Security Alliance details a better way of using intelligence.
www.insaonline.org/i/d/a/Resources/CyberIntel_WP.aspx
Additionally, we must increase info sharing across the board. Executive Order 13636 - Improving Critical Infrastructure Cybersecurity is leading critical infrastructure that direction.
Building A Cloud-Ready Security Program
Presented at ISACA's Enterprise Risk Management: Provide Security from CyberThreats virtual conference.
Cybersecurity for Energy: Moving Beyond Compliance
Presented by: Gib Sorebo, SAIC
Abstract: For the last few years, energy companies, particularly electric utilities, have been scrambling to meet the onslaught of cybersecurity regulations. However, hackers don’t follow regulations, so the need to rapidly address evolving threats is imperative to meet expectations of senior leadership, board members, and shareholders. This session will discuss how a mature governance structure and a cybersecurity strategy based on a comprehensive understanding of business risk can be used to address threats, comply with regulations, and obtain support from company stakeholders.
Black Hat USA 2015: A Visual Snapshot of Security Threats, Trends and Ideas
The document discusses several topics related to cybersecurity including integrating endpoint technologies to stop threats, developing adaptive defenses to identify attackers, using threat modeling to assess vulnerabilities, selecting effective endpoint security products, protecting critical servers from advanced threats, finding exploitable flaws through fuzzing, implementing the top 4 critical controls, modern botnets posing major risks to banks, gathering additional threat intelligence from security tools, and training admins to detect and react to attacks.
Security initiatives here and down under
This is a presentation introducing the SANS Institute's 20 Security Controls and the Australian Government's Top 35 Mitigation Strategies that I gave to The Small Business Technology Consulting Group in St Paul MN on November 13, 2012
2015 KSU So You Want To Be in Cyber Security
Cyber security is an important and growing field due to increasing threats from cybercriminals. The document discusses why cyber security is needed to protect national security, public health and safety, and economic well-being from issues like hacking of devices like insulin pumps. It notes that many systems and devices are now connected but not sufficiently secured. The document encourages pursuing cyber security as a career path due to the growing number of jobs and need for professionals in the field. It provides tips on how to launch a career in cyber security such as getting educated and certified in important skills.
NTXISSACSC1 Conference - Cybersecurity 2014 by Andrea Almeida
Cybersecurity 2014: The Impact of Policies and Regulations on Companies by Andrea Almeida from the First Semi-Annual Cyber Security Conference in Plano, Texas held September 26-27, 2014.
How to Build Your Own Cyber Security Framework using a Balanced Scorecard
Presented by: Russell Thomas, George Mason University
Abstract: Two aspects of cyber security that everyone struggles with are metrics and business impact. How do we measure it to improve and how do we make it meaningful to business decision makers? This gap appeared again recently in the NIST Cyber Security Framework (CSF) process RFI responses. But there is no need to wait for NIST CSF or anything else because there is a viable method available now that you can use to build your own CSF. Namely the “Balanced Scorecard” method.
The key idea is to focus on performance against measurable objectives in all critical dimensions that, taken together, will lead to better security, privacy, and resiliency outcomes, even in a dynamic and highly uncertain threat environment. In this presentation, we’ll explain the ten critical dimensions of cyber security performance, explain how they are interrelated and feed off each other, show how to create a performance index in each dimension, and describe how the balanced scorecard can be used to drive executive decisions. This presentation should be valuable to managers and executives in every type of organization in the energy sector, including the supply/service chain. Consultants, regulators, and academics should also find it interesting and useful.
Devoxx Retrospective sailing - Collaboration Games june16 being agile
A hands on workshop facilitating a hands on retrospective team game that aims to help you achieve that feeling of Smooth Sailing.
Attendees will be introduced to this game, play the game, and feedback to the room, with case examples and tips for facilitating the game themselves.
Smooth Sailing is a game you can play as a development team, or, with clients and customers to help understand the product you are building better and, how the journey to its creation is fairing.
This game will give you a new and fun way to run a retrospective to help to gain your barrings, identify what's putting the wind in your sails, the anchors holding you back, and discover your buried treasure. Then you'll plot your course and map a way forward that raises those anchors and catches the tide and a fair wind.
Merchants, Pirates and Cruisers welcome, bring your captain, crew and guests! Join us for some constructive fun, and feel free to bring an idea for a topic you'd like to reflect on.
Teams attending the workshop as a group can work on their own current journeys. Individuals can join groups reflecting on a common shared topic. All puns intended, see you onboard!
www.beingagile.co.uk
SharePoint 2013: What's New For Legal?
Since its introduction in 2001, SharePoint has been a juggernaut in legal services, supporting everything from intranets to content management and beyond. The release of SharePoint 2013 offers substantial new features, such as enterprise search, moving to the cloud and a customizable app model -- all significant improvements that can positively impact your IT performance.
In this presentation, we will discuss SharePoint 2013's new capabilities, such as enhanced search and collaboration, as well as new ways to visualize and create workflows. We'll also cover:
- Top reasons for -- and warnings about -- moving SharePoint to the cloud
- How to reduce risk and administration in SharePoint and its applications
- Talent and tools needed to undertake application development for SharePoint
- A demonstration of a successful SharePoint legal app
Speaker: Ted Theodoropoulos, as the founder and President of Acrowire, combines his interest in technology with his passion to improve the business productivity of entrepreneurs and corporations. He has a background in technology going back to the early 1980s and is an expert at reducing the cost of doing business by identifying process inefficiencies and implementing the right technology solution to bridge the gap. Ted has earned Six Sigma Green and Black Belt certifications, and his Green Belt work led to a United States patent for which he was recognized with the 2007 Best of Six Sigma Award. He is a Microsoft Certified Professional and a Certified Scrum Master. Contact Ted at ted@acrowire.com.
More Related Content
What's hot
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
From this presentation you will learn:
· A brief history of encryption
· How encryption is now deployed in the enterprise
· Encryption and key management best practices to keep data safe
Carolyn Engstrom - IT Data Analytics: Why the Cobbler's Children Have No Shoes
This presentation is to provide IT departments who have not leveraged their own data analytics skills for increasing the efficiency and effectiveness of compliance efforts to implement very low-cost solutions while achieving high returns on investment. Focusing on understanding how audit performs testing should assist IT organizations in designing their own compliance testing. Multiple examples will be provided to demonstrate how unlocking the potential of small and/or unstructured data and focusing on data relationships will improve overall data integrity and provide quantifiable measures of operational effectiveness.
Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...
This document summarizes a presentation on building a cybersecurity risk management program. Some key points:
- The presenter discusses the importance of understanding business impacts of cybersecurity failures and balancing compliance obligations with operational risks.
- Cybersecurity controls must be embedded in business processes to be effective.
- As an executive, one must understand the organization's risk posture relative to peers and how the organization responds to incidents.
