The document summarizes key takeaways from the RSA Conference 2016. It discusses the rising threat of ransomware and the need to back to basics on security fundamentals like authentication, firewalls, and software updates. It also notes that the target of attacks is expanding to cloud and big data, and that organizations need to treat data as toxic. Other topics covered include new approaches to threat modeling, developing resilience after a breach, extending security teams through outsourcing, and reassessing threat detection capabilities. The document provides an agenda and information on speakers for an upcoming cybersecurity summit event.
Some 2.4 billion global Internet users—34 percent of
the world’s population—spend increasing amounts
of time online.1 As our online activity expands,
it isn’t just creating new ways to do business. It’s
revolutionizing business. However, like any mass
movement with significant ramifications, the
Internet-enabled life has risks as well as benefits.
Some are willing to accept those risks without much
consideration. Others want to take the time for a
more contemplative response, but events are moving
too quickly for long debate. What we really need is
a Call to Action that addresses the risks demanding
urgent attention.
To balance the benefits of the digital life,
management needs to understand and grapple
with four equally powerful forces:
Democratization – The way customers insist
on interacting via the channels they prefer,
rather than the channels the organization
imposes.
Consumerization – The impact of the many
devices and applications that span work and
play in our digital lives.
Externalization – The ways in which cloud
computing slashes capital expenditure and
shakes up how data moves in and out of
organizations.
Digitization – The exponential connectivity
created when sensors and devices form the
“Internet of Things.” These forces interact in ways
that make eradicating Cyber Risk impossible;
eliminating it in one area simply shifts it to the
others.
However, by following best practices, it is possible
to reduce your organization’s exposure to Cyber
Risk across the board. By addressing the real and
growing risks we face as individuals, businesses, and
governments, we can begin to create an optimal
environment of Cyber Resilience. This Manifesto sets
out a road map for that process.
Cyber Risk Management in 2017 - Challenges & RecommendationsUlf Mattsson
With cyber attacks on the rise, securing your data is more imperative than ever. In future, organizations will face severe penalties if their data isn’t robustly secured. This will have a far reaching impact for how businesses deal with security in terms of managing their cyber risk.
Join this presentation to learn the cyber security controls prescribed by regulation, how this impacts compliance, and how cyber risk management helps CISOs understand the degree these controls are in place and where to prioritize their cyber dollars and ensure they are not at risk for fines.
Viewers will learn:
- The latest cybercrime trends and targets
- Trends in board involvement in cybersecurity
- How to effectively manage the full range of enterprise risks
- How to protect against ransomware
- Visibility into third party risk
- Data security metrics
The digital age provides all organisations with opportunities to grow and innovate. But it also brings a new world of risk, especially to our most precious information. The information that’s critical to our future success. All organisations are at risk and cyber resilience is no longer a ‘nice to have’. But many organizations continue to struggle to define what good cyber resilience looks like.
Good starts with a strategy. A strategy built around your business objectives and knowing what the cyber risks are to those objectives. It’s about having the right people, skills, awareness and culture to deliver the strategy. It’s also about understanding that you will never be bullet-proof – to support your prevention and detection activities it’s now as important to know how you will effectively respond and recover to a cyber-attack.
In June 2015 AXELOS Global Best Practice are launching a new Cyber Resilience Best Practice portfolio. This webinar with Nick Wilding, Head of Cyber Resilience at AXELOS, outlines:
- what cyber resilience is and why it is so important to any organisation;
- why all of us are on the cyber front line and how we all have a role to play;
- why cyber resilience best practice is so vital to help define and manage what good looks like in your organisation;
- how you can get involved in the development and launch of this exciting new initiative from AXELOS.
Establishing an insider threat programme: Know your Snowden - Puneet Kukreja,...Puneet Kukreja
Insider threat seems to be one of the biggest risks for organisations looking to protect their data assets. Enterprises spend large proportion of their budget to secure and protect their most critical assets from exfiltration and leakage. However, it's not all about nation state and espionage, it's about identifying potential insider threat scenarios, understanding the organisation’s critical assets and the controls to protect them.
With the recent spate of data breaches originating from trusted insiders, how do enterprises ensure their data assets are safe from insider threat and appropriate controls are in place?
What models have been implemented to identify potential insider threat scenarios?
Which critical data assets must be safeguarded?
What combination of technologies are required to protect against insider threat?
Is there a psychology element?
The session seeks to answer these questions by sharing experience from two use cases; one which approached the problem from a technical perspective, and the other using consolidation of existing technology data sets.
