An organization can be compliant and still experience a security breach – look no further than Heartland Payment Systems and RBS WorldPay. Both had achieved PCI DSS compliance, only to suffer massive data breaches that cost tens of millions of dollars. What is the difference between compliance and security? And how can organizations effectively move beyond PCI DSS compliance to ensure the security of personally identifiable information (PII)?
Security Framework for Digital Risk ManagmentSecurestorm
A cyber security governance framework and digital risk management process for OFFICIAL environments in UK Government. A pragmatic and proportional information risk management process which can be used at speed, and is compatible with Agile projects. This is released under a Creative Commons; Attribution-Non Commercial-Share Alike 4.0 International License.
Learn from the experts! Tune into this webinar to hear Doug Copley, Deputy CISO/Security & Privacy Strategist for Forcepoint, talk about What It Takes to be a CISO in 2017: expectations, challenges, partnerships, the roadmap,critical activities and more.
Security Framework for Digital Risk ManagmentSecurestorm
A cyber security governance framework and digital risk management process for OFFICIAL environments in UK Government. A pragmatic and proportional information risk management process which can be used at speed, and is compatible with Agile projects. This is released under a Creative Commons; Attribution-Non Commercial-Share Alike 4.0 International License.
Learn from the experts! Tune into this webinar to hear Doug Copley, Deputy CISO/Security & Privacy Strategist for Forcepoint, talk about What It Takes to be a CISO in 2017: expectations, challenges, partnerships, the roadmap,critical activities and more.
One of the core Meaningful use measures requires providers to perform a security audit to ensure the protection of patient information. Learn more about what a security audit should entail, as well as potential risks and how configuration options within the SuccessEHS solution can be used to protect patient data.
Doug Copley presented on cybersecurity challenges in healthcare including threats, trends in healthcare, practical steps and building security without boundaries.
Build an Information Security StrategyAndrew Byers
Organizations are struggling to keep up with today’s evolving threat landscape.
From technology sophistication and business adoption to the proliferation of hacking techniques and the expansion of hacking motivations, organizations are facing major security risks.
Every organization needs some kind of information security program to protect their systems and assets.
Organizations today face pressure from regulatory or legal obligations, customer requirement, and now, senior management expectations.
It’s big. It’s bigger than you think. On January 1, 2015, the Payment Card Industry Data Security Standard (PCI DSS) version 3.0 becomes the global PCI audit standard.
In this webinar, PCI QSA Jeff Hall shares the biggest gotchas that he’s encountered while working with clients.
Key insights will include:
• How will auditors’ requirements increase notably?
• What are the foreseeable problem hot spots?
• Why won't steps for passing PCI 2.0 cut it for 3.0?
You’ll also get a helpful checklist for 3.0 late starters!
Building an effective Information Security RoadmapElliott Franklin
As company information security functions continue to grow each year with increasing attacks and regulations, how are you handling the
pressure? Are you constantly battling to run the business projects and reacting to customer requests? Have you blocked off a few hours each week
on your calendar to close your email, turn off your phone and try to build, assess and maintain an effective vision for your security team? This
presentation will discuss a cascading approach to creating such a roadmap that is easily understood by executives and has helped gain quick buy
in for multiple enterprise wide security projects.
As an information security professional, it is your role to take on the cybersecurity challenges in your organization. That is where a solid understanding of Risk Management comes in. Risk Management is a lot like a chess game. To succeed you need to understand the risks ahead and be able to plot future scenarios, to weigh up the relative impacts and then plan accordingly. Scroll through this slideshare to learn about 4 essential frameworks.
Introduction to Risk Management via the NIST Cyber Security FrameworkPECB
The cyber security profession has successfully established explicit guidance for practitioners to implement effective cyber security programs via the NIST Cyber Security Framework (CSF). The CSF provides both a roadmap and a measuring stick for effective cyber security. Application of the CSF within cyber is nothing new, but the resurgence of Enterprise Security Risk Management and Security Convergence highlight opportunities for expanded application for cyber, physical, and personnel security risks. This NIST CSF can help practitioners build a cross-pollenated understanding of holistic risk.