- The presenter emphasizes communicating cybersecurity risks using common language executives can understand and prioritizing risks based on limited resources.
Aaron Higbee - The Humanity of Phishing Attack & Defense
In 2015, phishing related breaches dominated security news headlines, and will likely remain the leading initial point-of-entry method for 2016. Not surprisingly an upswing in security awareness spending has paralleled the rise in phishing. In this presentation we dive deep into the largest data pool of human phishing susceptibility and also new research about phishing awareness. We will also look at phishing from the attacker’s point of view and look for opportunities to be better defenders.
Let’s examine the evidence and decide if awareness is the problem. Why do users who are aware of phishing continue to fall for it? What are some of the most successful phishing themes? What are some common response rates? And finally, what can conditioned informants (your co-workers) reporting suspicious emails bring to the table?
Bill Lisse - Communicating Security Across the C-Suite
CISO's are increasingly being included in Board and Executive discussions. Skills for developing CISOs need to include soft skills, including the ability to communicate across the executive table. This presentation is about the sell versus the tell.
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...
A method to define minimum controls, policies, and procedures to apply to devices not controlled by the organization.
NESCO Town Hall Workforce Development Presentation
Moderated and Presented by Andy Bochman
Discussion Topic: Workforce Development in the ICS WorkPlace
Discussion Abstract: Ask anyone working in the field at an electric utility about cybersecurity and the conversation will inevitably turn to the shortage of a qualified security staff with knowledge of our industry. The need to comply with NERC CIP standards, secure the rapidly proliferating smart grid technologies, and defend against the threat of cyber attacks targeting control systems, makes the short supply of cybersecurity talent is a critical issue.
Scrubbing Your Active Directory Squeaky Clean
Bytes Technology identified Active Directory issues within their customer base, so they brought in NetIQ as a strategic partner. This deck outlines how scrubbing your environment clean with the right tools and processes will help you keep your Active Directory environment consistent, manageable, auditable and efficient.
Building Human Intelligence – Pun Intended
Presented by: Rohyt Belani, Phishme
Abstract: In the physical world, the human brain has evolved to avoid danger. The threat of physical pain triggers fear – and we have learned to avoid behavior that causes pain. In the electronic world of email, however, this concept doesn’t translate. Clicking on a malicious link or opening an attachment laced with malware doesn’t cause pain, and often a user won’t even notice anything is wrong after doing it. How then, can we teach fear perception in the electronic world? Is it even possible? In this presentation I’ll discuss how immersive training can key on psychological triggers to teach people to become skeptical email users who not only avoid undesired security behavior but can aid intrusion detection by reporting suspicious emails, helping to mitigate one of the most serious problems in security: slow incident detection times. According to reports from Mandiant and Verizon, average detection time for an incident is in the hundreds of days. A properly trained workforce is not only resilient to phishing attacks, but can improve detection times as well.
A Smarter, More Secure Internet of Things
Presented at the Gartner Identity & Access Management Summit, London, Travis Greene discussed the opportunities and challenges of the Internet of Things (IoT), as well as the early indicators of what the IoT world will look like. He also addressed IoT security and privacy, and the critical role that identity will play in the future.
Achieving Compliance Through Security
This document discusses the challenges of audit compliance and proposes a continuous monitoring approach. It describes how organizations often scramble to prepare for audits in an unplanned, reactive way that disrupts work and does not maintain long-term compliance. The document proposes establishing security controls integrated with daily operations to make compliance a natural byproduct. It provides steps for continuous monitoring, including categorizing assets, determining risk thresholds, setting monitoring frequencies, and generating detailed reports to assess risk and guide security improvements. The benefits are presented as leveraging automation to reduce audit effort while providing objective data to address gaps and priorities.
CISO's first 100 days
- The document outlines a roadmap for a CISO's first 100 days in a new role. It discusses assessing the organization's security posture, planning security strategy and goals, and taking initial actions like redefining teams. Key steps include preparing for day one, assessing people and processes, planning strategy and a 2-3 year roadmap, acting on projects and technology selection, and measuring program impact and providing executive reports. The roadmap is meant to help a new CISO gain insight, define a security vision, and show early progress and wins.
Dynamic Cyber Defense
Presented by: John Fleker, HP
Abstract: The cyber threat landscape is continually evolving. More and more, the critical infrastructure of our nation is at risk. Whether by nation-state actors, criminal organizations, hacktivists or any number of hackers looking to prove their skills, our safety and economic prosperity is threatened. There are four things that must be considered in order to address the evolving threats:
1- Becoming more proactive in our cyber defense efforts through intelligence
2- Better user behavior management
3- Assessing risk using meaningful metric
4- Resilience – operating through an intrusion
We need to look at the threat picture differently – in a proactive way – to ensure that CEO’s and CIO/CISO’s are on the same page regarding the threat, to allow those leaders to make better resourcing decisions and to be better prepared to mitigate adversaries when they arrive at the security perimeter. We need to integrate a wider set of intelligence into our thinking. This is critical to taking a more proactive stance in defending your networks. Combined with what you know of your own network, cyber intelligence strategically helps make solid resource planning decisions and functionally, helps your network operators better defend, mitigate and operate through cyber intrusions. The Operational Levels of Cyber Intelligence paper by the Intelligence and National Security Alliance details a better way of using intelligence.
www.insaonline.org/i/d/a/Resources/CyberIntel_WP.aspx
Additionally, we must increase info sharing across the board. Executive Order 13636 - Improving Critical Infrastructure Cybersecurity is leading critical infrastructure that direction.
Building A Cloud-Ready Security Program
Presented at ISACA's Enterprise Risk Management: Provide Security from CyberThreats virtual conference.
Cybersecurity for Energy: Moving Beyond Compliance
Presented by: Gib Sorebo, SAIC
Abstract: For the last few years, energy companies, particularly electric utilities, have been scrambling to meet the onslaught of cybersecurity regulations. However, hackers don’t follow regulations, so the need to rapidly address evolving threats is imperative to meet expectations of senior leadership, board members, and shareholders. This session will discuss how a mature governance structure and a cybersecurity strategy based on a comprehensive understanding of business risk can be used to address threats, comply with regulations, and obtain support from company stakeholders.
Black Hat USA 2015: A Visual Snapshot of Security Threats, Trends and Ideas
The document discusses several topics related to cybersecurity including integrating endpoint technologies to stop threats, developing adaptive defenses to identify attackers, using threat modeling to assess vulnerabilities, selecting effective endpoint security products, protecting critical servers from advanced threats, finding exploitable flaws through fuzzing, implementing the top 4 critical controls, modern botnets posing major risks to banks, gathering additional threat intelligence from security tools, and training admins to detect and react to attacks.