Talk that Prof. Mustaque Ahamad from GaTech gave at Global Cybersecurity Leaders Program http://www.cisoacademy.com/gclp2-prof-mustaque-ahamad-april-2015/
Some 2.4 billion global Internet users—34 percent of
the world’s population—spend increasing amounts
of time online.1 As our online activity expands,
it isn’t just creating new ways to do business. It’s
revolutionizing business. However, like any mass
movement with significant ramifications, the
Internet-enabled life has risks as well as benefits.
Some are willing to accept those risks without much
consideration. Others want to take the time for a
more contemplative response, but events are moving
too quickly for long debate. What we really need is
a Call to Action that addresses the risks demanding
urgent attention.
To balance the benefits of the digital life,
management needs to understand and grapple
with four equally powerful forces:
Democratization – The way customers insist
on interacting via the channels they prefer,
rather than the channels the organization
imposes.
Consumerization – The impact of the many
devices and applications that span work and
play in our digital lives.
Externalization – The ways in which cloud
computing slashes capital expenditure and
shakes up how data moves in and out of
organizations.
Digitization – The exponential connectivity
created when sensors and devices form the
“Internet of Things.” These forces interact in ways
that make eradicating Cyber Risk impossible;
eliminating it in one area simply shifts it to the
others.
However, by following best practices, it is possible
to reduce your organization’s exposure to Cyber
Risk across the board. By addressing the real and
growing risks we face as individuals, businesses, and
governments, we can begin to create an optimal
environment of Cyber Resilience. This Manifesto sets
out a road map for that process.
Cyber Risk Management in 2017 - Challenges & RecommendationsUlf Mattsson
With cyber attacks on the rise, securing your data is more imperative than ever. In future, organizations will face severe penalties if their data isn’t robustly secured. This will have a far reaching impact for how businesses deal with security in terms of managing their cyber risk.
Join this presentation to learn the cyber security controls prescribed by regulation, how this impacts compliance, and how cyber risk management helps CISOs understand the degree these controls are in place and where to prioritize their cyber dollars and ensure they are not at risk for fines.
Viewers will learn:
- The latest cybercrime trends and targets
- Trends in board involvement in cybersecurity
- How to effectively manage the full range of enterprise risks
- How to protect against ransomware
- Visibility into third party risk
- Data security metrics
The digital age provides all organisations with opportunities to grow and innovate. But it also brings a new world of risk, especially to our most precious information. The information that’s critical to our future success. All organisations are at risk and cyber resilience is no longer a ‘nice to have’. But many organizations continue to struggle to define what good cyber resilience looks like.
Good starts with a strategy. A strategy built around your business objectives and knowing what the cyber risks are to those objectives. It’s about having the right people, skills, awareness and culture to deliver the strategy. It’s also about understanding that you will never be bullet-proof – to support your prevention and detection activities it’s now as important to know how you will effectively respond and recover to a cyber-attack.
In June 2015 AXELOS Global Best Practice are launching a new Cyber Resilience Best Practice portfolio. This webinar with Nick Wilding, Head of Cyber Resilience at AXELOS, outlines:
- what cyber resilience is and why it is so important to any organisation;
- why all of us are on the cyber front line and how we all have a role to play;
- why cyber resilience best practice is so vital to help define and manage what good looks like in your organisation;
- how you can get involved in the development and launch of this exciting new initiative from AXELOS.
Establishing an insider threat programme: Know your Snowden - Puneet Kukreja,...Puneet Kukreja
Insider threat seems to be one of the biggest risks for organisations looking to protect their data assets. Enterprises spend large proportion of their budget to secure and protect their most critical assets from exfiltration and leakage. However, it's not all about nation state and espionage, it's about identifying potential insider threat scenarios, understanding the organisation’s critical assets and the controls to protect them.
With the recent spate of data breaches originating from trusted insiders, how do enterprises ensure their data assets are safe from insider threat and appropriate controls are in place?
What models have been implemented to identify potential insider threat scenarios?
Which critical data assets must be safeguarded?
What combination of technologies are required to protect against insider threat?
Is there a psychology element?
The session seeks to answer these questions by sharing experience from two use cases; one which approached the problem from a technical perspective, and the other using consolidation of existing technology data sets.
Talk that Prof. Mustaque Ahamad from GaTech gave at Global Cybersecurity Leaders Program http://www.cisoacademy.com/gclp2-prof-mustaque-ahamad-april-2015/
With each passing year, the security threats facing computer networks have become more technically sophisticated, better organized and harder to detect. At the same time, the consequences of failure to block these attacks have increased. In addition to the economic consequences of financial fraud, we are seeing real-world attacks that impact the reliability of critical infrastructure and national security.