Main points covered:
• Understand the purpose, value, and application of the NIST CSF in familiar non-technical terms.
• Understand how the Functions and Categories of the NIST CSF (the CSF “Core”) and an organization's “current” and “target” profiles are relevant and valuable in a variety of sectors and environments.
• Understand how an organization’s physical and cyber security resources and stakeholders can align with the NIST CSF as a tool to achieve holistic security risk management.
Presenters:
David Feeney, CPP, PMP has 17 years of security industry experience assisting organizations with risk management matters specific to physical, personnel, and cyber security. He has 9 years of experience with service providers and 8 years of experience within enterprise security organizations. David has worked with industry leaders in the energy, technology, healthcare, and real estate sectors. Areas of specialization include Security Operations Center design and management, Security Systems design and implementation, and Enterprise Risk Management. David holds leadership positions in ASIS International and is also a member of the InfraGard FBI program. David holds Certification Protection Professional (CPP) and Project Management Professional (PMP) certifications.
Andrea LeStarge, MS has over ten years of experience in program management, risk analysis and curriculum development. Being specialized in Homeland Security, Andrea leverages her experience in formerly managing projects to support various Federal Government entities in identifying, detecting and responding to man-made, natural and cyber incidents. She has an established track record in recognizing security gaps and corrective risk mitigation options, while effectively communicating findings to stakeholders, private sector owners and operators, and first-responder personnel within tactical, operational and strategic levels. Overall, Andrea encompasses analytical tradecraft and demonstrates consistent, repeatable and defensible methodologies pertaining to risk and the elements of threat, vulnerability and consequence.
Recorded webinar: https://youtu.be/hxpuYtMQgf0
The growing costs of security breaches and manual compliance efforts have given rise to new data security solutions specifically designed to prevent data breaches and deliver automated compliance. This paper examines the drivers for adopting a strategic approach to data security, compares and contrasts current approaches, and presents the Return on Security Investment (ROSI) of viable data security solutions.
Doug Landoll, CEO, Lantego
Four Deadly Traps in Using Information Security Frameworks
Frameworks can be used to effectively build or assess information security programs, but applied incorrectly and they effectively mask major program gaps. During this talk, Mr. Landoll will explain the four framework traps and how to avoid them and how to effectively utilize a framework to build or assess an information security program. Mr. Landoll will focus on the NIST 800-53 framework as an example.
One of the core Meaningful use measures requires providers to perform a security audit to ensure the protection of patient information. Learn more about what a security audit should entail, as well as potential risks and how configuration options within the SuccessEHS solution can be used to protect patient data.
Doug Copley presented on cybersecurity challenges in healthcare including threats, trends in healthcare, practical steps and building security without boundaries.
Build an Information Security StrategyAndrew Byers
Organizations are struggling to keep up with today’s evolving threat landscape.
From technology sophistication and business adoption to the proliferation of hacking techniques and the expansion of hacking motivations, organizations are facing major security risks.
Every organization needs some kind of information security program to protect their systems and assets.
Organizations today face pressure from regulatory or legal obligations, customer requirement, and now, senior management expectations.
It’s big. It’s bigger than you think. On January 1, 2015, the Payment Card Industry Data Security Standard (PCI DSS) version 3.0 becomes the global PCI audit standard.
In this webinar, PCI QSA Jeff Hall shares the biggest gotchas that he’s encountered while working with clients.
Key insights will include:
• How will auditors’ requirements increase notably?
• What are the foreseeable problem hot spots?
• Why won't steps for passing PCI 2.0 cut it for 3.0?
You’ll also get a helpful checklist for 3.0 late starters!
Building an effective Information Security RoadmapElliott Franklin
As company information security functions continue to grow each year with increasing attacks and regulations, how are you handling the
pressure? Are you constantly battling to run the business projects and reacting to customer requests? Have you blocked off a few hours each week
on your calendar to close your email, turn off your phone and try to build, assess and maintain an effective vision for your security team? This
presentation will discuss a cascading approach to creating such a roadmap that is easily understood by executives and has helped gain quick buy
in for multiple enterprise wide security projects.