Security initiatives here and down under
This is a presentation introducing the SANS Institute's 20 Security Controls and the Australian Government's Top 35 Mitigation Strategies that I gave to The Small Business Technology Consulting Group in St Paul MN on November 13, 2012
2015 KSU So You Want To Be in Cyber Security
Cyber security is an important and growing field due to increasing threats from cybercriminals. The document discusses why cyber security is needed to protect national security, public health and safety, and economic well-being from issues like hacking of devices like insulin pumps. It notes that many systems and devices are now connected but not sufficiently secured. The document encourages pursuing cyber security as a career path due to the growing number of jobs and need for professionals in the field. It provides tips on how to launch a career in cyber security such as getting educated and certified in important skills.
NTXISSACSC1 Conference - Cybersecurity 2014 by Andrea Almeida
Cybersecurity 2014: The Impact of Policies and Regulations on Companies by Andrea Almeida from the First Semi-Annual Cyber Security Conference in Plano, Texas held September 26-27, 2014.
How to Build Your Own Cyber Security Framework using a Balanced Scorecard
Presented by: Russell Thomas, George Mason University
Abstract: Two aspects of cyber security that everyone struggles with are metrics and business impact. How do we measure it to improve and how do we make it meaningful to business decision makers? This gap appeared again recently in the NIST Cyber Security Framework (CSF) process RFI responses. But there is no need to wait for NIST CSF or anything else because there is a viable method available now that you can use to build your own CSF. Namely the “Balanced Scorecard” method.
The key idea is to focus on performance against measurable objectives in all critical dimensions that, taken together, will lead to better security, privacy, and resiliency outcomes, even in a dynamic and highly uncertain threat environment. In this presentation, we’ll explain the ten critical dimensions of cyber security performance, explain how they are interrelated and feed off each other, show how to create a performance index in each dimension, and describe how the balanced scorecard can be used to drive executive decisions. This presentation should be valuable to managers and executives in every type of organization in the energy sector, including the supply/service chain. Consultants, regulators, and academics should also find it interesting and useful.
What's hot (20)
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
Carolyn Engstrom - IT Data Analytics: Why the Cobbler's Children Have No Shoes
Carolyn Engstrom - IT Data Analytics: Why the Cobbler's Children Have No Shoes
Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...
Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...
Aaron Higbee - The Humanity of Phishing Attack & Defense
Aaron Higbee - The Humanity of Phishing Attack & Defense
Bill Lisse - Communicating Security Across the C-Suite
Bill Lisse - Communicating Security Across the C-Suite
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...
NESCO Town Hall Workforce Development Presentation
NESCO Town Hall Workforce Development Presentation
Cybersecurity for Energy: Moving Beyond Compliance
Cybersecurity for Energy: Moving Beyond Compliance
Black Hat USA 2015: A Visual Snapshot of Security Threats, Trends and Ideas
Black Hat USA 2015: A Visual Snapshot of Security Threats, Trends and Ideas
NTXISSACSC1 Conference - Cybersecurity 2014 by Andrea Almeida
NTXISSACSC1 Conference - Cybersecurity 2014 by Andrea Almeida
How to Build Your Own Cyber Security Framework using a Balanced Scorecard
How to Build Your Own Cyber Security Framework using a Balanced Scorecard
Viewers also liked
Devoxx Retrospective sailing - Collaboration Games june16 being agile
A hands on workshop facilitating a hands on retrospective team game that aims to help you achieve that feeling of Smooth Sailing.
Attendees will be introduced to this game, play the game, and feedback to the room, with case examples and tips for facilitating the game themselves.
Smooth Sailing is a game you can play as a development team, or, with clients and customers to help understand the product you are building better and, how the journey to its creation is fairing.
This game will give you a new and fun way to run a retrospective to help to gain your barrings, identify what's putting the wind in your sails, the anchors holding you back, and discover your buried treasure. Then you'll plot your course and map a way forward that raises those anchors and catches the tide and a fair wind.
Merchants, Pirates and Cruisers welcome, bring your captain, crew and guests! Join us for some constructive fun, and feel free to bring an idea for a topic you'd like to reflect on.
Teams attending the workshop as a group can work on their own current journeys. Individuals can join groups reflecting on a common shared topic. All puns intended, see you onboard!
www.beingagile.co.uk
SharePoint 2013: What's New For Legal?
Since its introduction in 2001, SharePoint has been a juggernaut in legal services, supporting everything from intranets to content management and beyond. The release of SharePoint 2013 offers substantial new features, such as enterprise search, moving to the cloud and a customizable app model -- all significant improvements that can positively impact your IT performance.
In this presentation, we will discuss SharePoint 2013's new capabilities, such as enhanced search and collaboration, as well as new ways to visualize and create workflows. We'll also cover:
- Top reasons for -- and warnings about -- moving SharePoint to the cloud
- How to reduce risk and administration in SharePoint and its applications
- Talent and tools needed to undertake application development for SharePoint
- A demonstration of a successful SharePoint legal app
Speaker: Ted Theodoropoulos, as the founder and President of Acrowire, combines his interest in technology with his passion to improve the business productivity of entrepreneurs and corporations. He has a background in technology going back to the early 1980s and is an expert at reducing the cost of doing business by identifying process inefficiencies and implementing the right technology solution to bridge the gap. Ted has earned Six Sigma Green and Black Belt certifications, and his Green Belt work led to a United States patent for which he was recognized with the 2007 Best of Six Sigma Award. He is a Microsoft Certified Professional and a Certified Scrum Master. Contact Ted at ted@acrowire.com.
Productivity Hacking for Team Collaboration
What does it take to get people to be more engaged within SharePoint? That's the focus of this session from #SPTechCon, which walks through a design and planning perspective on making SharePoint more productivity-focused.
Webinar: Microsoft Teams is Here! Presented by Avanade, AvePoint and Microsoft.
Just announced, Christophe Fiessenger, Program Manager for Office 365 Groups at Microsoft and AvePoint present a new webinar on Office 365 Groups! Register now: http://avept.it/2gIdgZF
By definition, Microsoft Teams is a chat-based workspace in Office 365 designed for teams of colleagues to collaborate. By design, Microsoft Teams is poised to change the way every individual in your organization works together – from Millennials to Baby Boomers.
Our panel of subject matter experts and MVPs, from AvePoint, Avanade, and Microsoft, discussed:
What is Microsoft Teams and what can it do for my organization?
What are the benefits of introducing Microsoft Teams to my end users?
What are the considerations of introducing Microsoft Teams to my end users?
How do I provide guidance (and governance) for my end users when rolling out Microsoft Teams alongside Yammer, Office 365 Groups, and everything else in their collaboration toolkit?
By the end of our webinar, we hope to have brought clarity about he impact Microsoft Teams can have on your organization and how adopting this upcoming addition to Office 365 can ensure your multi-generational teams are collaborating and communicating effectively.