Join Lancope's Director of Security Research to learn about five key challenges that computer security professionals face in 2013, including:
1. State-sponsored espionage and sabotage of computer networks
2. Monster DDoS attacks
3. The loss of visibility and control created by IT consumerization and the cloud
4. The password debacle
5. Insider threats
Cybersecurity: Cyber Risk Management for Banks & Financial InstitutionsShawn Tuma
Everyone should now understand that no bank or financial institution is immune from cyber risk. Many are now ready to move forward with improving their cyber risk posture but do not know what to do next or how to prioritize their resources. Recognizing that cybersecurity is an overall business risk issue that must be properly managed to comply with many laws and regulations governing banks and financial institutions, this presentation will provide a strategy for how to better understand and manage such risks by:
(1) Providing an overview of the legal and regulatory framework;
(2) Examining the most likely real-world risks; and
(3) Providing strategies for how to manage such risks, including cyber insurance and the development and implementation of an appropriate cyber risk management program (which is not as difficult as it sounds).
Shawn E. Tuma, cybersecurity and data privacy attorney at Spencer Fane, LLP, delivered the presentation titled Cybersecurity: Cyber Risk Management for Banks & Financial Institutions (and Attorneys Who Represent Them) at the Southwest Association of Bank Counsel 42nd Annual Convention on September 20, 2018 (formerly, Texas Association of Bank Counsel).
The Journey to Cyber Resilience in a World of Fear, Uncertainty and DoubtJohn D. Johnson
This presentation was given at CampIT. It motivated the need for a high level of maturity of the enterprise security program, by striving for cyber resiliency.
Cyber Risk Management in 2017: Challenges & RecommendationsUlf Mattsson
https://www.brighttalk.com/webcast/14723/234829?utm_source=Compliance+Engineering&utm_medium=brighttalk&utm_campaign=234829 :
With cyber attacks on the rise, securing your data is more imperative than ever. In future, organizations will face severe penalties if their data isn’t robustly secured. This will have a far reaching impact for how businesses deal with security in terms of managing their cyber risk.
Join this presentation to learn the cyber security controls prescribed by regulation, how this impacts compliance, and how cyber risk management helps CISOs understand the degree these controls are in place and where to prioritize their cyber dollars and ensure they are not at risk for fines.
Viewers will learn:
- The latest cybercrime trends and targets
- Trends in board involvement in cybersecurity
- How to effectively manage the full range of enterprise risks
- How to protect against ransomware
- Visibility into third party risk
- Data security metrics
Palestra do evento "Cybersecurity: a nova era em resposta a incidentes e auditoria de dados"
Sam Maccherola - VP and General Manager Public Sector Guidance Software Inc.
Brasília, 04 de agosto de 2010
Think Cyber Think Resilience | William Barker | March 2016Anna Fenston
Presentation on 'Think Cyber Think Resilience' by William Barker from the Local Digital Futures - Working as One: Platforms & Sharing event held on 4 March 2016 in London.
Task Incident Readiness with Veris, Judy Nowak at TASK Toronto, April 27, 2...patmisasi
Responding to cyber incidents is not what it used to be, the landscape has changed considerably; proactive response now requires the use of many tools and extensive coordination and expertise. Adding to the complexity is the common confusion between IR and forensics. Where does forensics begin and incident response start? What incidents require forensic investigation? And what should you know to pull the pieces together?
Embarking on creating an incident response (IR) program can be challenging and frustrating. This presentation discusses that in order to adequately prepare for security incidents you need an IR framework that can lay the foundation for your IR plan and in turn help describe attacks. Describing attacks is important because you cannot respond to what you cannot identify.
VERIS will be used as an example framework to help you along your path in creating a successful cyber response program.
What trends will 2018 bring for Business Continuity Professionals?PECB
Many business continuity practitioners are perceiving a higher level of risk than ever before in their careers. Unfortunately, these risks are more often resulting in real incidents which require emergency response and continuity of operations. Being prepared may be the most important thing an organization can do in 2018. But what should we prepare for, and how should we prepare for it? This discussion will walk through some of the emerging threats concepts, tools, and techniques that business continuity professionals can expect to see more of in 2018.
Main points covered:
- What should we prepare for in 2018?
- How should we prepare?
- The emerging threats, concepts, tools, and techniques expected in 2018
- Emerging threats creating new risks
Presenter:
David Feeney, CPP, PMP has 17 years of security industry experience assisting organizations with risk management matters specific to physical, personnel, and cyber security. He has 9 years of experience with service providers and 8 years of experience within enterprise security organizations. David has worked with industry leaders in the energy, technology, healthcare, and real estate sectors. Areas of specialization include Security Operations Center design and management, Security Systems design and implementation, and Enterprise Risk Management. David holds leadership positions in ASIS International and is also a member of the InfraGard FBI program. David holds Certification Protection Professional (CPP) and Project Management Professional (PMP) certifications.