As an information security professional, it is your role to take on the cybersecurity challenges in your organization. That is where a solid understanding of Risk Management comes in. Risk Management is a lot like a chess game. To succeed you need to understand the risks ahead and be able to plot future scenarios, to weigh up the relative impacts and then plan accordingly. Scroll through this slideshare to learn about 4 essential frameworks.
Introduction to Risk Management via the NIST Cyber Security FrameworkPECB
The cyber security profession has successfully established explicit guidance for practitioners to implement effective cyber security programs via the NIST Cyber Security Framework (CSF). The CSF provides both a roadmap and a measuring stick for effective cyber security. Application of the CSF within cyber is nothing new, but the resurgence of Enterprise Security Risk Management and Security Convergence highlight opportunities for expanded application for cyber, physical, and personnel security risks. This NIST CSF can help practitioners build a cross-pollenated understanding of holistic risk.
Main points covered:
• Understand the purpose, value, and application of the NIST CSF in familiar non-technical terms.
• Understand how the Functions and Categories of the NIST CSF (the CSF “Core”) and an organization's “current” and “target” profiles are relevant and valuable in a variety of sectors and environments.
• Understand how an organization’s physical and cyber security resources and stakeholders can align with the NIST CSF as a tool to achieve holistic security risk management.
Presenters:
David Feeney, CPP, PMP has 17 years of security industry experience assisting organizations with risk management matters specific to physical, personnel, and cyber security. He has 9 years of experience with service providers and 8 years of experience within enterprise security organizations. David has worked with industry leaders in the energy, technology, healthcare, and real estate sectors. Areas of specialization include Security Operations Center design and management, Security Systems design and implementation, and Enterprise Risk Management. David holds leadership positions in ASIS International and is also a member of the InfraGard FBI program. David holds Certification Protection Professional (CPP) and Project Management Professional (PMP) certifications.
Andrea LeStarge, MS has over ten years of experience in program management, risk analysis and curriculum development. Being specialized in Homeland Security, Andrea leverages her experience in formerly managing projects to support various Federal Government entities in identifying, detecting and responding to man-made, natural and cyber incidents. She has an established track record in recognizing security gaps and corrective risk mitigation options, while effectively communicating findings to stakeholders, private sector owners and operators, and first-responder personnel within tactical, operational and strategic levels. Overall, Andrea encompasses analytical tradecraft and demonstrates consistent, repeatable and defensible methodologies pertaining to risk and the elements of threat, vulnerability and consequence.
Recorded webinar: https://youtu.be/hxpuYtMQgf0
The growing costs of security breaches and manual compliance efforts have given rise to new data security solutions specifically designed to prevent data breaches and deliver automated compliance. This paper examines the drivers for adopting a strategic approach to data security, compares and contrasts current approaches, and presents the Return on Security Investment (ROSI) of viable data security solutions.
Doug Landoll, CEO, Lantego
Four Deadly Traps in Using Information Security Frameworks
Frameworks can be used to effectively build or assess information security programs, but applied incorrectly and they effectively mask major program gaps. During this talk, Mr. Landoll will explain the four framework traps and how to avoid them and how to effectively utilize a framework to build or assess an information security program. Mr. Landoll will focus on the NIST 800-53 framework as an example.
Six Keys to Securing Critical Infrastructure and NERC ComplianceLumension
With the computer systems and networks of electric, natural gas, and water distribution systems now connected to the Internet, the nation’s critical infrastructure is more vulnerable to attack. A recent Wall Street Journal article stated that many utility IT environments have already been breached by spies, terrorists, and hostile countries, often leaving bits of code behind that could be used against critical infrastructure during times of hostility. The U.S. Cyber Consequence Unit declared that the cost of such an attack could be substantial: “It is estimated that the destruction from a single wave of cyber attacks on U.S. critical infrastructures could exceed $700 billion USD - the equivalent of 50 major hurricanes hitting U.S. soil at once.”