Online learning and professional collaboration
Webinar on an online course: Make eTwinning Live!
November 29th, 2016
Participants: European teachers
Microsoft Office 365 Presentation
This document describes the benefits of Microsoft Office 365 for businesses, including business-class email, HD video conferencing, file sharing, anywhere access, simple IT management, and technical support. It notes that Office 365 allows businesses to keep the control they want while providing services that work together across devices, without the need to set up servers. It also highlights features like Office apps always being up to date, using Office on 5 devices per user, having everything needed in one place, and syncing files for offline viewing and editing.
Viewers also liked (6)
Devoxx Retrospective sailing - Collaboration Games june16 being agile
Devoxx Retrospective sailing - Collaboration Games june16 being agile
Webinar: Microsoft Teams is Here! Presented by Avanade, AvePoint and Microsoft.
Webinar: Microsoft Teams is Here! Presented by Avanade, AvePoint and Microsoft.
Similar to Helen Patton - Cross-Industry Collaboration
Building a business case & selecting an ehs mis platform
This document provides an overview of building a business case and selecting an environmental, health, and safety management information system (EHS MIS) platform. It discusses the 7 key steps in building a business case, including finding catalysts, knowing stakeholders, analyzing the current and future states, developing solutions, consolidating value, estimating financials, and presenting the case. It also outlines the 5 key stages and 12 key steps in selecting an EHS MIS platform, such as developing needs analysis, force ranking needs, separating wants from needs, requesting vendor information and demos, conducting sandbox trials, checking references, and working with internal IT.
Analytics in Action - Introduction
This document provides an introduction to a course on business analytics. It outlines the course objectives to build students' knowledge of applying analytics in various industry settings. It presents the course facilitator and their background working with companies in analytics. The document details the course agenda, which includes fundamentals of analytics, case study methodology, and a case studies module. It lists administrative details like the grading structure and provides an overview of data science challenges and techniques.
Estrat social2014
The document discusses how enterprise technologies can improve apprenticeships. It examines technologies like ERP, CRM, web services, social media, mobile apps and gamification. It asks questions about the objectives of an organization's information system, what they are trying to improve, what knowledge is needed to use the tools, and how to measure success. CRM can help understand clients' motivations, experiences and objectives to improve processes. Knowledge of tools, measurable outcomes, and network improvement are key.
IISME_Fellowship_2015_JFS
This document outlines the structure and content of a module on big data. It includes 3 sessions:
1) An introduction to big data, what it is, why it matters, and the big data ecosystem. Students are assigned a proposal on using big data for analysis.
2) A discussion of MapReduce concepts, architecture, and the big data ecosystem. Students submit research and references.
3) Student presentations of use cases. This session also covers the data science process, a SWOT analysis of big data, the internet of things, and a Cisco IoT use case using predictive analytics.
2014 06-17 Connections Meets Big Data - Social Connections VI
This document discusses how social media analysis (SMA) can provide insights into internal collaboration platforms like IBM Connections. SMA analyzes unstructured data through techniques like concept analysis, hotword identification, and sentiment analysis. It can surface topics employees are engaged with, opinions on products/services, discussions of company decisions, and more. The strategy is to transform big data within the collaboration platform into valuable knowledge through SMA, delivering answers at the push of a button. SMA configurations allow querying data sources and customizing analysis types, concepts, and hotwords. Reports then showcase results like share of voice by type/hotword, sentiment breakdowns, and topic evolutions over time.
IANS Connector Event Deck: Factor 4
Here's a look at what we discuss at an IANS Connector Event. We bring together a diverse group of high-level information security professionals for collective discussion and problem-solving. Participants will take away actionable insights which will allow them to become more effective leaders.
Wagner Analytics Bb World2012
The document discusses learning analytics and why they are important for educational institutions. It begins by defining analytics and explaining why they are useful for optimizing online experiences by analyzing user data and behavior. It then discusses how educational institutions can apply analytics to improve retention by mining data from sources like learning management systems and course surveys. Finally, it provides tips for implementing analytics, noting that analytics can help improve learning outcomes but institutions need to have the right skills and use data responsibly to ensure it benefits students.
Introduction
This document provides an introduction to a course on business analytics. It outlines the course objectives to build students' knowledge of applying analytics in various industry settings. It discusses administrative details like the grading structure and course schedule. It also introduces fundamental concepts in data science and analytics, including common techniques. The document describes the case study methodology that will be used, involving analyzing organizations' data-driven business models and decision-making processes.
Top_10_Interview_Questions_That_You_Should_Know_as_an_Information.pptx
Cyber security practices involve preventing malicious attacks on computers, servers, mobile devices, electronic systems, networks, and data. It is also called information technology security or electronic information security.
https://www.infosectrain.com/courses/ceh-v11-certification-training/
Creating A Diverse CyberSecurity Program
CyberSecurity has multiple facets. This talk will cover the various aspects. This talk will also highlight the fundamental problems in the space; from the technical, policy and personnel perspectives. A diverse agenda with a singular, focused mission needs to have multiple voices and cultures at the table. Thus, this talk will focus heavily on bias and ways of addressing them in the effort of creating a world class cybersecurity program.
Network2013
The document discusses social business and leveraging social networks. It covers topics like understanding customer motivations, measuring success through metrics, focusing on organizational processes and transactions, improving knowledge and leveraging tools. It emphasizes that social business helps understand internal and external clients of an organization.
What is an IANS Connector Event? - Factor 5
Here's a look at what we discuss at an IANS Connector Event. We bring together a diverse group of high-level information security professionals for collective discussion and problem-solving. Participants will take away actionable insights that will allow help them become more effective leaders.
Be More Secure than your Competition: MePush Cyber Security for Small Business
The document provides guidance on improving cybersecurity through basic training and awareness. It discusses how people are often the biggest vulnerability and outlines common social engineering tactics like playing on emotions, creating a sense of urgency, and using hyperlinks or attachments in emails. It recommends continuous education and emphasizes that antivirus alone is not sufficient, and that email filtering and training are important defenses against phishing attacks. Additional resources are provided to help test for phishing vulnerabilities and check if email addresses have been involved in data breaches. Physical security controls and separating financial duties are also recommended to reduce fraud risks.
Improve Information Security Practices in the Small Enterprise
Over 80% of small-medium sized business consider themselves non-targets for cyber-attacks. However, 60% of all targeted attacks are towards small-medium sized organizations. The capabilities of hackers have risen dramatically in the last two years. Organizations of all sizes need a security plan. Security by obscurity is no longer a viable option. Adopt a proven strategy to protect vital corporate assets.