Andrea LeStarge, MS has over ten years of experience in program management, risk analysis and curriculum development. Being specialized in Homeland Security, Andrea leverages her experience in formerly managing projects to support various Federal Government entities in identifying, detecting and responding to man-made, natural and cyber incidents. She has an established track record in recognizing security gaps and corrective risk mitigation options, while effectively communicating findings to stakeholders, private sector owners and operators, and first-responder personnel within tactical, operational and strategic levels. Overall, Andrea encompasses analytical tradecraft and demonstrates consistent, repeatable and defensible methodologies pertaining to risk and the elements of threat, vulnerability and consequence.
Organizer: Nevila Muka
Date: January 17, 2018
Link to the recorded webinar:
Michael Johnson of the University of Minnesota shares the risks of cyber security and the measure you should be taking to ensure your company's safety.
With each passing year, the security threats facing computer networks have become more technically sophisticated, better organized and harder to detect. At the same time, the consequences of failure to block these attacks have increased. In addition to the economic consequences of financial fraud, we are seeing real-world attacks that impact the reliability of critical infrastructure and national security.
Join Lancope's Director of Security Research to learn about five key challenges that computer security professionals face in 2013, including:
1. State-sponsored espionage and sabotage of computer networks
2. Monster DDoS attacks
3. The loss of visibility and control created by IT consumerization and the cloud
4. The password debacle
5. Insider threats
Cybersecurity: Cyber Risk Management for Banks & Financial InstitutionsShawn Tuma
Everyone should now understand that no bank or financial institution is immune from cyber risk. Many are now ready to move forward with improving their cyber risk posture but do not know what to do next or how to prioritize their resources. Recognizing that cybersecurity is an overall business risk issue that must be properly managed to comply with many laws and regulations governing banks and financial institutions, this presentation will provide a strategy for how to better understand and manage such risks by:
(1) Providing an overview of the legal and regulatory framework;
(2) Examining the most likely real-world risks; and
(3) Providing strategies for how to manage such risks, including cyber insurance and the development and implementation of an appropriate cyber risk management program (which is not as difficult as it sounds).
Shawn E. Tuma, cybersecurity and data privacy attorney at Spencer Fane, LLP, delivered the presentation titled Cybersecurity: Cyber Risk Management for Banks & Financial Institutions (and Attorneys Who Represent Them) at the Southwest Association of Bank Counsel 42nd Annual Convention on September 20, 2018 (formerly, Texas Association of Bank Counsel).
The Journey to Cyber Resilience in a World of Fear, Uncertainty and DoubtJohn D. Johnson
This presentation was given at CampIT. It motivated the need for a high level of maturity of the enterprise security program, by striving for cyber resiliency.
Cyber Risk Management in 2017: Challenges & RecommendationsUlf Mattsson
https://www.brighttalk.com/webcast/14723/234829?utm_source=Compliance+Engineering&utm_medium=brighttalk&utm_campaign=234829 :
With cyber attacks on the rise, securing your data is more imperative than ever. In future, organizations will face severe penalties if their data isn’t robustly secured. This will have a far reaching impact for how businesses deal with security in terms of managing their cyber risk.
Join this presentation to learn the cyber security controls prescribed by regulation, how this impacts compliance, and how cyber risk management helps CISOs understand the degree these controls are in place and where to prioritize their cyber dollars and ensure they are not at risk for fines.
Viewers will learn:
- The latest cybercrime trends and targets
- Trends in board involvement in cybersecurity
- How to effectively manage the full range of enterprise risks
- How to protect against ransomware
- Visibility into third party risk
- Data security metrics
Palestra do evento "Cybersecurity: a nova era em resposta a incidentes e auditoria de dados"
Sam Maccherola - VP and General Manager Public Sector Guidance Software Inc.
Brasília, 04 de agosto de 2010
Think Cyber Think Resilience | William Barker | March 2016Anna Fenston
Presentation on 'Think Cyber Think Resilience' by William Barker from the Local Digital Futures - Working as One: Platforms & Sharing event held on 4 March 2016 in London.
Task Incident Readiness with Veris, Judy Nowak at TASK Toronto, April 27, 2...patmisasi
Responding to cyber incidents is not what it used to be, the landscape has changed considerably; proactive response now requires the use of many tools and extensive coordination and expertise. Adding to the complexity is the common confusion between IR and forensics. Where does forensics begin and incident response start? What incidents require forensic investigation? And what should you know to pull the pieces together?