Vulnerability and exposure of utilities’ critical infrastructures originate from the Supervisory Control and Data Acquisition (SCADA) and Distribution Automation (DA) systems that communicate and control devices on utility grids and distribution systems. Many of these systems have been in operation for years (sometimes for decades), and are not designed with security in mind. Regulatory bodies have recognized the many security issues to critical infrastructure and have begun to establish and enforce requirements in an attempt to shore up potential exposures. One such regulation is NERC CIP, which includes eight reliability standards consisting of 160 requirements for electric and power companies to address. And as of July 1, 2010, these companies must be “auditably compliant” or else they risk getting slapped with a $1 million per day, per CIP violation.
In this roundtable discussion, we will highlight:
• The security challenges facing utilities today
• The six critical elements to achieving economical NERC CIP compliance
• How utilities can secure critical infrastructure in today’s networked environment
Risk management is one of the main concepts that have been used by most of the organisations to protect their assets and data. One such example would be INSURANCE. Most of the insurance like Life, Health, and Auto etc have been formulated to help people protect their assets against losses. Risk management has also extended its roots to physical devices, such as locks and doors to protect homes and automobiles, password protected vaults to protect money and jewels, police, fire, security to protect against other physical risks. Dr. C. Umarani | Shriniketh D "Risk Management" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-5 | Issue-1 , December 2020, URL: https://www.ijtsrd.com/papers/ijtsrd37916.pdf Paper URL : https://www.ijtsrd.com/computer-science/computer-security/37916/risk-management/dr-c-umarani
PCI DSS Implementation: A Five Step GuideAlienVault
Payment Card Industry Data Security Standard (PCI DSS) compliance can be both hard and expensive. For most small to medium sized organizations, it doesn’t have to be as long you have the right plan and tools in place. In this guide you’ll learn five steps that you can take to implement and maintain PCI DSS compliance at your organization.
AlienVault PCI DSS Compliance:
https://www.alienvault.com/solutions/pci-dss-compliance
Have a question? Ask it in our forum:
http://forums.alienvault.com
More videos: http://www.youtube.com/user/alienvaulttv
AlienVault Blogs: http://www.alienvault.com/blogs
AlienVault: http://www.alienvault.com
Cyber-attacks are an alarming threat to all types of businesses & organizations.The risk of a cyber-attack is not just a risk to your company but also to your privacy.Hence, cybersecurity is crucial for every business. Cybersecurity protects critical data from cyber attackers. This includes sensitive data, governmental and industry information, personal information, personally identifiable information (PII), intellectual property, and protected health information (PHI). If you are looking for tools to fight against cyber threats, then Techwave’s tools & technologies with adequate controls will help your organization stay protected.
Cyber-attacks are an alarming threat to all types of businesses & organizations.The risk of a cyber-attack is not just a risk to your company but also to your privacy.Hence, cybersecurity is crucial for every business. Cybersecurity protects critical data from cyber attackers. This includes sensitive data, governmental and industry information, personal information, personally identifiable information (PII), intellectual property, and protected health information (PHI). If you are looking for tools to fight against cyber threats, then Techwave’s tools & technologies with adequate controls will help your organization stay protected.
Using SCCM 2012 r2 to Patch Linux, UNIX and MacsLumension
Today, everything has to be patched. From desktop and laptop to server and every operating system in between. With compliance, what we have to pay attention to is what’s actually out there on our network – not just what you wish were there.
Servers (Windows, UNIX and Linux)Even Windows-centric environments have at least a few UNIX or Linux servers that need to be secure and patched. Linux and UNIX servers often fulfill critical functions with few and short maintenance windows. These can be a real pain point for admins who specialize in Windows or are managed by an entirely different admin.
Desktops (Windows and Macs)Maybe you are responsible for desktops instead of servers. Again it’s not just a Windows story any more. More and more people are opting for Macs instead of Windows. Watch the vulnerability lists and you’ll see that Macs need patching too.
The kicker though is the 80/20 rule. If at least 80% of the computers on your network are Windows and the remaining 20% are everything else – it’s a safe bet, given the maturity and ease of WSUS, that 20% of your patching effort goes to Windows but 80% of your effort is consumed with patching all the different flavors of UNIX, Linux and your Mac computers. We need one system to manage all our patches and one pane of glass to prove compliance from data center to desktop.