2013 Data Protection Maturity Trends: How Do You Compare?
This document summarizes a presentation on data protection trends and maturity. It discusses evolving threats like BYOD and advanced persistent threats. A survey found that most organizations struggle with administrative, technical, and motivational controls related to data protection. A maturity model was presented with levels ranging from ad hoc to optimal for areas like security policies, enforcement, and employee education. Recommendations included creating comprehensive policies, implementing robust technical controls, and providing ongoing security training.
Share Point Summit 2010 - Selling SharePoint to Decision Makers
This presentation outlines seven steps to sell SharePoint to decision makers: 1) Discover the current state of collaboration, 2) Define business drivers, 3) Analyze SharePoint capabilities and align them to objectives, 4) Develop a vision for SharePoint, 5) Blueprint the future state, 6) Architect an implementation strategy, and 7) Build a roadmap. It uses a client case study to illustrate how following these steps led to approval of funds for a global collaboration initiative using SharePoint. The presentation provides templates and examples for each step, with the goal of building a clear, fact-based business case to obtain executive support and funding.
Embracing Threat Intelligence and Finding ROI in Your Decision
Threat intelligence has long existed but is now recognized as a distinct discipline. Tradecraft and technology in threat intelligence are rapidly maturing, along with industry expectations. Choosing how to invest in threat intelligence programs should be driven by business risk, though any organization can be targeted. Providing context increases the value of threat intelligence, and the strongest programs understand the return on investment of sharing intelligence externally.
Sharing Secrets of Successful Partnerships
This document summarizes a presentation about developing successful industry partnerships for competency-based education programs. It discusses determining regional employer workforce needs through activities like executive roundtables. Employers provide data on in-demand jobs and skills gaps. This informs the development of job-aligned curriculum and accelerated learning opportunities. The presentation provides examples of tools used to engage employers, including surveys to identify needs, staffing plans, and collaborative stakeholder groups. Evidence of meaningful employer commitment is also discussed.
How to build a cyber threat intelligence program
Delivered at ACSC in Canberra on 10 April 2018.
Associated intelligence requirements spreadsheet is available for download at https://www.dropbox.com/s/rtisz5zdy5sl1w1/ACSC-Reqs.xlsx?dl=0
CIO 360 grados: empoderamiento total
This document summarizes a presentation given by Andrew Wasser on empowering the chief information officer (CIO) position. It discusses topics like why IT projects fail, the benefits of iterative development, managing shadow IT, and using principles from behavioral economics to motivate organizational change. Wasser argues CIOs should focus on small, incremental innovations to services rather than large technology projects. He also stresses the importance of having a clear enterprise architecture, valuing internal staff over external consultants, and addressing organizational readiness through principles like "what's in it for me." The overall message is that the CIO role can be empowered through practices like managing risks iteratively, prioritizing service improvements, and aligning incentives across stakeholders.
Similar to Helen Patton - Cross-Industry Collaboration (20)
Building a business case & selecting an ehs mis platform
Building a business case & selecting an ehs mis platform
2014 06-17 Connections Meets Big Data - Social Connections VI
2014 06-17 Connections Meets Big Data - Social Connections VI
Top_10_Interview_Questions_That_You_Should_Know_as_an_Information.pptx
Top_10_Interview_Questions_That_You_Should_Know_as_an_Information.pptx
Be More Secure than your Competition: MePush Cyber Security for Small Business
Be More Secure than your Competition: MePush Cyber Security for Small Business
Improve Information Security Practices in the Small Enterprise
Improve Information Security Practices in the Small Enterprise
2013 Data Protection Maturity Trends: How Do You Compare?
2013 Data Protection Maturity Trends: How Do You Compare?
Share Point Summit 2010 - Selling SharePoint to Decision Makers
Share Point Summit 2010 - Selling SharePoint to Decision Makers
Embracing Threat Intelligence and Finding ROI in Your Decision
Embracing Threat Intelligence and Finding ROI in Your Decision
More from centralohioissa
Mike Spaulding - Building an Application Security Program
Application Security in many organizations is a simply a 'wish list' item, but with some staff and some training, AppSec can be a reality, even for a small organization. This talk will discuss the best practices, strategies and tactics, and resource planning to build an internal AppSec function - enterprise to 'mom & pop' operations will all benefit from this talk.
Jake Williams - Navigating the FDA Recommendations on Medical Device Security...
In January, the FDA has draft recommendations for medical device security after the sale. Among other things, the recommendations tell manufacturers how to evaluate security risks, how to build a program for coordinated vulnerability disclosure program, and how to intake vulnerability reports from researchers. While the security of medical devices is especially important given the potential consequences, we can learn from the FDA recommendations regardless of our industry. Any recommendations adopted by the FDA for medical devices are likely to be implemented across other verticals for their IoT devices as well. Whether you manufacture, purchase, integrate, implement, or generally try to run away from IoT devices, there’s plenty to take away from this session while learning about the future of IoT device security.
Bob West - Educating the Board of Directors
Most boards of directors don't have someone that understands cyber security issues. As a consequence, they can't provide the proper oversight over the companies they are responsible for. This presentation will cover the issues boards of directors need to understand, what questions board members need to ask and how to communicate with them.
Mark Villinski - Top 10 Tips for Educating Employees about Cybersecurity
Corporate cybercrime is usually blamed on outsiders, but sometimes, your employees can represent the biggest threat to your organization’s IT security. In this presentation, Kaspersky Lab’s Mark Villinski, will provide practical advice for educating your employees about cybersecurity. Attend to learn:
• How to create efficient and effective security policies
• Overview and statistics of the current threat landscape
• The importance of keeping your employees updated about the latest threats and scams
• Security solutions that can help keep your systems updated and protected
Valerie Thomas - All Your Door Belong to Me - Attacking Physical Access Systems
This document discusses the insecurity of physical access control systems (PACS). It begins by describing the typical components of a PACS, including access cards, readers, access control panels, and servers. It then explains that while physical and cyber security are converging, the physical security industry lacks the security maturity and culture of IT. Many PACS deployments are insecure due to vendor features lacking testing, heavy reliance on IT without understanding, and being deployed and forgotten. The document outlines various attack surfaces and exploits against access cards, readers, control panels and servers. It concludes by providing an example of how these attacks could be combined to take over an entire PACS.
Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016
Key legal data security concerns for 2016; Privacy and security preparation; Vendor management; When and how to engage outside counsel & advisors; EU Privacy update; Sample enforcement actions.
Sean Whalen - How to Hack a Hospital
By 2014, medical facilities nationwide implemented Electronic Health Records (EHR) as mandated by congress. Today, most of these systems are still using shared kiosk Windows accounts. This talk explores the risks of shared accounts, and alternatives that can provide much greater security and accountability, while maintaining ease of access.
Robert Hurlbut - Threat Modeling for Secure Software Design
The document discusses threat modeling as a process for secure software design. It begins with an introduction of the speaker, Robert Hurlbut, and his background. The presentation then discusses how threat modeling helps bridge gaps between different security roles and fits within the software development lifecycle. Key aspects of threat modeling covered include understanding the system, identifying potential threats, determining mitigations and risks. The document provides examples and questions to guide the threat modeling process.