Embarking on creating an incident response (IR) program can be challenging and frustrating. This presentation discusses that in order to adequately prepare for security incidents you need an IR framework that can lay the foundation for your IR plan and in turn help describe attacks. Describing attacks is important because you cannot respond to what you cannot identify.
VERIS will be used as an example framework to help you along your path in creating a successful cyber response program.
What trends will 2018 bring for Business Continuity Professionals?PECB
Many business continuity practitioners are perceiving a higher level of risk than ever before in their careers. Unfortunately, these risks are more often resulting in real incidents which require emergency response and continuity of operations. Being prepared may be the most important thing an organization can do in 2018. But what should we prepare for, and how should we prepare for it? This discussion will walk through some of the emerging threats concepts, tools, and techniques that business continuity professionals can expect to see more of in 2018.
Main points covered:
- What should we prepare for in 2018?
- How should we prepare?
- The emerging threats, concepts, tools, and techniques expected in 2018
- Emerging threats creating new risks
Presenter:
David Feeney, CPP, PMP has 17 years of security industry experience assisting organizations with risk management matters specific to physical, personnel, and cyber security. He has 9 years of experience with service providers and 8 years of experience within enterprise security organizations. David has worked with industry leaders in the energy, technology, healthcare, and real estate sectors. Areas of specialization include Security Operations Center design and management, Security Systems design and implementation, and Enterprise Risk Management. David holds leadership positions in ASIS International and is also a member of the InfraGard FBI program. David holds Certification Protection Professional (CPP) and Project Management Professional (PMP) certifications.
Andrea LeStarge, MS has over ten years of experience in program management, risk analysis and curriculum development. Being specialized in Homeland Security, Andrea leverages her experience in formerly managing projects to support various Federal Government entities in identifying, detecting and responding to man-made, natural and cyber incidents. She has an established track record in recognizing security gaps and corrective risk mitigation options, while effectively communicating findings to stakeholders, private sector owners and operators, and first-responder personnel within tactical, operational and strategic levels. Overall, Andrea encompasses analytical tradecraft and demonstrates consistent, repeatable and defensible methodologies pertaining to risk and the elements of threat, vulnerability and consequence.
Organizer: Nevila Muka
Date: January 17, 2018
Link to the recorded webinar:
Michael Johnson of the University of Minnesota shares the risks of cyber security and the measure you should be taking to ensure your company's safety.
All About Network Security & its Essentials.pptxInfosectrain3
Network Security is the first line of defense against hackers and other cyber threats. It’s easy to see why Network Security has become so popular, given that cybercrime is expected to cause $6 trillion in global damage by 2021.
Looking to understand how hackers and other attackers use cyber technology to attack your network and your executives? This slide set provides an overview and details the anatomy of a cyber attack, and the strategies you can use to manage and mitigate risk.
6 Steps for Operationalizing Threat IntelligenceSirius
The best form of defense against cyber attacks and those who perpetrate them is to know about them. Collaborative defense has become critical to IT security, and sharing threat intelligence is a force multiplier. But for many organizations, good quality intelligence is hard to come by.
Commercial threat intelligence technology and services can help enterprises arm themselves with the strategic, tactical and operational insights they need to identify and respond to global threat activity, and integrate intelligence into their security programs.
Threat intelligence sources have varying levels of relevance and context, and there are concerns about data quality and redundancy, shelf life, public/private data sharing, and threat intelligence standards. However, if processed and applied properly, threat intelligence provides a way for organizations to get the insight they need into attackers’ plans, prioritize and respond to threats, shorten the time between attack and detection, and focus staff efforts and decision-making.
View to learn:
--The difference between threat information and threat intelligence.
--Available sources of intelligence and how to determine if they apply to your business.
--Key steps for preparing to ingest threat information and turn it into intelligence.
--How to derive useful data that helps you achieve your business goals.
--Tools that are available to make collaboration easier.
Internet, Cyber-attacks and threats are becoming more prevalent. This Infographic explains the current state, and things to consider for yourself and your business.
Cybersecurity risk assessments help organizations identify.pdfTheWalkerGroup1
Cybersecurity risk assessments help organizations identify, manage and mitigate all forms of cyber risk. It is a critical component of any comprehensive data protection strategy.
Cyber-attacks are an alarming threat to all types of businesses & organizations.The risk of a cyber-attack is not just a risk to your company but also to your privacy.Hence, cybersecurity is crucial for every business. Cybersecurity protects critical data from cyber attackers. This includes sensitive data, governmental and industry information, personal information, personally identifiable information (PII), intellectual property, and protected health information (PHI). If you are looking for tools to fight against cyber threats, then Techwave’s tools & technologies with adequate controls will help your organization stay protected.