Believe it or not System Center 2012 R2 provides the infrastructure to do just that – it just needs a little help. Last time we showed you how you can patch 3rd party apps on Windows through System Center Update Manager. This time we’ll show you how you can patch non-Windows systems using the new System Center clients for UNIX, Linux and Mac.
2015 Endpoint and Mobile Security Buyers GuideLumension
Mike Rothman, Analyst and President of Securosis, as he dives into an interactive discussion around endpoint security management in 2015.
• Protecting Endpoints: How the attack surface has changed, and the impact to your defense strategy
• Anti-Malware: The best ways to deal with today’s malware and effectively protect your endpoints from attack
• Endpoint Hygiene: Why you can’t forget the importance of ensuring solid management of your endpoint devices
• BYOD and Mobility: The extent that corporate data on smart mobile devices impacts your organization
• The Most Important Buying Considerations in 2015
Top 10 Things to Secure on iOS and Android to Protect Corporate InformationLumension
Security expert Randy Franklin Smith from Ultimate Windows Security, shows you a technical and pragmatic approach to mobile security for iOS and Android. For instance, for iOS-based devices, he talks about:
• System security
• Encryption and data protection
• App Security
• Device controls
Randy also discusses Android-based devices. While Android gets its kernel from Linux, it builds on Linux security in a very specialized way to isolate applications from each other. And learn about iOS and Android mobile device management needs: Password and remote wipe capabilities are obvious but there’s much more to the story. And you’ll hear Randy's list of top-10 things you need to secure and manage on mobile devices in order to protect access to your organization’s network and information.
2014 BYOD and Mobile Security Survey Preliminary ResultsLumension
The preliminary results are in - hear what more than 1,000 members of the Linkedin Infosec Community have to say about BYOD and mobile security challenges including what they are doing to combat mobile device risk and what solutions and security practices really work.
Securing Your Point of Sale Systems: Stopping Malware and Data TheftLumension
Point of Sale (POS) systems have long been the target of financially-motivated crime. And in 2013 the magnitude of cybercrime against POS systems skyrocketed, with 97% of breaches in the retail sector and 47% in the healthcare sector aimed against POS systems. With sensitive financial and personal records getting exposed by the millions, the FBI recently warned that POS systems are under sustained and continued attack.
During this webcast, we will take you into the three critical entry points to POS system attacks. We’ll discuss how the attacks look, the timelines for these breaches, and what proactive security measures you can take to help your organization minimize the risk to your POS systems.
•3 Critical Entry Points to POS System Attacks
•Impacts to an Organization
•Top 3 Security Measures to Minimize Risk
2014 Security Trends: SIEM, Endpoint Security, Data Loss, Mobile Devices and ...Lumension
Thanks to you, the audience at UltimateWindowsSecurity, for the 2014 Survey. It was a great success with over 600 respondents! I appreciate all of you who took the time give me your thoughts.
You’ve provided some great ideas for real training for free™ in the coming year and I’ve learned which topics are most important to you. That’s going to benefit all of us.
In this presentation, we'll present our findings. We’ll talk about the community’s top goals for 2014, which topics you recommended I cover in 2014 and what our community sees as the greatest security concerns for 2014. And we’ll discuss other trends emerging from the data.
Find out about the top trends, such as:
SIEM – What are the top SIEM solutions? What is the UWS community’s top 3 biggest challenges with log/monitoring/security analytics?
Endpoint Security – How widely is application whitelisting being used and what is driving its adoption? Which endpoint security technologies really work and which are just hype?
Mobile Devices – Are employee owned mobile devices supported at your organization? Is your biggest concern with mobile devices malware, data loss, compliance?
The Cloud – How widely are your peers embracing the cloud? Is your organization’s security policy, technology and training keeping up with the move to the cloud?
Advanced Security Topics – What are your peers doing about “big data”? What about endpoints as sensors, and other new security approaches?
This will be a fact-filled and fascinating presentation on where we are and where we are going on a host of different security fronts. Don’t miss it.