Harry Regan - Disaster Recovery and Business Continuity - "It's never so bad ...
Disaster recovery, emergency response and business continuity plans are usually developed when no disaster exists. We think we’ve covered all contingencies. We think we’ve trained all the appropriate players. We’ve tested. We’ve re-tested. We think we’re ready to face whatever event there is looming out their with our name on it! The real world has a nasty habit of triggering disasters at the least opportune time, often featuring a twist that throws plans into disarray.
This presentation focuses on three real-world plans, each of which with a fatal flaw. We will discuss elements that should be in a plan beyond the normal guidance from the Disaster Recovery Institute (DRI) and a set of actions that should be included in planning and preparation.
Rafeeq Rehman - Breaking the Phishing Attack Chain
Many security research reports show that phishing is significant contributing factor to data breaches. Verizon data breach investigations report (DBIR) shows that attackers used phishing as their entry point in two third of the security incidents, especially in cyber espionage category. Although the phenomenon of phishing is nothing new, the attackers are enhancing their techniques and using phishing more effectively.
The good news is that understanding the phishing attack chain helps in stopping these attacks, break the phishing chain, and avert a data breach. This session is to understand different phases of phishing attacks and developing a comprehensive strategy to manage risk associated with these attacks.
Oliver Schuermann - Integrated Software in Networking - the Mystery of SDN
For the past several years, software-defined networking (SDN) has been a popular buzz word in the networking industry. In many ways, networking has always been defined by software. Software is pervasive within all of the technology that impacts our lives and networking is no different. However, networks have been constrained by the way software has been configured, delivered and managed—literally within a box, updated monolithically, managed through command lines that are reminiscent to the days of minicomputers and DOS in the 1980’s. Well, almost.
Jack Nichelson - Information Security Metrics - Practical Security Metrics
So exactly how do you integrate information security metrics into action in an organization and actually achieve value from the effort. Learn what efforts are currently underway in the industry to create consensus metrics guides and what initial steps an organization can take to start measuring the effectiveness of their security program.
Michael Woolard - Gamify Awareness Training: Failure to engage is failure to ...
This document discusses security awareness training conducted by Michael Woolard. It provides links to security talks and presentations he has given. It then describes the organization he works for and security awareness events he held including Derbycon, Louisville InfoSec, and Bsides Las Vegas presentations. It outlines a Hack.Jam event for his company that included OWASP training, games, and a capture the flag competition. Feedback from the event was very positive with participants wanting to participate again next year. It concludes by mentioning the use of Kahoot for future security awareness training.
Ed McCabe - Putting the Intelligence back in Threat Intelligence
What is Threat Intelligence? It's more than raw source feeds and technical information.
If you ask most vendors, they talk about their lists of "bad" IP addresses and domain names, which don't enable the business to make informed decisions on assessing risk and taking action; it lacks -- well, intelligence.
We'll cover what Threat Intelligence is, why analysis is an important factor and methods available to analyze raw data.
Ofer Maor - Security Automation in the SDLC - Real World Cases
How can we really automate secure coding? Agile, DevOps, Continuous Integration, Orchestration, Static, Dynamic - There's an endless feed of Buzzwords, but how can we turn this into a practice that really works? In this session we will review real world examples of building a successful automation process for delivery of secure software in fast paced development environments. The talk will focus on three different organizations at different maturity levels and how security automation processes were applied and adapted to fit their development lifecycle.
Jim Libersky: Cyber Security - Super Bowl 50
The document discusses the technical infrastructure and cybersecurity measures in place for hosting large sporting events like the Super Bowl. It notes the large amounts of data (over 10 terabytes) transmitted over WiFi networks by tens of thousands of fans, and the complex monitoring required to detect cyber threats across hundreds of network interfaces and devices. While most traffic was normal, sophisticated attacks were still detected by dedicated security systems, highlighting the ongoing risks at mass gatherings and the importance of multilayered protection strategies.
Jim Wojno: Incident Response - No Pain, No Gain!
This document discusses strategies for incident response and gaining intelligence about adversaries. It emphasizes collecting diverse types of data from hash values to tactics, techniques, and procedures used. Combining different layers of information through data stacking and analytics can provide better accuracy and flexibility to understand attacks at varying levels of difficulty, from easy-to-change details to harder-to-modify tactics. The goal is to operationalize threat intelligence by hunting for known indicators but also finding unknown threats through anomaly detection and scalable analytics across all hosts.
Jason Samide - State of Security & 2016 Predictions
Provide an overview of the threat landscape. Including what Threat Intelligence means and 2016 Predictions.
Jessica Hebenstreit - Don't Try This At Home! (Things Not To Do When Securing...
Securing an enterprise is never easy, especially if the organizations culture and orthodoxy does not accept change easily. Covering lessons learned from the perspective of an information security practitioner who has spent her career building security programs, we will look at the lessons learned on challenges and opportunities associated with implementing an information security program, addressing technical, security and business risks.
Sam Herath - Six Critical Criteria for Cloud Workload Security
Modern elastic cloud infrastructure is fundamentally breaking traditional security approaches. Public cloud has no natural perimeter and network segmentation leaving individual cloud servers exposed. In private cloud, malicious East-West traffic inside the network is a serious threat. As new workloads are added and retired dynamically, change control is difficult, and updating granular firewall rules and security policies becomes a risky, manual process. Join us and learn the 6 Critical Criteria to secure your public, private or hybrid cloud – on-demand, anywhere, at any scale.
More from centralohioissa (20)
Mike Spaulding - Building an Application Security Program
Mike Spaulding - Building an Application Security Program
Jake Williams - Navigating the FDA Recommendations on Medical Device Security...
Jake Williams - Navigating the FDA Recommendations on Medical Device Security...
Mark Villinski - Top 10 Tips for Educating Employees about Cybersecurity
Mark Villinski - Top 10 Tips for Educating Employees about Cybersecurity
Valerie Thomas - All Your Door Belong to Me - Attacking Physical Access Systems
Valerie Thomas - All Your Door Belong to Me - Attacking Physical Access Systems
Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016
Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016
Robert Hurlbut - Threat Modeling for Secure Software Design
Robert Hurlbut - Threat Modeling for Secure Software Design
Harry Regan - Disaster Recovery and Business Continuity - "It's never so bad ...
Harry Regan - Disaster Recovery and Business Continuity - "It's never so bad ...
Rafeeq Rehman - Breaking the Phishing Attack Chain
Rafeeq Rehman - Breaking the Phishing Attack Chain
Oliver Schuermann - Integrated Software in Networking - the Mystery of SDN
Oliver Schuermann - Integrated Software in Networking - the Mystery of SDN
Jack Nichelson - Information Security Metrics - Practical Security Metrics
Jack Nichelson - Information Security Metrics - Practical Security Metrics
Michael Woolard - Gamify Awareness Training: Failure to engage is failure to ...