Cyber-attacks are an alarming threat to all types of businesses & organizations.The risk of a cyber-attack is not just a risk to your company but also to your privacy.Hence, cybersecurity is crucial for every business. Cybersecurity protects critical data from cyber attackers. This includes sensitive data, governmental and industry information, personal information, personally identifiable information (PII), intellectual property, and protected health information (PHI). If you are looking for tools to fight against cyber threats, then Techwave’s tools & technologies with adequate controls will help your organization stay protected.
What i learned at issa international summit 2019Ulf Mattsson
This session will discuss what attendees learned at The ISSA International Summit 2019, held on October 1-2 at in Irving/Dallas, TX.
Learn from one of the presenters at this conference and what cybersecurity professionals got to share and learn from the leaders in the industry.
Over the last 30 years ISSA international has grown into the global community of choice for international cybersecurity professionals. With over 100 domestic and international chapters, members have world wide support with daily cyber threats that are becoming increasingly intricate and difficult to prevent, detect, and re-mediate.
"Key Tools to Combat Cyber Security Threats" presented on September 9, 2016, at ComEd's Accelerate Tech by Erik Devine, Chief Information Security Officer for Riverside Healthcare in Kankakee, Illinois. Accelerate Tech was held at Olivet Nazarene University in Bourbonnais, Illinois, and hosted by the Economic Alliance of Kankakee County, ONU Walker School of Engineering and Kankakee County Chamber of Commerce.
Top Cyber Security Interview Questions and Answers 2022.pdfCareerera
Cyber security positions have considerably taken the top list in the job market. Candidates vying for elite positions in the field of cyber security certainly need a clear-cut and detailed guide to channeling their preparation for smooth career growth, beginning with getting a job. We have curated the top cyber security interview questions that will help candidates focus on the key areas. We have classified the regularly asked cyber security interview questions here, in this article into different levels starting from basic general questions to advanced technical ones.
Before we move on to the top cyber security interview questions, it is critical to reflect on the vitality of cyber security in our modern times and how cyber security professionals are catering to the needs of securing a safe cyber ecosystem.
The times we live in is defined by the digital transition, in which the internet, electronic devices, and computers have become an integral part of our daily life. Institutions that serve our daily needs, such as banks and hospitals, now rely on internet-connected equipment to give the best possible service. A portion of their data, such as financial and personal information, has become vulnerable to illegal access, posing serious risks. Intruders utilize this information to carry out immoral and criminal goals.
Cyber-attacks have jeopardized the computer system and its arrangements, which has now become a global concern. To safeguard data from security breaches, a comprehensive cyber security policy is needed now more than ever. The rising frequency of cyber-attacks has compelled corporations and organizations working with national security and sensitive data to implement stringent security procedures and restrictions.
Computers, mobile devices, servers, data, electronic systems, networks, and other systems connected to the internet must be protected from harmful attacks. Cybersecurity, which is a combination of the words "cyber" and "security," provides this protection. 'Cyber' imbibes the vast-ranging technology with systems, networks, programs, and data in the aforementioned procedure. The phrase "security" refers to the process of protecting data, networks, applications, and systems. In a nutshell,
cyber security is a combination of principles and approaches that assist prevent unwanted access to data, networks, programs, and devices by meeting the security needs of technological resources (computer-based) and online databases.
Cyber Security Management in a Highly Innovative WorldSafeNet
Cyber attacks are reaching pandemic levels. State-sponsored groups and organized crime are successfully stealing valuable intellectual property—including critical infrastructure and operational readiness information, businesses’ and consumers’ financial data—often without anyone realizing the attack has occurred!
But preparedness cannot be delegated solely to the IT department. The involvement of the entire enterprise, armed with an understanding of the highly dynamic landscape, is vital for warding off potential threats.
Author: David Etue, VP of CorpDev Strategy, SafeNet
Watch the webcast on demand: https://www.brighttalk.com/webcast/6319/75109
Network Security Risks and Challenges for EnterprisesSandeep Yadav
IT decision-makers’ perceptions of their security risks
and challenges and to determine the role that IT vendor
trustworthiness plays in their IT investments
Strategic Leadership for Managing Evolving Cybersecurity RisksMatthew Rosenquist
2014 NSF Cybersecurity Summit keynote presentation from Matthew Rosenquist, Cybersecurity Strategist for Intel Corp.
Cybersecurity is difficult. It is a serious endeavor which strives to find a balance in managing the security of computing capabilities to protect the technology which connects and enriches the lives of everyone. Characteristics of cyber risk have matured and expanded on the successes of technology innovation, integration, and adoption. It is no longer a game of tactics, but rather a professional discipline, continuous in nature, where to be effective strategic leadership must establish effective and efficient structures for evolving controls to sustain an optimal level of security.