Greatest It Security Risks of 2014: 5th Annual State of Endpoint RiskLumension
Organizations around the world are losing intellectual property and customer data to cyber criminals at mind-boggling rates. How is this happening?
For 5 consecutive years, the annual State of the Endpoint Report, conducted by Ponemon Institute, has surveyed IT practitioners involved in securing endpoints. This year’s report reveals endpoint security risk is more difficult to minimize than ever before. What are IT pros most concerned about heading into 2014? From the proliferation of mobile devices, third party applications, and targeted attacks/APTs, endpoint security risk for 2014 is becoming more of a challenge to manage.
Larry Ponemon of the Ponemon Institute reveals statistics on growing insecurity, IT’s perceived areas of greatest risk for 2014 as well as tactical suggestions for how to improve your endpoint security. Specifically, you will learn:
•IT perspective on the changing threat landscape and today’s Top 5 risks;
•Disconnect between perceived risk and corresponding strategies to combat those threats;
•Tips and tricks on how to best communicate today’s threats and subsequent needed responses up the management chain
Adobe Hacked Again: What Does It Mean for You? Lumension
Last time it was Adobe’s code signing servers. This time it’s 2.9 million (let’s just call it 3) customers’ data and lots and lots of source code – including that of Acrobat. Adobe products already require constant patching but offer no enterprise level solution for patching. In this presentation by Ultimate Windows Security, we’ll present why this will likely lead to more and we’ll look at what we know about this latest Adobe breach.
But more importantly I’ll show what you can do in advance to protect yourself against zero-day exploits in Adobe products and programs. After all this won’t be the last time a software vendor is hacked. In this day and age we have to protect ourselves from the failures of our software providers.
I’ll present 3 ways you can go on the offensive to protect yourself from the constant vulnerabilities discovered in Adobe Reader, Acrobat, Flash and Oracle Java. Here’s what we’ll discuss:
*Alternatives to Adobe and Java
*Different ways to containing vulnerable apps in a sandbox
* Using advanced memory protection technologies to detect and stop buffer overflows and other memory based attacks
Patching and AV only helps you close the window on hacker opportunity. To prevent the window from opening in the first place you have to prevent untrusted code from ever running in the first place. That requires application whitelisting and memory protection against code injection – a growing menace that bypasses controls based on file system and EXE scanning.
That’s why Lumension is sponsoring this event. I think you’ll be interested seeing 2 of their end-point security technologies that will help protect you from the new exploits on their way as a result of this hack as well as the constant stream of exploits discovered every day.
This is going to be a really cool presentation with practical tips that you can apply. Learn how to protect your systems from other software vendor vulnerabilities.
Data Protection Rules are Changing: What Can You Do to Prepare?Lumension
The European Union’s proposed new data protection regulation aims to update Europe’s data protection laws and to provide a more consistent data protection framework across the Continent.
But the new regulation, which replaces the EU’s existing data protection directive and member states’ data protection laws, will put some new demands on organisations holding personal data. Breach disclosure and “the right to be forgotten” will force businesses to update their data protection and retention policies.
This presentation will:
- Review the current EU laws, and contrast them with laws in other parts of the world;
- Examine the arguments for strengthening data protection in Europe, and the likely outcomes;
- Look at what security teams should already be doing to put themselves ahead of legislative changes;
- Outline strategies and technologies organisations need to meet current and future data protection requirements
- Help infosecurity teams to explain the changes – and their consequences – to their boards
Java Insecurity: How to Deal with the Constant VulnerabilitiesLumension
Just over a decade ago, the outcry over Microsoft’s security problems reached such a deafening level that it finally got the attention of Bill Gates, who wrote the famous Trustworthy Computing memo. Today, many would say that Microsoft leads the industry in security and vulnerability handling.
Now, it’s Java that’s causing the uproar. But has Oracle learned anything from Microsoft in handling these seemingly ceaseless problems? I’ll start by reviewing the wide-ranging Java security changes Oracle is promising to make. They sound so much like the improvements Microsoft made back with Trustworthy Computing that I’m amazed it hasn’t been done before! We’ll move on to discuss what you can do now to address Java security in your environment.