Michael Woolard - Gamify Awareness Training: Failure to engage is failure to ...
Ed McCabe - Putting the Intelligence back in Threat Intelligence
Ed McCabe - Putting the Intelligence back in Threat Intelligence
Ofer Maor - Security Automation in the SDLC - Real World Cases
Ofer Maor - Security Automation in the SDLC - Real World Cases
Jason Samide - State of Security & 2016 Predictions
Jason Samide - State of Security & 2016 Predictions
Jessica Hebenstreit - Don't Try This At Home! (Things Not To Do When Securing...
Jessica Hebenstreit - Don't Try This At Home! (Things Not To Do When Securing...
Sam Herath - Six Critical Criteria for Cloud Workload Security
Sam Herath - Six Critical Criteria for Cloud Workload Security
Recently uploaded
leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...
Predictive maintenance is a proactive approach that anticipates equipment failures before they happen. At the forefront of this innovative strategy is Artificial Intelligence (AI), which brings unprecedented precision and efficiency. AI in predictive maintenance is transforming industries by reducing downtime, minimizing costs, and enhancing productivity.
Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays, June 2024 with Maria Copot 20
AWS Cloud Cost Optimization Presentation.pptx
This presentation provides valuable insights into effective cost-saving techniques on AWS. Learn how to optimize your AWS resources by rightsizing, increasing elasticity, picking the right storage class, and choosing the best pricing model. Additionally, discover essential governance mechanisms to ensure continuous cost efficiency. Whether you are new to AWS or an experienced user, this presentation provides clear and practical tips to help you reduce your cloud costs and get the most out of your budget.
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Are you ready to revolutionize how you handle data? Join us for a webinar where we’ll bring you up to speed with the latest advancements in Generative AI technology and discover how leveraging FME with tools from giants like Google Gemini, Amazon, and Microsoft OpenAI can supercharge your workflow efficiency.
During the hour, we’ll take you through:
Guest Speaker Segment with Hannah Barrington: Dive into the world of dynamic real estate marketing with Hannah, the Marketing Manager at Workspace Group. Hear firsthand how their team generates engaging descriptions for thousands of office units by integrating diverse data sources—from PDF floorplans to web pages—using FME transformers, like OpenAIVisionConnector and AnthropicVisionConnector. This use case will show you how GenAI can streamline content creation for marketing across the board.
Ollama Use Case: Learn how Scenario Specialist Dmitri Bagh has utilized Ollama within FME to input data, create custom models, and enhance security protocols. This segment will include demos to illustrate the full capabilities of FME in AI-driven processes.
Custom AI Models: Discover how to leverage FME to build personalized AI models using your data. Whether it’s populating a model with local data for added security or integrating public AI tools, find out how FME facilitates a versatile and secure approach to AI.
We’ll wrap up with a live Q&A session where you can engage with our experts on your specific use cases, and learn more about optimizing your data workflows with AI.
This webinar is ideal for professionals seeking to harness the power of AI within their data management systems while ensuring high levels of customization and security. Whether you're a novice or an expert, gain actionable insights and strategies to elevate your data processes. Join us to see how FME and AI can revolutionize how you work with data!
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Discover the seamless integration of RPA (Robotic Process Automation), COMPOSER, and APM with AWS IDP enhanced with Slack notifications. Explore how these technologies converge to streamline workflows, optimize performance, and ensure secure access, all while leveraging the power of AWS IDP and real-time communication via Slack notifications.
Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...
Skybuffer AI, built on the robust SAP Business Technology Platform (SAP BTP), is the latest and most advanced version of our AI development, reaffirming our commitment to delivering top-tier AI solutions. Skybuffer AI harnesses all the innovative capabilities of the SAP BTP in the AI domain, from Conversational AI to cutting-edge Generative AI and Retrieval-Augmented Generation (RAG). It also helps SAP customers safeguard their investments into SAP Conversational AI and ensure a seamless, one-click transition to SAP Business AI.
With Skybuffer AI, various AI models can be integrated into a single communication channel such as Microsoft Teams. This integration empowers business users with insights drawn from SAP backend systems, enterprise documents, and the expansive knowledge of Generative AI. And the best part of it is that it is all managed through our intuitive no-code Action Server interface, requiring no extensive coding knowledge and making the advanced AI accessible to more users.
HCL Notes and Domino License Cost Reduction in the World of DLAU
Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-and-domino-license-cost-reduction-in-the-world-of-dlau/
The introduction of DLAU and the CCB & CCX licensing model caused quite a stir in the HCL community. As a Notes and Domino customer, you may have faced challenges with unexpected user counts and license costs. You probably have questions on how this new licensing approach works and how to benefit from it. Most importantly, you likely have budget constraints and want to save money where possible. Don’t worry, we can help with all of this!
We’ll show you how to fix common misconfigurations that cause higher-than-expected user counts, and how to identify accounts which you can deactivate to save money. There are also frequent patterns that can cause unnecessary cost, like using a person document instead of a mail-in for shared mailboxes. We’ll provide examples and solutions for those as well. And naturally we’ll explain the new licensing model.
Join HCL Ambassador Marc Thomas in this webinar with a special guest appearance from Franz Walder. It will give you the tools and know-how to stay on top of what is going on with Domino licensing. You will be able lower your cost through an optimized configuration and keep it low going forward.
These topics will be covered
- Reducing license cost by finding and fixing misconfigurations and superfluous accounts
- How do CCB and CCX licenses really work?
- Understanding the DLAU tool and how to best utilize it
- Tips for common problem areas, like team mailboxes, functional/test users, etc
- Practical examples and best practices to implement right away
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
Simplify your search for a reliable Python development partner! This list presents the top 10 trusted US providers offering comprehensive Python development services, ensuring your project's success from conception to completion.
Introduction of Cybersecurity with OSS at Code Europe 2024
I develop the Ruby programming language, RubyGems, and Bundler, which are package managers for Ruby. Today, I will introduce how to enhance the security of your application using open-source software (OSS) examples from Ruby and RubyGems.
The first topic is CVE (Common Vulnerabilities and Exposures). I have published CVEs many times. But what exactly is a CVE? I'll provide a basic understanding of CVEs and explain how to detect and handle vulnerabilities in OSS.
Next, let's discuss package managers. Package managers play a critical role in the OSS ecosystem. I'll explain how to manage library dependencies in your application.
I'll share insights into how the Ruby and RubyGems core team works to keep our ecosystem safe. By the end of this talk, you'll have a better understanding of how to safeguard your code.