This presentation will discuss the challenges, organizational opportunities, and explore best practices to align investments in security to the risk appetite of an organization.
Similar to InfraGard Webinar March 2016 033016 A (20)
2. INFRAGARD
InfraGard is a partnership between the FBI and the private sector. It is an association of
persons who represent businesses, academic institutions, state and local law enforcement
agencies, and other participants dedicated to sharing information and intelligence to
prevent hostile acts against the U.S.
Disclaimer
The views, opinions, and content of this webinar are solely those of the speakers and other
contributors. These views and opinions do not necessarily represent those of InfraGard or
InfraGard Atlanta Members Alliance (IAMA).
The views expressed here are commentary on themes emerging from the RSA Conferences
2016 and not in any way affiliated or connected with the official event.
3. JOSEPH DYER JR.
Joseph Dyer is Chief Information Security Officer with ICF International. ICF
International provides professional services, technology solutions, and policy
consulting that deliver beneficial impact in areas critical to energy,
environment, infrastructure, health, social programs, public safety and
defense. ICF has more than 5,000 employees that service government and
commercial clients from more than 70 offices worldwide. Mr. Dyer manages
ICF International’s corporate global cyber security program. Mr. Dyer has
over 30 years of information technology experience with over 15 years of
information security involvement.
Mr. Dyer holds a BS degree in Information Systems and maintains several
industry certifications including Certified Information System Security
Professional (CISSP), Certified Chief Information Security Officer (C|CISO),
Global Information Assurance Certification (GIAC), Certified Hacking Forensic
Investigator (CHIF), and Certified Computer Forensic Examiner (CHFI).
Connect
LinkedIn josephdyer
4. WARD PYLES
Connect
LinkedIn wardpyles
Ward Pyles is the Manager of Security Risk and Governance with The
Home Depot, the world’s largest home improvement specialty retailer
with more than 2,200 North American stores and 350,000 employees.
With a Master of Law and more than 15 years of experience in
Information Security, Ward’s extensive background in technology,
regulatory compliance, and risk management assists The Home Depot in
security practices and infrastructure protection.
During Mr. Pyles career he has advised Congressional staff and DHS on
critical infrastructure security practices and participated as an author of
the first Smart Grid security standards, the nationally industry leverage
NIST Cyber Security Framework, and maturity models from DOE. His
global experience advising electric organizations of critical infrastructure
security threats was leveraged in the development of the industries first
in-house proactive ISO 27001 assessment processes.
5. TREVOR HORWITZ
Trevor Horwitz is the founder and CISO of TrustNet, a leading
specialized provider of IT Security and Compliance services. Trevor has
designed, developed, and assessed security and compliance solutions
for corporations of all sizes and across multiple industries for over
twenty years. Trevor is a PCI Qualified Security Assessor and
contributing member of the PCI Security Council’s special interest
group on virtualization and cloud security.
His career experience includes roles as the CEO of a pioneering
network security company and a senior consultant at PWC. He is the
President of InfraGard Atlanta, past Executive Board member of ISACA
Atlanta, and has been active in the Technology Association of Georgia
for over fifteen years. Trevor holds a Bachelor of Commerce from the
University of the Witwatersrand, Johannesburg, South Africa with a
triple major in Accounting, Information Systems, and Business Law.
Connect
LinkedIn trevorhorwitz
6. SUPPORT OUR
SPONSORS
TrustNet helps businesses build trusted
relationships with their customers, partners, and
employees
by providing CyberSecurity and Compliance
services and solutions
Managed Security Services
Compliance – PCI QSA, SOC, HIPAA, FISMA,
ISO, SOX
Security Consulting – Penetration Testing
Awareness Training
www.TrustNetInc.com
The Cyber Security Summit, an exclusive C-Suite
conference series, connects senior level executives
responsible for protecting their companies’ critical
infrastructures with innovative solution providers
and renowned information security experts.
www.CyberSummitUSA.com
7. 1. Ransomware on the Rise
2. Back to Basics - we’re still playing defense
3. The Target is Expanding
4. The New Face of Threat Modelling
5. Breached – Now what?
6. Extending Your Security Team
7. Threat Detection – It’s still a thing
AGENDA
8. 1. Yes, the presentation will be available after the
webinar ends. We will email you a link to the
recording in the next day or so.
2. If you have a question, send it to us in the chat
window on the left side of your screen!