One of the banes of security with Java is the presence of multiple versions of Java, often on the same computer. Sometimes you really need multiple versions of Java to support applications with version dependencies (crazy, I know). But other times, multiple copies of Java are there “just because.” In this webinar, we’ll talk about the current Java mess and how you can get out of it, including:
Assessment. We’ll discuss ways and tools for cataloging what versions of Java are actually out there on your endpoints.
Identification. We’ll look at methods for identifying which versions are actually required by your users; for instance, I’ll show you how you might use Process Tracking and File Access events in the Windows Security Log to see which Java files are being accessed, by whom, and by which programs.
Disabling. Can you just disable Java? Maybe not for everyone, but what if you could disable it for certain roles within your company that make up 25% – or even 75% – of your workforce? That would be worth it. We’ll explore how you might go about such a measure.
Hardening. We’ll dive into the technical details of hardening Java and reducing your Java attack surface, where possible.
Filtering. Another way to reduce your Java risk is by filtering Java content at your gateway. Again not full coverage control – but what is?
Patching. Then, we’ll delve into the Java patching nightmare. Depending on self-updaters on each endpoint, is could be a recipe for disaster, and I’ll explain why. Basically the only way out of the Java mess is a 3rd party solution that can perform centralized patch management and remediation and that’s where our sponsor, Lumension, will come in.
BYOD & Mobile Security: How to Respond to the Security RisksLumension
Bring Your Own Device (BYOD) is a popular topic in 2013. Trying to understand the security risks and prepare strategies to either adopt, or decide against BYOD for security and data control reasons is the challenge.
The 160,000 member Information Security Community on LinkedIn conducted the survey "BYOD & Mobile Security 2013" to shed some light on the drivers for BYOD, how companies will benefit from BYOD, and how they respond to the security risks associated with this trend. With 1,600 responses, some interesting insights and patterns into BYOD were uncovered.
3 Executive Strategies to Reduce Your IT RiskLumension
Do you want to know how ‘best-of-breed’ enterprises prioritize their IT risk? Join Richard Mason, Vice President & Chief Security Officer at Honeywell, whose team is responsible for global security, during a roundtable discussion with Pat Clawson, Chairman & CEO of Lumension and Roger Grimes, Security Columnist & Author. Uncover strategies beyond traditional antivirus signatures and learn a more holistic approach to effective risk management. Find out ‘how’ and ‘why’ you can make security a prioritized function within your organization.
Join this expert panel webcast to learn how to:
1)Understand your business audiences and evaluate their risk tolerance
2)Leverage reputation management services that are appropriate for your organization
3)Utilize realistic change management to secure prioritized data depositories
The Evolution of Advanced Persistent Threats_The Current Risks and Mitigation...Lumension
APTs have become a major topic of conversation – and in some cases, a critical threat – among IT security departments. But the technology and motivation behind APTs has changed significantly since the introduction of Stuxnet, continuing to evolve rapidly to avoid detection.
In this special Dark Reading presentation, a leading expert on the origins and directions of APTs will discuss the changing nature of these sophisticated threats – and how you can prepare your enterprise security environment to detect and mitigate these complex and dangerous attacks.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Search and Society: Reimagining Information Access for Radical FuturesBhaskar Mitra
The field of Information retrieval (IR) is currently undergoing a transformative shift, at least partly due to the emerging applications of generative AI to information access. In this talk, we will deliberate on the sociotechnical implications of generative AI for information access. We will argue that there is both a critical necessity and an exciting opportunity for the IR community to re-center our research agendas on societal needs while dismantling the artificial separation between the work on fairness, accountability, transparency, and ethics in IR and the rest of IR research. Instead of adopting a reactionary strategy of trying to mitigate potential social harms from emerging technologies, the community should aim to proactively set the research agenda for the kinds of systems we should build inspired by diverse explicitly stated sociotechnical imaginaries. The sociotechnical imaginaries that underpin the design and development of information access technologies needs to be explicitly articulated, and we need to develop theories of change in context of these diverse perspectives. Our guiding future imaginaries must be informed by other academic fields, such as democratic theory and critical theory, and should be co-developed with social science scholars, legal scholars, civil rights and social justice activists, and artists, among others.