Astute Business Solutions | Oracle Cloud Partner |
Your goto partner for Oracle Cloud, PeopleSoft, E-Business Suite, and Ellucian Banner. We are a firm specialized in managed services and consulting.
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on integration of Salesforce with Bonterra Impact Management.
Interested in deploying an integration with Salesforce for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Skybuffer SAM4U tool for SAP license adoption
Manage and optimize your license adoption and consumption with SAM4U, an SAP free customer software asset management tool.
SAM4U, an SAP complimentary software asset management tool for customers, delivers a detailed and well-structured overview of license inventory and usage with a user-friendly interface. We offer a hosted, cost-effective, and performance-optimized SAM4U setup in the Skybuffer Cloud environment. You retain ownership of the system and data, while we manage the ABAP 7.58 infrastructure, ensuring fixed Total Cost of Ownership (TCO) and exceptional services through the SAP Fiori interface.
Azure API Management to expose backend services securely
How to use Azure API Management to expose backend service securely
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
Freshworks creates AI-boosted business software that helps employees work more efficiently and effectively. Managing data across multiple RDBMS and NoSQL databases was already a challenge at their current scale. To prepare for 10X growth, they knew it was time to rethink their database strategy. Learn how they architected a solution that would simplify scaling while keeping costs under control.
Building Production Ready Search Pipelines with Spark and Milvus
Spark is the widely used ETL tool for processing, indexing and ingesting data to serving stack for search. Milvus is the production-ready open-source vector database. In this talk we will show how to use Spark to process unstructured data to extract vector representations, and push the vectors to Milvus vector database for search serving.
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
Folding is a recent technique for building efficient recursive SNARKs. Several elegant folding protocols have been proposed, such as Nova, Supernova, Hypernova, Protostar, and others. However, all of them rely on an additively homomorphic commitment scheme based on discrete log, and are therefore not post-quantum secure. In this work we present LatticeFold, the first lattice-based folding protocol based on the Module SIS problem. This folding protocol naturally leads to an efficient recursive lattice-based SNARK and an efficient PCD scheme. LatticeFold supports folding low-degree relations, such as R1CS, as well as high-degree relations, such as CCS. The key challenge is to construct a secure folding protocol that works with the Ajtai commitment scheme. The difficulty, is ensuring that extracted witnesses are low norm through many rounds of folding. We present a novel technique using the sumcheck protocol to ensure that extracted witnesses are always low norm no matter how many rounds of folding are used. Our evaluation of the final proof system suggests that it is as performant as Hypernova, while providing post-quantum security.
Paper Link: https://eprint.iacr.org/2024/257
Programming Foundation Models with DSPy - Meetup Slides
Prompting language models is hard, while programming language models is easy. In this talk, I will discuss the state-of-the-art framework DSPy for programming foundation models with its powerful optimizers and runtime constraint system.
Fueling AI with Great Data with Airbyte Webinar
This talk will focus on how to collect data from a variety of sources, leveraging this data for RAG and other GenAI use cases, and finally charting your course to productionalization.
GraphRAG for Life Science to increase LLM accuracy
GraphRAG for life science domain, where you retriever information from biomedical knowledge graphs using LLMs to increase the accuracy and performance of generated answers
Recently uploaded (20)
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...
leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...
Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024
Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Azure API Management to expose backend services securely
Azure API Management to expose backend services securely
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
Building Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and Milvus
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
Programming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup Slides
GraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracy
Helen Patton - Cross-Industry Collaboration
- 1. Cross Industry Collaboration Helen Patton Chief Information Security Officer The Ohio State University
- 2. 2 • What’s Happening in Higher Ed Security? • Research Data of Interest • What It Means for Security Teams Today We Will Discuss: “If you really want to do something, you’ll find a way. If you don’t, you’ll find an excuse” - Jim Rohn, American Entrepreneur
- 3. 3 Agenda • What is Cross Industry Collaboration? • What do they have in common? • What problems are not yet being addressed?
- 4. 4 What is Cross-Industry Collaboration? • ISACs: Information Sharing Analysis Centers • Physical and Cyber threats, vulnerabilities and events • Two-way sharing between private and public sector • Organized by Industry • REACTIVE
- 5. 5 What is Cross-Industry Collaboration? • Cyber Vendor Collaboration • e.g. Coordinated Malware Eradication Program (CME) – Operation SMN • Goal: “ To remediate the adverse impact of professional cyber espionage groups” • Novetta, Cisco, FireEye, Tenable, Microsoft, Symantec, etc. – Private Sector Only • Technology Driven – Focus on Malware • PROACTIVE
- 6. 6 What is Cross-Industry Collaboration? • Federal/Military and Industry • e.g. NIST Cyber Center of Excellence • e.g. DHS Cyber Information Sharing and Collaboration Platform (CISCP) • Often includes Academic research • Mostly REACTIVE, some PROACTIVE
- 7. 7 What is Cross-Industry Collaboration? • Columbus Collaboratory • Cyber Security and Data Analytics
- 8. 8 What Do They Have In Common? • Technology Driven • Threat Focused • Some Research Backing • Not solving biggest problems (yet)
- 9. 9 Other Issues For Consideration Talent Development, Recruitment and Retention Security Assessment Results Board Cyber Expertise and Buy In Building Trust (in Contracts)
- 10. 10 Talent Acquisition and Retention Available Now: • ISSA and others • Diversity Groups and Job Sites • Internship programs with Colleges and Universities Scarce/Non-Existent: • Encourage HR groups to collaborate on Cyber issues • Are you willing to sponsor sessions to help HR professionals learn??
- 11. 11 Board Cyber Experience and Buy In Available Now • Opportunities to serve on Boards – Volunteer today! • Individual company Board training events – are you engaged? Scarce/Non-Existent • Partnering with Board Recruitment Firms to help them tap into Cyber community to find and train Board Candidates
- 12. 12 Security Assessment Results Available Now • Vendors offering cloud assessments based on external/public data reporting • Large Company SSAE16/other audit reports • $$ Scarce/Non-Existent • Sharing assessment results with your supply train or industry partners, so assessments don’t have to be duplicated
- 13. 13 Contract Trust Available Now • ISAC data sharing Scarce/Non-Existent • Training of legal community and business to allow information sharing between business partners without implying liability
- 14. 14 • What’s Happening in Higher Ed Security? • Research Data of Interest • What It Means for Security Teams Today We Will Discuss: Thank You! Patton.91@osu.edu @OSUCISOHelen
Editor's Notes
- http://www.novetta.com/2014/10/novetta-leads-cyber-security-coalition-and-coordinates-malware-interdiction-operations/
- http://www.novetta.com/2014/10/novetta-leads-cyber-security-coalition-and-coordinates-malware-interdiction-operations/
- http://www.novetta.com/2014/10/novetta-leads-cyber-security-coalition-and-coordinates-malware-interdiction-operations/