FAQ’S
9. RANSOMWARE ON THE RISE
The earliest known
ransomware was devised
by Joseph Popp. Popp
wrote the “AIDS” Trojan
(aka PC Cyborg) in 1989
10. RANSOMWARE ON THE RISE
Backup, backup, backup
Maintain vigilance with anti-spam and anti-malware s/w
Train users to be suspicious of email
Check sender addresses
Check content of messages
Avoid clicking links in email
Keep all software patched and up-to-date
Practice you incident response plan with a ransomware scenario
Setup a bitcoin account, just in case
12. BACK TO BASICS
we’re still playing defense, but not very well
Authentication
Multi factor is an emerging standard, even for local network access
Firewalls, routers, IDS/IPS
Endpoints - anti-malware, secure browsers, file integrity monitoring
Software updates and patching
Yes, we know it’s tedious and you hate it
Encryption
Data at rest and in motion, even on the corporate network
Monitoring - log management, threat management, vulnerability management
Don’t have the capabilities and resources? Consider Managed Security Services
13. THE TARGET IS EXPANDING – DATA IS TOXIC
Data breaches average $154 per
record, while the average cost per data
breach has reached $3.79MM
14. THE TARGET IS EXPANDING – DATA IS TOXIC
Cloud and Big Data - a marriage made in heaven is heading for a
break-up
Focus on data ex-filtration and DLP is not enough
Many organization have no idea where all their data resides
Risk of storing some types of data may exceed its value to the
organization
Some data types have diminishing returns
Tokenization highly recommended
Treating data as toxic will change the security posture
15. THE NEW FACE OF THREAT MODELLING
Threat Modeling Approaches
Software-centric
Asset-centric
Attacker-centric
16. THE NEW FACE OF THREAT MODELLING
Process
Decompose the application/network/system
Identification and classification, external dependencies, entry points, assets, trust
levels
Identify and rank threats
STRIDE (spoofing, tampering, repudiation, information disclosure, denial of
service, elevation of privilege)
DREAD risk ranking (damage potential, reproducibility, exploitability, affected
users, discoverability)
Develop countermeasures and mitigation
OWASP Application Threat Modeling
https://www.owasp.org/index.php/Application_Threat_Modeling
17. ATLANTA CYBER SECURITY SUMMIT
Wednesday, April 6, 2016
9:00 AM to 6:00 PM
The Ritz-Carlton Buckhead
The Cyber Security Summit, an exclusive C-Suite conference
series, connects senior level executives responsible for
protecting their companies’ critical infrastructures with
innovative solution providers and renowned information
security experts.
“Special Offer for InfraGard Members”
http://cybersummitusa.com/atlanta-2016/
19. BREACHED – NOW WHAT?
Build security resilience and elasticity into architecture
Automation – incident detection and response
Interoperability – distributed detection across the network
Authentication – trusted communication and collaboration
Resilience cycles
Pre-disruption – scan and eliminate vulnerabilities
During Disruption– rapid automated response
Post Disruption– reshape the environment new
Technical tools to achieve this are not mature
Software-Defined Networking may be the catalyst
21. EXTENDING YOUR SECURITY TEAM
Malicious cyber
attacks cost US $300
B to US $ 1Trillion a
year
Demand for information
security professionals is
expected to grow by
53% by 2018
22. EXTENDING YOUR SECURITY TEAM
Shortage of resources can’t be fixed in the short term
Coopting resources – the “extended security team”
Leveraging non-security team personnel as security champions/advocates
Build security into organizational culture
Educate employees – #WeAreAllSecurity
Reward positive behavior
Outsourcing
Managed Security Services
Co-Managed Security
24. THREAT DETECTION – IT’S STILL A THING
Three pillars of threat detection
Visibility
Real time collection
Identity
Accurate identification
Automate analysis
Risk
Escalate response based on risk
Get serious about vulnerability scanning
More frequent penetration testing
25. SUPPORT OUR
SPONSORS
TrustNet helps businesses build trusted
relationships with their customers, partners, and
employees
by providing CyberSecurity and Compliance
services and solutions
Managed Security Services
Compliance – PCI QSA, SOC, HIPAA, FISMA,
ISO, SOX
Security Consulting – Penetration Testing
Awareness Training
www.TrustNetInc.com
The Cyber Security Summit, an exclusive C-Suite
conference series, connects senior level executives
responsible for protecting their companies’ critical
infrastructures with innovative solution providers
and renowned information security experts.
www.CyberSummitUSA.com
26. THE RECAP
1. Prepare for a ransomware attack
2. Revisit your defensive strategy
3. Revaluate what data you retain
4. Improve your threat modelling
5. Develop a resilience strategy
6. Extend your security team
7. Assess your threat detection capabilities