"Impact of front-end architecture on development cost", Viktor TurskyiFwdays
I have heard many times that architecture is not important for the front-end. Also, many times I have seen how developers implement features on the front-end just following the standard rules for a framework and think that this is enough to successfully launch the project, and then the project fails. How to prevent this and what approach to choose? I have launched dozens of complex projects and during the talk we will analyze which approaches have worked for me and which have not.
3. Today’s Speakers Chris Merritt Director of Solution Marketing Lumension Michael Rasmussen Risk & Compliance Advisor Corporate Integrity, LLC William Bell Director of Information Systems EC Suite
6. Are you focused only on what you see? “ Never in all history have we harnessed such formidable technology. Every scientific advancement known to man has been incorporated into its design. The operational controls are sound and foolproof!” E.J. Smith, Captain of the Titanic Risk Awareness Risk Ignorance
7.
8.
9. A grim view of the current state… Source: Open Compliance & Ethics Group
10. Big Picture of Compliance OBJECTIVES strategic, operational, customer, process, compliance objectives BUSINESS MODEL strategy, people, process, technology and infrastructure in place to drive toward objectives MANDATED BOUNDARY boundary established by external forces including laws, government regulation and other mandates. VOLUNTARY BOUNDARY boundary defined by management including public commitments, organizational values, contractual obligations, and other voluntary policies. OPPORTUNITIES OPPORTUNITIES OPPORTUNITIES Source: Open Compliance & Ethics Group OBSTACLES
11. Components of Compliance & Data Protection Source: Open Compliance & Ethics Group INFORM & INTEGRATE DETECT & DISCERN ORGANIZE & OVERSEE ASSESS & ALIGN MONITOR & MEASURE PREVENT & PROMOTE RESPOND & RESOLVE
Six control-objective categories that form 12 requirement areas for compliance. Build and maintain a secure network Protect and encrypt cardholder data Manage and monitor threats and vulnerabilities to the environment Integrate strong access-control measures, so only authorized users can access card holder data Test and monitor the state of security Implement a comprehensive and effective information security policy PCI DSS compliance is just one of many regulations organizations face to ensure the protection of information. The end goal is to effectively manage IT risk — to see to it that there are proper security controls in place to reduce risk to an acceptable level. To achieve economies in PCI DSS compliance, to maintain security and prevent data breaches, organizations must implement an infrastructure for managing and monitoring compliance on a continuous basis. Heartland Payment Systems Malicious keylogger software planted on the company's payment processing network recorded payment card data as it was being sent for processing to Heartland by thousands of the company's retail clients. 1 130 million credit cards impacted 2 652 reported institutions affected 2 RBS WorldPay Hacker got into the computer systems 1.5 million cardholders affected Linked to gang that used debit cards to steal millions of dollars from ATMs
Open Compliance & Ethics Group (www.oceg.org) 08/27/10 (c) 2007, OCEG
Though PCI DSS is more prescriptive than other compliance requirements, an organization can use several approaches to demonstrate adherence. One approach is a manual, ad hoc and ultimately labor-intensive process that produces mountains of paper and electronic documents. This leads to a compliance posture that is often full of holes or outright “smoke and mirrors,” with little security value. A more economical approach focuses on automation and efficiency in PCI DSS compliance, which achieves greater control and security.
Organizations need a sustainable process and infrastructure to demonstrate PCI DSS compliance that is agile enough to respond to a changing business and IT environment.
Organizations need a consistent approach to demonstrate PCI DSS compliance and ensure that requirements are consistently applied across governed systems and information.
PCI DSS compliance approached the wrong way can be burdensome.
The organization, and any of its extended business relationships that interact with cardholder data, must demand transparency in reporting across systems.
At its core, compliance is about accountability. The organization is ultimately accountable for PCI DSS compliance even across extended business relationships that use its cardholder data.
Ultimately, security of cardholder data is what PCI DSS is about — and the peace of mind that the organization is not exposing cardholder and financial information to unwanted risk.